VLAN on a switchcard and secondary IP

Hi,

I've got a 1721 with an ESW-4 Switch attached to it. I decided to use a range of 192.168.0.0/26 as my homenet for normal clients. NAT overload on my outside interface (fa0) does the trick to bring my clients into the net. So far, so good. Now I decided to assign a secondary address to my VLAN (using

192.168.0.64/28), anticipating throwing my server into another subnet (and subsequently into another VLAN) and it is there, where I'm facing a problem.

My Clients in the first subnet are now having troubles. When I start to ping, I can see about 50% loss for the first few minutes, about 30% after that. Funny thing is: After about 20 Minutes, there is nearly no loss anymore.

Deleting the secondary IP solves that problem instantly.

Can someone give me a hint of what went wrong? Is this setup impossible? Is there another possibility with a built-in-switchcard, that resembles a router on a stick more closely?

Thanks for any advice luke

Reply to
Lukas Schratz
Loading thread data ...

If when the secondary ip is enabled do you see high CPU utilization (show proc cpu sorted) from the IP Input process? If so add "ip route- cache same-interface" to the VLAN interface. Otherwise I'm not sure why you are having problems with the secondary ip, however I do think that you taking the wrong approach. Adding a secondary ip does not put the server into a different VLAN. Remember that the ESW card is an Ethernet switch, your server will still see broadcasts from your clients as the switchport is in the smae VLAN.

What you should do is create an additional vlan and make the port which your server connects to part of that VLAN:-

interface FastEthernet1/1 description Client duplex half speed 10 ! interface FastEthernet1/2 description Server switchport access vlan 2 duplex full speed 100 ! interface Vlan1 description Clients ip address 192.168.0.1 255.255.255.192 ! interface Vlan2 description Server ip address 192.168.0.65 255.255.255.240

Hope this helps,

James

Reply to
James

James hackte in den Rechenknecht

No, CPU stays at or below 10%, even going down as deep as 1%.

Thanks. That was part 2 of my plan, when part 1 (assignign a secondary IP) has worked flawlessly.

Why half-duplex? Why speed 10? No VLAN-switchport assignment here?

Is it possible to assign different IP-addresses to different VLANs? I thought, only one VLAN is allowed an address for management purposes and therefore becomes the management vlan, which is why I did assign a secondary to it.

Kind of looks like, it just produces more questions ;-)

Thx anyway for your advice luke

Reply to
Lukas Schratz

The Speed / Duplex settings were left over from cutting and pasting one of my working configs into this window, you can use whatever you wish. The ports default VLAN assignment is VLAN1 - the default command does not display in the config.

As this is a switch module within a router it is working at Layer 3. Layer 3 switches normally have an IP Address on each VLAN which is normally the default gateway for that VLAN. You are correct in thinking that a Layer 2 switch such as a 2950 or 2960 can only have a single address on one VLAN which can only be used as management.

James

Reply to
James

James hackte in den Rechenknecht

From Cisco.com: "The WIC-4ESW interface card is a Layer 2 Ethernet switch with Layer 3 routing capability. (Layer 3 routing is forwarded to the host, and is not actually performed at the switch.)"

That and a test at the beginning of my setup (about 1 year ago) drove me in the wrong direction to think, that the ESW is Layer2-only.

If I knew it was that easy (and exactly what I wanted ;-) ), I would have done it right in the first place an never would have played around with a secondary IP (though it is still bugging me that I ran into problems there...)

Now it works as expected. Thanks for putting me right about the Layer2/Layer3 misconception I had.

luke

Reply to
Lukas Schratz

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.