Need help with VLAN trunking on Cisco Router

[darrenster]

I have a Cisco 1700 series router (i dont know exact series number) running:

ROM: System Bootstrap, Version 12.2(7r)XM4, RELEASE SOFTWARE (fc1)
ROM: Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(7)XR3, RELEASE SOFTWARE (fc2)

installed is a WIC-4ESW card.

This should be simple, cant get it working. in a nutshell... I'm trying to configure fa0 as a vlan "trunk" port trunking vlans 1 and 20 from my managed switch (switch is configured correctly) and i want fa1 on vlan 1 and fa2 on vlan 20.

another words:
fa0 tagged with vlan 1 & 20
fa1 untagged with vlan 1
fa2 untagged with vlan 20

see code below, i cant seem to get the trunking to work. i cant confirm if this is even possible with this router. Thanks!

!
! Last configuration change at 20:35:48 EST Sat Feb 12 2011
! NVRAM config last updated at 20:47:38 EST Sat Feb 12 2011
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FoxOneNetworks
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$IzyD$M7xSeHnXeS35qFCvbgQW90
enable password cisco
!
username foxone password 0 LETMEIN
clock timezone EST -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
!
no ip domain lookup
ip host zion2 10.0.0.16
ip cef
ip ids po max-events 100
no ftp-server write-enable
!
!
!
!
no spanning-tree vlan 1
no spanning-tree vlan 20
no spanning-tree vlan 101
no spanning-tree vlan 102
no spanning-tree vlan 103
no spanning-tree vlan 104
!
! 
!
!
!
interface FastEthernet0
 description TRUNK_PORT
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0.1
 description MASTER_NETWORK
 encapsulation dot1Q 1 native
!
interface FastEthernet0.2
 description PUBLIC_NETWORK
 encapsulation dot1Q 20
!
interface FastEthernet1
 description MASTER_NETWORK
 no ip address
!
interface FastEthernet2
 description PUBLIC_NETWORK
 switchport access vlan 20
 no ip address
!
interface FastEthernet3
 description SPARE2_NETWORK
 switchport access vlan 103
 no ip address
!
interface FastEthernet4
 description MAINT
 switchport access vlan 104
 no ip address
!
interface Vlan104
 ip address 10.0.0.249 255.255.255.0
!
ip classless
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
banner motd  Good to Go... 
!
line con 0
 password letmein
 logging synchronous
 login
line aux 0
line vty 0 4
 password letmein
 login
!
ntp clock-period 17180019
ntp server 10.0.0.250
end

 

[Vito_Corleone]

I'm surprised this router even supports VLANs and that card. But it appears to. You need to configure the trunk under one of the ESW ports (sw mode trunk), not the routed port. Configuring tagging on a routed port is basically just routing on a stick, you won't be able to pass those VLANs to the ESW (without some creativity and goofy shit).

Also, a sh ver will tell you the model number.

 

[darrenster]

reading the manual on the ESW states that it does not support trunking on any of its ports. However, the ports can belong to an assigned VLAN. I've done that before and i know it works. Can you provide some insight on how I can configure the fa0 port, which is the actual port on the router, as a trunking port?

Thanks!

sh ver yields:

Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(7)XR3, RELEASE SOFTWARE (fc2)
Synched to technology version 12.3(7.11)T1
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Sat 25-Sep-04 16:02 by ealyon

ROM: System Bootstrap, Version 12.2(7r)XM4, RELEASE SOFTWARE (fc1)
ROM: Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(7)XR3, RELEASE SOFTWARE (fc2)

FoxOneNetworks uptime is 13 hours, 57 minutes
System returned to ROM by reload at 19:51:55 EST Sat Feb 12 2011
System restarted at 19:54:39 EST Sat Feb 12 2011
System image file is "flash:c1700-k9o3sy7-mz.123-7.XR3.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

Cisco IPM (MPC862P) processor (revision 0x101) with 86376K/11928K bytes of memory.
Processor board ID FOC08500MXG (2017836385), with hardware revision 0000
MPC862P processor: part number 7, mask 0
1 Ethernet interface
5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102 (will be 0x780 at next reload)

 

[mattjw916]

reading the manual on the ESW states that it does not support trunking on any of its ports

I think you misread that then. I just pulled up the config guide for that module and it lists trunking and SVIs as being supported.

Like Vito said Fa0 is a _routed_ port. You need to use interfaces Fa1, 2, 3 or 4 since those are _switchports_.

 

[ShadowStriker]

You didn't set IPs on your sub interfaces.

Router-on-a-stick

 

[Arch]

Regardless of the ESW module, the router SHOULD be able to make an 802.1q trunk with the managed switch. As I understand the original post, not even that is working?

Router---802.1qtrunk on FA0---Switch

That should come up regardless of what is on the other side of the router.

How about this, to go back even further, can you get a basic, non-802.1q connection up between the router and this switch?

