cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1031
Views
10
Helpful
9
Replies

IR809G-LTE-GA-K9 - Need a switchpor

Niklas.D
Level 1
Level 1
 

Hi 

So we started to use the IR809, and we also have a switch connect to this setup

but sometimes we just need the router and a access port.

can i make Gigabitethernet 1 to act as a switchport and just assign 

it a vlan? 

 

interface GigabitEthernet0.2
description MANAGMENT
encapsulation dot1Q 2
ip address x.x.7.1 255.255.255.224
ip access-group MGMT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1000
!
interface GigabitEthernet0.8
description Clientnet
encapsulation dot1Q 8
ip address X.X.7.129 255.255.255.224
ip access-group CLIENT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190

 

interface GigabitEthernet1
no ip address
duplex auto
speed auto

So i just want Vlan 8 on Gi1. 

 

 

 

1 Accepted Solution

Accepted Solutions

Thank you for the clarification. Realizing that you want to connect some device (like a PC) to the router helps me recognize that we have been going down the wrong path. Your original post described it as wanting an access port. And the suggestions have responded to this. But describing it as an access port points us in the direction of connecting a switch. If what you want to do is to connect a PC then there is a very simple solution. You do not really want the router port to be an access port, but you want it to be a routed port. And the default behavior of a router interface is to be a routed port. So you do not want want (or need) the sub interface configuration. What you want to do is to configure the router interface with an IP address and mask. Then connect a PC to that interface (you may need a cross over cable). You could configure the PC with a an IP address, mask, and default gateway or it would not be difficult to configure the router with a DHCP pool to assign the address, mask, and gateway to the PC.

 

HTH

 

Rick

HTH

Rick

View solution in original post

9 Replies 9

Hello,

 

both GigabitEthernet interfaces are Layer 3 only. A workaround could be to use subinterfaces in a bridge group and then assign the IP address of VLAN 8 to the BVI. It would look like below. I don't have an IR809 to test this so I don't know for sure if this works:

 

bridge irb

!

bridge 8 

interface GigabitEthernet0.8
description Clientnet
encapsulation dot1Q 8

bridge-group 8

!

interface GigabitEthernet1.8

encapsulation dot1Q 8
bridge-group 8

!

interface BVI 8

ip address X.X.7.129 255.255.255.224

ip access-group CLIENT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190

!

bridge 8 protocol ieee

Hello Georg

 

So i just tested this, and i got the Interface online and can ping vlan 8  still that would be 10.128.7.129

 

but when i let the host connect in Interface 1 it not working 

or 0 (via a switch) 

 

interface GigabitEthernet0.8
description Clientnet
encapsulation dot1Q 8
ip access-group CLIENT in
bridge-group 8
end

IR800#sh run int gi1.8
Building configuration...

Current configuration : 125 bytes
!
interface GigabitEthernet1.8
description Clientnet
encapsulation dot1Q 8
ip access-group CLIENT in
bridge-group 8
end

IR800#sh run int bi
IR800#sh run int br
IR800#sh run int bvi 8
Building configuration...

Current configuration : 170 bytes
!
interface BVI8
ip address 10.128.7.129 255.255.255.224
ip access-group CLIENT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
end

 

 

Am i missing something? 

 

 

 

What address and mask were on the PC when you connected it? What is in access list CLIENT? Perhaps seeing the complete config would be helpful.

 

HTH

 

Rick

HTH

Rick

Building configuration...



Current configuration : 9937 bytes
!
! Last configuration change at 16:33:17 CET Thu Dec 6 2018 by vandadm2
!
version 15.7
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname IR800
!
boot-start-marker
boot system flash:/ir800-universalk9-mz.SPA.157-3.M2
boot-end-marker
!
!
logging buffered errors
no logging console
enable secret 
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group radius local
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time MET-DST recurring last Sun Mar 2:00 last Sun Oct 3:00

!
!
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
multilink bundle-name authenticated
!
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
crypto pki trustpoint TP-self-signed-422713650
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-422713650
revocation-check none
rsakeypair TP-self-signed-422713650
!
!
crypto pki certificate chain TP-self-signed-422713650
certificate self-signed 01

"bla bla bla"
quit
license udi pid IR809G-LTE-GA-K9 sn FCW2207003Q
!
!
object-group network local_cws_net
!
object-group network local_lan_subnets
any
!
object-group network vpn_remote_subnets
any
!
username admin privilege 15 secret 5
redundancy

!
!
!
!
!
controller Cellular 0
lte failovertimer 5
lte modem link-recovery disable
!
ip tcp path-mtu-discovery
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key blabla address blabla 
crypto isakmp keepalive 15
!
!
crypto ipsec transform-set AES128 esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map vadefaultmap 1 ipsec-isakmp
description Tunnel to MOHQ
set peer blabla
set security-association lifetime seconds 300
set transform-set AES128
match address IPSEC_ACL
!
bridge irb
!
!
!
!
interface Loopback0
description management
ip address 10.128.7.225 255.255.255.255
ip tcp adjust-mss 1190
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.2
description MANAGMENT
encapsulation dot1Q 2
ip address 10.128.7.1 255.255.255.224
ip access-group MGMT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1000
!
interface GigabitEthernet0.8
description Clientnet
encapsulation dot1Q 8
ip access-group CLIENT in
bridge-group 8
!
interface GigabitEthernet0.14
description Voipclientnet
encapsulation dot1Q 14
ip address 10.128.7.161 255.255.255.224
ip access-group VOIP in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
!
interface GigabitEthernet0.32
description Guest
encapsulation dot1Q 32
ip address 10.128.7.193 255.255.255.224
ip access-group GUEST in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
!
interface GigabitEthernet0.72
description Secnet
encapsulation dot1Q 72
ip address 10.128.7.97 255.255.255.224
ip access-group SECNET in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
!
interface GigabitEthernet0.92
description Processnet-av1
encapsulation dot1Q 92
ip address 10.128.7.33 255.255.255.224
ip access-group PROC-AV1 in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
!
interface GigabitEthernet0.96
description Processnet-dv1
encapsulation dot1Q 96
ip address 10.128.7.65 255.255.255.224
ip access-group PROC-DV1 in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
!
interface GigabitEthernet1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet1.8
description Clientnet
encapsulation dot1Q 8
ip access-group CLIENT in
bridge-group 8
!
interface GigabitEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0
ip address negotiated
ip virtual-reassembly in
encapsulation slip
ip tcp adjust-mss 1000
dialer in-band
dialer idle-timeout 0 either
dialer string lte
dialer string hspa-R7
dialer-group 1
ipv6 address autoconfig
async mode interactive
crypto map vadefaultmap
!
interface Cellular1
no ip address
encapsulation slip
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
interface BVI8
ip address 10.128.7.129 255.255.255.224
ip access-group CLIENT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
!
!
ip forward-protocol nd
!
no ip http server
ip http upload enable path flash:
ip http upload overwrite
ip http authentication aaa
ip http secure-server
!
ip ftp source-interface GigabitEthernet0.2
ip route 0.0.0.0 0.0.0.0 Cellular0
ip ssh source-interface GigabitEthernet0.2
ip ssh version 2
!
ip access-list extended CLIENT
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.129
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended GUEST
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.193
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended IPSEC_ACL
permit ip any any
ip access-list extended MGMT
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.1
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended PROC-AV1
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.33
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended PROC-DV1
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.65
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended SECNET
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.97
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended VOIP
permit icmp any any
permit ip 10.128.7.0 0.0.0.255 host 10.128.7.161
deny ip any 10.128.7.0 0.0.0.255
permit ip any any
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
ip radius source-interface GigabitEthernet0.2
logging trap notifications
logging source-interface GigabitEthernet0.2
logging host 10.0.52.106
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
!
snmp-server community 
snmp-server community
snmp-server trap-source GigabitEthernet0.2
snmp-server source-interface informs GigabitEthernet0.2
snmp-server enable traps wpan
!
!
!
!
control-plane
!
bridge 8 protocol ieee
!
!
vstack
!
line con 0
exec-timeout 5 0
logging synchronous
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 100000000
txspeed 50000000
line 8
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 100000000
txspeed 50000000
line 1/3 1/6
transport preferred none
transport output none
stopbits 1
line vty 0 4
access-class MGMT-ACCESS in
exec-timeout 5 0
logging synchronous
transport input ssh
line vty 5 15
access-class MGMT-ACCESS in
exec-timeout 5 0
logging synchronous
transport input ssh
!
no scheduler max-task-time
ntp server ntp.vaverket.local source GigabitEthernet0.2
no iox hdm-enable
iox client enable interface GigabitEthernet2
no iox recovery-enable
!
!
!
!
!
!
!
end

