Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
3
Replies

Cisco 2921 Router VLAN Question

rolandolht
Level 1
Level 1

‎07-20-2022 07:08 AM

We have a firewall in front of the Cisco 2921. It has a LAN port and a VLAN 10 setup. The firewall LAN port connects to E0/1 on the Cisco. On Cisco E0/2 I have a switch with all my network devices. I was able to setup VLAN 10 on 0/2, as 0/2.10. How would I be able to pass VLAN10 from the firewall which would be the DHCP server for that VLAN network to the switch? Do I have to setup VLAN 10 on 0/1 as well?

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-20-2022 08:15 AM

Hello,

you have used a routed subinterface on eth0/2 connecting to the switch . You cannot have eth0/1 to use the same IP subnet as eth0/2.10 so if the firewall has an IP address on the same subnet of VLAN 10 on the switch you should move it to a L2 switchport on the switch in Vlan 10. Otherwise if the VLAN ID is 10 but the subnet is different you can connect via the router but on eth0/2 you will need an

ip helper-address <firewall-IP-address>

to make the router able to convert the non routable broadcast DHCP requests to unicast packets with destination = FW IP address

but as I have written before this is needed only if the FW is in a different IP subnet.

The router C2921 may have an etherswitch module installed or not post

show version

show inventory

 

Hope to help

Giuseppe

 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎07-20-2022 08:19 AM

I do not understand your situation well enough to give good advice at this point. It is not clear if vlan 10 exists on both the firewall and the switch (which is connected to the router). I think it could be problematic if vlan 10 did truly exist on both devices (and therefor in different layer 3 networks). Please provide clarification.

It could be easy to have the DHCP for vlan 10 on the firewall and to have the devices in vlan 10 connected to the switch. You would use ip helps-address to forward DHCP requests to the firewall.

HTH

Rick
0 Helpful

MHM Cisco World
VIP
VIP

‎07-20-2022 08:53 AM

I dont full understand BUT
if you config both E0/1 and E0/2 with same VLAN and you have etherSwitch module then the Router can bridge the traffic,
if you dont have then you need BD with BVI

https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/200650-Understanding-Bridge-Virtual-Interface.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card