 

[darrenster]

I've just now followed the instructions for "router-on-a-stick" and has verified that that functionally works. I've changed my VLANS to 101 and 102 and successfully made fa0 a trunk port with my switch. Now when i add the fa1 via switchport access vlan 101 and fa2 via switchport access vlan 102. I cant seem to get the fa1 or fa2 to communicate through the trunk port, fa0.

physical network layout:
<Laptop1>---<router fa1>---<router fa0>---<switch port24>---<switch port1>---<laptop2>

switch port24 is a trunk port with vlan 101 and 102 tagged
switch port 1 is untagged in vlan 101

Updated Code:

!
! Last configuration change at 20:35:42 EST Mon Feb 14 2011
! NVRAM config last updated at 20:35:46 EST Mon Feb 14 2011
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FoxOneNetworks
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8Yof$Q8a4398/.k7A420g5OUmg1
enable password cisco
!
clock timezone EST -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
!
ip host zion2 10.0.0.16
ip cef
ip ids po max-events 100
no ftp-server write-enable
!
!
!
!
no spanning-tree vlan 1
no spanning-tree vlan 20
no spanning-tree vlan 101
no spanning-tree vlan 102
no spanning-tree vlan 103
no spanning-tree vlan 104
!
! 
!
!
!
interface FastEthernet0
 description TRUNK_PORT
 no ip address
 ip broadcast-address 0.0.0.0
 duplex auto
 speed auto
!
interface FastEthernet0.1
 description SUB_INTERFACE_1
 encapsulation dot1Q 101
 ip broadcast-address 0.0.0.0
!
interface FastEthernet0.2
 description SUB_INTERFACE_2
 encapsulation dot1Q 102
 ip broadcast-address 0.0.0.0
!
interface FastEthernet1
 description CISCO_VLAN_101
 switchport access vlan 101
 no ip address
!
interface FastEthernet2
 description CISCO_VLAN_102
 switchport access vlan 102
 no ip address
!
interface FastEthernet3
 description NOT_USED
 no ip address
 shutdown
!
interface FastEthernet4
 description MAINT
 switchport access vlan 104
 no ip address
!
interface Vlan104
 ip address 10.0.0.249 255.255.255.0
 ip broadcast-address 0.0.0.0
!
interface Vlan1
 no ip address
 ip broadcast-address 0.0.0.0
!
ip classless
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
 password letmein
 logging synchronous
 login
line aux 0
line vty 0 4
 password letmein
 login
!
ntp clock-period 17179875
ntp server 10.0.0.250
end

 

[Vito_Corleone]

FA0 IS A ROUTED PORT, YOU NEED TO USE ONE OF THE SWITCHPORTS TO CREATE A TRUNK

 

[Vito_Corleone]

ROAS is the old way to route between VLANs. Putting that module into your router gives you the ability to use SVIs, which means you don't have to do ROAS, you essentially have an L3 switch.

 

[Lightworker]

Add the sub interfaces on Fa0 to separate bridge groups, and add the respective VLAN SVIs to those same bridge groups. Assign your IP addresses to the BVI interfaces, and tell Vito to FOAD.

Cheers

 

[Vito_Corleone]

Lenny is referring to the "creativity and goofy shit" I mentioned earlier. Mad stupid, y0.

 

[Lightworker]

Shit works brah

Rough example off the top of my head:

int Fa0.10
encap dot 10
bridge-group 10
!
int Fa0.20
encap dot 20
bridge-group 20
!
int Fa1
switchport access vlan 10
!
int Fa2
switchport access vlan 20
!
int Vlan 10
bridge-group 10
!
int Vlan 20
bridge-group 20
!
int BVI10
desc Vlan 10 Bridge Interface
ip add 10.1.10.1 255.255.255.0
!
int BVI20
desc Vlan 20 Bridge Interface
ip add 10.1.20.1 255.255.255.0
!

It's probably worth noting this isn't the "proper" way to do this though...it's best to use your unused switch port and create a trunk like everyone else mentioned, but if there's a feature limitation on that card, this should get you by.

 

[calvinj]

Yallz mad routin skillz

 

[x.sci]

@darrenster: vito's telling you to use fa3 instead of fa0 as it's an easier and better way to set this up. Though I can see it's hard to tell what a routed/switched port is when they're all named the same.

Basically, fa1-4 are on the same card and can do switching in hardware (switch ports), while fa0 is on another card (built into router actually). So if you want to do switching between fa0 and others, router cpu has to take frame from one card and send it to the other (which can be rather taxing for cpu). You set this up with bridge groups like lightworker said, so it can be done but it's harder to set up.

 

[x.sci]

Lenny is referring to the "creativity and goofy shit" I mentioned earlier. Mad stupid, y0.

What's wrong with this (except it gets bridged through cpu and isn't that fast)?

 

[Vito_Corleone]

It's more hassle and it's not the right way to do it. The only reason to do that is if his card won't support trunking, which it appears to. Having the card avoids the need for IRB.