Solved: Multiple VLANS - one switchport

petrutz_21 · ‎03-19-2012

Hi,,

I have a CISCO 2801 router with one HWIC-4ESW module. I've created 4 vlans. How can i assign those 4 vlans to just one interface from the

HWIC-4ESW module? For example i want to use just interface FastEthernet0/3/0.

interface FastEthernet0/3/0

!

interface FastEthernet0/3/1

!

interface FastEthernet0/3/2

!

interface FastEthernet0/3/3

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 192.168.1.1 255.255.255.192

ip nat inside

!

interface Vlan20

ip address 192.168.1.65 255.255.255.192

ip nat inside

rate-limit output access-group 101 8000000 3000000 7000000 conform-action transmit exceed-action drop

rate-limit output access-group 102 8000000 3000000 7000000 conform-action transmit exceed-action drop

!

interface Vlan30

ip address 192.168.1.129 255.255.255.192

ip nat inside

rate-limit output access-group 101 8000000 3000000 7000000 conform-action transmit exceed-action drop

rate-limit output access-group 102 8000000 3000000 7000000 conform-action transmit exceed-action drop

!

interface Vlan40

ip address 192.168.1.193 255.255.255.192

ip nat inside

thanks,

CHARLES BRONSON · ‎03-20-2012

Toma,

Set your router config back to the configuration you first listed, then make FastEthernet0/3/0 a trunk port using the commands that Dan-Ciprian gave you. This will make that interface a trunk port which will carry traffic tagged for any allowed VLAN. By default, a trunk port will pass traffic for any VLAN configured on the device. Then connect the FastEthernet0/3/0 port to a port on your D-Link switch. A quick google search showed that your model switch supports 802.1Q (VLANs). You will need to look at D-Links' configuration manual for the next steps. On your D-Link, configure the port that connects to your Cisco 2801 to be a trunk port, then configure the other ports on the switch as Access ports and assign them to the individual VLAN you want the connected PC to use.

A trunk port carries traffic for all allowed VLANs. An access port carries traffic for only one VLAN and you need to configure the port for the one VLAN you want it to configure. I hope this makes sense.

View solution in original post

Dan-Ciprian Cicioiu · ‎03-19-2012

Hi Toma,

4ESW is basically a switch integrated in the 2801 - that's why you are able to configure interface vlan (SVI).

You are able to configure as a trunks any interface of the HWIC.

interface FastEthernet0/3/0

switchport mode trunk

Regards

Dan

petrutz_21 · ‎03-20-2012

HI,

I have configured interface FastEthernet0/3/0 in trunk mode but the pc can get any ip from dhcp server.

Here is the conf :

..................................................................

!

ip dhcp pool IT_1

network 192.168.1.0 255.255.255.192

domain-name xxx.com

default-router 192.168.1.1

dns-server 193.226.128.1 193.226.128.129

lease 20

!

ip dhcp pool HQ_1

network 192.168.1.64 255.255.255.192

domain-name xxx.com

default-router 192.168.1.65

dns-server 193.226.128.1 193.226.128.129

lease 20

!

ip dhcp pool HQ_2

network 192.168.1.128 255.255.255.192

domain-name xxx.com

default-router 192.168.1.129

dns-server 193.226.128.1 193.226.128.129

lease 20

!

ip dhcp pool IT_2

network 192.168.1.192 255.255.255.192

domain-name xxx.com

default-router 192.168.1.193

dns-server 193.226.128.1 193.226.128.129

lease 20

!

...........................................

!

interface FastEthernet0/3/0

switchport mode trunk

!

interface FastEthernet0/3/1

!

interface FastEthernet0/3/2

!

interface FastEthernet0/3/3

!

interface Vlan1

no ip address

!

interface Vlan10

description IT_1

ip address 192.168.1.1 255.255.255.192

ip nat inside

!

interface Vlan20

description HQ_1

ip address 192.168.1.65 255.255.255.192

ip nat inside

rate-limit output access-group 101 8000000 3000000 7000000 conform-action transmit exceed-action drop

rate-limit output access-group 102 8000000 3000000 7000000 conform-action transmit exceed-action drop

!

interface Vlan30

description HQ_2

ip address 192.168.1.129 255.255.255.192

ip nat inside

rate-limit output access-group 101 8000000 3000000 7000000 conform-action transmit exceed-action drop

rate-limit output access-group 102 8000000 3000000 7000000 conform-action transmit exceed-action drop

!

