Hi,
I'm trying to setup a system which uses 2 transparent networks as WAN. All "routers" are Cisco 3750 and each location has 5 VLAN's. VLAN 1 is isolated, VLAN 2, 3, 4 and 5 can route to each other on the local 3750 stack. However: VLAN's 2, 3 and 4 should each have their own uplink to the transparent WAN's. So, for instance:
VLAN 2 goes out on Fa1/0/2 and Fa2/0/2 VLAN 3 goes out on Fa1/0/3 and Fa2/0/3 VLAN 4 goes out on Fa1/0/4 and Fa2/0/4
VLAN 1 and 5 are not to be routed over the WAN
I've made a small sketch of the system which can be seen at
What I'd like to reach is that VLAN 3 at Location 4 goes out of Fa1/0/3 and Fa2/03 only, Fa1/0/3 goes directly to location 1 (the main location). Fa2/0/3 goes to location 2 (the backup main location) and then up the fiber to location 1. I don't want EIGRP to select routes on links not intended for that VLAN.
What I've done so far: I've enabled three EIGRP AS's. One for each of the VLAN's and assigned IP address to Fa1/0/2-4 and Fa2/0/2-4. They do find the appropriate neighbours, but if I unplug all links for VLAN
4, I can still connect to VLAN 4 on another location over the WAN.I've tried setting ACL's to deny trafic between for instance Fa1/0/2 and VLAN 3 and 4, but was unsuccesfull (sorry, didn't keep the ACL test config). All it did was block VLAN routing on the location itself.
I've looked at setting the locations 3-5 as stub routers in EIGRP, but I'm not sure whether this should solve my problem.
Here's my (edited) config for the router in Location 4:
--------------------------------------------------------------------------------------------------------
version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname LOC4RTR ! enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx ! username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx no aaa new-model clock timezone CET 1 clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00 switch 1 provision ws-c3750-24ts switch 2 provision ws-c3750-24ts system mtu routing 1500 ip subnet-zero ip routing ! ! mls qos ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface FastEthernet1/0/2 no switchport ip address 2.1.2.4 255.255.255.0 speed 10 duplex full flowcontrol receive desired ! interface FastEthernet1/0/3 no switchport ip address 2.1.3.4 255.255.255.0 speed 10 duplex full flowcontrol receive desired ! interface FastEthernet1/0/4 no switchport ip address 2.1.4.4 255.255.255.0 speed 100 duplex full flowcontrol receive desired ! interface FastEthernet2/0/2 no switchport ip address 2.2.2.4 255.255.255.0 speed 10 duplex full flowcontrol receive desired ! interface FastEthernet2/0/3 no switchport ip address 2.2.3.4 255.255.255.0 speed 10 duplex full flowcontrol receive desired ! interface FastEthernet2/0/4 no switchport ip address 2.2.4.5 255.255.255.0 speed 100 duplex full flowcontrol receive desired ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 ip address 1.4.2.1 255.255.255.0 ! interface Vlan3 ip address 1.4.3.1 255.255.255.0 ! interface Vlan4 ip address 1.4.4.1 255.255.255.0 ! interface Vlan5 ip address 1.4.5.1 255.255.255.0 ! router eigrp 2 variance 2 network 2.1.2.4 0.0.0.255 network 2.2.2.4 0.0.0.255 network 1.4.2.1 0.0.0.255 maximum-paths 2 no auto-summary ! router eigrp 3 variance 2 network 2.1.3.4 0.0.0.255 network 2.2.3.4 0.0.0.255 network 1.4.3.1 0.0.0.255 maximum-paths 2 no auto-summary ! router eigrp 4 variance 2 network 2.1.4.4 0.0.0.255 network 2.2.4.4 0.0.0.255 network 1.4.4.1 0.0.0.255 maximum-paths 2 no auto-summary ! ip classless ip http server ip http authentication local ! ! ! control-plane ! ! line con 0 login line vty 0 4 login length 0 line vty 5 15 login ! end
---------------------------------------------------------------------------------------------------------
Thanks in advance for any help,
Marc Rietman