Solved: Re: Etherswitch module for 2801

paulpagecisco · ‎04-16-2008

I have a new 2801 with an 9 port etherswitch module installed. My previoius router (2500) had all ethernet ports set to

!

hub ether 0 1 through 0 8

link-test

auto-polarity

!

My config is below. Essentially I want these 9 ports to access the internet and I am not sure if I have them configured the correct way. Any info is greatly appreciated.

!This is the running config of the router: 192.0.2.254

!----------------------------------------------------------------------------

!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime

service timestamps log datetime

service password-encryption

service udp-small-servers

service tcp-small-servers

service sequence-numbers

!

hostname option_care_clksbrg

!

boot-start-marker

boot system flash:c2801-entbasek9-mz.124-16b.bin

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret xxx

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

no ip source-route

ip cef

!

no ip bootp server

ip domain name comprecare.local

ip host main 172.16.254.1

ip name-server 69.43.55.2

ip name-server 192.0.0.4

ipx routing 00e0.b055.c109

!

username BANI-WV privilege 15 secret xxx

!

ip tcp synwait-time 10

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$

ip address 192.0.2.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

ipx network 20

no mop enabled

bridge-group 1

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1/0

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface FastEthernet0/1/4

!

interface FastEthernet0/1/5

!

interface FastEthernet0/1/6

!

interface FastEthernet0/1/7

!

interface FastEthernet0/1/8

!

interface Serial0/2/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation frame-relay

ip route-cache flow

frame-relay lmi-type ansi

!

interface Serial0/2/0.1 point-to-point

ip address 172.16.2.1 255.255.255.0

ipx network 1620

no cdp enable

frame-relay interface-dlci 100 CISCO

bridge-group 1

!

interface Vlan1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

!

router eigrp 2

passive-interface FastEthernet0/0

passive-interface FastEthernet0/1

passive-interface Serial0/2/0

passive-interface Serial0/2/0.1

passive-interface Vlan1

network 172.16.0.0

network 192.0.2.0

auto-summary

!

no ip classless

ip route 0.0.0.0 0.0.0.0 172.16.2.2

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

logging trap debugging

snmp-server community public RO

no cdp run

!

control-plane

!

bridge 1 protocol dec

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

scheduler allocate 20000 1000

end

Edison Ortiz · ‎04-16-2008

Based on the following documentation:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016bf0b_ps5855_Products_Data_Sheet.html

The EtherSwitch is essentially a Layer2 switch so you can't configure an IP address directly on the switchport.

You need to create Vlans in the switch with vlan management and then assign port membership on the switchports to their appropiate Vlan.

Vlan 1 is already created for you (by default) and those ports are automatically assigned to Vlan 1. You can enter the IP address under Vlan 1.

You can use any IP subnet other than

192.0.2.0/24

172.16.2.0/24

As they are already assigned to other networks.

Remember to include the new subnet in EIGRP and in the router doing the NAT towards the internet.

HTH,

__

Edison.

View solution in original post

Richard Burts · ‎04-16-2008

Paul

I have a couple of comments about this config:

- bridge 1 protocol dec is a very old protocol. I am guessing that this is carried over directly from your old 2500 config. On that old code it was an all right choice. On the new code on your 2801 I would suggest that you change the protocol to ieee.

- you are configuring EIGRP (as has been discussed in other threads). But you are making all the interfaces passive. I believe that you need at least the Serial0/2/0.1 (and possibly the Serial0/2/0) to be active. If you do not run EIGRP on the link to MAIN then what is the point of running EIGRP?

- you have bridging on Fast0/0 and I assume that this is carried over from the 2500 and is intended to get traffic from the switched (bridged) interfaces on the switch to the physical interface. But things work considerably differently on the new hardware and the new code. Here IP is a routed protocol and bridging on the Fast0/0 interface would carry non-routed traffic but will not carry IP. I have not configured a router quite like this but I believe that you need to configure IRB to get it to work. In Integrated Routing and Bridging you would bridge switched and physical interfaces to a BVI.

[edit] seeing the post from Edison makes me think that the whole bridging thing was probably carried over from the old 2500 config and not really necessary. His suggestion to just make the VLAN for the switch into a routed subnet is probably good. And in fact you might want to consider moving the 192.0.2 address from the FastEthernet interface to the VLAN interface (assuming that the switch ports are where the PCs will really be connected - am I correct in assuming that this is where the PCs are and not on Fast0/0?).

HTH

Rick

HTH

Rick

View solution in original post

exonetinf1nity · ‎04-16-2008

If you going to use the Serial link for internet access i would assign it a public ip address which you have done correctly.

The switchports then need to be assigned to a single vlan.

