11-27-2013 05:30 AM - edited 03-07-2019 04:48 PM
Hello,
I have a 1941 router with some interfaces VLAN. I have also a 2970 with interface VLAN.
From the 2970, I can't ping the 1941 if the IP address is on the interface VLAN.
If the IP address is on the subinterface, it is OK.
Here is a part of 1941 conf :
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
!
interface GigabitEthernet0/0.108
encapsulation dot1Q 108
no ip dhcp client request tftp-server-address
ip address 172.30.8.57 255.255.255.0
ip access-group acl-deny-dhcp in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
no cdp enable
crypto ipsec client ezvpn Vers-dCloud
!
interface Vlan100
description ### VLAN Voix Filaire ###
ip address 10.65.33.49 255.255.255.240
ip helper-address 198.19.255.21
ip helper-address 198.19.255.22
ip dns view-group splitdns
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1000
no autostate
crypto ipsec client ezvpn Vers-dCloud inside
On the 2970 I have this config :
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan100
ip address 10.65.33.60 255.255.255.240
no ip route-cache
!
interface Vlan108
ip address 172.30.8.59 255.255.255.0
no ip route-cache
=> So from 2970 I can ping 172.30.8.57 which is a 1941 subinterface IP, but not 10.65.33.49 which is a interface VLAN IP.
=> On the 1941, if I put the 10.65.33.49 on the GigabitEthernet0/0.100 subinterface, it works.
Is something wrong ?
Thank you,
Clement
11-27-2013 05:41 AM
Do you have a switch card installed in the 1941 ? Generally you only use SVI's on a router if you have an installed switchcard (hwic) . You then can use a SVI for routing . If you only have a single link from the router to the 2970 then it hs to be on the subinterface to work. Are you routing on the 2970 seeing you have multiple SVI's defined on the 2970 ??? If not then you only need a single SVI defined on the 2970 to manage the switch .
11-27-2013 05:57 AM
Yes I have a "8 Port GE POE EHWIC Switch on Slot 0 SubSlot 1", DESCR: "8 Port GE POE EHWIC Switch"
PID: EHWIC-D-8ESG-P on my 1941.
I agree that I only need one IP address on the 2970. But behind the 2970 I have a 2811 which is Call Manager Express, and I need to pick vlan 100 and 108 on this router.
When I saw that ping on vlan 100 was'nt OK on 2811 to 1941 through 2970, I decided to put an IP on this vlan into my 2970.
So from 2970 to 2811 it ok, but from 2970 to 1941 it's not ok.
On my 2811, IP are configured on subinterfaces :
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.65.33.62 255.255.255.240
!
interface FastEthernet0/0.108
encapsulation dot1Q 108
ip address 172.30.8.58 255.255.255.0
So what is the solution the get connectivity on VLAN 100 ?
11-27-2013 06:28 AM
Clement
What port on the 1941 connects to the 2970 ?
Jon
11-27-2013 06:29 AM
It's Gig0/0
I did another test. I put all the SVI 100 command lines, on the Gi0/0.100 subinterface.
Now, I can ping the 1941 from 2811 through 2970.
All phones which are on my 2970 on voice vlan 100 are OK, but all phones which are connected to the 1941 EHWIC card PoE on voice vlan 100, don't have connectivity anymore.
11-27-2013 06:31 AM
Then if you want to use vlans this must be made into a trunk ie.
int gi0/0
switchport
switchport trunk encasulation dot1q
switchport mode trunk
I don't think you can do that on a inbuilt router port though ?
Edit - but you may be able to do it on one of the switch module ports.
Jon
11-27-2013 06:36 AM
You're right, Gi0/0 is a WAN port and does'nt support trunks, this is the reason why I implement subinterfaces.
I thinked to do a trunk with one of the switchmodule ports, but I have many phones and I lost a PoE port...
11-27-2013 06:50 AM
Well, if the switch module ports support trunking that is the only way to do it. If you want to use gi0/0 then you will have to use subintefaces.
Jon
11-27-2013 06:59 AM
Ok,
So if I keep uplink on Gi0/0, is there a way to bridge subinterfaces and SVIs to keep using my PoE ports on this vlan ?
