I understand a bit about pixes I understand all the concepts needed for IP (and can set up an old netblazer router in about 2 mins) I know little about IOS 12.0 (10), which is on the router module.... (my German and French is better, and that's saying something!!!) We have a Catalyst 4000 switch with a routing module in it. We have successfully (by following simple examples) created a few VLANS, which we effectively use a hubs. I'm trying to take the next step (leap??), and make the router module route between the vlans. Initially, I've created a new test VLAN (98), and want to route from that to the main vlan (1) The two VLANs, 1 and 98, are both working within them selves (ie 2 servers in VLAN 2 can communicate, 2 servers in VLAN 98 can communicate) (VLAN 1 = 10.44.0.0/16, VLAN98 = 10.98.0.0/16) Following one (of the MANY) cisco example sheets, I believe that I have set up the 2 gigabit links to the router module as trunks, and both VLANs go down the trunks ok (see (3) below) On the router, I believe I have set up the native VLAN (99), as well as "hooked into" VLANS 1 & 98 on subinterfaces 3.1 and 3.98 From a PC on the main VLAN (ie VLAN1) I can ping to 10.44.254.253 (the address on sub-i/f 3.1) and 10.98.254.254 (the address on sub-i/f 3.98), but no further. From VLAN 98 I can NOT ping anything (other than the 2 PC's pinging each other) Put simply, it appears that there is no connection between VLAN 98 and the router function. Things I have spotted, and MAY be the problem, but I'm not sure what to do to sort it out: a) there is mention about not using the native vlan, a it is software routed (probably not a real issue for the small amount of traffic we'll be putting through the unit!)... and that the native vlan on teh switch and router must match b) on sub-interface 3.1 it has "encapsulation dot1Q 1 native".... I didn't put that there, and I can't change it c) on the switch, VLAN 1 is called "default": is that actually relevant, or is "default" just a label? d) what do I have to do on the switch to make VLAN 99 the native vlan? Is that the problem? e) what is the "interface Port-Channel" stuff about? I just typed it in from the sample config Any help would be appreciated!!! thanks guys! Paul Blitz (Tech Support, struggling!) ---------------------------------------------------------------------------- --- 1) the cat 4000 switch config (cut down): #vtp set vtp domain centia.net set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 98 name testing_10_98_0_0 type ethernet mtu 1500 said 100098 state active set vlan 99 name native_do_not_use type ethernet mtu 1500 said 100099 state active ! #port channel set port channel 2/1-4 34 set port channel 3/25-28 49 set port channel 3/29-32 50 set port channel 3/33-36 51 ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 : 34-port Router Switch Card set vlan 98 2/3-4 set vlan 99 2/1-2 set trunk 2/1 nonegotiate dot1q 1-1005,1025-4094 set trunk 2/2 nonegotiate dot1q 1-1005,1025-4094 set port channel 2/1-2 mode on ! #module 3 : 48-port 10/100BaseTx Ethernet set vlan 2 3/13-18 ! #module 4 : 32-port 10/100/1000 Ethernet #module 5 : 6-port 1000BaseX Ethernet #module 6 empty ---------------------------------------------------------------------------- --- 2) the cat 4000 Router module config (cut down) ip subnet-zero no ip routing ! interface Port-channel1 no ip address no ip directed-broadcast hold-queue 300 in ! interface Port-channel1.99 encapsulation dot1Q 99 native no ip directed-broadcast ! interface FastEthernet1 ip address 10.44.2.7 255.255.0.0 no ip directed-broadcast no ip route-cache full-duplex ! interface GigabitEthernet3 no ip address no ip directed-broadcast no ip route-cache no negotiation auto ! interface GigabitEthernet3.1 description main_10_44_network encapsulation dot1Q 1 native ip address 10.44.254.253 255.255.0.0 no ip directed-broadcast no ip route-cache ! interface GigabitEthernet3.98 encapsulation dot1Q 98 ip address 10.98.254.254 255.255.0.0 no ip directed-broadcast no ip route-cache ! interface GigabitEthernet4 no ip address no ip directed-broadcast no ip route-cache no negotiation auto ! ---------------------------------------------------------------------------- --- 3) ouput of "show trunks" on switch Port Mode Encapsulation Status Native vlan -------- ----------- ------------- ------------ ----------- 2/1 nonegotiate dot1q trunking 99 2/2 nonegotiate dot1q trunking 99 Port Vlans allowed on trunk -------- ------------------------------------------------------------------ --- 2/1 1-1005,1025-4094 2/2 1-1005,1025-4094 Port Vlans allowed and active in management domain -------- ------------------------------------------------------------------ --- 2/1 1-4,98-99 2/2 1-4,98-99 Port Vlans in spanning tree forwarding state and not pruned -------- ------------------------------------------------------------------
Hey, guys, surely SOMEONE knows a little about routing between VLANS using the layer 3 module in a Cat 4000? Please guys??? Paul Blitz
Hello, paul! You wrote on Wed, 16 Jun 2004 13:50:35 +0100: pb> Hey, guys, surely SOMEONE knows a little about routing between pb> VLANS using the layer 3 module in a Cat 4000? CatOS portion of config seems to be ok. IOS one is not. ip subnet-zero no ip routing First of all, it's not going to do a routing if it's disabled. ! interface Port-channel1 no ip address no ip directed-broadcast hold-queue 300 in ! interface Port-channel1.99 encapsulation dot1Q 99 native no ip directed-broadcast ! interface GigabitEthernet3 no ip address no ip directed-broadcast no ip route-cache no negotiation auto This interface is not a part of Port-channel1. The same goes for GigE4. "channel-group 1" is required ! interface GigabitEthernet3.1 description main_10_44_network encapsulation dot1Q 1 native ip address 10.44.254.253 255.255.0.0 no ip directed-broadcast no ip route-cache All sub-interfaces should be created under port-channel - like the one for VLAN99, not physical GigE ports. An you need to decide which VLAN is going to be native - 1 or 99. There is can be only one. With best regards, Andrey.
