Thanks for the quick response. 

So can i do not need to change anything on the switch facing port of 880 router (as below)?

interface FastEthernet1
description local office switch 
switchport mode trunk
no ip address

Any new vlans created on the 880 router (eg. vlan 52-192.168.10.1/24) should be able to pass through fa1 port towards the layer 2 switch? Also, because users are already using this router .... we creating these additional vlans and it going via the trunk , will it cause any disruptions to traffic?

do we need it have a local console to do this or is it safe to do it over remote ssh?

Trunk will allow all the VLAN, if you like to add more later, it give ability add directly.

Make sure your router has sub interface for that VLAN to support dot1q.

Since you are going to change the Link where you connected, suggest to ask local help or if not possible, do reload command 5min, in case go wrong, it will reload and come back known good config. (in case)

Hello @suthomas1 ,

if you now are using Vlan 1 both on the Cisco 800 router and on the downstream switch you shoud  have no issues.

Remember that you need to move to trunk mode on both sides router and switch but this can be done safely,

Remember also that for each new VLAN you create on C 800 you need to create the same L2 VLAN number  on the switch.

Access ports for these new VLANs on the switch  will need

switchport access vlan X

If you have a VLan mismatch on current link between C880 and switch you need more care and may be someone on place to move the management address of the switch to Vlan 1.

Hope to help

Giuseppe

Sorry, lost track of this.

Reading it again, there should not be an issue with adding more layer 3 vlans on the cisco 880?

Currently there is only one layer3 vlan1, planning to add another 4 with different ip ranges & then also creating the same 4 vlans on the switch...that should not be a problem i think. Appreciate all inputs.

Cisco 880 Series Integrated Services Routers:  "Eight 802.1Q VLANs"

Thanks for the responses.

So two additional layer 3 vlans were configured on the 880 series router, it all works fine with layer 2 on the switch.

However, it had vlan1 with an ip address that was used for remotely connecting to the router.

While trying to delete this vlan1 from router, it gave an error on the lines of "default vlan can not be removed".

ideally i want to remove vlan1 and use one of the other new vlans to remote access this router.

How can i safely remove this vlan1 from router, without causing any disruption to either remotely accessing the router or any impact to users?

!!current config on router!!

interface FastEthernet2
description layer2 switch
switchport mode trunk
no ip address

interface Vlan1
ip address 10.41.1.1 255.255.255.0

sh int fa2 trunk

Port Mode Encapsulation Status Native vlan
Fa2 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa2 1-4094

Port Vlans allowed and active in management domain
Fa2 1,24,58,81

Port Vlans in spanning tree forwarding state and not pruned
Fa2 1,24,58,81

!!current config on switch!!

interface GigabitEthernet0/48
description 880 router
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100

interface Vlan1
ip address 10.41.1.2 255.255.255.0

sh int gi0/48 trunk

Port Mode Encapsulation Status Native vlan
Gi0/48 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/48 1-4094

Port Vlans allowed and active in management domain
Gi0/48 1,24,58,81

Port Vlans in spanning tree forwarding state and not pruned
Gi0/48 1,24,58,81

---

@suthomas1 wrote:

While trying to delete this vlan1 from router, it gave an error on the lines of "default vlan can not be removed".

---

VLAN 1 can never be removed.  

Can it be stripped of ip address on vlan1 interface & shut down safely?

Yes.  It is very common practice.