I tried ip unnumbered, here is 1941 the current conf :
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip unnumbered Vlan100
bridge-group 100
!
interface Vlan100
description ### VLAN Voix Filaire ###
ip address 10.65.33.49 255.255.255.240
ip helper-address 198.19.255.21
ip helper-address 198.19.255.22
ip dns view-group splitdns
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1000
no autostate
crypto ipsec client ezvpn Vers-dCloud inside
bridge-group 100
this output shows that vlan100 & gi0/0.100 have same IP but ping from 2970 is not OK :
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0.10 10.64.33.49 YES manual up up
GigabitEthernet0/0.100 10.65.33.49 YES TFTP up up
GigabitEthernet0/0.101 unassigned YES manual up up
GigabitEthernet0/0.108 172.30.8.57 YES manual up up
Vlan1 unassigned YES unset administratively down down
Vlan11 unassigned YES unset up up
Vlan100 10.65.33.49 YES manual up up
Vlan101 unassigned YES unset up up
I don't understand the method "TFTP" on my gi0/0.100 ?
11-29-2013 12:15 AM
Ok I found the solution!
I bridge my subif Gi0/0.100 with bridge-group 100.
I bridge the SVI vlan 100 with bridge-group 100.
I create BVI100 and do all IP config here.
At this time, layer 2 frames (ARP resolution) can pass, but not layer 3 (ping).
Last action is do ip unnumbered BVI100 on SVI and subif. The order is important, if I configure IP parameters on SVI and ip unnumbered vlan100, it doesn't work.
Here is the conf :
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip unnumbered BVI10
bridge-group 10
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip unnumbered BVI100
bridge-group 100
!
interface GigabitEthernet0/0.108
encapsulation dot1Q 108
ip unnumbered BVI108
bridge-group 108
!
interface GigabitEthernet0/0.200
encapsulation dot1Q 200
ip unnumbered BVI200
bridge-group 200
!
interface wlan-ap0
description ### Module de gestion AP WiFI ###
ip unnumbered BVI1
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface Wlan-GigabitEthernet0/0
description ### Interface interne entre AP et Router ###
switchport trunk native vlan 11
switchport mode trunk
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip unnumbered BVI10
bridge-group 10
!
interface Vlan11
ip unnumbered BVI1
bridge-group 1
!
interface Vlan100
ip unnumbered BVI100
bridge-group 100
!
interface Vlan101
ip unnumbered BVI101
bridge-group 101
!
interface Vlan108
ip unnumbered BVI108
bridge-group 108
!
interface Vlan200
ip unnumbered BVI200
bridge-group 200
!
interface BVI1
description ### VLAN Data Wi-Fi ###
ip address 10.66.33.49 255.255.255.240
ip dns view-group splitdns
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1000
crypto ipsec client ezvpn Vers-dCloud inside
!
interface BVI10
description ### VLAN Donnees Filaire ###
ip address 10.64.33.49 255.255.255.240
ip dns view-group splitdns
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1000
crypto ipsec client ezvpn Vers-dCloud inside
!
interface BVI100
description ### VLAN Voix Filaire ###
ip address 10.65.33.49 255.255.255.240
ip helper-address 198.19.255.21
ip helper-address 198.19.255.22
ip dns view-group splitdns
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1000
crypto ipsec client ezvpn Vers-dCloud inside
!
interface BVI101
description ### VLAN Voix Wi-Fi ###
ip address 10.67.33.49 255.255.255.240
ip helper-address 198.19.255.21
ip helper-address 198.19.255.22
ip dns view-group splitdns
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1000
crypto ipsec client ezvpn Vers-dCloud inside
!
interface BVI108
description ### VLAN xxxxx- xxxxx###
no ip dhcp client request tftp-server-address
ip address 172.30.8.57 255.255.255.0
ip access-group acl-deny-dhcp in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
crypto ipsec client ezvpn Vers-dCloud
!
interface BVI200
description ### VLAN Voix Filaire - CME ###
no ip address
And for sure, active stp and IP protocol on the bridges :
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
bridge 100 protocol ieee
bridge 100 route ip
bridge 101 protocol ieee
bridge 101 route ip
bridge 108 protocol ieee
bridge 108 route ip
bridge 200 protocol ieee
bridge 200 route ip
Thanks for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: