ethernet subinterfaces on small routers

What behaviour are you hoping to see with a subinterface that is not part of a VLAN ?

It is telling you that you have to define the vlan:

THEN Router(config-if)#encapsulation dot1Q 1

where dot1Q is the encapsulation type and '1' is the vlan number. Also put the keyword "native" at the end of the command if this is the native vlan for the trunk. Then you should be able to put the IP address. Repeat for each vlan you are working on.

-k

M.G. wrote:

Hi

Thanks.

I wanted to define two ip addresses for the ethernet in order to create a DMZ.

But I guess that I can't. I don't have a switch with vlans, just a simple unmanaged 3Com.

I don't remember very much about vlans, but is it encapsulaton dot1q compatible with a switch like an unmanaged one?

Thanks,

M.G.

"Kevin Widner" escribió en el mensaje news: snipped-for-privacy@i40g2000cwc.googlegroups.com...

You can use ip address secondary to give an -additional- IP to an interface, but it will NOT be a DMZ: there would be at most weak security between the two subnets.

dot1q usually adds 4 bytes to the frame; if the frame was already maximum length then your switch might discard it (but some switches would allow these "baby giant" frames.) If you can get the frame length through the switch (even if by reducing the MTU) then the dot1q encapsulation will not interfere with the normal operation of your unmanaged switch.

I don't recall which version it first came out in, but somewhere in 12.3-something, a facility was added to the 837 to allow the fourth port of the built-in 4-port switch to be a true DMZ interface. (Note, though, that the DMZ security value would be lost if you were to connect all the ports together to your unmanaged switch.)