2600 router + 2924 switch and vlans

switch config:

interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 switchport mode trunk ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache

router:

interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 switchport mode trunk ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache

I have no access lists at all I wiped them to test weather this works. What am I doing wrong ? I need 2 vlans and this just fails and fails. I can route from a port assigned to the def vlan, but not from any port assigned to vlan 2

Reply to
turnip
Loading thread data ...

sorry..

Router:

interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0 no cdp enable ! interface FastEthernet0/0.2 encapsulation dot1Q 1 native ip address 192.168.0.253 255.255.255.0 ip nat inside no cdp enable

Reply to
turnip

Have you created vlan 2 in the 'vlan database' in the CLI? Do you see the proper ports assigned to vlan 2 in a 'show vlan'?

I assume you are going with the single port connecting the switch to the router marked as a trunk port, rather than the port channel group which isn't going to work with a router-on-a-stick 2600?

Which code rev of the 2924? Some of the older ones defaulted to ISL as the default trunk type. Try making sure to do dot1q trunk type on your trunk port.

One thing I would strongly suggest with older gear especially is staying away from VLAN 1 altogether. Cisco treats it special, and it flip/flop'd alot on the router code. This way didn't work always. Sometimes you needed

interface FastEthernet0/0 ip address 192.168.0.253 255.255.255.0

interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0

to talk with the native vlan on the switch.

Once you move into multiple VLANs, and trunking them, then switch everything away from VLAN 1 and the native vlan oddness that overtook some hardware/software revs.

Reply to
Doug McIntyre

On Oct 4, 7:16 pm, Doug McIntyre wrote:

I am not sure how to set a interface or sub interface on a 2600 as a trunk. All I see is a trunk-group command, Should I default that to

1 ?

I have tried dotq (specified it on the switch, because you were right, it was isl.)

Right now, if the sub router interfaces are set to isl vlanid

and the switch trunk port is set to switchport trunk encapsulation isl

I was able to get vlan working, well it's odd.

I have ports defined for vlan 2, the funny thing is, under isl mode I can get a dhcp address just not on the 44 network. I get the native vlan network. My dhcp server is set up for the second vlan range. Here is my config:

switch:

192_sub#sh vlan VLAN Name Status Ports

---- -------------------------------- ---------

-------------------------------

1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa2/3, Fa2/4 2 it-dept active Fa0/11 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- --------

------ ------

1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 1 1003 1003 tr 101003 1500 1005 - - - srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0

Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 192_sub ! enable secret 5 $1$V8a5$.pOnSyDIEGBo01iFaQVZp/ ! ! ! ! ! ! ip subnet-zero ip dhcp-server 192.168.0.111 ! ! ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 switchport access vlan 2 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.0.253 snmp-server engineID local 00000009020000D0C0F257C0 snmp-server community private RW snmp-server community public RO ! line con 0

Router:

interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation isl 2 ip address 192.168.44.253 255.255.255.0 no ip redirects no cdp enable ! interface FastEthernet0/0.2 encapsulation isl 1 ip address 192.168.0.253 255.255.255.0 no ip redirects ip nat inside no cdp enable !

router rip network 10.0.0.0 network 192.168.0.0 network 192.168.1.0 network 192.168.44.0

At this point both work, however I do not get the correct address range appilied to me. Maybe setting an ip address on the switches 0/11 interface will do it ? I dunno I am kinda lost, I followed this post

formatting link
Yes this is a router on a stick setup

Reply to
turnip
[big snip because there's too much context and not enough relevant details]

Which switch port is the router plugged into? That's the piece of switch configuration that matters.

At a guess, it's plugged in here:

And what you really need is something very much like:

interface FastEthernet0/11 description Switch port facing 26xx router switchport trunk encap dot1q switchport trunk allowed vlan 1-2 switchport trunk native vlan 1 switchport mode trunk spanning-tree portfast

And on the router something very much like:

interface FastEthernet0/0 description dot1q "trunk" port facing 2924 switch

interface FastEthernet0/0.1 encapsulation dot1q 1 native ip address 192.168.0.253 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation dot1q 2 ip address 192.168.44.253 255.255.255.0

What does this mean, "I get the native vlan network"?

You plug a workstation into vlan 2 on the switch and get an address allocation from the 192.168.0.x DHCP scope?

That would indicate that you have VLAN 1 cross-connected with VLAN2 somewhere.

Reply to
briggs

You are correct on your assessment of my config. Everything is working as I wanted it to now. Thank you all very much for the help

Reply to
turnip

On Oct 5, 11:33 am, turnip wrote:

writes:

Password: cerberus#sh run Building configuration...

Current configuration : 7019 bytes ! ! Last configuration change at 12:04:58 EST Fri Oct 5 2007 ! version 12.2 service tcp-keepalives-in service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname cerberus ! boot system flash c2600-js-mz.122-12a.bin no logging console enable secret 5 $1$N98h$NfYf1TUtstXQzSiVuB.dS1 enable password 7 044B1B0F1F22181F5949 ! clock timezone EST -5 ip subnet-zero ! ! no ip domain-lookup ! no ip bootp server ip cef ! class-map match-all radmin-rdp match access-group 101 class-map match-all ipsec match access-group 103 class-map match-all voice match access-group 105 class-map match-all www match access-group 102 ! ! policy-map voip class voice bandwidth 150 class class-default fair-queue policy-map outbound_shaper class ipsec bandwidth percent 50 random-detect class www bandwidth percent 25 random-detect class radmin-rdp bandwidth percent 25 random-detect class class-default fair-queue ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0 no ip redirects ip nat inside no cdp enable ! interface FastEthernet0/0.4 encapsulation dot1Q 1 native ip address 192.168.0.253 255.255.255.0 ip nat inside no cdp enable ! interface Serial0/0 bandwidth 1536 ip address 12.87.xx.xx 255.255.255.252 ip access-group 125 in ip nat outside encapsulation ppp service-module t1 timeslots 1-24 service-module t1 remote-alarm-enable no cdp enable ! interface FastEthernet0/1 ip address 10.0.0.253 255.255.255.0 ip nat inside duplex auto speed auto no cdp enable ! interface Serial0/1 ip address 10.1.1.2 255.255.255.0 ip nat inside encapsulation ppp service-policy output voip service-module t1 clock source internal no cdp enable hold-queue 200 in hold-queue 200 out ! ip nat pool OVERLOAD 12.87.xx.xx12.87.xx.xx netmask 255.255.255.252 ip nat pool warehouse 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252 ip nat pool it-dept 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252 ip nat inside source list 1 pool OVERLOAD overload ip nat inside source list 2 pool warehouse overload ip nat inside source list 3 pool it-dept overload ip nat inside source static udp 192.168.0.200 3389 12.170.xx.xx 3389 extendable ip nat inside source static tcp 192.168.0.200 3389 12.170.xx.xx 3389 extendable ip nat inside source static tcp 192.168.0.200 1723 12.170.xx.xx 1723 extendable ip nat inside source static tcp 192.168.0.74 3389 12.170.252.xx 3389 extendable ip nat inside source static udp 192.168.0.74 3389 12.170.252.xx 3389 extendable ip nat inside source static tcp 192.168.0.55 3389 12.87.xx.xx 3389 extendable ip nat inside source static udp 192.168.0.55 3389 12.87.xx.xx 3389 extendable ip nat inside source static udp 10.0.0.254 5060 12.87.16.xx 5060 extendable ip nat inside source static udp 192.168.0.235 4326 12.87.xx.xx 4326 extendable ip nat inside source static tcp 192.168.0.235 4326 12.87.xx.xx 4326 extendable ip nat inside source static tcp 10.0.0.254 6600 12.87.xx.xx6600 extendable ip nat inside source static udp 10.0.0.254 6600 12.87.xx.xx6600 extendable ip nat inside source static tcp 192.168.0.199 443 12.170.xx.xx 443 extendable ip nat inside source static udp 192.168.0.199 4500 12.170.xx.xx 4500 extendable ip nat inside source static udp 192.168.0.199 500 12.170.252.209 500 extendable ip nat inside source static tcp 192.168.0.111 22 12.170.xx.xx 22 extendable ip nat inside source static tcp 192.168.0.111 80 12.170.xx.xx 80 extendable ip nat inside source static tcp 10.0.0.254 22 12.87.xx.xx 22 extendable ip nat inside source static tcp 10.0.0.254 80 12.87.xx.xx 80 extendable ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 12.87.xx.xx name at&t ip route 192.168.1.0 255.255.255.0 Serial0/1 10.1.1.1 permanent no ip http server ip pim bidir-enable ! access-list 1 permit 10.0.0.0 0.0.0.255 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 3 permit 192.168.44.0 0.0.0.255 access-list 101 remark remote admin acl access-list 101 permit tcp any eq 4326 any time-range business_hr access-list 101 permit tcp any eq 3389 any time-range business_hr access-list 102 remark www protocol access-list 102 permit tcp any eq www any time-range business_hr access-list 102 permit tcp any eq 443 any time-range business_hr access-list 102 permit tcp any eq ftp any time-range business_hr access-list 103 remark ipsec/lt2p/pptp/esp access-list 103 permit esp any any time-range business_hr access-list 103 permit udp any eq isakmp any time-range business_hr access-list 103 permit udp any eq 1701 any time-range business_hr access-list 103 permit udp any eq 1723 any time-range business_hr access-list 103 permit udp any eq 4500 any time-range business_hr access-list 103 permit ahp any any time-range business_hr access-list 103 permit gre any any time-range business_hr access-list 103 permit tcp any eq 1723 any time-range business_hr access-list 105 remark VOIP (SIP/IAX/IAX2) traffic gets top priority (5) access-list 105 permit udp any any eq 4569 access-list 105 permit udp any any eq 5004 access-list 105 permit udp any any eq 5036 access-list 105 permit udp any any eq 5060 access-list 105 permit ip host 10.0.0.254 any access-list 105 permit ip any host 10.0.0.254 access-list 125 deny tcp any any eq telnet access-list 125 deny tcp any any eq chargen access-list 125 deny tcp any any eq ident access-list 125 deny tcp any any eq nntp access-list 125 deny tcp any any eq hostname access-list 125 deny tcp any any eq exec access-list 125 deny tcp any any eq cmd access-list 125 permit ip any any access-list 125 permit gre any any access-list 125 permit ip any host 192.168.0.200 access-list 126 permit gre any any access-list 126 permit ip any any access-list 126 permit udp any any access-list 126 permit icmp any any access-list 126 permit esp any any access-list 126 permit ahp any any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp run ! snmp-server community public RO snmp-server contact jzakhar snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps syslog snmp-server enable traps rtr snmp-server host 192.168.0.111 public ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 password 7 xx login ! ntp clock-period 17179997 ntp server 10.0.0.254 time-range business_hr periodic weekdays 8:00 to 18:00 ! time-range name periodic weekdays 8:00 to 18:00 ! end

