vlan question on cat4506 / sup IV

Hi there.

I have the following setup: One Cat4506 with supIV, two gigabit uplinks, a /24 routed to us, a default gateway.

Now I want to create subnets on the /24. What is the best way to do this?

When I try to create two vlans, each as a /25, and add a "route

0.0.0.0 0.0.0.0 a.b.c.1" entry the switch does not any more ping the gw, and additionally i get messages like %C4K_EBM-4-HOSTFLAPPING: Host 00:13:21:B1:23:4E in vlan 600 is flapping between port Gi1/2 and port Gi1/1 Gig1/1 and Gig1/2 are the uplink ports to our privider.

So, obviously we are doing something wrong.

Any hint appreciated, Christian

Reply to
Christian Lox
Loading thread data ...

Sounds fine, but you've described things without much detail.

I wouldn't worry about the two VLANs at this point, but your upstream, are you sure you are matching what the provider is handing off to you on your two ports on blade 1?

Post relavent sanitized snippets of the config?

Reply to
Doug McIntyre

I could be misinterpreting here, but it sounds like your switch is a layer 2 device only, and the GW of your devices is the real default gateway. If this switch does not have a MSFC, then the route you are changing has nothing to do with vlan routing, and only has to do with access to/from the switches management interface. If you wanted to have two vlans, you would need a router that owns both of those vlans (i.e. a SVI in each vlan) and trunk to the switch that could then split your ports into those two vlans. The router(s) would then handle ingress/egress to the each of the vlans or to the internet. As I said, I may have misread this, but that was my thought.

Reply to
Trendkill

After reading cisco documentation, the sup IV should support layers

2-4 without a problem (I have only dealt with the larger cisco gear), so perhaps a config would help (omit passwords and specific IPs).
Reply to
Trendkill

Sorry for being to imprecise.

One thig I did not mention is that the default gateway is an address in our /24 range. So when i split the /24 into two /25 one of the /25 cannot access the default gateway. What to do here?

Well, the config....It is more pure guess than a config. The last try was to setup the gig uplinks as a trunk:

interface GigabitEthernet1/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,600 switchport mode trunk ip access-group firewall in ! interface GigabitEthernet1/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,600 switchport mode trunk ip access-group firewall in ! ! interface GigabitEthernet2/25 switchport access vlan 600 switchport mode access ! interface Vlan1 ip address a.b.c.42 255.255.255.128 ! interface Vlan600 ip address a.b.c.244 255.255.255.128 ! ip route 0.0.0.0 0.0.0.0 a.b.c.254

I read something about configuring the uplinks with "no switchport", maybe this is the way to go?

Thanks for any input, Christian

Reply to
Christian Lox

First off, you are treating this as a layer-2 switching thing, and not layer-3 routing, but you are asking it to do layer-3 routing. This isn't going to work at all.

First thing I'd do is to ask your upstream to change the way they hand this off to you. Get a /30 from them for the interface between you and them. Then ask them to route the IP block to your switch.

Ie. 10.0.0.254/25 10.10.10.1/30 10.10.10.2 ------> VLAN1 Upstream ----------------> 4506 VLAN 50 ------> VLAN600 10.0.0.126/25

In reality, you're going to have 3 different VLANs. The one for the outside, and the two on the inside.

I still don't know how they hand off your two upstream ports. I'm going to guess that its just two switch ports together.

Next, I'd not use VLAN1. There's too many things Cisco that run in in Vlan1 by default. I tend to leave them all behind in there, and instead start going off in new VLANs.

Say, pick VLAN 50 to be the outside one, Vlan 100 to be inside range one and Vlan101 to be inside range two.

This is most certainly not what you want to do. Trunking means that you are going to trunk your VLANs up to another switch device you control to break out there.

Here's a config that you are probably trying to do, but it depends on you getting a new /30 range from your upstream. (10.10.10.0/30)

vlan 50,100,101

int Vlan 50 ip address 10.10.10.2 255.255.255.252 int gig 1/1 switchport switchport access vlan 50 int gig 1/2 switchport switchport access vlan 50

int Vlan 100 ip address 10.0.0.254 255.255.255.128 int range gig 2/1-24 switchport switchport access vlan 100

int Vlan 101 ip address 10.0.0.126 255.255.255.128 int range gig 2/25-48 switchport switchport access vlan 101

ip route 0.0.0.0 0.0.0.0 10.0.0.1

So, here, you have the two 1/1 and 1/2 interfaces in one VLAN, as part of a SVI, and both ports can access your upstream.

Then you take out two more SVI's and put IPs on them, and bring half your ports into Vlan 100, and the other half into Vlan 101.

'no switchport' turns the port into a layer-3 port. You can configure an IP address on that port then. It can't overlap any other IP range though.

The main uncertainty to me is just how your upstream is handing off your two ports of connectivity, and if you can get a /30 from them. But you really need that extra block of IPs to route things around with in layer-3 mode like you are trying to do.

Reply to
Doug McIntyre

That would be: ip route 0.0.0.0 0.0.0.0 10.10.10.1

You also need to configure your hosts with appropriate default gateways

int Vlan 100 ip address 10.0.0.254 255.255.255.128

Above hosts need to point to 10.0.0.254

int Vlan 101 ip address 10.0.0.126 255.255.255.128

Above hosts need to point to 10.0.0.126

Reply to
bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.