02-04-2011 12:12 AM - edited 03-04-2019 11:18 AM
I have a Cisco 3725 running IOS 12.3. I have three WAN connections (2 x 100Mb and 1 x 2Mb serial) and I need to replace the 2Mb serial connection with a further 100Mb connection. However, I have not got any spare 100Mb sockets.
My plan is to use a switch that supports VLANs, connect the three WAN connections to the switch, each in their own VLAN, then connect the switch to one port on the router, configuring the switch port as a trunk (so that it passes all three VLANs across the link) and configuring the router so that for that single Ethernet interface, it has three subinterfaces each configured for a VLAN that matches the VLAN used for the corresponding WAN connection.
I am a bit rusty on my IOS so I wanted to run this all past the community for feedback.
The current WAN connections are configured as follows:
interface FastEthernet1/0
description 100Mbit Link to ISP
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
duplex auto
speed auto
ipv6 address xxxx:xxxx:xxxx:xxxx/126
no cdp enable
crypto map map2
!
interface FastEthernet1/1
description 100Mbit Link to 2nd office
ip address yyy.yyy.yyy.yyy 255.255.255.252
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
speed 100
full-duplex
ipv6 address yyyy:yyyy:yyyy:yyyy/126
no cdp enable
!
interface Serial0/0
description 2Mb link to ISP
bandwidth 2048
ip address zzz.zzz.zzz.zzz 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
ipv6 address zzzz:zzzz:zzzz:zzzz/126
no cdp enable
So my thinking is that this could (in theory!) translate to a config like this:
interface FastEthernet1/0.1
encapsulation dot1Q 51
description first 100Mbit link to ISP
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
duplex auto
speed auto
ipv6 address xxxx:xxxx:xxxx:xxxx/126
no cdp enable
crypto map map2
interface FastEthernet1/0.2
encapsulation dot1Q 52
description second 100Mbit link to ISP
ip address zzz.zzz.zzz.zzz 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
ipv6 address zzzz:zzzz:zzzz:zzzz/126
no cdp enable
interface FastEthernet1/0.3
encapsulation dot1Q 53
description 100Mbit link to 2nd office
ip address yyy.yyy.yyy.yyy 255.255.255.252
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
speed 100
full-duplex
ipv6 address yyyy:yyyy:yyyy:yyyy/126
no cdp enable
Any thoughts on whether or not that will work? Are there any commands from the original interface configurations that I CANNOT use when moving them to a subinterface? I'm thinking that the speed & duplex commands need to be removed?
Many thanks.
Philip
02-04-2011 01:08 AM
Hello, Philip.
To create trunk on router interface U need delete IP address on main interface and create sub-interfaces. I've never seen configuration U provide =).
If U creating sub-interfaces on Fa1/0 first delete IP address on it, I'm not shure about other configuration such as access-groups and crypto map but ip address deffinately shouldn't be there.
Cheers, GRinch
02-04-2011 01:13 AM
Just to clarify, it will be the Ethernet switch that is configured to have a trunk port on it.
The Cisco router will have a single Ethernet connection to that trunk port, but the subinterfaces will each be configured for separate VLANs. The intention is to keep the traffic between the subinterfaces and the corresponding WAN connection private to those two points.
If I am creating the subinterfaces, do I need to have any configuration at the main interface level, i.e. FastEthernet 1/0 in my example? I take the point made about deleting the IP addresses on it - it was actually my intention to delete all of the configuration that currently exists on FastEthernet 1/0 but now I'm not sure if I need any config lines for it, or do I just need them for the subinterfaces?
Thanks.
Philip
02-04-2011 01:24 AM
It's correct. U don't need any configuration on main interface. Just create sub-interfaces and vlans on router. Then connect you switch's trunk port to the router and it should works well. I also can recomend you use Packet tracer for emulation.
02-04-2011 01:29 AM
On some platforms you can put the native VLAN on the main interface(so put an ip address on it) or on a subinterface by specifying the vlan is native.
But the second option is themost prevalent and then you just do a no ip add on main int and no shut it.
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide