Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2586
Views
50
Helpful
10
Replies

VLANS ON CISCO ISR4221

wanumet
Level 1
Level 1

‎07-19-2021 12:10 AM

Hello Well done.

I want to configure VLANs into my Cisco ISR4221 router.

I tried the vlan commands but they refused.

How do I do it

Bellow is my config.

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.07.19 09:56:10 =~=~=~=~=~=~=~=~=~=~=~=
login as: admin
Pre-authentication banner message from server:
| Yumbe Hospital
End of banner message from server
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server


There have been 3 successful attempts in the past 1 hours


YH-Cisco-Router>en
Password:
YH-Cisco-Router#show runn    start
Using 3306 out of 33554432 bytes
!
! Last configuration change at 01:02:29 UTC Fri Jul 16 2021 by YH
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname YH-Cisco-Router
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.09.07.SPA_2.bin
boot-end-marker
!
!
enable secret 5 $1$8cDL$X9cytQtYgmHRAxVz/wM0Z/
!
aaa new-model
!
--More--  !
--More--  aaa authentication login default local
--More--  !
--More--  !
--More--  aaa login success-track-conf-time 1
--More--  !
--More--  !
--More--  !
--More--  !
--More--  aaa session-id common
--More--  clock timezone UTC 3 0
--More--  call-home
--More--   contact-email-addr support@aircomit.com
--More--   contract-id "204167269"
--More--   phone-number "+256704251030 "
--More--   sender from support@aircomit.com
--More--   sender reply-to support@aircomit.com
--More--   source-interface GigabitEthernet0/0/0
--More--   street-address "Kampala"
--More--   profile "YH"
--More--   destination transport-method http
--More--   destination address http http://aircomit.com/yh
--More--   destination address email support@aircomit.com
--More--  !
--More--  !
--More--  ip nbar http-services
--More--  !
--More--  ip dhcp excluded-address 10.10.0.1 10.10.0.100
--More--  !
--More--  ip dhcp pool YH-LAN
--More--   network 10.10.0.0 255.255.0.0
--More--   default-router 10.10.0.1
--More--   dns-server 8.8.8.8
--More--  !
--More--  !
--More--  !
--More--  login on-success log
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  subscriber templating
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  multilink bundle-name authenticated
--More--  !
--More--  !
--More--  !
--More--  crypto pki trustpoint TP-self-signed-4009722129
--More--   enrollment selfsigned
--More--   subject-name cn=IOS-Self-Signed-Certificate-4009722129
--More--   revocation-check none
--More--   rsakeypair TP-self-signed-4009722129
--More--  !
--More--  !
--More--  crypto pki certificate chain TP-self-signed-4009722129
--More--   certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
--More--  !
--More--  crypto pki certificate pool
--More--   cabundle nvram:ios_core.p7b
--More--  !
--More--  license udi pid ISR4221/K9 sn FGL2518LU5C
--More--  no license smart enable
--More--  diagnostic bootup level minimal
--More--  !
--More--  spanning-tree extend system-id
--More--  
--More--  et-analytics
--More--  !
--More--  !
--More--  !
--More--  username YH privilege 15 password 7 013E1F267F02155C701B
--More--  username admin secret 9 $9$3.wD2F.H3lQK4.$SQuAdZUCcXSd1bHs2tZVhF1UW2GKebLAca9cUwacJ8o
--More--  !
--More--  redundancy
--More--   mode none
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  interface GigabitEthernet0/0/0
--More--   description YH_Internet
--More--   ip address 41.222.0.133 255.255.255.248
--More--   ip nbar protocol-discovery
--More--   ip nat outside
--More--   negotiation auto
--More--  !
--More--  interface GigabitEthernet0/0/1
--More--   description YH_LAN
--More--   ip address 10.10.0.1 255.255.0.0
--More--   ip nbar protocol-discovery
--More--   ip nat inside
--More--   negotiation auto
--More--  !
--More--  ip forward-protocol nd
--More--  ip ftp source-interface GigabitEthernet0/0/1
--More--  ip http server
--More--  ip http authentication local
--More--  ip http secure-server
--More--  ip http client source-interface GigabitEthernet0/0/0
--More--  ip tftp source-interface GigabitEthernet0/0/1
--More--  ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
--More--  ip route 0.0.0.0 0.0.0.0 41.222.0.129
--More--  !
--More--  !
--More--  access-list 1 permit 10.10.0.0 0.0.255.255
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  control-plane
--More--  !
--More--  banner login ^CYumbe Hospital^C
--More--  !
--More--  line con 0
--More--   transport input none
--More--   stopbits 1
--More--  line aux 0
--More--   stopbits 1
--More--  line vty 0 4
--More--   password 7 0961572B3D0C04415A5B
--More--  !
--More--  ntp server time.google.com prefer
--More--  !
--More--  !
--More--  !
--More--  !
--More--  event manager applet 1626339866715storeShowTech
--More--   event none sync no maxrun 31536000
--More--   action 001 cli command "enable"
--More--   action 002 cli command "traceroute 41.222.0.132 source GigabitEthernet0/0/1"
--More--   action 003 file open TECHFILE bootflash:1626339866715sh_tech.txt w+
--More--   action 004 file puts TECHFILE "$_cli_result"
--More--   action 005 file close TECHFILE
--More--  !
--More--  end
--More--  
YH-Cisco-Router#
YH-Cisco-Router#
YH-Cisco-Router#
YH-Cisco-Router#
YH-Cisco-Router#

Labels:
10 Replies 10

Richard Burts
Hall of Fame
Hall of Fame

‎07-19-2021 12:56 AM

The details of how to configure support for vlans on Cisco routers depends on whether the particular router has some layer 2 interfaces in addition to the normal layer 3 interfaces (some routers may have imbedded switches and thus have layer 2 interfaces). For routers that have only layer 3 interfaces (such as your router) you would configure support for vlans by configuring subinterfaces on a physical interface and specifying encapsulation 802.1q.

HTH

Rick

wanumet
Level 1
Level 1
In response to Richard Burts

‎07-19-2021 01:47 AM

Ok, so how do I configure support for vlans

Georg Pauwen
VIP
VIP
In response to wanumet

‎07-19-2021 02:16 AM

Hello,

 

in addition to what Richard is saying, here is an example:

 

interface GigabitEthernet0/0/1
description YH_LAN
ip address 10.10.0.1 255.255.0.0
ip nbar protocol-discovery
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1.10
description Vlan 10
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1.20
description Vlan 20
encapsulation dot1q 20
ip address 192.168.20.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
negotiation auto

wanumet
Level 1
Level 1
In response to wanumet

‎07-19-2021 03:57 AM

Thank you
This worked. Apart from the last line, it does not allow specifying
negotiation.

However I also realise that I can access the router through the vlan IP
addresses only when I am connected using the original router subnet, in
this case 10.10.0.0
When I change to another vlan subnet, say if I change my computer ip to
172.16.0.10 I can't access the router on 172.16.0.1(ip address for vlan 172
on the router)
But I can access 172.16.0.1 when my computer ip is 10.10.0.xx

See configuration bellow
























































































































































































*YH-Cisco-Router>enPassword: YH-Cisco-Router#sh runnBuilding
configuration...Current configuration : 7697 bytes!! Last configuration
change at 13:06:58 UTC Mon Jul 19 2021 by admin!version 16.12service
timestamps debug datetime msecservice timestamps log datetime msecservice
password-encryptionservice call-homeplatform qfp utilization monitor load
80no platform punt-keepalive disable-kernel-core!hostname
YH-Cisco-Router!boot-start-markerboot system flash
bootflash:isr4200-universalk9_ias.16.12.05.SPA_3.binboot-end-marker!!enable
secret 9
$14$8cDL$8iLnp7LytZU3aU$Bbp8OTbegeD0f4PegFuivFN0fT0CcauqekVe7bqzdlU! --More--
aaa new-model --More-- ! --More-- ! --More--
aaa authentication login default local --More-- ! --More--
! --More-- aaa login success-track-conf-time 1 --More--
! --More-- ! --More-- ! --More-- ! --More--
aaa session-id common --More-- clock timezone UTC 3 0 --More--
call-home --More-- contact-email-addr support@aircomit.com
--More-- contract-id "204167269" --More--
phone-number "+256704251030 " --More-- sender from
support@aircomit.com --More-- sender
reply-to support@aircomit.com --More--
source-interface GigabitEthernet0/0/0 --More-- street-address
"Kampala" --More-- profile "YH" --More-- destination
transport-method http --More-- destination address http
http://aircomit.com/yh --More--
destination address email support@aircomit.com
--More-- ! --More-- ! --More-- ip nbar
http-services --More-- ! --More-- ip dhcp excluded-address
10.10.0.1 10.10.0.100 --More-- ! --More-- ip dhcp pool
YH-LAN --More-- network 10.10.0.0 255.255.0.0 --More--
default-router 10.10.0.1 --More-- dns-server 8.8.8.8 --More--
! --More-- ! --More-- ! --More-- login
on-success log --More-- ! --More-- ! --More--
crypto pki trustpoint TP-self-signed-4009722129 --More-- enrollment
selfsigned --More-- subject-name
cn=IOS-Self-Signed-Certificate-4009722129 --More-- revocation-check
none --More-- rsakeypair TP-self-signed-4009722129 --More--
! --More-- crypto pki trustpoint SLA-TrustPoint --More--
enrollment pkcs12 --More-- revocation-check crl --More--
! --More-- ! --More-- crypto pki certificate chain
TP-self-signed-4009722129 --More-- quit --More-- crypto
pki certificate chain SLA-TrustPoint --More-- certificate ca
01 --More-- quit --More-- ! --More-- crypto pki
certificate pool --More-- cabundle nvram:ios_core.p7b --More--
! --More-- ! --More-- no license feature
hseck9 --More-- license udi pid ISR4221/K9 sn FGL2518LU5C --More--
memory free low-watermark processor 69237 --More--
! --More-- diagnostic bootup level minimal --More--
! --More-- spanning-tree extend system-id --More--
! --More-- username YH privilege 15 password 7
013E1F267F02155C701B --More-- username admin secret 9
$9$3.wD2F.H3lQK4.$SQuAdZUCcXSd1bHs2tZVhF1UW2GKebLAca9cUwacJ8o --More--
! --More-- redundancy --More-- mode none --More--
interface GigabitEthernet0/0/0 --More-- description
YH_Internet --More-- ip address 41.222.0.133
255.255.255.248 --More-- ip nbar protocol-discovery --More--
ip nat outside --More-- negotiation auto --More--
! --More-- interface GigabitEthernet0/0/1 --More--
description YH_LAN --More-- ip address 10.10.0.1
255.255.0.0 --More-- ip nbar protocol-discovery --More-- ip
nat inside --More-- media-type rj45 --More-- negotiation
auto --More-- ! --More-- interface
GigabitEthernet0/0/1.10 --More-- description vlan 10 --More--
encapsulation dot1Q 10 --More-- ip address 10.1.0.1
255.255.0.0 --More-- ip nbar protocol-discovery --More-- ip
nat inside --More-- ! --More-- interface
GigabitEthernet0/0/1.172 --More-- description vlan 172 --More--
encapsulation dot1Q 172 --More-- ip address 172.16.0.1
255.255.0.0 --More-- ip nbar protocol-discovery --More-- ip
nat inside --More-- ! --More-- ip forward-protocol
nd --More-- ip ftp source-interface GigabitEthernet0/0/1 --More--
ip http server --More-- ip http authentication local --More--
ip http secure-server --More-- ip http client
source-interface GigabitEthernet0/0/0 --More-- ip tftp
source-interface GigabitEthernet0/0/1 --More-- ip nat inside source
list 1 interface GigabitEthernet0/0/0 overload --More-- ip route
0.0.0.0 0.0.0.0 41.222.0.129 --More-- ! --More-- ! --More--
! --More-- ip access-list standard 1 --More-- 10
permit 10.10.0.0 0.0.255.255 --More-- ! --More-- ! --More--
! --More-- ! --More-- ! --More-- ! --More--
control-plane --More-- ! --More-- banner login
^CYumbe Hospital^C --More-- ! --More-- line con 0 --More--
transport input none --More-- stopbits 1 --More--
line aux 0 --More-- stopbits 1 --More-- line vty 0
4 --More-- password 7 0961572B3D0C04415A5B --More--
transport input ssh --More-- ! --More-- ntp server
time.google.com prefer --More-- ! --More--
! --More-- ! --More-- ! --More-- event
manager applet 1626339866715storeShowTech --More-- event none sync
no maxrun 31536000 --More-- action 001 cli command
"enable" --More-- action 002 cli command "traceroute 41.222.0.132
source GigabitEthernet0/0/1" --More-- action 003 file open TECHFILE
bootflash:1626339866715sh_tech.txt w+ --More-- action 004 file puts
TECHFILE "$_cli_result" --More-- action 005 file close
TECHFILE --More-- !*
--More-- end
--More--
YH-Cisco-Router#
YH-Cisco-Router#
YH-Cisco-Router#
YH-Cisco-Router#

Georg Pauwen
VIP
VIP
In response to wanumet

‎07-19-2021 04:01 AM

Hello,

 

whatever is connected to interface GigabitEthernet0/0/1 (a switch I assume) must have the port that is connected to the router configured as a trunk. Can you post the configuration of the device connected to interface GigabitEthernet0/0/1 ?

wanumet
Level 1
Level 1
In response to Georg Pauwen

‎07-21-2021 12:32 PM - edited ‎07-21-2021 12:36 PM

@Richard Burts and @Georg Pauwen At first I connected my computer directly to GigabitEthernet0/0/1 and assigned it a static ip address  172.16.0.10 , I couldn't reach the router,  not even through pings

Next I used a DLink smart switch,  I configured in the same vlans,  vlan10 and vlan172 but still I didn't connect to the router 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to wanumet

‎07-21-2021 08:05 PM

To help us understand what is happening it would help if you would post the current configuration of the interface and its associated subinterfaces.

It would also help us understand what is happening if you would give us specifics of what device is connected to your router interface and how that device is configured. 

HTH

Rick
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to wanumet

‎07-19-2021 05:20 AM

Hello @wanumet ,

to get a clean readable output use:

 

term len 0

show run

 

hint: with normal pager at 25 lines use the spacebar to move on of one page if you use enter you move on of  a single line creating a terrible mess.

 

Be aware that some default configuration of routers have an access-list applied under line vty. This could explain what you see.

 

Hope  to help

Giuseppe

 

wanumet
Level 1
Level 1
In response to Giuseppe Larosa

‎07-19-2021 05:46 AM

Thank you Guespe.

Richard Burts
Hall of Fame
Hall of Fame
In response to wanumet

‎07-19-2021 06:03 AM - edited ‎07-19-2021 06:04 AM

My guess is that the device that connects to the router port is not configured as a trunk. I agree with @Georg Pauwen  Can you tell us what device this is and post the configuration of the device connected to interface GigabitEthernet0/0/1 ?

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card