Encapsulation command in subif

Similar Messages

• 3725 with IP Base 12.3 doesn't accept encapsulation command - URGENT

  Hello,
  We have replave a 3620 router by a 3725, but the configuration of the vlan doesn't work on the 3725 because it doesn't accept the encapsulation command following:
  - encap dot1Q 1
  - encap ISL
  Here after is the Vlan configuration:
  interface FastEthernet0/0
  description VERS CLIENT-PACKET VLAN
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip accounting access-violations
  duplex auto
  speed auto
  no cdp enable
  interface FastEthernet0/0.2
  description vers cyber express
  bandwidth 64
  encapsulation dot1Q 2
  ip address 10.227.2.254 255.255.255.0
  ip access-group 101 in
  ip nat inside
  Is there someone to help us?
  Thanks.

  I tried with IP Plus in lab and do see encapsulation options
  3725-A#sh ver | include IOS
  IOS (tm) 3700 Software (C3725-IS-M), Version 12.3(15a), RELEASE SOFTWARE (fc2)
  3725-A#conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  3725-A(config)#int fastEthernet 0/1.1
  W2N-3.7-3725-A(config-subif)#encapsulation ?
  dot1Q IEEE 802.1Q Virtual LAN
  isl Inter Switch Link - Virtual LAN encapsulation
  tr-isl Token Ring Inter Switch Link - Virtual LAN encapsulation
  3725-A(config-subif)#encapsulation dot1Q 1 native
  3725-A(config-subif)#ip address 10.1.1.1 255.255.255.0
  3725-A(config-subif)#
  3725-A#dir flash:
  Directory of flash:/
  1 -rw- 19584036 Mar 2 1993 02:36:40 +00:00 c3725-is-mz.123-15a

• Can't set encapsulation on Sub-Interaces - 2621 Router

  I am studying for my CCNA, playing around with a few of the dirfferent concepts with my hardware. I am trying to setup a router on a stick configuration using a 2600 router and a 2900 catalyst switch.
  I have the FastEthernet 0/1 port plugged into Fa0/1 on the switch. The switch has three vlans setup with a client on each vlan
  I have set the port on the switch as follows:
  Switch(config-if)#switchport mode Trunk
  Switch(config-if)#switchport trunk native vlan 1
  Switch(config-if)#switchport trunk encapsulation isl
  When I try to set the router, I get this:
  rt01(config)#int fa0/1
  rt01(config-if)#no ip add
  rt01(config-if)#exit
  rt01(config)#int fa0/1.1
  rt01(config-subif)#encapsulation isl
  ^
  % Invalid input detected at '^' marker.
  I cannot set the encapsulation on the sub interface, ISL or dot1q - it doesn't recognize the "encapsulation command" command at all.
  My show version is below. I can't confirm one way or another if this image supports IP Plus (which I've been told may be the problem), but based on the message I get when trying to set the IP address on the subif I would think it does..?
  My router sh ver shows:
  Cisco Internetwork Operating System Software
  IOS (tm) C2600 Software (C2600-I-M), Version 12.3(6), RELEASE SOFTWARE (fc3)
  Copyright (c) 1986-2004 by cisco Systems, Inc.
  Compiled Wed 11-Feb-04 19:24 by kellythw
  Image text-base: 0x80008098, data-base: 0x80C83E28
  ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
  rt01 uptime is 1 day, 51 minutes
  System returned to ROM by reload
  System image file is "flash:c2600-i-mz.123-6.bin"
  cisco 2621 (MPC860) processor (revision 0x200) with 61440K/4096K bytes of memory
  Processor board ID JAD050309VG (2886660437)
  M860 processor: part number 0, mask 49
  Bridging software.
  X.25 software, Version 3.0.0.
  2 FastEthernet/IEEE 802.3 interface(s)
  32K bytes of non-volatile configuration memory.
  8192K bytes of processor board System flash (Read/Write)
  Configuration register is 0x2102

  Hi
  c2600-i-mz.123-6.bin is the IP (not IP Plus) version of software. This doesn't support dot1q or ISL trunks.
  The IP Plus would be required for this feature (image name for the plus equivalent of your image would be c2600-is-mz.12.3-6.bin)
  Regards
  Aaron
  Please rate helpful posts...