Example:

interface vlan 10

ip address 192.168.10.1 255.255.255.0

no shut

!

interface FastEthernet0/1/0

switchport access vlan 10

!

interface FastEthernet0/1/1

switchport access vlan 10

!

interface FastEthernet0/1/2

switchport access vlan 10

!

interface FastEthernet0/1/3

switchport access vlan 10

!

interface FastEthernet0/1/4

switchport access vlan 10

!

interface FastEthernet0/1/5

switchport access vlan 10

!

interface FastEthernet0/1/6

switchport access vlan 10

!

interface FastEthernet0/1/7

switchport access vlan 10

!

interface FastEthernet0/1/8

switchport access vlan 10

!

ip route 0.0.0.0 0.0.0.0 172.16.2.1

As long as you remember which ports are routed ports and which are switch ports you shouldn't have a problem.

The other scenario ive had with this type of configuration is where by one of the Fast Ethernet Interfaces say F0/0 is assigned a public ip address, and the second is part of a bridge group along with the switch port vlan.

From memory it looked something like this

Example:

!

bridge irb

!

interface vlan 10

no ip address

bridge group 10

bridge-group 10 spanning-disabled

no shut

!

interface FastEthernet 0/1

no ip address

!

interface FastEthernet 0/1.10

bridge group 10

encapsulation dot1Q 10 native

!

interface FastEthernet0/1/0

switchport access vlan 10

!

interface FastEthernet0/1/1

switchport access vlan 10

!

interface FastEthernet0/1/2

switchport access vlan 10

!

interface FastEthernet0/1/3

switchport access vlan 10

!

interface FastEthernet0/1/4

switchport access vlan 10

!

interface FastEthernet0/1/5

switchport access vlan 10

!

interface FastEthernet0/1/6

switchport access vlan 10

!

interface FastEthernet0/1/7

switchport access vlan 10

!

interface FastEthernet0/1/8

switchport access vlan 10

!

interface BVI10

ip address 192.168.1.1 255.255.255.0

!

bridge 10 protocol ieee

bridge 10 route ip

Hope this helps

Regards

View solution in original post

Edison Ortiz · ‎04-16-2008

Based on the following documentation:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016bf0b_ps5855_Products_Data_Sheet.html

The EtherSwitch is essentially a Layer2 switch so you can't configure an IP address directly on the switchport.

You need to create Vlans in the switch with vlan management and then assign port membership on the switchports to their appropiate Vlan.

Vlan 1 is already created for you (by default) and those ports are automatically assigned to Vlan 1. You can enter the IP address under Vlan 1.

You can use any IP subnet other than

192.0.2.0/24

172.16.2.0/24

As they are already assigned to other networks.

Remember to include the new subnet in EIGRP and in the router doing the NAT towards the internet.

HTH,

__

Edison.

Richard Burts · ‎04-16-2008

Paul

I have a couple of comments about this config:

- bridge 1 protocol dec is a very old protocol. I am guessing that this is carried over directly from your old 2500 config. On that old code it was an all right choice. On the new code on your 2801 I would suggest that you change the protocol to ieee.

- you are configuring EIGRP (as has been discussed in other threads). But you are making all the interfaces passive. I believe that you need at least the Serial0/2/0.1 (and possibly the Serial0/2/0) to be active. If you do not run EIGRP on the link to MAIN then what is the point of running EIGRP?

- you have bridging on Fast0/0 and I assume that this is carried over from the 2500 and is intended to get traffic from the switched (bridged) interfaces on the switch to the physical interface. But things work considerably differently on the new hardware and the new code. Here IP is a routed protocol and bridging on the Fast0/0 interface would carry non-routed traffic but will not carry IP. I have not configured a router quite like this but I believe that you need to configure IRB to get it to work. In Integrated Routing and Bridging you would bridge switched and physical interfaces to a BVI.

[edit] seeing the post from Edison makes me think that the whole bridging thing was probably carried over from the old 2500 config and not really necessary. His suggestion to just make the VLAN for the switch into a routed subnet is probably good. And in fact you might want to consider moving the 192.0.2 address from the FastEthernet interface to the VLAN interface (assuming that the switch ports are where the PCs will really be connected - am I correct in assuming that this is where the PCs are and not on Fast0/0?).

HTH

Rick

HTH

Rick

paulpagecisco · ‎04-16-2008

yes, most settigns are carried over from old 2500. Unfortunately all the other sites (PPP) are still using 2500, with IPX routing, igrp, and bridged serial to fe's, with the fe ports in hub mode.

Do you think I can just remove bridge-group 1 and IP/SM from fe 0/0 and assign the vlan1 to bridge-group 1 with the correspondig IP and SM?

Yes, you are correct, the switch ports are where the pc's are connected. Thanks for all your help, I am going to telnet to router and try once I hear back from you.

paulpagecisco · ‎04-17-2008

yes, this is how i have it now, but it still wont work. I attached config

Richard Burts · ‎04-18-2008

Paul

I am not clear in what way it is not working (does the router have connectivity to upstream or not, is IP working or not, is IPX working or not, or what). I have looked at the config you posted and I have these observations, questions, and suggestions:

- I thought that other versions of the config showed Frame Relay IETF and now it shows cisco. Am I remembering it right? Can you tell us what is configured on MAIN for this connection?

- I started to ask if you had upstream connectivity and to suggest that you check for CDP neighbors. But I see that you have configured no cdp run. I believe that CDP is helpful. Is there a particular reason not to run it? Otherwise I would suggest that you configure cdp run.

- under router EIGRP you have specified passive-interface for Serial0/2/0.1. This will prevent EIGRP from forming neighbor relationship or exchanging routing information over this interface. I strongly suggest that you remove this passive interface. It may be good to have passive interface on the other interfaces but not this one.

- you have configured no ip classless. Is there a particular reason that this is configured. I believe that it is ill advised. Especially since you have no EIGRP routes at this point it will prevent your reaching any device in the enterprise network in network 172.16.0.0. I suggest configuring ip classless.

- I continue to wonder about the configuration of bridging. I wonder if it is there because the 2500 used it for something? In the version of code running on this router IP will not be bridged and IPX will not be bridged. Is there some other protocol on the network that needs bridging?

Make the changes that I suggest and let us know if they help.

[edit] I just saw one of the other threads and it looks like MAIN uses ansi not IETF. The basic question is whether this router and MAIN can communicate with each other on the Frame Relay link.

HTH

Rick

HTH

Rick

paulpagecisco · ‎04-18-2008

Rick, how do I remove passive-interface from serial 0/2/0 and 0/2/0.1.

Is it router(config-if)no passive and router(config sub-if)no passive?

I am still able to ping all the other routers on the network, when I added eigrp 2 to the MAIN router they all started communicating.

My main concern at this point is that my pc's arent seeing the internet. When I ping from one of the pc's to the vlan1 ip address I get no reply so I figure that is where I am having the issue. If you look at my config, shouldn't each of the fast ethernet ports 0/1/0-0/1/8 indicate vlan1 under them?

Richard Burts · ‎04-18-2008

Paul

Remove the passive interfaces like this:

router eigrp 2

no passive-interface Serial0/2/0

no passive-interface Serial0/2/0.1

vlan 1 is the default and for that reason it would not show up in the config. If you want to verify that try configuring a couple of interfaces to be in vlan 2, then check the running config and that should be visible, then put them back into vlan 1, and they do not show up.

I am not sure why the PCs can not ping the VLAN interface. I wonder if the bridge-group is impacting something. Try removing the bridge-group from the VLAN interface and see if the behavior changes.

It might be helpful if you would post the output of show arp on the router. This would show whether the router and the PCs are communicating at all.

HTH

Rick

HTH

Rick

Richard Burts · ‎04-18-2008

Paul

Another thing that you can do to check on the VLAN in the router is to use the command show vlan-switch. Perhaps you could post the output of that command?

HTH

Rick

HTH

Rick

exonetinf1nity · ‎04-16-2008

If you going to use the Serial link for internet access i would assign it a public ip address which you have done correctly.

The switchports then need to be assigned to a single vlan.

Example:

interface vlan 10

ip address 192.168.10.1 255.255.255.0

no shut

!

interface FastEthernet0/1/0

switchport access vlan 10

!

interface FastEthernet0/1/1

switchport access vlan 10

!

interface FastEthernet0/1/2

switchport access vlan 10

!

interface FastEthernet0/1/3

switchport access vlan 10

!

interface FastEthernet0/1/4

switchport access vlan 10

!

interface FastEthernet0/1/5

switchport access vlan 10

!

interface FastEthernet0/1/6

switchport access vlan 10

!

interface FastEthernet0/1/7

switchport access vlan 10

!

interface FastEthernet0/1/8

switchport access vlan 10

!

ip route 0.0.0.0 0.0.0.0 172.16.2.1

As long as you remember which ports are routed ports and which are switch ports you shouldn't have a problem.

The other scenario ive had with this type of configuration is where by one of the Fast Ethernet Interfaces say F0/0 is assigned a public ip address, and the second is part of a bridge group along with the switch port vlan.

From memory it looked something like this

Example:

!

bridge irb

!

interface vlan 10

no ip address

bridge group 10

bridge-group 10 spanning-disabled

no shut

!

interface FastEthernet 0/1

no ip address

!

interface FastEthernet 0/1.10

bridge group 10

encapsulation dot1Q 10 native

!

interface FastEthernet0/1/0

switchport access vlan 10

!

interface FastEthernet0/1/1

switchport access vlan 10

!

interface FastEthernet0/1/2

switchport access vlan 10

!

interface FastEthernet0/1/3

switchport access vlan 10

!

interface FastEthernet0/1/4

switchport access vlan 10

!

interface FastEthernet0/1/5

switchport access vlan 10

!

interface FastEthernet0/1/6

switchport access vlan 10

!

interface FastEthernet0/1/7

switchport access vlan 10

!

interface FastEthernet0/1/8

switchport access vlan 10

!

interface BVI10

ip address 192.168.1.1 255.255.255.0

!

bridge 10 protocol ieee

bridge 10 route ip

Hope this helps

Regards