interface Vlan40

description IT_2

ip address 192.168.1.193 255.255.255.192

ip nat inside

Richard Burts · ‎03-19-2012

Toma

If you want to assign multiple VLANs to a single switch port then you would configure that interface as a trunk. The configuration might look something like this

interface FastEthernet0/3/0

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,30,40

switchport mode trunk

HTH

Rick

HTH

Rick

petrutz_21 · ‎03-20-2012

Hi,

When i try to insert :

switchport trunk allowed vlan 10,20,30,40

the command is rejected: "Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2, 1002 -1005."

petrutz_21 · ‎03-20-2012

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/3/1, Fa0/3/2, Fa0/3/3

10 IT_1 active

20 HQ_1 active

30 HQ_2 active

40 IT_2 active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 1002 1003

10 enet 100010 1500 - - - - - 0 0

20 enet 100020 1500 - - - - - 0 0

30 enet 100030 1500 - - - - - 0 0

40 enet 100040 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 1 1003

1003 tr 101003 1500 1005 0 - - srb 1 1002

1004 fdnet 101004 1500 - - 1 ibm - 0 0

1005 trnet 101005 1500 - - 1 ibm - 0 0

r.malviya · ‎03-20-2012

Hi ,

By default, all VLANs are allowed to transit a trunk link. They are considered to be in the 'allowed list' for that trunk.

sh int fa0/3/0 trunk | begin allowed

issue this command & tell what its showing .

its something like this

sh int fa0/3/0 trunk | begin allowed

Trunking VLANs Enabled: 10,20,30,40,1002-1005

Regards
Ritesh Malviya

petrutz_21 · ‎03-20-2012

Hi,

router#sh interfaces fastEthernet 0/3/0 trunk | begin allowed

Port Vlans allowed on trunk

Fa0/3/0 1-1005

Port Vlans allowed and active in management domain

Fa0/3/0 1,10,20,30,40

Port Vlans in spanning tree forwarding state and not pruned

Fa0/3/0 1,10,20,30,40

Regards,

Dan-Ciprian Cicioiu · ‎03-20-2012

Toma ,

Where are the users connected ? Is there any switch in your setup ?

Regards

Dan

petrutz_21 · ‎03-20-2012

It's a non cisco switch. I want to connect the switch on the router in feth0/3/0 and the users are connected in the switch.

Thanks

Dan-Ciprian Cicioiu · ‎03-20-2012

Does your non-cisco switch support vlans and trunking ?

You need to configure on this switch, on the port connected to the router, trunking ( vlan tagging )

Also you have to have the vlans configured on this switch. Furthermore you will need to configure each switch port, as an access port ( no tag )

Regards

Dan

petrutz_21 · ‎03-20-2012

If i configure each port from HWIC-4ESW module :

feth0/3/0 VLAN 10

feth0/3/1 VLAN 20

feth0/3/2 VLAN 30

feth0/3/3 VLAN 40

in access mode

and connect them in the switch it's a problem ?

I have done this but I think it's not a good way because it's making a loop in the network and the router gives some messages:

*Mar 20 09:50:21.311: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discover

ed on FastEthernet0/3/1 (20), with router FastEthernet0/3/0 (10).

*Mar 20 09:50:32.999: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discover

ed on FastEthernet0/3/0 (10), with router FastEthernet0/3/1 (20).

Also, in this switch is connected other 3 switches, each one on 3 floors in the building where are diffrent departments.

The idea is that i want to limit bandwith just for VLAN 20 and 30 ( usual clients) and VLAN 10 and 40 without bandwith limiting for IT and othe clients that uses static ip's from VLAN 10 and 40 and I think of this like a solution to do it.

Dan-Ciprian Cicioiu · ‎03-20-2012

Petrut,

You can use this setup with access ports, but the router ports connected the switche should be configured as access (not tagged) for the required VLAN.

If I understood well you have already in place vlans on your switches. Correct me ? Or did you uses different IP addresses on the same broadcast domain, and your switch does not support vlans ?

Regards

Dan

petrutz_21 · ‎03-20-2012

I know that the switch directly connected to the router is a

D-link DES-1228 Web Smart 24-Port 10/100 + (4) 1000BASE-T Ports + 2 Combo Ports Switch

Dan-Ciprian Cicioiu · ‎03-20-2012

Sadly this is a Cisco Support Forum

Have a look at :

http://forums.dlink.com/index.php?action=printpage;topic=7412.0

Having a quick look you will have to :

config vlan vlan10 add tagged 1

config vlan vlan20 add tagged 1

config vlan vlan30 add tagged 1

If the router is connected to the Switch port 1.

I will not discuss furthermore D-Link configuration issues.

Regards

Dan