01-17-2003 09:38 AM - edited 03-02-2019 04:17 AM
I need the ability to have a 2948G-L3 perform Layer 2 VLANS, perform Inter-VLAN routing and HSRP for the Inter-VLAN routing. There will be a second 2948G-L3 for the HSRP partner. Is the config below correct and the best way to do this? Thanks.
bridge irb
!
!
!
interface FastEthernet1
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet2
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet3
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet4
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet5
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet6
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet7
bridge-group 2
bridge-group 2 spanning-disabled
!
interface FastEthernet8
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet9
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet10
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet11
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet12
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet13
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet14
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet15
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet16
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet17
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet18
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet19
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet20
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet21
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet22
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet23
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet24
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet25
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet26
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet27
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet28
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet29
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet30
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet31
bridge-group 5
bridge-group 5 spanning-disabled
!
interface FastEthernet32
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet33
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet34
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet35
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet36
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet37
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet38
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet39
bridge-group 6
bridge-group 6 spanning-disabled
!
interface FastEthernet40
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet41
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet42
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet43
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet44
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet45
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet46
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet47
bridge-group 7
bridge-group 7 spanning-disabled
!
interface FastEthernet48
bridge-group 7
bridge-group 7 spanning-disabled
!
interface GigabitEthernet49 -----------> Physical connection to layer 2 User network
!
interface GigabitEthernet49.2 -----------> VLAN needed on here and layer 2 user network
encapsulation dot1Q 2
bridge-group 2
!
interface GigabitEthernet49.3 -----------> VLAN needed on here and layer 2 user network
encapsulation dot1Q 3
bridge-group 3
!
interface GigabitEthernet49.4 -----------> VLAN needed on here and layer 2 user network
encapsulation dot1Q 4
bridge-group 4
!
interface BVI 2
ip address 192.168.1.2 255.255.255.0
standby 2 ip address 192.168.1.1
standby 2 priority 110
bridge-group 2
!
interface BVI 3
ip address 192.168.2.2 255.255.255.0
standby 3 ip address 192.168.2.1
standby 3 priority 110
bridge-group 3
!
interface BVI 4
ip address 192.168.3.2 255.255.255.0
standby 4 ip address 192.168.3.1
standby 4 priority 110
bridge-group 4
!
interface BVI 5
ip address 10.0.1.2 255.255.255.0 --> VLAN needed only here
standby 5 ip address 10.0.1.1
standby 5 priority 110
bridge-group 5
!
interface BVI 6
ip address 10.0.2.2 255.255.255.0 --> VLAN needed only here
standby 6 ip address 10.0.2.1
standby 6 priority 110
bridge-group 6
!
interface BVI 7
ip address 10.0.3.2 255.255.255.0 --> VLAN needed only here
standby 7 ip address 10.0.3.1
standby 7 priority 110
bridge-group 7
!
bridge 1 protocol ieee
bridge 2 protocol ieee
bridge 3 protocol ieee
bridge 4 protocol ieee
bridge 5 protocol ieee
bridge 6 protocol ieee
bridge 7 protocol ieee
bridge 1 route ip
bridge 2 route ip
bridge 3 route ip
bridge 4 route ip
bridge 5 route ip
bridge 6 route ip
bridge 7 route ip
01-17-2003 11:35 AM
Your configurations look good. Are you having any issues with this set up? Also the following page should help
01-17-2003 12:04 PM
No issues, just new to the L3 version of the 2948G and wanted to make sure the config would work properly. Looking to replace some Layer 3 Foundry crap with 2948G-L3 's :)
01-20-2003 12:57 AM
I've got some comments to your config:
1) Are you really using FastEthernet ports to connect users? Int Fa1 - Fa7 to connect VLAN2 users, e.g.?
If yes, why is bridge-group 2 spanning-disabled ? I wouldn't dare to disable spanning tree on user ports.
If not (I would say so regarding your notice "interface GigabitEthernet49 -----------> Physical connection to layer 2 User network") why don't you bind IP addresses directly to subinterfaces (router on the stick), i.e. :
interface GigabitEthernet49.2
encapsulation dot1Q 2
ip address 192.168.1.2 255.255.255.0
standby 2 ip address 192.168.1.1
standby 2 priority 110
without using BVIs combining GE subinterfaces and FE interfaces?
I've noticed a IOS bug in the past concerning BVIs on subinterfaces (but it was on 3640 if I remember correctly).
2) Don't forget native VLAN on 802.1q trunk. One of your subinterfaces should be in native VLAN:
interface GigabitEthernet49.2
encapsulation dot1Q 2 native
e.g.
Regards,
Milan
01-22-2003 06:21 PM
The reason that I did not put the layer 3 info on the Gig interface is incase this link fails or gets disconnected, this would cause the Gig-subintefaces to go down. If this link did go down, then the user network off of it would go off-line, but the key devices that I have directly attached to FastE ports (ie, firewalls, vpn devices) would still be operational and able to access the data they need, just the Internal users would be off-line. (In this particular setup, the users are not as important as the traffic comming in from VPN's, B2B, etc.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide