871W: Routing between VLANs

Discussion in 'Cisco' started by JF Mezei, Nov 29, 2009.

  1. JF Mezei

    JF Mezei Guest

    I have an 871W.

    I have a switch supporting:

    VLAN 10 - general machines (10.0.*.*)
    VLAN 20 - special machines (10.1.*.*)

    This is connected to an 871W router via a trunk line.

    The router has:

    -FastEthernet 0 defined as trunk line to the switch.

    -Vlan 10 defined as bridge-group 10, no ip address

    -BVI 10 defined with 10.0.0.2 (router's ip address)

    -Dialer-1 defined to link to the ISP via PPPoE

    -FastEthernet4 defined as the PPPoE output to a modem.

    -DotRadio interfaces defined as bridge-group 10 and vlan 10.

    and I have a :
    bridge irb
    bridge 10 protocol ieee
    bridge 10 route ip

    So far, the router works fine to connect the wi-fi to the lan, and both
    to the internet, all within the confines of Vlan-10.


    I would like the router to be given a new 10.1.0.2 interface and be able
    to route packets between the 10.0 subnet (VLAN 10) and 10.1 subnet (vlan
    20) with each vlan served by the same trunk line.

    goal: allow a machine in vlan 10 to talk to a machine on vlan 20 (I used
    to use switchport multi on the switch to allow specific machines such
    access, and all machines were in same subnet).

    Aka: packets from 10.0.0.20 travel as vlan 10 from the switch , via the
    trunk line to the router, then get routed to 10.1.0.5, encapsulated as
    VLAN 20 traveling back through the trunk line to the destination on the
    switch.


    How do I do that ?
    -what interface gets the 10.1.0.2 IP ? a new BVI one ? the vlan 20 ?
    -how do I link this interface so that packets get routed at IP level ?

    Or is the only way to use a separate ethernet interface, give that the
    ip address ? And in such a case, is the routing automatic or must I tie
    the interface to the bridge group, or must I add specific "IP route"
    commands ?

    I note that the "Dialer 1" interface has no explicit attachement to the
    bridge group or VLAN. I assume that the router automatically makes all
    dialer interfaces available for routing.



    I've seen examples where non-trunk ethernet interfaces were each given
    IPs in different subnets, but have not seen instances of trunk lines
    supporting different subnets in different vlans.
     
    JF Mezei, Nov 29, 2009
    #1
    1. Advertising

  2. JF Mezei

    Uli Link Guest

    JF Mezei schrieb:
    > I have an 871W.
    >
    > I have a switch supporting:
    >
    > VLAN 10 - general machines (10.0.*.*)
    > VLAN 20 - special machines (10.1.*.*)
    >
    > This is connected to an 871W router via a trunk line.
    >
    > The router has:
    >
    > -FastEthernet 0 defined as trunk line to the switch.
    >
    > -Vlan 10 defined as bridge-group 10, no ip address
    >
    > -BVI 10 defined with 10.0.0.2 (router's ip address)
    >
    > -Dialer-1 defined to link to the ISP via PPPoE
    >
    > -FastEthernet4 defined as the PPPoE output to a modem.
    >
    > -DotRadio interfaces defined as bridge-group 10 and vlan 10.
    >
    > and I have a :
    > bridge irb
    > bridge 10 protocol ieee
    > bridge 10 route ip
    >
    > So far, the router works fine to connect the wi-fi to the lan, and both
    > to the internet, all within the confines of Vlan-10.
    >
    >
    > I would like the router to be given a new 10.1.0.2 interface and be able
    > to route packets between the 10.0 subnet (VLAN 10) and 10.1 subnet (vlan
    > 20) with each vlan served by the same trunk line.
    >
    > goal: allow a machine in vlan 10 to talk to a machine on vlan 20 (I used
    > to use switchport multi on the switch to allow specific machines such
    > access, and all machines were in same subnet).
    >
    > Aka: packets from 10.0.0.20 travel as vlan 10 from the switch , via the
    > trunk line to the router, then get routed to 10.1.0.5, encapsulated as
    > VLAN 20 traveling back through the trunk line to the destination on the
    > switch.
    >
    >
    > How do I do that ?
    > -what interface gets the 10.1.0.2 IP ? a new BVI one ? the vlan 20 ?
    > -how do I link this interface so that packets get routed at IP level ?
    >
    > Or is the only way to use a separate ethernet interface, give that the
    > ip address ? And in such a case, is the routing automatic or must I tie
    > the interface to the bridge group, or must I add specific "IP route"
    > commands ?
    >
    > I note that the "Dialer 1" interface has no explicit attachement to the
    > bridge group or VLAN. I assume that the router automatically makes all
    > dialer interfaces available for routing.
    >


    If you have the VLAN 20 interface up with an ip address of 10.1.0.2 your
    router *will* route between any local VLANs.
    If you cannot get the VLAN20 interface up you may need to add it to the
    VLAN database. Depends on IOS version.
    If you wan't to route/NAT/PAT from VLAN20 to internet through the Dialer
    interface you may want to add the VLAN20 subnet to the access list
    defining the NAT rule.

    --
    ULi
     
    Uli Link, Nov 29, 2009
    #2
    1. Advertising

  3. JF Mezei

    JF Mezei Guest

    Uli Link wrote:

    > If you cannot get the VLAN20 interface up you may need to add it to the
    > VLAN database. Depends on IOS version.


    Well, it appears I may have gotten a show stopper here.

    router2#show vtp status
    VTP Version : 2
    Configuration Revision : 0
    Maximum VLANs supported locally : 6
    Number of existing VLANs : 6
    VTP Operating Mode : Transparent
    VTP Domain Name : vaxination.ca
    VTP Pruning Mode : Disabled
    VTP V2 Mode : Disabled
    VTP Traps Generation : Disabled
    MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08
    Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02


    Because there are 5 default VLANS (1 and 1002-1005) which one cannot
    remove or disable, this seems to imply that the 871 router has a limit
    of 1 VLAN.

    And this is why, after a whole night of trial and error, I could never
    get my trunk line to carry the second VLAN, and it took me a whoile to
    realise that VTP MODE CLIENT would revert to TRANSPARENT because the
    "network" carries more vlans than this baby router can accept.

    Cisco is rather stupid to have such a small limit on a router with
    trunking capabilities.

    I guess the only use of the trunk line between the router and switch
    would be to send remove management commands from the switch to the
    router since it can't carry traffic for VLANS that the router refuse to
    accept because of its stupid small limit of 1 customer defined vlan.

    Is there a way to disable/remove those default VLANs ?
     
    JF Mezei, Nov 29, 2009
    #3
  4. JF Mezei

    Uli Link Guest

    JF Mezei schrieb:
    > Uli Link wrote:
    >
    >> If you cannot get the VLAN20 interface up you may need to add it to the
    >> VLAN database. Depends on IOS version.

    >
    > Well, it appears I may have gotten a show stopper here.
    >
    > router2#show vtp status
    > VTP Version : 2
    > Configuration Revision : 0
    > Maximum VLANs supported locally : 6
    > Number of existing VLANs : 6
    > VTP Operating Mode : Transparent
    > VTP Domain Name : vaxination.ca
    > VTP Pruning Mode : Disabled
    > VTP V2 Mode : Disabled
    > VTP Traps Generation : Disabled
    > MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08
    > Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02
    >
    >
    > Because there are 5 default VLANS (1 and 1002-1005) which one cannot
    > remove or disable, this seems to imply that the 871 router has a limit
    > of 1 VLAN.
    >
    > And this is why, after a whole night of trial and error, I could never
    > get my trunk line to carry the second VLAN, and it took me a whoile to
    > realise that VTP MODE CLIENT would revert to TRANSPARENT because the
    > "network" carries more vlans than this baby router can accept.
    >
    > Cisco is rather stupid to have such a small limit on a router with
    > trunking capabilities.
    >
    > I guess the only use of the trunk line between the router and switch
    > would be to send remove management commands from the switch to the
    > router since it can't carry traffic for VLANS that the router refuse to
    > accept because of its stupid small limit of 1 customer defined vlan.
    >
    > Is there a way to disable/remove those default VLANs ?


    No, but you can use 12.4(11)XJ4 or upgrade to the Advanced IP IOS.
    The 1 VLAN limit was once documented for Advsecurity on the 870 platform.
    I have 3 VLANs working on a 876.
    Don't expect decent inter VLAN routing speed. But it works.

    --
    ULi
     
    Uli Link, Nov 29, 2009
    #4
  5. Set the VTP Mode to server (or client if another switch is used to
    create the vlans). Transparent mode passes VTP information through the
    device without applying it to the device.

    Curtis

    JF Mezei wrote:
    > Uli Link wrote:
    >
    >> If you cannot get the VLAN20 interface up you may need to add it to the
    >> VLAN database. Depends on IOS version.

    >
    > Well, it appears I may have gotten a show stopper here.
    >
    > router2#show vtp status
    > VTP Version : 2
    > Configuration Revision : 0
    > Maximum VLANs supported locally : 6
    > Number of existing VLANs : 6
    > VTP Operating Mode : Transparent
    > VTP Domain Name : vaxination.ca
    > VTP Pruning Mode : Disabled
    > VTP V2 Mode : Disabled
    > VTP Traps Generation : Disabled
    > MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08
    > Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02
    >
    >
    > Because there are 5 default VLANS (1 and 1002-1005) which one cannot
    > remove or disable, this seems to imply that the 871 router has a limit
    > of 1 VLAN.
    >
    > And this is why, after a whole night of trial and error, I could never
    > get my trunk line to carry the second VLAN, and it took me a whoile to
    > realise that VTP MODE CLIENT would revert to TRANSPARENT because the
    > "network" carries more vlans than this baby router can accept.
    >
    > Cisco is rather stupid to have such a small limit on a router with
    > trunking capabilities.
    >
    > I guess the only use of the trunk line between the router and switch
    > would be to send remove management commands from the switch to the
    > router since it can't carry traffic for VLANS that the router refuse to
    > accept because of its stupid small limit of 1 customer defined vlan.
    >
    > Is there a way to disable/remove those default VLANs ?
     
    Curtis Starnes, Dec 28, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ori
    Replies:
    12
    Views:
    12,091
    Kenny D
    Dec 4, 2003
  2. Replies:
    2
    Views:
    5,252
  3. Paul Smedshammer

    871W Wireless VPN to SBS 2003 Routing

    Paul Smedshammer, Dec 20, 2006, in forum: Cisco
    Replies:
    2
    Views:
    570
    Paul Smedshammer
    Dec 20, 2006
  4. JF Mezei
    Replies:
    7
    Views:
    509
    JF Mezei
    Aug 3, 2009
  5. sky
    Replies:
    10
    Views:
    7,396
    Doug McIntyre
    Jul 25, 2012
Loading...

Share This Page