Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
10
Helpful
6
Replies

Trunking through L3 port to VLAN1 NIM Switchports on Cisco 4321 ISR

DouglasBlack71617
Level 1
Level 1

‎02-22-2021 01:07 PM

After some advice here...

 

I'm trying to route a wireless controller on the the routers L3 port GI0/0/0 to talk to VLAN1 on a newly installed NIM.

 

Current setup is the L3 port on the router (gi0/0/0) hooked up to a switch & poe injectors, on which the wireless controller lives. Running fibre to the switch, ethernet to attached devices, then the wireless controller (Aruba) is fibred to the switch as well with the router doing all the DHCP allocation etc. All works perfectly.

 

My aim is to have the 8 port POE NIM replace the switch for ethernet connections, then fibre the wireless controller to the router on gi0/0/0 however I can't seem to trunk gi0/0/0 to talk to the switchports on the NIM. GI0/0/0 on the router is an L3 port, so I can't drop in any Switchport access commands to simply add it to VLAN1.

 

Can anyone give any pointers on trunking GI0/0/0 on the router through to VLAN1 in my config, the controller attached to GI/0/0/0 has a static IP on the same range as the VLAN1, but for the life of me I can't get them running together. 

 

 

Current configuration : 5902 bytes
!
! Last configuration change at 20:14:09 UTC Mon Feb 22 2021
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 100000
!
hostname SkyNET_RTR
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.16.09.05.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable password xxxxxxxxxxx
!
no aaa new-model
!
!
!
!
!
!
!
ip name-server 90.207.238.97 90.207.238.99 8.8.8.8 8.8.4.4
ip domain name SkyNET
ip dhcp excluded-address 10.2.0.1 10.2.0.20
ip dhcp excluded-address 192.168.0.1 192.168.0.20
ip dhcp excluded-address 192.168.0.100
!
ip dhcp pool DHCP_GI0/0/0_FBR
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 90.207.238.97 90.207.238.99 8.8.8.8 8.8.4.4
domain-name SkyNET
lease 7
!
ip dhcp pool DHCP_GI0/0/1_CPR
network 10.2.0.0 255.255.255.0
default-router 10.2.0.1
dns-server 90.207.238.97 90.207.238.99 8.8.8.8 8.8.4.4
domain-name SkyNET
lease 7
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
!
!
!
!
!
!
license udi pid ISR4321/K9 sn 
license accept end user agreement
license boot level appxk9
license boot level uck9
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id

et-analytics
!
!
!
!
!
object-group service external_router_svc
udp source eq bootpc
udp source eq bootps
!
!
!
!
redundancy
mode none
!
!
!
!
controller VDSL 0/2/0
!
!
vlan internal allocation policy ascending
!
!
!
class-map type inspect match-all internal_external
description Internal to External
match access-group name internal_external_acl
class-map type inspect match-all external_internal
description external to internal
match access-group name external_internal_acl
class-map type inspect match-all router_external
description router to world
match access-group name router_external_acl
class-map type inspect match-all external_router
description world to router
match access-group name external_router_acl
!
policy-map type inspect EXTERNAL-SELF-POLICY
class type inspect external_router
pass
class class-default
drop log
policy-map type inspect INTERNAL-EXTERNAL-POLICY
class type inspect internal_external
inspect
class class-default
drop log
policy-map type inspect SELF-EXTERNAL-POLICY
class type inspect router_external
inspect
class class-default
drop log
policy-map type inspect EXTERNAL-INTERNAL-POLICY
class type inspect external_internal
drop
class class-default
drop log
!
zone security internal
description Intranet
zone security external
description extranet
zone-pair security EXTERNAL-INTERNAL source external destination internal
service-policy type inspect EXTERNAL-INTERNAL-POLICY
zone-pair security EXTERNAL-SELF source external destination self
service-policy type inspect EXTERNAL-SELF-POLICY
zone-pair security INTERNAL-EXTERNAL source internal destination external
service-policy type inspect INTERNAL-EXTERNAL-POLICY
zone-pair security SELF-EXTERNAL source self destination external
service-policy type inspect SELF-EXTERNAL-POLICY
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description SkyNET-RTR to SkyNET-FBR
no ip address
ip nat inside
zone-member security internal
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/0/1
description SkyNET-RTR to SkyNET-CPR
ip address 10.2.0.1 255.255.255.0
ip nat inside
zone-member security internal
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface ATM0/2/0
no ip address
shutdown
atm oversubscribe factor 2
no atm enable-ilmi-trap
!
interface Ethernet0/2/0
description Sky VDSL WAN Physical Interface
mac-address xxxx.xxxx.xxxx
no ip address
no ip unreachables
zone-member security external
no negotiation auto
!
interface Ethernet0/2/0.101
description Sky VDSL WAN Virtual Interface
encapsulation dot1Q 101
ip dhcp client client-id hex xxx
ip dhcp client hostname xxx
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
zone-member security external
ip virtual-reassembly
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
zone-member security internal
ip virtual-reassembly
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip nat inside source list 1 interface Ethernet0/2/0.101 overload
ip route 0.0.0.0 0.0.0.0 Ethernet0/2/0.101 dhcp
!
!
!
ip access-list extended external_internal_acl
permit ip any any
ip access-list extended external_router_acl
permit object-group external_router_svc any any
ip access-list extended internal_external_acl
permit ip any any
ip access-list extended router_external_acl
permit ip any any
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.2.0.0 0.0.0.255
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
length 0
transport input none
!
!
!
!
!
!
end