Switch:

User Access Verification

Password:

192_sub>en Password: 192_sub#sh run Building configuration...

Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 192_sub ! enable secret 5 $1$V8a5$.pOnSyDIEGBo01iFaQVZp/ ! ! ! ! ! ! ip subnet-zero ip dhcp-server 192.168.0.111 ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport trunk pruning vlan 3-1001 switchport mode trunk ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 switchport access vlan 2 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.0.253 snmp-server engineID local 00000009020000D0C0F257C0 snmp-server community private RW snmp-server community public RO ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password xx login line vty 5 15 password xx login ! end

192_sub#sh vlan VLAN Name Status Ports

---- -------------------------------- ---------

-------------------------------

1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa2/3, Fa2/4 2 it-dept active Fa0/16 3 VLAN0003 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active

192_sub#sh ver Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC8, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 19-Jun-03 13:09 by antonino Image text-base: 0x00003000, data-base: 0x0034E2F4

ROM: Bootstrap program is C2900XL boot loader

192_sub uptime is 1 day, 3 hours, 20 minutes System returned to ROM by power-on System image file is "flash:c2900xl-c3h2s-mz.120-5.WC8.bin"

cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/

1024K bytes of memory. Processor board ID FAA0315F0FN, with hardware revision 0x03 Last reset from power-on

Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable

28 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:D0:C0:F2:57:C0 Motherboard assembly number: 73-3425-06 Power supply part number: 34-0920-01 Motherboard serial number: FAA03129G25 Power supply serial number: NONE Model revision number: A0 Model number: WS-C2924M-XL-EN System serial number: FAA0315F0FN

port 0/1 is trunked into the router, my computer was plugged into port

16, If I statically set the address, I was able to access all of our networks, but not route out.

I am using one ip address to NAT 2 networks

ip nat pool warehouse 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252 ip nat pool it-dept 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252

Those are the same ip's, i just remved the last 2 octets. Tomorrow I am going to remove the native vlan and create another and use 2 non natives as per the advice above, however I did power cycle the switch and router. It worked when I left last night, and for 4 hours this morning.. Then just stopped. I am also the only one with access to the gear and closet. So nothing was changed. Which is really confusing me. It could be it stopped working when people from the warehouse network started using traffic, I was not able to time it.

I will be reading documentation tonight, but from all the examples of router on a stick i have seen, this should work. Any advice is of course always appreciated

Reply to
turnip

Also

192_sub#sh vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 254 Number of existing VLANs : 7 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x9A 0x9D 0x04 0xAE 0xB3 0x4E 0x4D 0x25 Configuration last modified by 192.168.0.249 at 3-1-93 04:07:21

192_sub#sh interfaces fastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 1-3 Pruning VLANs Enabled: 3-1001

Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none Self Loopback: No

192_sub#
Reply to
turnip

I should also add that 2/1 and 2/2 are trunked into an identical switch.

Reply to
turnip

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.