what about the default gateway configuration ? is it by simply assigning an ip address to the subinterface and match the vlan id using the dot1q command ?

Also, to make the router a dhcp helper for each vlan, do i configure ip helper address command under the subinterface ?

----

what about the default gateway configuration ? is it by simply  assigning an ip address to the subinterface and match the vlan id using  the dot1q command ?

----

Yes just configure the encapsulation and IP address on the sub-interface. Give this IP to the hosts as a DG.

Regards,
Chandu

ok what several access switches are directly connected to the rotuer ? under which physical interface do i configure the subinterface ?

No, If the access switches directly connect to the router and each access switch carries only one vlan, you don't need any sub-interfaces.  You need sub-interfaces if you are connecting a link to the router that is carrying more than 1 vlan.

HTH

in my case, each switch carries more than one vlan so i need subinterfaces.

on the trunk link between the switch and the router all vlans will be allowed,

i have another question, how do i know which vlans should be allowed on the trunk facing ( for example the access point )

Hi Asus,

To know which VLAN are allowed on the trunk interfaces, just give "show interfaces trunk" . It will show all the ports and their encapsulation too.

Eg:

ROOT/VTP-SERVER/LAYER3#show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan

Fa0/5       auto         n-802.1q       trunking      1

Fa0/6       auto         n-802.1q       trunking      1

Fa0/7       auto         n-802.1q       trunking      1

Fa0/8       auto         n-802.1q       trunking      1

Po3         auto         n-802.1q       trunking      1

Port        Vlans allowed on trunk

Fa0/5       1-1005

Fa0/6       1-1005

Fa0/7       1-1005

Fa0/8       1-1005

Po3         1-1005

Port        Vlans allowed and active in management domain

Fa0/5       1,10,20,30

Fa0/6       1,10,20,30

Fa0/7       1,10,20,30

Fa0/8       1,10,20,30

Po3         1,10,20,30

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/5       1,10,20,30

Fa0/6       1,10,20,30

Fa0/7       1,10,20,30

Fa0/8       1,10,20,30

Po3         1,10,20,30

ROOT/VTP-SERVER/LAYER3#

ROOT/VTP-SERVER/LAYER3#

ROOT/VTP-SERVER/LAYER3#show interfaces

ROOT/VTP-SERVER/LAYER3#show interfaces f

ROOT/VTP-SERVER/LAYER3#show interfaces fastEthernet t

ROOT/VTP-SERVER/LAYER3#show interfaces fastEthernet tr

ROOT/VTP-SERVER/LAYER3#show interfaces fastEthernet ?

  <0-9>  FastEthernet interface number

ROOT/VTP-SERVER/LAYER3#show inter

ROOT/VTP-SERVER/LAYER3#show interfaces t

ROOT/VTP-SERVER/LAYER3#show interfaces tru

ROOT/VTP-SERVER/LAYER3#show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan

Fa0/5       auto         n-802.1q       trunking      1

Fa0/6       auto         n-802.1q       trunking      1

Fa0/7       auto         n-802.1q       trunking      1

Fa0/8       auto         n-802.1q       trunking      1

Po3         auto         n-802.1q       trunking      1

Port        Vlans allowed on trunk

Fa0/5       1-1005

Fa0/6       1-1005

Fa0/7       1-1005

Fa0/8       1-1005

Po3         1-1005

Port        Vlans allowed and active in management domain

Fa0/5       1,10,20,30

Fa0/6       1,10,20,30

Fa0/7       1,10,20,30

Fa0/8       1,10,20,30

Po3         1,10,20,30

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/5       1,10,20,30

Fa0/6       1,10,20,30

Fa0/7       1,10,20,30

Fa0/8       1,10,20,30

Po3         1,10,20,30

Regards,
Chandu

what i meant... on the interface between the switch and the access point, is it ok if allow all the vlans ?

What do you mean by 'access point' here?

Regards,
Chandu

a wireless access point

i mean i have several vlans (mgt, voice, data, wireless , wlan mgt,) what are the essential vlans that need to be allowed on th trunk between the access switch and the wireless AP? or it depends on the customer needs ?

Hi,

For Cisco and other Wireless vendors when using a Controller, you set the Access Switch Ports to Access.  Never trunks.  The Access Points setup a CAPWAP tunnel through the switchport mode access  to the Wireless Controller (provided that you have defined the appropriate config on your network to allow the APs to locate a Wireless Controller).

Please note, that if you are dealing with Autonomous Access Points ( APs that do not require a Controller), then and only then you setup the Access Switch ports to trunk mode.  As far as which VLANs are need on this trunk, all the VLANs that are defined on the AP configuration including Management are required to be allowed.

Yes it depends upon the requirements. If you don't want devices from a VLANX to communicate through a trunk then you don't allow that vlan traffic through that trunk.

Regards,
Chandu