05-13-2013 10:40 PM - edited 03-07-2019 01:20 PM
Hi All,
I am trying to do some tests as follows:
I have a laptop with a single physical NIC which I have used the advanced management tools to create two virtual NICs (say vlan 10 and vlan 20) and both are on the same subnet (say 192.168.4.x). One NIC is for normal TCP/IP traffic and one is for broadcast/multicast traffic (I have some custom software that requires this to be the case and works fine on an older laptops with built-in physical NIC and PCMCIA XIRCOM NIC). The dual NIC laptop communicates with a dual NIC server via a Cisco 2811 router (which has a 16 port switch module at the back) and has vlans set up so.
What I want is for the single NIC laptop (with two virtual NICs) to be able to also communicate with the server. Basically, one NIC is for normal traffic and one is for multicast/broadcast traffic. All three machines need to be able to talk to each other using the NIC for normal traffic and both laptops must be able to receive broadcasts from the server. What is the best way to configure the router to handle the trunking/tagging? Most configuration documentation I read has two complete subnets for the two virtual NICs. Note that all three machines use static IPs and are part of a workgroup so no DNS and domain servers etc.
All help is greatly appreciated.
TIA,
Vlad
Solved! Go to Solution.
05-20-2013 04:52 AM
Vlad
I do not understand your comment just above interface Fa1/7, but it surely is required that this interface be configured as an access port and that it be assigned to vlan 221.
I have two theories about what the problem might be.
1) I wonder if the virtual NIC is expecting both vlans to be tagged? The simple thing to do is to configure the trunk interface to use vlan 1 as the native vlan (even though you will not really have vlan 1 traffic) so that it will tag frames on both vlans.
2) I wonder if the problem is the configuration of the vlan interfaces. In your original post you described needing two vlans with the same subnet. But these vlan interfaces define two different subnets.
The configuration of the vlan interfaces implies that the router will be doing layer 3 forwarding, but I do not think that is what you really intend to do. In a previous post I commented that I thought that this would work as long as you kept the forwarding at layer 2. I suggest that you remove both vlan interfaces and then tell me how things are working.
HTH
Rick
05-14-2013 06:10 AM
Vlad
The usual solution when there are two VLANs is to configure the router interface to do trunking and I believe that this is what you are referring to when you mention two complete subnets. I do not believe that this feature will work for what you are trying to do. I believe that if you try to configure two subinterfaces with vlan 10 on one and vlan 20 on the other and then try to configure addresses in the same subnet on both that the router will reject this as being overlapping addresses. Also if you do try this implementation then at least one of the vlan subinterfaces will expect to do vlan tagging and I get the impression from your description that you want both vlans to be un-tagged.
I can think that you could get close to a solution where unicast traffic went into one vlan and multicast traffic could go into a second vlan (which on the router would look like another subinterface with another ip subnet). So if your PC sent a multicast join for group 225.2.2.2 on vlan 20 then the router would forward multicast on vlan 20 while forwarding unicast for 192.168.4.x on vlan 10. But that would leave broadcast on vlan 10 and your description seems to want to put broadcast with the multicast. Also this solution would do vlan tagging for at least one of the vlans and I suspect that this would be a problem for your NIC.
HTH
Rick
05-14-2013 07:27 PM
Hi Richard,
Thanks for the quick response. Perhaps I was too vague in my initial post.
What I have are two Cisco 2811 routers. A dual NIC server and two dual NIC laptops. The first router has untagged VLANs setup separating the three computers into, say three sites. I now want to replace one of the dual NIC laptops with a single NIC laptop (configured with two virtual NICs). I want to use the second router to sit between the first router and the single NIC laptop to perform the vlan tagging/untagging to/from the single NIC laptop. The following is a mock up diagram. The Netgear GS605 dummy switches are in place so that I can isolate each site without affecting the NICs which in turn wont affect the running of the software.
Cheers,
Vlad
05-15-2013 05:01 AM
Vlad
Thanks for the additional information. I still have some confusion about a couple of things. There appears to be some color coding of switch ports and of traffic flows and I am not sure that I have all the color codings quite clear.
One of my confusions is about the relationship between the Central Site and Site 2. The drawing seems to show a connection from a switch port of the 2811 at the Central Site to a switch port on the 2811 at Site 2. Are these sites close enough that you can use a switch port to switch port connection? If so then there is probably a simple solution that will work. In this case you are not using the 2811 for its routing capability but using it as a layer 2 switch. In this case each 2811 switch configures the two vlans. The server at Central Site uses two NICs with each NIC connecting to an access port on the 2811 switch. the Central Site 2811 switch uses an access port in each vlan to connect to switches at Site 1 and another pair of access ports, one in each vlan to connect to access ports on the 2811 switch at Site 2. And the 2811 switch at Site 2 then configures a trunk port carrying the tagged vlan traffic to the laptop with the single NIC.
HTH
Rick
05-15-2013 05:54 AM
Hi Richard,
Please ignore the colour coding of the switch ports of the second 2811. Blame on the good old cut-and-paste error. It is unconfigured. At the moment site 2 has a dual NIC laptop without the second 2811 and is pretty much connected like site 1.
In theory, I don't need the second 2811 (will have to then also route the broadcast to the trunc port). However, I am not allowed to touch the first 2811 as the setup is in a lab environment. Hence I must use the second 2811 purely to tag/untag vlan traffic to and from the laptop with the single NIC.
Basically, the black line from the central server is broadcast traffic which comes out of the first 2811 and into a Netgear switch (there is another computer acting as an interceptor of broadcast traffic to add delays/dropouts etc which is not shown on the diagram which sits between the first 2811 and the main Netgear broadcast switch and is another reason I can't just use the one 2811 router). The dark blue line from the central server is 2-way traffic which is split into light blue for site 1 and purple for site 2. The brown line is the trunk line consisting of the broadcast and 2-way traffic.
Hope that clears it abit more.
Kind Regards,
Vlad
05-15-2013 06:13 AM
Vlad
As long as you can keep all the forwarding at layer 2 (using switch access ports and trunk ports) then this should work ok (assuming correct configuration at Site 2 to put both vlans onto a trunk port connecting to the laptop).
While you certainly can do this with a 2811 at Site 2 you are not really using the ability to route but are using its switch. So you could just as easily put a good managed switch as Site 2 and let it do the vlan trunking.
HTH
Rick
05-20-2013 12:28 AM
Hi Rick,
Being doing some reading and testing. I have the duplex link working but not the broadcast one. The following are snippets of the config:
FE0/0 and FE0/1 not used
FE1/0 to FE1/6 not used
FE1/9 to FE1/14 not used
Trunk:
interface FastEthernet1/8
description Trunk for DSN server computer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 221
switchport trunk allowed vlan 221,222
duplex auto
speed auto
no cdp enable
Duplex access to vlan 222:
interface FastEthernet1/15
switchport mode access
switchport access vlan 222
duplex auto
speed auto
no cdp enable
Broadcast access to vlan 221 (I am not sure if this is required and could be the issue?):
interface FastEthernet1/7
switchport mode access
switchport access vlan 221
duplex auto
speed auto
no cdp enable
Vlan221:
interface Vlan221
description BCAST connection
ip address 192.168.4.161 255.255.255.240
ip pim sparse-dense-mode
Vlan222:
interface Vlan222
description Duplex connection
ip address 192.168.4.177 255.255.255.240
ip pim sparse-dense-mode
So basically, the ethernet cable from the single NIC laptop plugs into FE1/8, the ethernet cable from the duplex/reachback Netgear GS605 switch plugs into FE1/15 and the ethernet cable from the broadcast Netgear GS605 switch plugs into FE1/7.
Wireshark is not indicating any traffic arriving on the 221 virtual NIC.
Cheers,
Vlad
05-20-2013 04:52 AM
Vlad
I do not understand your comment just above interface Fa1/7, but it surely is required that this interface be configured as an access port and that it be assigned to vlan 221.
I have two theories about what the problem might be.
1) I wonder if the virtual NIC is expecting both vlans to be tagged? The simple thing to do is to configure the trunk interface to use vlan 1 as the native vlan (even though you will not really have vlan 1 traffic) so that it will tag frames on both vlans.
2) I wonder if the problem is the configuration of the vlan interfaces. In your original post you described needing two vlans with the same subnet. But these vlan interfaces define two different subnets.
The configuration of the vlan interfaces implies that the router will be doing layer 3 forwarding, but I do not think that is what you really intend to do. In a previous post I commented that I thought that this would work as long as you kept the forwarding at layer 2. I suggest that you remove both vlan interfaces and then tell me how things are working.
HTH
Rick
05-20-2013 06:00 PM
Hi Rick,
Your first theory is correct. All works after removing the "switchport trunk native vlan 221" line from the trunk configuration. I forgot I had it there which meant it wasn't tagged.
Cheers for your help.
Vlad
05-23-2013 11:07 AM
Vlad
I am glad that my suggestion pointed you in the right direction and that now it is working as you want. Thank you for using the rating system to mark this question as answered. It makes the forum more useful when people can read about a problem and can know that a solution was found. This was a fairly unusual question and it will help people be encouraged to read about it when they know that there is an answer provided.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide