sub interface vlan ip

ino · ‎09-15-2022

is there a way to encapsulate a vlan on a sub interface wich is already a vlan interface?

int vl 123

ip add 10.0.0.1 255.255.255.0

and having this sub net ALSO on a sub interface

int g0/0/0.123

enc d 123

ip add 10.0.0.2 255.255.255.0 <--------- wont let me do it overlaps with GigabitEthernet0/0/0.123

Seb Rupik · ‎09-15-2022

Hi there,

Logically you do not need to put an IP address on the sub-interface. The sub-interface should act as a Layer2 interface and decapsulate the VLAN 123 tagged traffic for routing using the SVI. Is there a reason why you would need a second gateway IP on the VLAN. You could try and configure a secondary IP address on the SVI for that purpose.

cheers,

Seb.

ino · ‎09-15-2022

not sure what i missing

if i have this i can ping the device connected to the port

int g 0/0/0.123

enc d 123

ip add 172.16.123.1 255.255.255.0

if i have this --> then NOT

int g 0/0/0.123
enc d 123
!
int vl 123
ip add 172.16.123.1 255.255.255.0

mlund · ‎09-15-2022

Hi

As mentioned by other, it will not work with same ip on 2 different routed interfaces in the same box.

But if it is an L3 switch it would be possible to change the physical interface to an L2 port. Try this

interface g0/0/0

switchport

switchport mode access

switchport access vlan 123

end

That way you have your L3 on interface vlan 123 and the g0/0/0 is a port belongning to vlan 123

/Mikael

MHM Cisco World · ‎09-15-2022

sorry for late reply,I will check your topology today and send you some point.

Martin L · ‎09-15-2022

The main rule is that l3 device like router or l3 switch must have its interfaces in different networks, which means on different subnets; exception is using VRF which are more on ISP side

so overlapping error means that your are subnetting network and your IPs are on the same network/subnet on the same router. hence, overlapping of networks or subnets

Regards, ML
**Please Rate All Helpful Responses **

ino · ‎09-15-2022

the topology is

i have a soho isr with 4 lan and 2 wan ports

to the LAN ports is my management network connected vl 123 (172.16.123.0/24)

i have got a mikrotik lte modem which i connect to a WAN port and passthrough the lte connection

g 0/0/0 ip add dhcp ...

to manage the mikrotik i use g 0/0/0.123

this is a sub interface and i cant use switchport commands not sure if its a limitation of the router or a general limitation on sub interfaces

the target is to be able to manage the mikrotik on the same subnet as device on my LAN port

will look it to vrf then

havent don it till know and havent got a clue of vrf

can you verify that i can do what i am after with it?

Seb Rupik · ‎09-15-2022

Hi there,

Juding from the port descriptions 'WAN' implies strictly Layer3 and LAN probably only supports Layer2 operation.

Does the mikrotik really need to be managed on the VLAN123 subnet? Can you not create a 'WAN-mgmt' subnet (VLAN124? ) and connect the mikrotik to that sub-interface (gi0/0/0.124)? You can then configure and ACL on the sub-interface to ensure that the mikrotik management IP is only reachable from VLAN123.

Using VRFs in this instance would not help you, although it would allow you to configure overlapping subnets, you would still need these subnets to communicate.

cheers,

Seb.

mlund · ‎09-15-2022

Ok, it is an isr-router and not an L3 switch. Then it is correct that "switchport" command is not supported. The isr port is for sure an L3 port. I'm not sure if IRB is supported on subinterfaces, but you can try it. Then you configure an bridge-interface and then puts your inside interface and the subinterface into this bridge-group.

https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html

/Mikael

ino · ‎09-15-2022

@Seb Rupik thats how i have it in the moment i would just prefer having anything in the same subnet

@mlund bridge is not supported at all on my platform