Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2343
Views
5
Helpful
7
Replies

VLAN Unnumbered Subinterfaces problem

Boris Krajnc
Level 1
Level 1

‎09-02-2012 02:37 AM - edited ‎03-07-2019 08:39 AM

Hello,

I have connected router Cisco 2851 (Ge0/1= LAN, Ge0/0= WAN) and switch Cisco WS-C2950G-48-EI . On router LAN interface I would like to create 30 subinterfaces (every subinterface for one user) and this subinterfaces should be unnumbered to Ge0/1. I would like to all users have IP from same subnet.  I configure router and switch but I can not access IP address configured on Ge0/1 from user on some VLAN (VLAN 1101 in my example). What I am doing wrong ? Please se attached picture and part of the configuration for better understanding.

ScreenHunter_01 Sep. 02 09.52.jpg 

interface GigabitEthernet0/1

description User subinterfaces

ip address 172.30.0.1 255.255.252.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

interface GigabitEthernet0/1.1101

description User_1101

encapsulation dot1Q 1101

ip unnumbered GigabitEthernet0/1

ip nat inside

ip virtual-reassembly

On Switch side I configure UPLINK interface (Fa0/48) wit mode trunk and allow all VLANs and port (Fa0/1) with mode access for VLAN 1101...

I also try to create "correct" subinterface configuration with IP address and it works, but that means in this case every user will have different gateway and I don't like it:

interface GigabitEthernet0/1.1101

description User_1101

encapsulation dot1Q 1101

ip address 172.30.0.2 255.255.252.0

ip access-group 110 in

ip nat inside

ip virtual-reassembly

Of course in this testing scenario User GW was 172.30.0.2/22

I assume routing is not problem because subinterfaces are directly connected or I don't understand something ?

Any advice will be very helpfull.

Thank you in advance

Regards

Boris

Labels:
0 Helpful
7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

‎09-02-2012 09:16 AM

Hi,

In your configuration above, since you are creating a sub-interface for vlan 1101, than you don't need an IP address under the global interface.  You just need to put the IP under the sub-interface:

example:

interface GigabitEthernet0/1

duplex auto

speed auto

interface GigabitEthernet0/1.1101

description User_1101

encapsulation dot1Q 1101

ip address 172.30.0.1 255.255.252.0

ip nat inside

ip virtual-reassembly

and on the switch side you have already configured interface fa0/1 as trunk with dot1a as encapsulation which is correct.

This way, all your users on the switch access ports are part of vlan 1101 and this vlan is part of the trunk and the router is the default gateway for your users. The switch is layer-2 only. If the config is correct you should be able to ping from a host to the router's ip address.

HTH

0 Helpful

Boris Krajnc
Level 1
Level 1
In response to Reza Sharifi

‎09-02-2012 10:29 AM

Reza,

Thank you for your answer and hints but I can see that I didn't give enough clear informations what I want.

I would like that users from different VLANs belong to the same subnet and everybody  have one GW IP address. Maybe little strange but ....

I believe your way is working correct because I already test it, but I am curious if I can configure in my way ?

Regards

Boris

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Boris Krajnc

‎09-02-2012 02:18 PM

HI Boris,

I am curious as to why would you want to do that.  If they are all in the same subnet, why not put them all in the same vlan.  Using one subnet with multiple vlans will work, but makes things complicated specially when it comes to management and troubleshooting.  Usually you map a subnet to a vlan.

HTH

Reza

Boris Krajnc
Level 1
Level 1
In response to Reza Sharifi

‎09-03-2012 04:50 AM

Hi Reza,

Indeed you are right. My first concept was subinterface for every user in network, then I start thinking about IP addressing and somehow become to solution with unnumbered interface. I agree there is no point to have separate VLAN's in same subnet. I will configure different subnet for single VLAN and I will have more control.

OK, I can say I have solution, but anyway, I am still curious how to configure unnumbered interface with subinterfaces. If I understand correctly manuals from here http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtunvlan.html#wp1059154 it should work like I already configure or..... ?

Reza, thank you for your kindnes and help.

Boris

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Boris Krajnc

‎09-03-2012 10:06 AM

Boris,

Glad to help!!

The concept of ip unnumbered is not a new concept.  Usually, it was used when organizations were short of IP addresses and this was one way to remedy WAN/serial interface IPs.  I have not configured it myself, but I am sure it will work since this feature goes back to earlier versions of IOS.

Thanks,

Reza

0 Helpful

belorusandrey
Level 1
Level 1

‎12-25-2012 02:55 AM

The presence of several subinterfaces can slightly increase CPU load on the router.        

In your case I would be used PrivateVLAN.

Set up GW port on the switch as Promiscuous (Usually connects to a router. This port type is allowed to send and receive L2 frames from any other port on the VLAN) port and user ports as isolated.

Looks like this decision meets your requirements.

More information about PrivateVLANs you can find for example here

http://blog.ine.com/2008/01/31/understanding-private-vlans/

0 Helpful

Jeff Van Houten
Level 5
Level 5
In response to belorusandrey

‎12-27-2012 06:26 AM

I agree with andriy. If you're trying to isolate one users' traffic from another it's much easier with private vlan on the switch than sub interfaces on the router.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card