cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2262
Views
0
Helpful
9
Replies

Configuration of a cisco c921-4P and two switchs SG250

ben.r.fr
Level 1
Level 1

Hi,
Do any of you have skills in the Cisco ISR 900 Series?
I am setting up a network infrastructure with a c921-4P router and two Cisco SG250 switches. All devices are new and without any configurations on them.

 

when I wanted to create my sub-interfaces on the trunk port of the router, I understood that it was not possible because the ISR 900 series manages its LAN ports like a switch.

I'm in a bad place because my work to get to this point is totally broken now.

 

My questions are to find a solution and a good process to make my infrastructure available to manage four Vlans distributed on the two switches having the c921 router as master.

I've searched a lot but haven't found any good answers so far:
- Should I create a VTP configuration on the router to be the server and configure both switches to be clients?
- If not, what should I do?
- I have trouble understanding how to do the wiring?
- And I have trouble understanding how the router part works?

 

Thank you in advance for your feedback

Benjamin 

3 Accepted Solutions

Accepted Solutions

Hello,

 

below is a basic configuration for the 921. Coonect the SG250 switches to an RJ-45 LAN port, and GigabitEthernet 5 to the ISP router/modem.

 

Current configuration : 1087 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 06:11:03 UTC Mon Sep 17 2018
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C921
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
license udi pid C921J-4P sn PSZ22241C1T
!
redundancy
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
interface GigabitEthernet0
description Link to SG250_1
switchport access vlan 1
!
interface GigabitEthernet1
description Link to SG250_2
switchport access vlan 1
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
description Uplink to ISP
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
vstack
!
line con 0
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

View solution in original post

Hello,

 

if you need several Vlans, create the Vlan interfaces on the router, and the GigabitEthernet interfaces on the router that connect to the swtches as trunks.

View solution in original post

Hello,

 

the default router IP addresses configured in your DHCP pools need to be the same as the Vlan interface IP addresses:

 

Current configuration : 1826 bytes
!
! Last configuration change at 16:30:12 UTC Tue Feb 22 2022 by
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RZA
!
boot-start-marker
boot-end-marker
!
enable password
!
no aaa new-model
!
ip dhcp excluded-address 192.168.x.1 192.168.x.15
ip dhcp excluded-address 192.168.x.1 192.168.x.15
ip dhcp excluded-address 192.168.x.1 192.168.x.22
!
ip dhcp pool vlan_
network 192.168.x.0 255.255.255.0
default-router 192.168.x.1
dns-server 8.8.8.8
!
ip dhcp pool vlan_*****
network 192.168.y.0 255.255.255.0
default-router 192.168.y.1
dns-server 8.8.8.8
!
ip dhcp pool vlan_
network 192.168.z.0 255.255.255.0
default-router 192.168.z.1
dns-server 8.8.8.8
!
ip domain name
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
license udi pid C921-4P sn PSZ25521HCQ
!
username password 0
!
redundancy
!
interface GigabitEthernet0
description link to ODB
switchport trunk native vlan 199
switchport mode trunk
no ip address
!
interface GigabitEthernet1
description link to GZA
switchport trunk native vlan 199
switchport mode trunk
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
no ip address
shutdown
duplex auto

speed auto
!
interface Vlan1
ip address 192.168.x.1 255.255.255.0
!
interface Vlan2
ip address 192.168.y.1 255.255.255.0
!
interface Vlan2
ip address 192.168.z.1 255.255.255.0
1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip ssh version 2
!
control-plane
!
line con 0
line vty 0 4
login local
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
!
end

View solution in original post

9 Replies 9

Hello,

 

below is a basic configuration for the 921. Coonect the SG250 switches to an RJ-45 LAN port, and GigabitEthernet 5 to the ISP router/modem.

 

Current configuration : 1087 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 06:11:03 UTC Mon Sep 17 2018
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C921
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
license udi pid C921J-4P sn PSZ22241C1T
!
redundancy
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
interface GigabitEthernet0
description Link to SG250_1
switchport access vlan 1
!
interface GigabitEthernet1
description Link to SG250_2
switchport access vlan 1
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
description Uplink to ISP
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
vstack
!
line con 0
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

ben.r.fr
Level 1
Level 1

Hello @Georg Pauwen

Thank you very much for your answer, I will do it tomorrow as soon as possible.


- And to access several VLANs, I configure go0 and go1 as a trunk on the router and the same on the switches, could that be it?
- And I also create the VLANs on the switches according to their distribution on the ports?

 

I understand better how the router works now, again thank you very much and I will tell you how it works !!

Benjamin

Hello,

 

if you need several Vlans, create the Vlan interfaces on the router, and the GigabitEthernet interfaces on the router that connect to the swtches as trunks.

ben.r.fr
Level 1
Level 1

Hello @Georg Pauwen,

ok thank you, I run the config and let you know

ben.r.fr
Level 1
Level 1

hello, 

I think I forgot something or there is a configuration that blocks the dhcp attribution.
The SG250 does not seem to want to switch from operational mode to trunk mode

RZA : router c921-4P

GZA : switch SG250-26P

- int gi1 GZA (picture1) and int gi1 GZA switchport (picture 2) :

Capture d’écran 2022-02-22 à 19.27.39.png

 

 

 

 

 

 

Capture d’écran 2022-02-22 à 19.28.21.png

 

 

 

 

 

 

 

 

 

 

 

 

 

- int gi1 RZA switchport (picture 3) : 

Capture d’écran 2022-02-22 à 19.28.51.png

 

 

 

 

 

 

 

 

 

ben.r.fr
Level 1
Level 1

RZA (router) running-config : 

RZA#sh running-config

Building configuration...

 

  

Current configuration : 1826 bytes

!

! Last configuration change at 16:30:12 UTC Tue Feb 22 2022 by 

!

version 15.8

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RZA

!

boot-start-marker

boot-end-marker

!

!

enable password 

!

no aaa new-model

!

!

!

!

!

!

!

!

ip dhcp excluded-address 192.168.x.1 192.168.x.15

ip dhcp excluded-address 192.168.x.1 192.168.x.15

ip dhcp excluded-address 192.168.x.1 192.168.x.22

!

ip dhcp pool vlan_

network 192.168.x.0 255.255.255.0

default-router 192.168.0.x

dns-server 8.8.8.8

!

ip dhcp pool vlan_*****

network 192.168.x.0 255.255.255.0

default-router 192.168.0.x

dns-server 8.8.8.8

!

ip dhcp pool vlan_

network 192.168.x.0 255.255.255.0

default-router 192.168.0.x

dns-server 8.8.8.8

!

!         

!

ip domain name 

ip cef

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid C921-4P sn PSZ25521HCQ

!

!

username  password 0 

!

redundancy

!

!

!

!

!

!

interface GigabitEthernet0

description link to ODB

switchport trunk native vlan 199

switchport mode trunk

no ip address

!

interface GigabitEthernet1

description link to GZA

switchport trunk native vlan 199

switchport mode trunk

no ip address

!

interface GigabitEthernet2

no ip address

!

interface GigabitEthernet3

no ip address

!

interface GigabitEthernet4

ip address dhcp

duplex auto

speed auto

!

interface GigabitEthernet5

no ip address

shutdown

duplex auto

speed auto

!

interface Vlan1

no ip address

!

interface Vlan2

no ip address

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip ssh version 2

!

!

!

!

control-plane

!

!

line con 0

line vty 0 4

login local

transport input ssh

transport output ssh

!

scheduler allocate 20000 1000

!

end

 

Hello,

 

the default router IP addresses configured in your DHCP pools need to be the same as the Vlan interface IP addresses:

 

Current configuration : 1826 bytes
!
! Last configuration change at 16:30:12 UTC Tue Feb 22 2022 by
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RZA
!
boot-start-marker
boot-end-marker
!
enable password
!
no aaa new-model
!
ip dhcp excluded-address 192.168.x.1 192.168.x.15
ip dhcp excluded-address 192.168.x.1 192.168.x.15
ip dhcp excluded-address 192.168.x.1 192.168.x.22
!
ip dhcp pool vlan_
network 192.168.x.0 255.255.255.0
default-router 192.168.x.1
dns-server 8.8.8.8
!
ip dhcp pool vlan_*****
network 192.168.y.0 255.255.255.0
default-router 192.168.y.1
dns-server 8.8.8.8
!
ip dhcp pool vlan_
network 192.168.z.0 255.255.255.0
default-router 192.168.z.1
dns-server 8.8.8.8
!
ip domain name
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
license udi pid C921-4P sn PSZ25521HCQ
!
username password 0
!
redundancy
!
interface GigabitEthernet0
description link to ODB
switchport trunk native vlan 199
switchport mode trunk
no ip address
!
interface GigabitEthernet1
description link to GZA
switchport trunk native vlan 199
switchport mode trunk
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
no ip address
shutdown
duplex auto

speed auto
!
interface Vlan1
ip address 192.168.x.1 255.255.255.0
!
interface Vlan2
ip address 192.168.y.1 255.255.255.0
!
interface Vlan2
ip address 192.168.z.1 255.255.255.0
1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip ssh version 2
!
control-plane
!
line con 0
line vty 0 4
login local
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
!
end

ben.r.fr
Level 1
Level 1

GZA (switchSG250) running-config : 

GZA#sh running-config

config-file-header

GZA

v2.5.5.47 / RTESLA2.5.5_930_364_286

CLI v1.0

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end 

!

!

unit-type-control-start

unit-type unit 1 network gi uplink none

unit-type-control-end

!

vlan database

vlan x-x,199

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone

voice vlan oui-table add 00036b Cisco_phone

voice vlan oui-table add 00096e Avaya                 

voice vlan oui-table add 000fe2 H3C_Aolynk

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone

voice vlan oui-table add 00e075 Polycom/Veritel_phone

voice vlan oui-table add 00e0bb 3Com_phone

bonjour interface range vlan 1

hostname GZA

username  password encrypted  privilege 15

ip ssh server

snmp-server server

ip telnet server

!

interface vlan x

name 

!

interface vlan x

name 

!

interface vlan x

name 

!

interface vlan 199                                    

name native

!

interface GigabitEthernet1

description link_to_RZA

spanning-tree link-type point-to-point

switchport mode trunk

switchport access vlan 199

switchport trunk native vlan 199

macro description switch

!next command is internal.

macro auto smartport dynamic_type switch

!

interface GigabitEthernet2

switchport access vlan 

!

interface GigabitEthernet3

switchport access vlan 

!

interface GigabitEthernet4

switchport access vlan 

!

interface GigabitEthernet5                            

switchport access vlan 

!

interface GigabitEthernet6

switchport access vlan 

!

interface GigabitEthernet7

switchport access vlan 

!

interface GigabitEthernet8

switchport access vlan 

!

interface GigabitEthernet9

switchport access vlan 

!

interface GigabitEthernet10

switchport access vlan 

!

interface GigabitEthernet11

switchport access vlan 

!

interface GigabitEthernet12

switchport access vlan                             

!

exit

ben.r.fr
Level 1
Level 1

It's all right

Very sincerely, I send you a huge thank you for your feedback as good as reactive and now I will continue the deployment.
If I can ask you if I have any questions, and above all thank you again a thousand times.

Benjamin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco