Solved: Re: Layer 3 Ports & L2 Switchports

Matt Wilson · ‎05-28-2019

I have a Cisco 1841 that has two built in layer 3 ports. I have configured one of them as follows:

interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10 native
 ip address 10.1.1.41 255.255.255.0
 ipv6 address FE80::41 link-local
 bridge-group 10
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 20.1.1.41 255.255.255.0
 ipv6 address FE80::41 link-local
 bridge-group 20
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 30.1.1.41 255.255.255.0
 ipv6 address FE80::41 link-local
 bridge-group 30
!

This works as I can connect my access point to it and ping the router wirelessly. The 1841 also has an HWIC-4ESW inserted. As it is a L2 device (switchport), I need to use VLANs for L3. What I'm having trouble getting my head around is how do I link the switchports to the subinterfaces so they use the subinterfaces' IP addresses. I've played around with VLANs, bridge-groups and SVIs with no success. I want to turn three of the switchports as access and the fourth one as a trunk. As you can only use one instance of a subnet on a router I can't allocate the VLANs an IP address in the same subnet as the fastethernet IP addresses. If someone could give me some advice, that would be great. Matt.

Giuseppe Larosa · ‎05-28-2019

Hello Matt,

fiirst the bridge-groups are not needed under the subinterfaces configuration.

About the configuration of HWIC-4ESW:

It should be able to support SVis (interface Vlan ) and creation of Vlans.

However, you should think of it like a small standalone switch that is hosted in your router chassis.

You can create Vlans and SVIs over it, but I would not expect that those Vlans can talk with routed ports internally in the router.

You would need to create Vlans 10,20,30 and you should configure a port like a trunk port and connect it to the routed port. with an external ethernet cable. Your trunk port should be:

interface fasx/y

switchport

switchport encapulation dot1q

switchport mode trunk

switchport trunk native vlan 10

switchport trunk allowed vlan 10,20,30

!

Hope to help

Giuseppe

View solution in original post

paul driver · ‎05-28-2019

Hello

The router already has the L3 interfaces created ( your subinterfaces) so this router can perfrom the intervlan routing so now you just need to create the L2 vlans for these sub-interfaces and assign the L2 switchports to these vlans.

Lastly as Giuseppe mentioned if you want to extend your L2 vlans to another switch then that switchport from that external switch attaching to the router needs to be a trunk port.

example:
Rtr
conf t
vlan10,20,30

exit

int x/x
Description switchport
switchport mode access vlan xx
switchport access vlan xx

Swtich

conf t
int x/x
Description port attaching to RTR
switchport
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30

vlan10,20,30

exit

int x/x
Description switch access port
switchport mode access
switchport access vlan xx
spanning-tree portfast

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Giuseppe Larosa · ‎05-28-2019

Hello Matt,

fiirst the bridge-groups are not needed under the subinterfaces configuration.

About the configuration of HWIC-4ESW:

It should be able to support SVis (interface Vlan ) and creation of Vlans.

However, you should think of it like a small standalone switch that is hosted in your router chassis.

You can create Vlans and SVIs over it, but I would not expect that those Vlans can talk with routed ports internally in the router.

You would need to create Vlans 10,20,30 and you should configure a port like a trunk port and connect it to the routed port. with an external ethernet cable. Your trunk port should be:

interface fasx/y

switchport

switchport encapulation dot1q

switchport mode trunk

switchport trunk native vlan 10

switchport trunk allowed vlan 10,20,30

!

Hope to help

Giuseppe

paul driver · ‎05-28-2019

Hello

The router already has the L3 interfaces created ( your subinterfaces) so this router can perfrom the intervlan routing so now you just need to create the L2 vlans for these sub-interfaces and assign the L2 switchports to these vlans.

Lastly as Giuseppe mentioned if you want to extend your L2 vlans to another switch then that switchport from that external switch attaching to the router needs to be a trunk port.

example:
Rtr
conf t
vlan10,20,30

exit

int x/x
Description switchport
switchport mode access vlan xx
switchport access vlan xx

Swtich

conf t
int x/x
Description port attaching to RTR
switchport
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30

vlan10,20,30

exit

int x/x
Description switch access port
switchport mode access
switchport access vlan xx
spanning-tree portfast

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Matt Wilson · ‎05-28-2019

However, you should think of it like a small standalone switch that is hosted in your router chassis.

Thanks fellas, that explains why nothing I did could get the subinterfaces talking to the switchports. I understand the concept behind both but nothing I did could get it to work. It seems like I have to run a short ethernet cable between the sub interfaces and the switch trunk port. I assumed that it was all done internally in the router. I need all the ports for a project so I might dig out the dusty 2851 with a 16 port WIC and use it, I could then afford to lose a switchport for the interconnect. Thanks for your help. Matt.

Georg Pauwen · ‎05-28-2019

Hello,

on a side note, not sure if this has been mentioned in the other posts, but you can also just configure VLAN interfaces as below, so you won't even have to use the physical interfaces (interfaces FastEthernet0/1/0 thru FastEthernet0/1/3 would be the ports on your ESW module).

The configuration you have posted looks odd...what is the purpose of the bridge groups ? Either way, try the below (I have also added a DHCP server configuration for all VLAN interfaces, for convenience):

ip dhcp excluded-address 10.1.1.41
ip dhcp excluded-address 20.1.1.41
ip dhcp excluded-address 30.1.1.41
!
ip dhcp pool VLAN10
network 10.1.1.0 255.255.255.0
default-router 10.1.1.41
!
ip dhcp pool VLAN20
network 20.1.1.0 255.255.255.0
default-router 20.1.1.41
!
ip dhcp pool VLAN30
network 30.1.1.0 255.255.255.0
default-router 30.1.1.41

!

interface Vlan10
ip address 10.1.1.41 255.255.255.0
!
interface Vlan20
ip address 20.1.1.41 255.255.255.0
!
interface Vlan30
ip address 30.1.1.41 255.255.255.0
!
interface FastEthernet0/1/0
switchport mode access
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/1/1
switchport mode access
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/1/2
switchport mode access
switchport access vlan 30
spanning-tree portfast
!
interface FastEthernet0/1/3
switchport mode access
switchport access vlan 30
spanning-tree portfast