Create Trunk on Cisco 871 Router

mescheries1 · ‎10-24-2013

Hi everyone,

I need your help to make a trunk port working on a cisco 871 router. This router is backup HSRP for a cisco 1841. Everything work fine on the 1841, but I a unable to make the cisco 871 works.

The situation is as follow.

This router has

- 1 Wan port

- 4 FastEthernet port.

- The wan Port (FE4) is connected to a provider

- The FastEthernet0 is configuresd as ACCESS for Vlan10

- The Interface Vlan10 is a backup HSRP and works fine

- There are 2 HSRP Group . Standby 22 work fine, Stand by 23 doesnt work.

Now I've created a Trunk on FE1 to allow 2 Vlans

Vlan391 as a managent vlan (Vlan Interface 391)

Vlan931 to foward traffic to a subnet (Vlan Interface 931 as a second HSRP Group)

Everithing is created, but FE1 don't receive and dont'forward any traffic. I am unable to ping the vlan interfaces 391 and 931, and the HSRP Group 23 dont 'works.

I the problem seems to be the Trunk.

The routers are connected to 2 HP Procurve switch. trunks ports are created on the switch and the vlans are also created as they supose to.

I id the same configuration on the Cisco 1841, and everything work fine.

Bellow you can see the configuration on the router 871.

Thank you for your help.

Switch2#show run

Building configuration...

Current configuration : 5799 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ------

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

crypto pki trustpoint --------

enrollment selfsigned

subject-name cn=-----------

revocation-check none

rsakeypair-----------

!

crypto pki certificate chain ------

certificate------

-----------

quit

dot11 syslog

ip cef

!

no ip domain lookup

ip domain name yourdomain.com

!

username -------- privilege 15 password 0-------

!

archive

log config

hidekeys

!!

!

interface Loopback99

ip address ------

!

interface Tunnel1

ip address 10.0.0.2 255.255.255.252

tunnel source 192.168.3.2

tunnel destination 206.48.200.166

!

interface FastEthernet0

switchport access vlan 10

!

interface FastEthernet1

switchport trunk allowed vlan 1,391-931,1002-1005

switchport mode trunk

duplex full

speed 100

!

interface FastEthernet2

shutdown

!

interface FastEthernet3

shutdown

!

interface FastEthernet4

ip address 192.168.3.2 255.255.255.252

duplex auto

speed auto

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 192.168.223.2 255.255.255.0

standby 22 ip 192.168.223.1

standby 22 priority 105

standby 22 preempt

!

interface Vlan391

ip address 10.193.9.134 255.255.255.128

no autostate

!

interface Vlan931

ip address 10.193.253.19 255.255.255.248

standby 23 ip 10.193.253.17

standby 23 priority 90

no autostate

!

interface Group-Async4

physical-layer async

no ip address

encapsulation slip

!

ip forward-protocol nd

ip route ------

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

no cdp run

!

control-plane

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

Switch2#

paolo bevilacqua · ‎10-24-2013

Wrong forum, post in "WAN and routing". You can move your posting with the Actions panel on the right.

Leo Laohoo · ‎10-24-2013

version 12.4

switchport trunk allowed vlan 1,391-931,1002-1005

How many VLANs are you trying to create on your 870 router?

If your response is >3 VLANs, this is NOT possible. Not possible with an IOS of 12.4. 870 router running 12.4 and 15.0 IOS will only support up to three VLANs.

You will need to downgrade your IOS to version 12.3 and you can create up to ten VLANs.

mescheries1 · ‎10-25-2013

In fact it's 3 vlans.

The Vlan 10 has been created yet, and i created 2 vlans: 391 and 931 for a total of 3 vlan.

Now I don'T know if I have to cpunt the default vlan 1.

But I create the vlans with no error messages, then when i alowed them in FE1, I don't have any traffic crossing the vlans. The FE1 status is up and the 2 vlan interfaces are also UP.

THank you

johnlloyd_13 · ‎10-25-2013

Hi Albert,

Did you purposely put your SVIs into an active state? Also make sure 'ip routing' is enabled.

Could you do below and kindly post a 'show vlan-switch' and config from 1841?

interface Vlan391
autostate

interface Vlan931
autostate

Sent from Cisco Technical Support iPhone App

mescheries1 · ‎10-25-2013

When I put autostate, and "sh ip int bri" the status is up but protocol is down

Is it normal that I dont see the vlan 391 and 931 when i do the "show vlan-switch" command ?

Here is the result of the "show vlan-switch" and the config.

Thank you

Switch2#show vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa2, Fa3

10 192.168.223.2_Blu active Fa0

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 1002 1003

10 enet 100010 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 1 1003

1003 tr 101003 1500 1005 0 - - srb 1 1002

1004 fdnet 101004 1500 - - 1 ibm - 0 0

1005 trnet 101005 1500 - - 1 ibm - 0 0

Switch2#

Switch2#show run

Building configuration...

Current configuration : 5799 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ------

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

crypto pki trustpoint --------

enrollment selfsigned

subject-name cn=-----------

revocation-check none

rsakeypair-----------

!

crypto pki certificate chain ------

certificate------

-----------

quit

dot11 syslog

ip cef

!

no ip domain lookup

ip domain name yourdomain.com

!

username -------- privilege 15 password 0-------

!

archive

log config

hidekeys

!

interface Loopback99

ip address ------

!

interface Tunnel1

ip address 10.0.0.2 255.255.255.252

tunnel source 192.168.3.2

tunnel destination 206.48.200.166

!

interface FastEthernet0

switchport access vlan 10

!

interface FastEthernet1

switchport trunk allowed vlan 1,391-931,1002-1005

switchport mode trunk

duplex full

speed 100

!

interface FastEthernet2

shutdown

!

interface FastEthernet3

shutdown

!

interface FastEthernet4

ip address 192.168.3.2 255.255.255.252

duplex auto

speed auto

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 192.168.223.2 255.255.255.0

standby 22 ip 192.168.223.1

standby 22 priority 105

standby 22 preempt

!

interface Vlan391

ip address 10.193.9.134 255.255.255.128

!

interface Vlan931

ip address 10.193.253.19 255.255.255.248

standby 23 ip 10.193.253.17

standby 23 priority 90

!

interface Group-Async4

physical-layer async

no ip address

encapsulation slip

!

ip forward-protocol nd

ip route ------

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

no cdp run

!

control-plane

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

Switch2#

johnlloyd_13 · ‎10-25-2013

Hi Albert,

You'll need an active device on the VLAN for the SVI to show as up/up. I would need to confirm this on my 871 whether it's due to the IOS or platform capacity (extended VLAN number) that you're not able to create the Layer 2 VLAN.

Did you get any error when you initially created them? Could you try using a lower VLAN number?

Sent from Cisco Technical Support iPhone App

mescheries1 · ‎10-25-2013

I did not have any error when I've created them.

I will try the lower vlan Number.

Thank you

johnlloyd_13 · ‎10-28-2013

hi albert,

i tried to replicate your problem and was only able to create a maximum of 2 VLANs: 1 and 391.

it seems like it's an IOS limitation in support of VLANs.

i would go back to leo's post/advise for a downgrade.

871W(config)#vlan 391

871W(config-vlan)#exit

871W(config)#vlan 931

Vlan can not be added. Maximum number of 2 vlan(s) in the database.

871W(config)#do sh ver | i IOS

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)T10, RELEASE SOFTWARE (fc3)

871W(config)#do sh vlan-s

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0, Fa1, Fa2

391 VLAN0391 active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 1002 1003

391 enet 100391 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 1 1003

1003 tr 101003 1500 1005 0 - - srb 1 1002

1004 fdnet 101004 1500 - - 1 ibm - 0 0

1005 trnet 101005 1500 - - 1 ibm - 0 0

mescheries1 · ‎10-28-2013

Thank you johnlloyd.

I will discuss with my boss the possibility to downgrade to version 12.3 .

But Do you know why, it's allow me to create "Interface Vlan xxx" , but in config mode, if I do !vlan XXX!, it give me the same errior message

Vlan can not be added. Maximum number of 2 vlan(s) in the database.

Conf t

interface vlan 391

ip address .....

interface vlan 931

ip address .....

But, if I do

conf t

vlan 391

now I have the error message

Vlan can not be added. Maximum number of 2 vlan(s) in the database.

--------------------------------------

I also tried router on a stick, the router doesn't accept the command

conf t

interface FastEthernet1.4

Thank you

Leo Laohoo · ‎10-28-2013

conf t

vlan 391

now I have the error message

Vlan can not be added. Maximum number of 2 vlan(s) in the database.

Read my post above. I've mentioned that when you have an 870 running 12.4 or 15.0 IOS, can only support up to 2 VLANs.

If you want to support between 3 to 10 VLANs you need to DOWNGRADE your IOS to 12.3.