Hi

mastergolia20 · ‎07-12-2017

hi, I'm very much in trouble, with routing vlans... I have 3 vlans and I do not want routing between them ( They don't have to see each other ), In addition vlans 3 and 2 must have a bandwitch, I tried to configure it but I did not succeed... And I miss the command to make port to VLAN to connect the VLAN 3 to a physical port..

vlan 1 = 192.168.1.x

vlan 2 = 192.168.2.x

vlan 3 = 192.168.3.x

Show my run config:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip access-group filter-vlan3 in (this is test to connect vlan 3 to port fe0/1 and stop routing vlans)
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip access-group filter-vlan3 in
shutdown
duplex auto
speed auto
!
interface ATM0/1/0
no ip address
ip mtu 1492
no atm ilmi-keepalive
dsl operating-mode adsl2+
pvc x/xx
pppoe-client dial-pool-number 1
!
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp chap hostname xxxxxxxxx
ppp chap password xxxxxxx
ppp pap sent-username xxxxxxx password xxxxxxxx
ppp ipcp dns request accept
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
!
ip access-list extended filter-vlan1
deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended filter-vlan2
deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended filter-vlan3
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended filter-vlan30 ( error me )

sorry my bad english and thanks support!

Mark Malone · ‎07-13-2017

Hi

How do you have 2 interfaces with same ip on the router ? thought that would throw an error and block it

interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip access-group filter-vlan3 in (this is test to connect vlan 3 to port fe0/1 and stop routing vlans)
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip access-group filter-vlan3 in
shutdown
duplex auto
speed auto

For the access-list just create one acl deny each ip range from speaking to each other in each direction , so a reverse of each rule example like below and allow everything else

ip access-list extended filter-vlan
deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
permit ip any any

Then apply it to each interface that you want to block, in and out direct

interface FastEthernet0/0.3
ip access-group filter-vlan in
ip access-group filter-vlan out

interface FastEthernet0/0.2
ip access-group filter-vlan in
ip access-group filter-vlan out

mastergolia20 · ‎07-13-2017

it's impossible to have 2 interfaces with the same IP in fact gave me the error but it was more a test to see if the router accepted the commands even if wrong...

It still works! VLANs are no longer seen.. Thank you

it's now set bandwith and port to vlan..

bandwidth = vlan 2/3

vlan 2 =

upload 354 KBits / 44250 Bytes

download 4000 KBits / 500000 Bytes

vlan 3 =

upload 254 KBits / 31750 Bytes

download 1500 KBits / 187500 Bytes

-------------------------------------------------------

it's now connect vlan 3 with fe0/1

I have peeked so many forums on Cisco support community, but I can not find any command accepted by my router/modem, on the bandwidth and port to VLAN... Many use "Switchport mode access.., switchport access VLAN xx...." But not being a true and own switch my router/modem does not accept the command, same for the bandwidth...

Mark Malone · ‎07-13-2017

Hi

If your looking to limit bandwidth traffic per subnet range use MQC qos , example below , create the class-map and policy-map and then apply to the WAN interface of the 1841

http://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book/qos_mqc.html#wp1059593

Configuration Examples for Applying QoS Features Using the MQC

Example: Creating a Traffic Class

In the following example, two traffic classes are created and their match criteria are defined. For the first traffic class called class1, access control list (ACL) 101 is used as the match criterion. For the second traffic class called class2, ACL 102 is used as the match criterion. Packets are checked against the contents of these ACLs to determine if they belong to the class.

Router(config)# class-map class1

Router(config-cmap)# match access-group 101

Router(config-cmap)# exit

Router(config)# class-map class2

Router(config-cmap)# match access-group 102

Router(config-cmap)# exit

Example: Creating a Traffic Policy

In the following example, a traffic policy called policy1 is defined. The traffic policy contains the QoS features to be applied to two classes—class1 and class2. The match criteria for these classes were previously defined (as described in the "Example: Creating a Traffic Class").

For class1, the policy includes a bandwidth allocation request and a maximum packet count limit for the queue reserved for the class. For class2, the policy specifies only a bandwidth allocation request.

Router(config)# policy-map policy1

Router(config-pmap)# class class1

Router(config-pmap-c)# bandwidth 3000

Router(config-pmap-c)# queue-limit 30

Router(config-pmap-c)# exit

Router(config-pmap)# class class2

Router(config-pmap-c)# bandwidth 2000

Router(config-pmap-c)# exit

Example: Attaching a Traffic Policy to an Interface

The following example shows how to attach an existing traffic policy to an interface. After you define a traffic policy with the policy-map command, you can attach it to one or more interfaces by using the service-policy command in interface configuration mode. Although you can assign the same traffic policy to multiple interfaces, each interface can have only one traffic policy attached in the input direction and only one traffic policy attached in the output direction.

Router(config)# interface ethernet1/1

Router(config-if)# service-policy output policy1

Router(config-if)# exit

Router(config)# interface fastethernet1/0/0

Router(config-if)# service-policy output policy1

Router(config-if)# exit

mastergolia20 · ‎08-02-2017

Hello, sorry if i have been absent, anyway i tried these commands and there is a problem, the commands are fine for an "interface" not good for a "sub-interfaces" ... In fact, from this error: CBWFQ: Not supported on subinterfaces

Mark Malone · ‎08-02-2017

http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/10104-qos-subint.html

Cisco IOS logical interfaces do not inherently support a state of congestion and do not support the direct application of a service policy that applies a queueing method. Instead, you first need to apply shaping to the subinterface using either generic traffic shaping (GTS) or class-based shaping. Refer to Policing and Shaping for more information.

The router prints this log message when an Ethernet subinterface is configured with a service policy that applies queueing without shaping:

router(config)# interface ethernet0/0.1
router(config-subif)# service-policy output test
 CBWFQ : Not supported on subinterfaces

Cisco 1841 vlan routing

Example: Creating a Traffic Class

Example: Creating a Traffic Policy

Example: Attaching a Traffic Policy to an Interface