Thank you for posting the config. I believe that it will be helpful. Could you clarify for us what you are connecting to the router? Does it receive an IP address? If so what is the address, what is the mask, and what is the gateway that it gets?

 

I note that you have a vlan 8 sub interface on Gig0 and another vlan 8 sub interface on Gig 1. I assume that this was intentional? Using the vlan sub interfaces means that the router will expect to receive tagged frames. Where you have a switch connected to Gig 0 that would be appropriate. I wonder if it might be causing an issue on Gig 1? Will you be receiving tagged frames on Gig 1?

 

Your original post talks about sometimes you need an access port. I am not clear whether that indicates that you want to connect a switch to the router or whether you want to connect a single host device to the router. Can you clarify this?

 

HTH

 

Rick

HTH

Rick

Hi Rick

 

Sorry forgot to post that it was a PC, i gave it a IP, to start with (later DHCP will be a plus ofcs...)

IP was 10.128.7.130  mask 255.255.255.224 and Gateway 10.128.7.129

 

 

The Goal is to make port Giga1 to act like a access port. 

So the Modem/router will not need a switch. as the Switch is driving up the cost for Sites that will only have A Single host. 

 

 

 

Thank you for the clarification. Realizing that you want to connect some device (like a PC) to the router helps me recognize that we have been going down the wrong path. Your original post described it as wanting an access port. And the suggestions have responded to this. But describing it as an access port points us in the direction of connecting a switch. If what you want to do is to connect a PC then there is a very simple solution. You do not really want the router port to be an access port, but you want it to be a routed port. And the default behavior of a router interface is to be a routed port. So you do not want want (or need) the sub interface configuration. What you want to do is to configure the router interface with an IP address and mask. Then connect a PC to that interface (you may need a cross over cable). You could configure the PC with a an IP address, mask, and default gateway or it would not be difficult to configure the router with a DHCP pool to assign the address, mask, and gateway to the PC.

 

HTH

 

Rick

HTH

Rick

Morning Richard. 

 

I realized that it might have been confusing. 

 

But that is correct i want a single host, not a switch.

 

interface GigabitEthernet1
description Clientnet
ip address 10.128.7.129 255.255.255.224
ip access-group CLIENT in
ip helper-address 10.0.4.9
ip nbar protocol-discovery
ip tcp adjust-mss 1190
duplex auto
speed auto

 

i Passed this config in, and yes i can have this as a single host! 

 

Can this Port also be used for .1X ? 

 

 

 

Good morning. I am glad that my suggestion was helpful. After we got some clarification about what you really wanted to achieve the solution was fairly simple. That config looks appropriate and should work fine. Thank you for marking this question as solved. This will make it easier for other participants in the community to identify discussions which have helpful information. These communities are excellent places to ask questions and to learn about networking. I hope to see you continue to be active in the community.

 

I believe it should support .1X but do not have much experience with that model of router and so my answer is certainly not authoritative.

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card