ip vrf vrf10
 rd 10:10
!
ip vrf vrf20
 rd 20:20
!
ip vrf vrf30
 rd 30:30
!

bridge irb

!

interface FastEthernet4.1
 encapsulation dot1Q 1 native
 ip nat outside
 ip virtual-reassembly in
!

interface FastEthernet4.10
 encapsulation dot1Q 1
 ip vrf forwarding vrf10
 ip nat outside
 ip virtual-reassembly in
 bridge-group 10
 bridge-group 10 spanning-disabled
!
interface FastEthernet4.20
 encapsulation dot1Q 1
 ip vrf forwarding vrf20
 ip nat outside
 ip virtual-reassembly in
 bridge-group 20
 bridge-group 20 spanning-disabled
!
interface BVI10
 mac-address 0000.1111.2222
 ip vrf forwarding vrf10
 ip address 35.107.98.220 255.255.255.248
!
interface BVI20
 mac-address 3333.4444.5555
 ip vrf forwarding vrf20
 ip address 35.107.98.221 255.255.255.248
!
interface BVI30
 mac-address 6666.7777.8888
 ip vrf forwarding vrf30
 ip address 35.107.98.222 255.255.255.248

bridge 10 protocol ieee
bridge 10 route ip
bridge 20 protocol ieee
bridge 20 route ip
bridge 30 protocol ieee
bridge 30 route ip

!

When i try to change subinterface 10 20 or 30 to vlan 1 i get the following error

internet(config)#interface FastEthernet4.10
internet(config-subif)#encapsulation dot1Q 1

%Configuration of multiple subinterfaces of the same main
interface with the same VID (1) is not permitted.
This VID is already configured on FastEthernet4.1.

I currently testing the configuration on a Cisco 881 but if i succeed if will be moved to a 3925

Hello,

As the error clearly says, you cannot have same vlan assigned to different subinterfaces of same Main interface.

The reason is obvious. Main interfaces sees the vlan id of the receiving packet to judge on which subinterface it actually received the packet. 

If two subinterfaces use same vlan, it would be impossible for the router to know on which which subinterface it received the packet. 

Hope this answer's your query.

Regards,

Mohit

Makes sense.

But my question is not why this config is not working!

The question is more if there is any way to have sub-interfaces of the same physical interface into same VLAN. (E.g. via BVI interfaces to present diff. MAC addresses on each sub-interface there by bypass the vlan limitation)

Im trying to avoid having a "octipus" of a router with many physsical interfaces connecting to the same internet vlan/subnet   

I second Mohit on this. second thing, would like to understand your design. Why are you creating BVI interface and making sub-interface part of bridge-group. Cant we achieve same result with below config by configuring ip address directly on sub-interface. And since on each sub-interface you have configured encapsulation dot1q, so is this interface connected to a trunk interface and you are expecting vlan tagged packet. in that case, please put same vlan what you are expecting like "encap dpt1q 10", "encap dot1q 20" and "encap dot1q 30"

interface FastEthernet4.10
 encapsulation dot1Q 10
 ip vrf forwarding vrf10
 ip address 35.107.98.220 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
!
interface FastEthernet4.20
 encapsulation dot1Q 20
 ip vrf forwarding vrf20
 ip address 35.107.98.221 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
!

Regards,

Akash

Hi

the interfaces in only assigned diff. VLAN to show the error i get when I try to assign a subinterface to vlan that allready have e subinterface assigned to it.

BVI was simply to se if binding a subinterface to BVI solved the problem. (But it did not)

I have attached a picture of the current setup ant what im trying to do.

Please keep in mind that my internet vlan is only 1 lan/subnet.

I have a lot of old routers doing diff. VPNs and other LAN2LAN type connection.

Changing the IPs to one common IP will be a LOT of work reconfiguering remote endpoints. Some of them I do not control as they are under other companies control.

Hi, 

I have the router which is configured with multiple sub interfaces but I could see that all the sub interface are genrating the same mac address, which is leading to a duplicate address logs in on the router. 

Do you know how it can be fixed? 

RTR01#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.51 - f8c2.88b9.f8c0 ARPA GigabitEthernet0/0.10
Internet 10.1.1.129 - f8c2.88b9.f8c0 ARPA GigabitEthernet0/0.51
Internet 10.1.1.193 - f8c2.88b9.f8c0 ARPA GigabitEthernet0/0.52

ERROR -

UTC: %IP-4-DUPADDR: Duplicate address 10.1.1.129 on GigabitEthernet0/0.51, sourced by 1cdf.0f6a.0c4c

Interface details- 

GigabitEthernet0/0 10.20.1.1 YES NVRAM up up
GigabitEthernet0/0.10 10.1.51 YES NVRAM up up
GigabitEthernet0/0.51 10.1.129 YES NVRAM up up
GigabitEthernet0/0.52 10.1.1.193 YES NVRAM up up

Below it connects to a switch port. 

logs on swithc -

UTC: %IP-4-DUPADDR: Duplicate address 10.1.1129 on Vlan51, sourced by f8c2.88b9.f8c0

Hello,

I don't think you can change that on the interface, your only choice would be to add a static ARP entry:

Router(config)#arp 192.168.1.1 52c5.0f1e.0200 arpa
Router(config)#arp 192.168.2.1 52c5.0f1e.0202 arpa

Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 52c5.0f1e.0200 ARPA
Internet 192.168.2.1 - 52c5.0f1e.0202 ARPA

Thanks, Georg !! This was helpful.