06-16-2009 11:38 AM - edited 03-06-2019 06:17 AM
I'm traying to setup two simple vlans on the cisco 3548 XL. They both will connect to a cisco 2600. At this moment, I have been succesful creating the two vlans in the cisco 3548 xl and created two entries on the cisco 2600 fa0/0.1 and fa0/0.2.
However, the client computers are not able to ping the gateway. And, on the switch, it is showing the two vlan status down protocol down.
Can you help?
Thanks
06-16-2009 11:56 AM
You have to configure encapsulation on the Fa0/0.1 and Fa0/0.2 interfaces using ISL trunking,as the 3548XL only (as far as I remember) supports ISL. The 'encapsulation isl' command will insclude a VLAN number. These two VLAN numbers will have to be the VLANs you configure on the 3548XL.
The IP addresses on those two sub-interfaces will be the default gateeway for their respective VLAN.
On the 3548XL the interface that connects to the 2600 will have to be configures as a trunk port.
Example:
2600:
interface FastEthernet 0/0
no ip address
interface FastEthernet 0/0.1
encapsulation isl 1
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet 0/0.2
encapsulation isl 2
ip address 10.1.2.1 255.255.255.0
!
[Note that the sub-interface number and the enccapsulation isl number do not have to be the same, but it is more easy to remember when you make them the same]
3548XL:
interface FastEthernet0/1
description Trunk to Cisco2600 router
switchport mode trunk
!
That should be it - if my memory does not fail me :-)
HTH
06-16-2009 12:14 PM
I have included two configurations cisco 3548 xl and cisco 2600.
Thanks
CISCO 3548 XL
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
ip subnet-zero
ip domain-name lv.psu.edu
interface FastEthernet0/1
description Administrative
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,1002-1005
!
interface FastEthernet0/47
description Administrative
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/48
description Administrative
switchport access vlan 100
!
interface GigabitEthernet0/1
description Room 147A East Wing Administrative/ Academic Networks
no flowcontrol
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,200,1002-1005
switchport mode trunk
!
interface GigabitEthernet0/2
description Room 147A - East Side Administrative/ Academic Networks
keepalive 10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,200,1002-1005
switchport mode trunk
!
interface VLAN1
ip address 172.31.181.133 255.255.255.192
no ip directed-broadcast
no ip route-cache
!
interface VLAN100
ip address 146.186.50.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN200
ip address 146.186.27.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 146.186.50.1
banner motd ^C
*****************************************************
*****************************************************
** **
** WARNING: Unauthorized access to this system **
** is forbidden and will be prosecuted by law. **
** By accessing this system, you agree that your **
** actions may be monitored if unauthorized usage **
** is suspected. Only authorized Penn State **
** Lehigh Valley Campus **
*****************************************************
*****************************************************
^C
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
password 7 1511085D5C7F7E283E
login local
line vty 5 15
password 7 094F4D584150421E1D
no login
!
end
CISCO 2600
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname psu-lv
!
boot-start-marker
boot-end-marker
!
!
clock timezone EST -5
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
interface FastEthernet0/0
no ip address
no ip route-cache
speed auto
half-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 146.186.50.1 255.255.255.0
no ip redirects
no ip route-cache
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 146.186.27.1 255.255.255.0
no ip redirects
no ip route-cache
!
interface Serial0/0
no ip address
no ip route-cache
shutdown
!
ip http server
ip classless
06-16-2009 01:15 PM
Okay; 3548XL actually does support dot1Q, then - my bad memory :-)
You actually don't show which interface of the switch is connecting to the 2600; I will assume that it is FastEthernet 0/1.
Looking at your router config you have:
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 146.186.50.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 146.186.27.1 255.255.255.0
On the switch you have:
interface FastEthernet0/1
description Administrative
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,1002-1005
So on the router you have in effect made VLAN 1 and VLAN 2 (encapsulation dot1Q x, where x equals the VLAN number) while the switch operates with VLAN 100 and 200 on the access ports.
Change the router encapsulation to 'encapsulation dot1Q 100 native' and 'encapsulatio dot1Q 200', repectively.
Also note that a 3548XL is a Layer 2 switch. This means that the only thing it needs an IP address for is for management. Notice that even though you have (and have been allowed to) configured IP addresses on interface VLAN 100/200, both those interfaces are in shutdown. Only one VLAN interface with an IP address can be active at any given time, and by default it is VLAN 1 on a Cat3548XL.
So to test your setup, you will first have to change the config on the router and secondly put a PC onto a switch access port (like your FastEthernet0/47 or 0/48), give the PC an IP address in the right IP subnet and the IP address of the 2600 router subinterface as the gateway and then you should achieve a positive result.
Edit: I missed some details:
1. On the router, have both speed and duplex of FastEthernet0/0 set to auto. Alternatively, set speed to 100 and duplex to full at both end of the connection (router and switch).
2. If you go with my suggestion of keeping VLAN 100 and VLAN 200 on the switch, the 2600 FastEthernet0/0.1 should have 'encapsulation dot1Q 100' (notice the missing native keyword).
With that the physical interface FastEthernet0/0 will determine the native VLAN, and as you do not have anything here you actually improves the security of the setup. This because the recommendations for avoiding VLAN-hopping is to not have anything running in native VLAN.
3. On switch FstEthernet0/1 you need to allow VLAN 200 as well:
switchport trunk allowed vlan 1,100,200
HTH.
06-16-2009 01:39 PM
what is the command to delete the two vlan 100 and 200 on the cisco 3548 xl.
06-16-2009 01:55 PM
Errr ... Did you create the two VLANs in the VLAN Database?
06-16-2009 02:59 PM
Yeah,
The issue has been resolved.
Now I have to eliminate two management vlan created during the process.
I created them under config t
int vlan 100 and int vlan 200.
These two vlans needs to be deleted.
06-16-2009 03:05 PM
conf t
no int vlan XX
06-16-2009 04:44 PM
In addition to Glenn's post, go to the VLAN database and remove VLANs 100 & 200:
no vlan 100
no vlan 200
exit
06-16-2009 06:17 PM
As far the cisco 2600, how can I make sure the two subnets do not see each other. I noticed that after configuring the information on the router, now, the two subnets can ping each other or computers see each other.
If I go into production, this could create a security threat.
I have two goals:
1) I have a firewall before the router. The port traffice allow or not allow will be handle at the firewall. The router should not permit the two subnet to interact.
2)I'd like to be able to direct the two individual subnet going out from the router to the firewall in two separate interfaces.
Can you provide example on how to acomplish these two goals?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide