03-12-2012 06:32 PM - edited 03-07-2019 05:31 AM
I started to set up a 1721 router with WIC-4ESW. This is on an internal network, so only looking to just do routing from FA/0's interface to the networks attached to ports on the WIC. I first assigned just VLANs to 2 of the ports and this did not work. So I did some reading up and decided to use bridge groups. Except I still can not access the interfaces on the WIC. And by that I mean on the router itself I can not ping the ip assigned to the BVI.
I have another 1721 w/4 port that long ago I seem to remember simply assigning VLANs to the interfaces and I was able to communicate between the networks without issue (or maybe I just don't rememer that well). Thing is I should be able to at least ping the internal interfaces shouldn't I (assuming the status is up). I don't know why BVI2 and 3 are listed as down, nor do I seem to know how to bring these up.
This is what ip int br gives me:
1721#sh ip int br
Interface IP-Address OK? Method Status Protocol
BVI2 192.168.101.1 YES manual down down
BVI3 10.10.7.1 YES manual down down
FastEthernet0 192.168.100.3 YES NVRAM up up
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up up
FastEthernet3 unassigned YES unset up down
FastEthernet4 unassigned YES unset up down
Vlan1 unassigned YES NVRAM up down
Vlan2 unassigned YES manual up down
Vlan3 unassigned YES manual up down
1721#
Below is the config:
version 12.4
hostname 1721
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
ip cef
!
bridge irb
!
!
interface FastEthernet0
ip address 192.168.100.3 255.255.255.0
speed auto
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
switchport access vlan 3
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
no ip address
!
interface Vlan2
description FW_INSIDE$
no ip address
bridge-group 2
!
interface Vlan3
description FW_INSIDE$
no ip address
bridge-group 3
!
interface BVI2
ip address 192.168.101.1 255.255.255.0
!
interface BVI3
ip address 10.10.7.1 255.255.255.0
!
router eigrp 1
network 10.10.7.0 0.0.0.255
network 192.168.100.0
network 192.168.101.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!
!
ip http server
ip http secure-server
!
access-list 101 permit ip any any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
!
end
Solved! Go to Solution.
03-12-2012 08:44 PM
Sean
It has been quite a while since I worked with a 1721 and I am pleasantly surprised that it supports the WIC-4ESW.
In my (somewhat limited) experience with switch modules as part of IOS routers I have had good experience with assigning switch ports to VLANs and configuring VLAN interfaces with IP addresses. I wonder what led you to use IRB and multiple BVI interfaces.
My first suggestion would be to remove IRB and the BVI interfaces and then assign IP addresses to interface VLAN 2 and VLAN 3. Give that a try and let us know how it works.
HTH
Rick
03-12-2012 08:44 PM
Sean
It has been quite a while since I worked with a 1721 and I am pleasantly surprised that it supports the WIC-4ESW.
In my (somewhat limited) experience with switch modules as part of IOS routers I have had good experience with assigning switch ports to VLANs and configuring VLAN interfaces with IP addresses. I wonder what led you to use IRB and multiple BVI interfaces.
My first suggestion would be to remove IRB and the BVI interfaces and then assign IP addresses to interface VLAN 2 and VLAN 3. Give that a try and let us know how it works.
HTH
Rick
03-13-2012 11:05 AM
When first trying to configure just VLAN interfaces, and that did not work, I went with my limited knowledge of what I thought would work; configure bridge interface (because that is what I needed for my 877 ADSL router at home). Well I took your advice and removed the BVIs and just assigned IPs to the VLANs. This time however I got error message "
%Access VLAN 2 does not exist. Please add it to vlan database". This was new to me, I thought these would be automatically assigned to the VLAN database. Turns out I needed to go privileged EXEC and do"vlan database" then "vlan 2"..."vlan 3".
I never had to do that with my 877, so it never occured I would have to manually add these to the database. Doh! Anyways thanks for you reply and help on this Rick, one less headache + I learned something really valuable.
03-13-2012 08:11 PM
Sean
I am glad that you got this solved and that my suggestion helped you to learn something valuable. Thank you for posting back to the forum indicating that the problem was solved. Thanks for using the rating system to mark the question as resolved. It makes the forum more useful when people can read about a problem and can know that a solution was found. Your marking has contributed to this process.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide