Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1908
Views
0
Helpful
5
Replies

Remotely Create Trunk Port on Same Interface as Telnet

jfraleyps
Level 1
Level 1

‎03-19-2014 02:34 PM - edited ‎03-07-2019 06:47 PM

Hello all,

I require a way to convert an access port to a trunk port on the same interface that I am using to administer the device via Telnet.  I have a small remote site with no out of band management or technical hands on site.  WAN access is provided via a layer 3 switch which terminates a Layer 2 WAN connection and then that switch connects via an access port to a 2901 router that is acting as a voice gateway ( a little backward, I know ). 

The connection between the two is an access port and I need to convert it to a trunk port, but that interface is the only means I have to manage the router is telnet over that same interface.  I need to also add another VLAN to use the trunk. 

I have tried setting the switch interface to dynamic desirable and creating the subinterfaces I need on the router, however when I enter the command "encapsulation dot1q X" (where X is the vlan I am currently using the manage the device) the link drops all together.

I have been using the 'reload in x' command to have the device reload so I don't lose access to it all together.

Am I on the right track here? What am I missing?

Thanks,

John

 

PS: I am also toying with the idea of pulling down the startup-config via tftp, editing it, replacing it and then reloading the device, but I would like to avoid that if I can because I only get one shot at it. 

Labels:
0 Helpful
5 Replies 5

glen.grant
VIP Alumni
VIP Alumni

‎03-19-2014 03:06 PM

  To trunk to a router the switchport must be set as  "switchport mode trunk"  .  Make your management  vlan the native on the trunk .     If you have a tftpserver and you have your configs backed up you can modify   the config and then transfer it into "startup" config .   You can then verify the startup config looks ok before reloading  or doing a copy start run command.  Just make sure the config is correct . Use dot1q as encapsulatiuon . 

 

 

http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/14976-50.html?referring_site=smartnavRD

0 Helpful

jfraleyps
Level 1
Level 1
In response to glen.grant

‎03-20-2014 08:35 AM

Glen,

Thanks for your response.  I'd like to avoid editing the startup-config if I can because that will give me no fall back if I get it wrong.  The trunking itself is straight forward.  Editing the link and maintaining management over that same link is the tricky bit.

Thanks,

John

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎03-19-2014 03:10 PM

John

Couple of things -

1) you may be able to to leave the physical interface as is and make sure that the vlan on the switch that is used for the IP subnet is set to the native vlan on the trunk link.

If that worked then there is no need to use the "encapsulation dot1q .." command on the physical interface because it receives untagged frames so there is no need to tell it which vlan tags it should see. 

Then you could just create a subinterface for the new vlan and add the encapsulation and an IP address to that.

It may or may not work so no guarantees but it is worth a try.

If you then still wanted to actually have the current vlan on a subinterface you may be able to log into the router via the subinterface and change the physical interface although i'm not sure whether that wouldn't temporarily bring down the whole interface.

All that said i'm not sure what you are trying to achieve. The vlans from the L3 switch terminate on the physical router interface so nothing else on the router can use those vlans. So why not simply route the vlans on the L3 switch and add the appropriate routes to both the L3 switch and the router.

Perhaps you can clarify what the additional vlan is meant to be used for ?

Jon

0 Helpful

jfraleyps
Level 1
Level 1
In response to Jon Marshall

‎03-20-2014 08:33 AM

Jon,

 

Thanks for the reply and good question on why I need it set up this way.   This is part of a larger effort for one of our customers where we are rolling out a management network to all of their sites.  Each site will receive a management subnet of the 172.20.0.0 /16 network and an ACL will be applied to each device to only allow Telnet from that network.  For the ACL to work, the Telnet request must be seen to be coming from that management subnet, thus the trunk.  Otherwise, you need to use the "telnet x.x.x.x /source-interface vlan xxx" command.

I like your native VLAN idea and I will try that when next I am near my lab.  I'll report back what I find.

Thanks,

John

 

PS: Also, I can tolerate a brief period of inaccessibility if required.  For the trunk to come up or the device to restart, but I need a fall back in case I cut my access.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card