Vlan Interface on a 2691 router

lee · ‎08-02-2005

Hi,

I am trying to create an vlan interface on a 2691 router but can't do it. What switch module do I need and what code. Argh!! I've searcehed all over cisco but I can't find it. What am I mmissing??

Thanks,

Lee

konigl · ‎08-02-2005

To implement support for vlan tags on a 2600 series router's LAN interface(s), you need to be running a "Plus" version of the IOS. This allows you to define logical sub-interfaces on the router's physical LAN interfaces. You assign support for each VLAN to it's own sub-interface.

Example code for implementing three VLANs follows:

interface FastEthernet0/0

no ip address

!

interface FastEthernet0/0.2

description VLAN 2 here supports untagged traffic.

encapsulation dot1Q 2 native

ip address 192.168.2.1 255.255.255.0

!

interface FastEthernet0/0.10

description VLAN 10 here is tagged.

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

!

interface FastEthernet0/0.18

description VLAN 18 here is also tagged.

encapsulation dot1Q 18

ip address 192.168.18.1 255.255.255.0

!

Note that while the sub-interfaces are specified with an identifier number that happens to match the VLAN tag number, they don't have to match. Likewise, the third octet in my example IP addressing just happens to match the tag number, but it doesn't have to.

Sub-interfaces can be numbered from 1 to higher than you'll ever need (in the billions, I think). VLAN tags run from 1 to 1005, and 1025-4094. Octets in an IP address run from 0 to 255. So, sooner or later you'll run into a situation where you can't match all your numbers to make them easier to keep track of.

And remember, 802.1Q allows for up to 1 and only 1 VLAN to be untagged (or "native" in Cisco terms) on a LAN trunking interface. You don't have to define one as untagged; they can be all tagged if you want.

Hope this helps.

thisisshanky · ‎08-03-2005

Like said in other post. you need IP Plus feature set. Paste your sh version and we can verify what feature set is running on your 2691 right now.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

lee · ‎08-04-2005

This is my show ver:

Cisco Internetwork Operating System Software

IOS (tm) 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.3(15a), RELEASE SOF

TWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 21-Jul-05 23:00 by dchih

Image text-base: 0x60008AF4, data-base: 0x62164000

ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)

ROM: 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.3(15a), RELEASE SOFTWAR

E (fc2)

RCT-Wate-2WestM uptime is 1 minute

System returned to ROM by power-on

System image file is "flash:c2691-adventerprisek9-mz.123-15a.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco 2691 (R7000) processor (revision 0.1) with 247808K/14336K bytes of memory.

Processor board ID FTX0929A1CJ

R7000 CPU at 160MHz, Implementation 39, Rev 3.3, 256KB L2 Cache

Bridging software.

X.25 software, Version 3.0.0.

TN3270 Emulation software.

2 FastEthernet/IEEE 802.3 interface(s)

4 ATM network interface(s)

1 Virtual Private Network (VPN) Module(s)

1 ATM/Voice AIM(s)

DRAM configuration is 64 bits wide with parity disabled.

55K bytes of non-volatile configuration memory.

62720K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

I can create the sub interfaces mentioned in the post above. I also need IPX capabilities and crypto.

Thanks,

Lee

konigl · ‎08-04-2005

Can you give us more information about what is it that you're trying to do?

Your IOS is the latest and greatest in the 12.3 line as of the date of this posting. And your Feature Set is Advanced Enterprise Services, which is the fullest Feature Set you can get. (The "Plus" capabilities were folded into Enterprise Services when Cisco reorganized the Feature Sets they offer.)

Going back to your original situation. I may have misunderstood exactly what you are trying to do.

RE: "I am trying to create an vlan interface on a 2691 router but can't do it."

If by this you mean you are tring to create an "interface Vlan2" or "interface Vlan10" or "interface Vlan18" like you can do on the Cisco Catalyst switches, and then put interface-specific commands underneath it, then I don't think you can. Even though you can enter "interface ?" and it shows Vlan as one of the options, it is my understanding that you do it as I outlined above in my previous post.

If you are going to carry multiple VLANs on a single router port connected to an 802.1Q trunking switch port, then if you need IPX capabilities on a particular sub-interface, just add the IPX network address and IPX frame/encapsulation type under the sub-interface.

If you're just trying to dedicate one router LAN port to act as a default gateway for a particular VLAN, then connect the router to a switch port that is defined as an access port for that VLAN. Assign the appropriate IP and IPX addressing under the router's LAN interface and you're done. No need for sub-interfaces, or bothering to configure the router with any Layer 2 VLAN information, except maybe a description assigned to the port that tells you what VLAN on the switch you're connecting it to.

RE: "What switch module do I need and what code."

If you're trying to host multiple 10/100 switching ports within the router, then you are looking for some version of Cisco's 16-port EtherSwitch Network Module. The model number NM-16ESW-something, where the "something" designates support for inline power or an optional Gigabit Ethernet interface. This should run on the code you have.

The NM-16ESW supports 802.1Q, according to the documentation. But I have never worked with one, so I couldn't tell you how the interfaces are numbered (Fa1/0 through Fa1/15?). Also, I have no idea how the router communicates with the switching network module internally: are there 16 separate FastEthernet ports now, each one configurable as the router's own LAN ports are? Or is there some common, internal backplane-type connection between the network module and the router's CPU, configured like a Gigabit Ethernet VLAN trunk port when you implement multiple access VLANs on the 10/100 ports?

Rather than use an NM-16ESW in a router to handle multiple VLANs, I would just use a Cisco Layer 3 switch if it were only for routing IP. 3550 or 3750 would be fine. But if you need IPX routing, then in Cisco's line you either need routers or chassis switches running Enterprise code. Other manufacturers support IPX and IP in a stackable size: Foundry, HP, and Extreme Networks, for example. In fact, Foundry and HP (who OEMs some product from Foundry) use a CLI very much like Cisco's. I've even seen HP switches show up as CDP neighbors to a Cisco router.

There are times to use routers and times to use Layer 3 switches. And times when you need both. It all depends on what you're doing, and what you're trying to do it with...