 

 

 

 

 

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎02-22-2021 01:15 PM

you need to configured switchport :

 

look at the below example guide :

 

https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/4_8PortGENIM.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎02-22-2021 01:18 PM

I have not done this and so do not speak from experience. But it seems to me that you might want to configure Gi0/0/0 with vlan subinterfaces so that the router would recognize the vlans that you are using.

HTH

Rick
0 Helpful

DouglasBlack71617
Level 1
Level 1
In response to Richard Burts

‎02-22-2021 02:21 PM

I was on that chain of thought, but still no dice... just whiped out my old 1921 to test it out without everything else.

 

Same principle on-board L3 GI0/0, 8 port HWIC on VLAN 1

 

DHCP pool set up, HWIC ports in VLAN 1 and DHCP assigns address' fine. Able to ping the router from the client, all good. 

 

GI0/0 added a sub interface on gi0/0  but still even with a static set on the client, I can't hit the VLAN1 clients, nor do I get any DHCP assigned address on gi0/0 (Not that DHCP assignment is a bigby here as the device on it will be assigned static addressing (DHCP would be a bonus though!)

 

No other config on this router bar this, which should follow the same principle as the situation win my 4321. But yes, as soon as I can get the gi/0/0 talking to the switched ports then I reckon Im good...

 

ip dhcp pool Lab1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
domain-name SkyNET
lease 7
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ200261EA
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
no ip address
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0

 

0 Helpful

paul driver
VIP
VIP
In response to DouglasBlack71617

‎02-22-2021 03:23 PM - edited ‎02-22-2021 03:24 PM

Hello
TBH I think I’m lost with your description, but just like to say, A trunk interface with a specified native vlan that directly connects to a switch access-port assigned to the same native vlan will communicate, so have you tried this?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jon Marshall
Hall of Fame
Hall of Fame
In response to DouglasBlack71617

‎02-22-2021 03:34 PM

 

From memory I seem to remember there is a way with some routers to configure the connection between the onboard gigabit interface(s) and the switch module but can't find any information on it at the moment. 

 

At the risk of stating the obvious and assuming you have a spare port on the switch module can you not just run a cable between the onboard interface and one of the switch module ports ie. as you would with a separate switch.

 

Jon

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to DouglasBlack71617

‎02-23-2021 04:56 AM

In your test with the 1921 you have created the vlan subinterface for vlan 1

interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native

But you have not assigned an IP address to it. Does anything happen if you configure an IP address in the subnet to this vlan subinterface?

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card