cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3209
Views
0
Helpful
4
Replies

VLANs and subinterfaces

PhilipColmer
Level 1
Level 1

I have a Cisco 3725 running IOS 12.3. I have three WAN connections (2 x 100Mb and 1 x 2Mb serial) and I need to replace the 2Mb serial connection with a further 100Mb connection. However, I have not got any spare 100Mb sockets.

My plan is to use a switch that supports VLANs, connect the three WAN connections to the switch, each in their own VLAN, then connect the switch to one port on the router, configuring the switch port as a trunk (so that it passes all three VLANs across the link) and configuring the router so that for that single Ethernet interface, it has three subinterfaces each configured for a VLAN that matches the VLAN used for the corresponding WAN connection.

I am a bit rusty on my IOS so I wanted to run this all past the community for feedback.

The current WAN connections are configured as follows:

interface FastEthernet1/0
description 100Mbit Link to ISP
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip access-group 105 in

ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
duplex auto
speed auto
ipv6 address xxxx:xxxx:xxxx:xxxx/126
no cdp enable
crypto map map2
!
interface FastEthernet1/1
description 100Mbit Link to 2nd office
ip address yyy.yyy.yyy.yyy 255.255.255.252
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
speed 100
full-duplex
ipv6 address yyyy:yyyy:yyyy:yyyy/126
no cdp enable
!
interface Serial0/0
description 2Mb link to ISP
bandwidth 2048
ip address zzz.zzz.zzz.zzz 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
ipv6 address zzzz:zzzz:zzzz:zzzz/126
no cdp enable

So my thinking is that this could (in theory!) translate to a config like this:

interface FastEthernet1/0.1
encapsulation dot1Q 51
description first 100Mbit link to ISP
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
duplex auto
speed auto
ipv6 address xxxx:xxxx:xxxx:xxxx/126
no cdp enable
crypto map map2


interface FastEthernet1/0.2
encapsulation dot1Q 52
description second 100Mbit link to ISP
ip address zzz.zzz.zzz.zzz 255.255.255.252
ip access-group 105 in
ip access-group 104 out
ip pim bsr-border
ip pim sparse-mode
no ip mroute-cache
ipv6 address zzzz:zzzz:zzzz:zzzz/126
no cdp enable


interface FastEthernet1/0.3
encapsulation dot1Q 53
description 100Mbit link to 2nd office
ip address yyy.yyy.yyy.yyy 255.255.255.252
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
speed 100
full-duplex
ipv6 address yyyy:yyyy:yyyy:yyyy/126
no cdp enable

Any thoughts on whether or not that will work? Are there any commands from the original interface configurations that I CANNOT use when moving them to a subinterface? I'm thinking that the speed & duplex commands need to be removed?

Many thanks.

Philip

4 Replies 4

grinch182
Level 1
Level 1

Hello, Philip.

To create trunk on router interface U need delete IP address on main interface and create sub-interfaces. I've never seen configuration U provide =).

If U creating sub-interfaces on Fa1/0 first delete IP address on it, I'm not shure about other configuration such as access-groups and crypto map but ip address deffinately shouldn't be  there.

Cheers, GRinch

Just to clarify, it will be the Ethernet switch that is configured to have a trunk port on it.

The Cisco router will have a single Ethernet connection to that trunk port, but the subinterfaces will each be configured for separate VLANs. The intention is to keep the traffic between the subinterfaces and the corresponding WAN connection private to those two points.

If I am creating the subinterfaces, do I need to have any configuration at the main interface level, i.e. FastEthernet 1/0 in my example? I take the point made about deleting the IP addresses on it - it was actually my intention to delete all of the configuration that currently exists on FastEthernet 1/0 but now I'm not sure if I need any config lines for it, or do I just need them for the subinterfaces?

Thanks.

Philip

It's correct. U don't need any configuration on main interface. Just create sub-interfaces and vlans on router. Then connect you switch's trunk port to the router and it should works well. I also can recomend you use Packet tracer for emulation.

On some platforms you can put the native VLAN on the main interface(so put an ip address on it)  or on a subinterface by specifying the vlan is native.

But the second option is themost prevalent and then you just do a no ip add on main int and no shut it.

Regards.

Alain

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco