871W: Routing between VLANs

Discussion in 'Cisco' started by JF Mezei, Nov 29, 2009.

  1. JF Mezei

    JF Mezei Guest

    I have an 871W.

    I have a switch supporting:

    VLAN 10 - general machines (10.0.*.*)
    VLAN 20 - special machines (10.1.*.*)

    This is connected to an 871W router via a trunk line.

    The router has:

    -FastEthernet 0 defined as trunk line to the switch.

    -Vlan 10 defined as bridge-group 10, no ip address

    -BVI 10 defined with 10.0.0.2 (router's ip address)

    -Dialer-1 defined to link to the ISP via PPPoE

    -FastEthernet4 defined as the PPPoE output to a modem.

    -DotRadio interfaces defined as bridge-group 10 and vlan 10.

    and I have a :
    bridge irb
    bridge 10 protocol ieee
    bridge 10 route ip

    So far, the router works fine to connect the wi-fi to the lan, and both
    to the internet, all within the confines of Vlan-10.


    I would like the router to be given a new 10.1.0.2 interface and be able
    to route packets between the 10.0 subnet (VLAN 10) and 10.1 subnet (vlan
    20) with each vlan served by the same trunk line.

    goal: allow a machine in vlan 10 to talk to a machine on vlan 20 (I used
    to use switchport multi on the switch to allow specific machines such
    access, and all machines were in same subnet).

    Aka: packets from 10.0.0.20 travel as vlan 10 from the switch , via the
    trunk line to the router, then get routed to 10.1.0.5, encapsulated as
    VLAN 20 traveling back through the trunk line to the destination on the
    switch.


    How do I do that ?
    -what interface gets the 10.1.0.2 IP ? a new BVI one ? the vlan 20 ?
    -how do I link this interface so that packets get routed at IP level ?

    Or is the only way to use a separate ethernet interface, give that the
    ip address ? And in such a case, is the routing automatic or must I tie
    the interface to the bridge group, or must I add specific "IP route"
    commands ?

    I note that the "Dialer 1" interface has no explicit attachement to the
    bridge group or VLAN. I assume that the router automatically makes all
    dialer interfaces available for routing.



    I've seen examples where non-trunk ethernet interfaces were each given
    IPs in different subnets, but have not seen instances of trunk lines
    supporting different subnets in different vlans.
     
    JF Mezei, Nov 29, 2009
    #1
    1. Advertisements

  2. JF Mezei

    Uli Link Guest

    If you have the VLAN 20 interface up with an ip address of 10.1.0.2 your
    router *will* route between any local VLANs.
    If you cannot get the VLAN20 interface up you may need to add it to the
    VLAN database. Depends on IOS version.
    If you wan't to route/NAT/PAT from VLAN20 to internet through the Dialer
    interface you may want to add the VLAN20 subnet to the access list
    defining the NAT rule.
     
    Uli Link, Nov 29, 2009
    #2
    1. Advertisements

  3. JF Mezei

    JF Mezei Guest

    Well, it appears I may have gotten a show stopper here.

    router2#show vtp status
    VTP Version : 2
    Configuration Revision : 0
    Maximum VLANs supported locally : 6
    Number of existing VLANs : 6
    VTP Operating Mode : Transparent
    VTP Domain Name : vaxination.ca
    VTP Pruning Mode : Disabled
    VTP V2 Mode : Disabled
    VTP Traps Generation : Disabled
    MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08
    Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02


    Because there are 5 default VLANS (1 and 1002-1005) which one cannot
    remove or disable, this seems to imply that the 871 router has a limit
    of 1 VLAN.

    And this is why, after a whole night of trial and error, I could never
    get my trunk line to carry the second VLAN, and it took me a whoile to
    realise that VTP MODE CLIENT would revert to TRANSPARENT because the
    "network" carries more vlans than this baby router can accept.

    Cisco is rather stupid to have such a small limit on a router with
    trunking capabilities.

    I guess the only use of the trunk line between the router and switch
    would be to send remove management commands from the switch to the
    router since it can't carry traffic for VLANS that the router refuse to
    accept because of its stupid small limit of 1 customer defined vlan.

    Is there a way to disable/remove those default VLANs ?
     
    JF Mezei, Nov 29, 2009
    #3
  4. JF Mezei

    Uli Link Guest

    No, but you can use 12.4(11)XJ4 or upgrade to the Advanced IP IOS.
    The 1 VLAN limit was once documented for Advsecurity on the 870 platform.
    I have 3 VLANs working on a 876.
    Don't expect decent inter VLAN routing speed. But it works.
     
    Uli Link, Nov 29, 2009
    #4
  5. Set the VTP Mode to server (or client if another switch is used to
    create the vlans). Transparent mode passes VTP information through the
    device without applying it to the device.

    Curtis
     
    Curtis Starnes, Dec 28, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.