cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1325
Views
5
Helpful
5
Replies

Cannot get SM-ES2-24-P to talk to the router

Michael Durham
Level 4
Level 4

I cannot get my ES2 switch to talk with my router and the phones connected to the switch are not getting a dhcp address.

Current configuration : 24574 bytes
!
! Last configuration change at 01:03:55 UTC Fri Jun 7 2019
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip dhcp excluded-address 192.168.101.1 192.168.101.20
ip dhcp excluded-address 192.168.201.1 192.168.201.20
!
ip dhcp pool Users
network 192.168.101.0 255.255.255.0
dns-server 1.1.1.1
default-router 192.168.101.1
option 150 ip 192.168.201.1
lease 0 12
!
ip dhcp pool Voice
network 192.168.201.0 255.255.255.0
dns-server 1.1.1.1
default-router 192.168.201.1
option 150 ip 192.168.201.1
lease 0 12
!
!
ip domain lookup source-interface GigabitEthernet0/0
ip name-server 1.1.1.1
ip name-server 4.2.2.2
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
ctl-client
!
!
license udi pid CISCO2911/K9 sn FTXK
hw-module pvdm 0/0
!
hw-module sm 1
!
!
dial-control-mib retain-timer 10080
dial-control-mib max-size 500
!
redundancy
!
crypto isakmp policy 100
encr aes 256
hash sha512
authentication pre-share
group 16
lifetime 3600
crypto isakmp key 6 Cisco123 address 0.0.0.0
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set support ah-sha512-hmac esp-3des
mode tunnel
!
crypto ipsec profile support
set security-association lifetime seconds 86400
set transform-set support
!
!
interface Loopback1
ip address 1.2.3.4 255.255.255.255
!
interface Tunnel1
description DMVPN mGRE tunnel to support
ip address 172.16.0.2 255.255.0.0
no ip redirects
ip nhrp authentication Cisco
ip nhrp map 172.16.0.1 166.168.999.999
ip nhrp map multicast 166.168.999.999
ip nhrp network-id 999
ip nhrp nhs 172.16.0.1
shutdown
cdp enable
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile support
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description "Internet"
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1.101
description Data Network
encapsulation dot1Q 101 native
ip address 192.168.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface GigabitEthernet0/1.201
description Voice Network
encapsulation dot1Q 201
ip address 192.168.201.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet1/0
ip address 192.168.202.1 255.255.255.0
!
interface GigabitEthernet1/1
description Trunk to SM-ES2-24-P switch
switchport trunk native vlan 101
switchport mode trunk
no ip address
spanning-tree portfast
!
interface Vlan1
no ip address
!
router eigrp 9001
network 192.168.101.0
network 192.168.201.0
!
ip forward-protocol nd
!
ip http server
ip http authentication aaa login-authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:/GUI
!
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
vstack
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
password Cisco
no activation-character
no exec
transport preferred none
transport input all
transport output all
stopbits 1
flowcontrol software
line vty 0 4
password Cisco
logging synchronous
login
terminal-type monitor
transport input ssh
transport output ssh
line vty 5 15
password Cisco
logging synchronous
login
terminal-type monitor
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 103.105.51.156 minpoll 9
!
end

 

Building configuration...

Current configuration : 5540 bytes
!
! Last configuration change at 01:30:48 UTC Fri Jun 7 2019
! NVRAM config last updated at 01:30:57 UTC Fri Jun 7 2019
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
mls qos map policed-dscp 24 26 46 to 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
!
!
policy-map AutoQoS-Police-CiscoPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
police 320000 8000 exceed-action policed-dscp-transmit
class AutoQoS-VoIP-Control-Trust
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
!
!
interface FastEthernet0/2
switchport access vlan 101
switchport mode access
switchport voice vlan 201
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/3
switchport access vlan 101
switchport mode access
switchport voice vlan 201
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/25
description Connects to Router Gi1/1
switchport trunk native vlan 101
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/26
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan201
ip address 192.168.201.2 255.255.255.0
no ip route-cache
!
interface Vlan202
ip address 192.168.202.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.101.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
speed 115200
flowcontrol software
line vty 5 15
!
end

1 Accepted Solution

Accepted Solutions

After MANY hours of trials and errors, I have the configuration that works when you have a Cisco 2911 router with a SM-ESx-x-x switch module installed and you only need to connect the router to the internet and no other switches.  Only port gi0/0 is connected to the internet, the router's other ports gi0/1 and gi0/2 and NOT used.  You could use these ports to connect to a server or a computer that you do not need a phone at.  The SM-ESx-x-x switch module is where you will connect your users phones and PC's.  The SM-ES2 modules are 10/100 speed except for one 10/100/1000 (boss' port) and are the same as a 2960 switch. The SM-ES3 modules are full 10/100/1000 all ports plus these modules are also layer 3 like a 3560 switch.

ROUTER

!
interface GigabitEthernet0/0
description "Internet
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet1/0
ip address 192.168.202.1 255.255.255.252
no ip route-cache
!
interface GigabitEthernet1/1
description Trunk to SM-ES2-24-P switch
switchport mode trunk
switchport trunk native vlan 101
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
ip address 192.168.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan201
ip address 192.168.201.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
router eigrp 9001
network 192.168.101.0
network 192.168.201.0
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
access-list 100 remark Networks allowed access to the Internet
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
!

SWITCH
!
interface GigabitEthernet0/25
description Connects to Router Gi1/1
switchport mode trunk
switchport trunk native vlan 101

spanning-tree portfast
!
interface GigabitEthernet0/26
switchport access vlan 202
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan101
ip address 192.168.101.2 255.255.255.0
no ip route-cache
!
interface Vlan201
ip address 192.168.201.2 255.255.255.0
no ip route-cache
!
interface Vlan202
ip address 192.168.202.2 255.255.255.252
no ip route-cache
!
ip default-gateway 192.168.101.1

DO NOT shut down ports gi0/25 or gi0/26 as your connection will fail.  Port gi0/26 only needs the command switchport access vlan 202 to be able to communicate back to the router's gi1/0 port should the trunk fail.

Port gi0/25 MUST be configured as a trunk for this to work.  You can also configure gi0/26 as a trunk but you cannot have gi0/25 as an access port and port gi0/26 as the trunk, it will NOT work.  Both ports as a trunk does work..

View solution in original post

5 Replies 5

Hello,

 

looking at the configuration of your router, you have interface GigabitEthernet1/1 connected to the switch:

 

interface GigabitEthernet1/1
description Trunk to SM-ES2-24-P switch
switchport trunk native vlan 101
switchport mode trunk
no ip address
spanning-tree portfast

 

Your subinterfaces are configured on interface GigabiEthernet0/1, so that is the interface that needs to be connected to the switch.

 

 

I think you are mistaking the SM-ES2-24-P switch for a regular switch such as a 2960.  This switch is a module that you install into the 2911 router.  The gi1/0 and the gi1/1 ports are the switch.  You can put an IP address on the 1/0 port but the 1/1 port is a L2 port only and they both are internal ports only.  The switch also has two internal ports, fa0/25 and fa0/26.  I just can't seem to get the two to talk to each other. 

I am sure I could connect a RJ45 cable between the router's gi0/1 port and the switch's gi0/1 port and they would talk.  But they should not need this, they should communicate via the backbone and virtual ports.

After MANY hours of trials and errors, I have the configuration that works when you have a Cisco 2911 router with a SM-ESx-x-x switch module installed and you only need to connect the router to the internet and no other switches.  Only port gi0/0 is connected to the internet, the router's other ports gi0/1 and gi0/2 and NOT used.  You could use these ports to connect to a server or a computer that you do not need a phone at.  The SM-ESx-x-x switch module is where you will connect your users phones and PC's.  The SM-ES2 modules are 10/100 speed except for one 10/100/1000 (boss' port) and are the same as a 2960 switch. The SM-ES3 modules are full 10/100/1000 all ports plus these modules are also layer 3 like a 3560 switch.

ROUTER

!
interface GigabitEthernet0/0
description "Internet
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet1/0
ip address 192.168.202.1 255.255.255.252
no ip route-cache
!
interface GigabitEthernet1/1
description Trunk to SM-ES2-24-P switch
switchport mode trunk
switchport trunk native vlan 101
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan101
ip address 192.168.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan201
ip address 192.168.201.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
router eigrp 9001
network 192.168.101.0
network 192.168.201.0
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
access-list 100 remark Networks allowed access to the Internet
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
!

SWITCH
!
interface GigabitEthernet0/25
description Connects to Router Gi1/1
switchport mode trunk
switchport trunk native vlan 101

spanning-tree portfast
!
interface GigabitEthernet0/26
switchport access vlan 202
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan101
ip address 192.168.101.2 255.255.255.0
no ip route-cache
!
interface Vlan201
ip address 192.168.201.2 255.255.255.0
no ip route-cache
!
interface Vlan202
ip address 192.168.202.2 255.255.255.252
no ip route-cache
!
ip default-gateway 192.168.101.1

DO NOT shut down ports gi0/25 or gi0/26 as your connection will fail.  Port gi0/26 only needs the command switchport access vlan 202 to be able to communicate back to the router's gi1/0 port should the trunk fail.

Port gi0/25 MUST be configured as a trunk for this to work.  You can also configure gi0/26 as a trunk but you cannot have gi0/25 as an access port and port gi0/26 as the trunk, it will NOT work.  Both ports as a trunk does work..

Hello Michael,

nice job however can you clarify which switch module uplink port connects to router gi1/1 port ?

 

Because, we see that gi0/26 on switch is configured as trunk with native vlan 101 that is matching router gi1/1 configuration. switch gi0/25 has the same description but it is missing the native vlan 101 statement.

 

So I guess the working link is between router gi1/1 and switch gi0/26.

 

Thanks

Best Regards

Giuseppe

 

I found an error on the switch's config and corrected it. Please reread that section. This is only for Gerog
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco