Solved: Re: Trunk Port setting on Ethernet switch

anitachoi3 · ‎06-08-2011

Dear Expert,

On 25/F, the IP segment and VLAN assignment are as following: detail please reference attached file and diagram

R2

FE0/2: 192.168.60.0/24

FE0/1: 192.168.50.0/24

FE0/0: 192.168.254.0/30

R1

FE0/0: 192.168.254.0/30

FE0/1.11: 192.168.11.0/24

FE0/1.12: 192.168.12.0/24

FE0/1.21: 192.168.21.0/24

FE0/1.22: 192.168.22.0/24

SW25

FE0/1: qot1q trunk to R1

!

FE0/24: Trunk port to SW8 on 8/F

One ethernet switch will be placed on 8/F and one in-house fibre would be wired for the connection between 25/F and 8/F. Below please find the VLANs and IP segments to be allocated and extend to 8/F. Detail please find the attached file for your reference.

SW08

FE0/24: Trunk port to SW25 on 25/F

IP segment: 192.168.11.0/24

IP segment: 192.168.12.0/24

IP segment: 192.168.80.0/24

Question:

1. Please advice and comment on the trunk port setting of the SW25 and SW8.

2. It seems that the segment 192.168.80.0/24 cannot reach VLAN 11 or VLAN 12. How to solve it?

3. how to config the equipment to allow 192.168.80 to access 192.168.50.0 and 192.168.60 sgement?

4. How to extend 192.168.50.0/24 to 8/F?

rdgs

Anita

Jon Marshall · ‎06-08-2011

Anita

Haven't looked at configs (having trouble with zip files) but from description -

1) the trunk port should simply be configured at both ends as -

int

switchport mode trunk

switchport trunk encapsulation dot1q <-- if the switch only supports 802.1q such as the 2950 then you won't need to add this. You will know if the switch supports both ISL and 802.q because you will need to type this command.

optionally you can then only allow the vlans you want to allow across the trunk link. Your diagram shows vlan 21 on 8/F switch but you say vlan 12 in your description so assuming 12

switchport trunk allowed vlan 11,12, 80

2) That is because you do not have a subinterface on R1 for vlan 80. So on R1 -

int fa0/1.80

encapsulation dot1q 80

ip address 192.168.80.x 255.255.255.0 <--- note that whichever IP you use here should be used as the default-gateway for the clients in vlan 80

3) if all the other vlans can access 192.168.50.0 and 192.168.60.0 then once you have done step 2) you should be okay. Note however your description does not say whether -

a) R1 & R2 + other routers are exchanging routes. If so you will need to advertise vlan 80 subnet from R1.

b) R1 is natting all internal vlans - if so you will need to add vlan 80 to NAT config

c) you are using static routes on all routers - if so you will need to add static routes for vlan 80 to R1 and any other routers that get to 192.168.60.0/24 (but not R1 as it wlll be directly connected)

4) You can't extend it as such because it is separated by L3 hops (although you could look at bridging or L2TPv3). But if by extending you simply mean how to allow clients on 8/F switch to communicate with 192.168.50.0/24 network then see answer 3) ie. it's all to do with routing.

Jon

View solution in original post

Jon Marshall · ‎06-08-2011

Anita

Haven't looked at configs (having trouble with zip files) but from description -

1) the trunk port should simply be configured at both ends as -

int

switchport mode trunk

switchport trunk encapsulation dot1q <-- if the switch only supports 802.1q such as the 2950 then you won't need to add this. You will know if the switch supports both ISL and 802.q because you will need to type this command.

optionally you can then only allow the vlans you want to allow across the trunk link. Your diagram shows vlan 21 on 8/F switch but you say vlan 12 in your description so assuming 12

switchport trunk allowed vlan 11,12, 80

2) That is because you do not have a subinterface on R1 for vlan 80. So on R1 -

int fa0/1.80

encapsulation dot1q 80

ip address 192.168.80.x 255.255.255.0 <--- note that whichever IP you use here should be used as the default-gateway for the clients in vlan 80

3) if all the other vlans can access 192.168.50.0 and 192.168.60.0 then once you have done step 2) you should be okay. Note however your description does not say whether -

a) R1 & R2 + other routers are exchanging routes. If so you will need to advertise vlan 80 subnet from R1.

b) R1 is natting all internal vlans - if so you will need to add vlan 80 to NAT config

c) you are using static routes on all routers - if so you will need to add static routes for vlan 80 to R1 and any other routers that get to 192.168.60.0/24 (but not R1 as it wlll be directly connected)

4) You can't extend it as such because it is separated by L3 hops (although you could look at bridging or L2TPv3). But if by extending you simply mean how to allow clients on 8/F switch to communicate with 192.168.50.0/24 network then see answer 3) ie. it's all to do with routing.

Jon

anitachoi3 · ‎06-09-2011

Dear Jon,

Below please find the revised configuration incorporated with your comment in "bold" type. For the operation issue, the segment 192.168.50.0/24 should be in 8/F. If so, which approach (of bridging or L2TPv3) is better? On the other hand, for briding, there are two options, CRB and IRB. Which one is suitable for this environment?

----- config ---

! R2

!

interface FastEthernet0/0

description connection to R1

ip address 192.168.254.1 255.255.255.252

speed 100

full-duplex

!

interface FastEthernet0/1

description connection to intranet segment

ip address 192.168.50.1 255.255.255.0

speed 100

full-duplex

!

interface FastEthernet0/0

description connection to database server farm

ip address 192.168.60.1 255.255.255.0

speed 100

full-duplex

!

router ospf 192

network 192.168.50.0 0.0.0.255 area 0

network 192.168.60.0 0.0.0.255 area 0

network 192.168.254.0 0.0.0.3 area 0

!

ip router 192.168.80.0 255.255.255.0 192.168.254.2

=======

! R1

!

interface FastEthernet0/0

description connect to FE0/0 of R2

ip address 192.168.254.2 255.255.255.252

speed 100

full-duplex

!

interface FastEthernet0/1

Descripton dot1q trunk to user VLAN 1x and VLAN 2x

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.11

description PC/worktation segment, VLAN 11

encapsulation dot1Q 11

ip address 192.168.11.1 255.255.255.0

!

interface FastEthernet0/1.12

description Connect to VoIP phone, VLAN 12

encapsulation dot1Q 12

ip address 192.168.12.1 255.255.255.0

!

interface FastEthernet0/1.21

description PC/worktation segment, VLAN 21

encapsulation dot1Q 21

ip address 192.168.21.1 255.255.255.0

!

interface FastEthernet0/1.22

description Connect to VoIP phone, VLAN 22

encapsulation dot1Q 22

ip address 192.168.22.1 255.255.255.0

!

interface FastEthernet0/1.80

description Connect to VLAN on 8/F, VLAN 80

encapsulation dot1Q 80

ip address 192.168.80.1 255.255.255.0

!

router ospf 192

network 192.168.11.0 0.0.0.255 area 0

network 192.168.12.0 0.0.0.255 area 0

network 192.168.21.0 0.0.0.255 area 0

network 192.168.22.0 0.0.0.255 area 0

network 192.168.80.0 0.0.0.255 area 0

!

======

! SW25

!

interface FastEthernet0/1

description connect to FE0/1 of R1, trunk port

switchport trunk allowed vlan 11,12,21,22,80

switchport mode trunk

no ip address

!

interface FastEthernet0/2

switchport access vlan 11

switchport mode access

no ip address

!

interface FastEthernet0/3

switchport access vlan 11

switchport mode access

no ip address

!

interface FastEthernet0/4

switchport access vlan 12

switchport mode access

no ip address

!

interface FastEthernet0/5

switchport access vlan 12

switchport mode access

no ip address

!

interface FastEthernet0/6

switchport access vlan 21

switchport mode access

no ip address

!

interface FastEthernet0/7

switchport access vlan 21

switchport mode access

no ip address

!

interface FastEthernet0/8

switchport access vlan 22

switchport mode access

no ip address

!

interface FastEthernet0/9

switchport access vlan 22

switchport mode access

no ip address

!

interface FastEthernet0/24

Description connect to FE0/24 of SW8 on 8/F

switchport trunk allowed vlan 11,21,12,80,201

switchport mode trunk

no ip address

!

interface valn 201

description management VLAN

ip address 192.168.200.25 255.255.255.0

!

======

! SW 8

!

interface FastEthernet0/1

switchport mode access

no ip address

!

interface FastEthernet0/2

switchport access vlan 11

switchport mode access

no ip address

!

interface FastEthernet0/3

switchport access vlan 11

switchport mode access

no ip address

!

interface FastEthernet0/4

switchport access vlan 2112

switchport mode access

no ip address

!

interface FastEthernet0/5

switchport access vlan 2112

switchport mode access

no ip address

!

interface FastEthernet0/18

description connect to VLAN 80, IP segment 192.168.80.0/24

switchport access vlan 80

switchport mode access

no ip address

!

interface FastEthernet0/19

description connect to VLAN 80, IP segment 192.168.80.0/24

switchport access vlan 80

switchport mode access

no ip address

!

interface FastEthernet0/24

Description connect to FE0/24 of SW25 on 25/F

switchport trunk allowed vlan 11,2112,80,201

switchport mode trunk

no ip address

!

interface valn 201

description management VLAN

ip address 192.168.201.8 255.255.255.0

!

----- end of config

rdgs

Anita

Jon Marshall · ‎06-10-2011

Anita

Looks fine to me but more importantly does it work ?

As for 192.168.50.0/24 L2TPv3 is the way to go so long as R1 & R2 support it.

Edit - i don't think you need the static route on R2 -

ip route 192.168.80.0 255.255.255.0 192.168.254.2

because R1 and R2 are exchanging routes with OSPF and you have added 192.168.80.0/24 to the OSPF config on R1.

Jon

anitachoi3 · ‎06-10-2011

Dear Jon,

The configuration approach is transformed into our testing environment and it is okay.

It is likely that L2TPv3 may be enabled. Anyway. Thank you for your valuable comment and advice.

rdgs

Anita