Wow, useful info, but I'm not sure I quite understand... I guess its a matter of the concepts, that cisco always seem to make more complicated than needed. They have lovely docs that say "do this, do that" but don't really explain what you're doing! Could you spend a couple of lines to explain what "Port Channels" are. If we keep th example very simple, just wanting to route between 2 VLANS, maybe you could explain the steps needed to hook things together.... MANY thanks!!!! Paul
Is the L3 module a 4232? Give us a sh ver if you could? You need to go with EITHER port-channel sub-ints OR GE sub-ints. I would recommend the latter as that will allow you to use acls if so desired in the future. I believe the channel-group relates to bundling the physical interfaces into a single logical interface. If you want use the GE ints individually then channel-group doesn't come into play.
Yup, its a WS-X4232-L3 Cisco Internetwork Operating System Software IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(10)W5(18f) RELE ASE SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Mon 04-Dec-00 22:07 by integ Image text-base: 0x60010928, data-base: 0x605F6000 ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE CatalystRouter uptime is 2 days, 22 hours, 24 minutes System restarted by power-on Running default software cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory. R5000 processor, Implementation 35, Revision 2.1 Last reset from power-on 1 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3z interface(s) 123K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2 This is a VERY simple setup (we "inherited" the box, and I doubt we'll ever use it to its full potential). So far, following the examples in a Cisco config & overview doc, I (think) I set the switch module to put all VLANS onto both backplane GE's: set VLAN 99 2/1-2 (set 99 to be the native VLAN) set trunk 2/1 nonegotiate dot1q 1-1005 (put all the VLANS down 1st GE) set trunk 2/2 nonegotiate dot1q 1-1005 (...also down the second) set port channel 2/1-2 mode on (it says it HAS to use channel mode coz the router module doesn't do PAgP) All I'm trying to then do with the router module is to "hook into" the various VLANS and do routing between them. One of the VLANs will be our corporate backbone, which will lead to our PIX and thus the Internet (plus a couple of VPNs). I get the feeling that, once I have the basics set up, and the first couple of VLANS routing to each other, then the rest will be pretty straight forward. Its just doing the basics that is the big hurdle for a non-Cisco person!!!! Paul
Is this the doc you're referencing? http://www.cisco.com/en/US/partner/...s663/products_tech_note09186a0080094959.shtml port-channels are the logical aggregation of physical ports. In this doc port-channel 1 defines the logical port that includes physical ports GE3 & 4 If you go that route then you'd create port-channel subints as described. And you will NOT be able to apply ACLs to these subints interface GigabitEthernet3 no ip address no ip directed-broadcast no negotiation auto channel-group 1 interface GigabitEthernet4 no ip address no ip directed-broadcast no negotiation auto channel-group 1 interface Port-channel1.99 encapsulation dot1Q 99 native 192.168.99.0 255.255.255.0 no ip redirects no ip directed-broadcast interface Port-channel1.99 encapsulation dot1Q 99 native 192.168.100.0 255.255.255.0 no ip redirects no ip directed-broadcast Alternatively, you'd go the GE subint route in which you'd have interface GigabitEthernet3 no ip address no ip directed-broadcast no negotiation auto ! interface GigabitEthernet3.99 encapsulation dot1Q 1 native ip address 192.168.99.0 255.255.255.0 ..... interface GigabitEthernet4 no ip address no ip directed-broadcast no negotiation auto ! interface GigabitEthernet4.100 encapsulation dot1Q 100 ip address 192.168.100.0 255.255.255.0 .....
http://www.cisco.com/en/US/partner/...s663/products_tech_note09186a0080094959.shtml It asks for a login... and whilst it seems I registered, I don't remember the password :-( I've sent an email to sort it out (I hope!) The doc I was reading was called "Configuration and Overview of the Router Module for the Catalyst 4000 Family (WS-X4232-L3)". It might be the same document. ok... makes a tiny bit of sense! the doc says that (and for what we are doing is not likely to be an issue, however, always better to leave options open!) I'll try that, and see how it goes! Thanks Paul
interface GigabitEthernet3.99 In the document it has, it suggests that you should set up a dummy native vlan (ie not use it), as the native vlan is software routed. Comments? I guess I would do what you did above, but NOT put an ip address onto that sub-interface? I have an "interface Port-channel1" lurking after deleting its sub interfaces, I can't delete it... is that normal? Paul