• 2960 will not allow "switchport trunk encapsulation dot1q" CLI

  I have a Cisco 2960 switch that is not allowing me to setup switchport trunk encapsulation dot1q on a trunking interface.
  The show capabilities shows that the interface can use 802.1q, but when I try to CLI the command the work encapsulation is not an option.
  Please advise with a solution.
  Thanks, S
  Model - WS-C2960G-24TC-L  
  SW Version - 12.2(44)SE6          
  SW Image - C2960-LANBASEK9-M
  S1#
  S1#sh int gi0/23 capabilities
  GigabitEthernet0/23
  Model:                 WS-C2960G-24TC-L
  Type:                 1000BaseLX SFP
  Speed:                 1000
  Duplex:               full
  Trunk encap. type:     802.1Q
  Trunk mode:           on,off,desirable,nonegotiate
  Channel:               yes
  Broadcast suppression: percentage(0-100)
  Flowcontrol:           rx-(off,on,desired),tx-(none)
  Fast Start:           yes
  QoS scheduling:       rx-(not configurable on per port basis),
                           tx-(4q3t) (3t: Two configurable values and one fixed.)
  CoS rewrite:           yes
  ToS rewrite:           yes
  UDLD:                 yes
  Inline power:         no
  SPAN:                 source/destination
  PortSecure:           yes
  Dot1x:                yes
  Multiple Media Types: rj45, sfp, auto-select
  S1#
  S1#
  S1#
  S1(config-if)#switchport ?
  access         Set access mode characteristics of the interface
  backup         Set backup for the interface
  block         Disable forwarding of unknown uni/multi cast addresses
  host           Set port host
  mode           Set trunking mode of the interface
  nonegotiate   Device will not engage in negotiation protocol on this
                   interface
  port-security Security related command
  priority       Set appliance 802.1p priority
  protected     Configure an interface to be a protected port
  trunk         Set trunking characteristics of the interface
  voice         Voice appliance attributes
  S1#
  S1#
  S1#
  S1(config-if)#switchport trunk ?
  allowed Set allowed VLAN characteristics when interface is in trunking mode
  native   Set trunking native characteristics when interface is in trunking
             mode
  pruning Set pruning VLAN characteristics when interface is in trunking mode
  S1#
  S1#
  S1#

  Newer devices don't support ISL so you can only run 802.1Q. That means that there is no need for an encapsulation command because only one encapsulation is supported. If the device had support for ISL then you would also have that command.
  Daniel Dib
  CCIE #37149
  Please rate helpful posts.

• WLAN Clients not browsing on Cisco Wireless Controller WLC NME-AIR-WLC12-K9

  HiI have a question and i need a solution and expert help.I have done a deployment which involves Security (ASA5540), Routing/voice gateway/wlc NME-AIR-WLC12-k9) and Switching (Cisco3845-ccme/k9)Below is the list of equipment used:1. Cisco ASA 5540 - which is connected at the edge to the ISP router
  2. Core Switch WS-C4948E as core and DHCP Server for all VLANs
  3. Access/Distribution Switches WS-C3560G-48PS-S connected as trunk to the core switch
  4. Router/Voice Gateway/WLC Cisco3845-CCME/K9 - This is the voice gateway and also the WLC
  5. Wireless APs AIR-LAP1242AG-E-K9 (12 qty)Here is the deployment scenario:1. G0/0 of the ASA is connected to a 7200 router from the ISP (Public IP Add)
  2. G0/1 of the ASA is connected to gig 1/3 on the Core Switch on VLAN 2 which is the management VLAN (Local IP 10.1.1.2)
  3. Port 3 of the Core switch is on vlan 2 connected to ASA - Management IP of Core Switch is 10.1.1.1. Core Switch is the DHCP Server for all VLANS on the network.
  4. All the Access/Distribution switches are configured with IP Addresses on VLAN 2
  5. Telephony Services is configured on the router and DHCP Pool for Access Points and Wireless Clients is running on the router.
  6. Two DHCP pools were created on the router for APs and Wireless Clients.
  7. G0/0 of the router is configured on the same network that issues dhcp ip to the AP and is connected to gig 1/1 on the core switch
  8 G0/1 of the router is configured as the voice port for the IP Telephony Services and is connected to G 1/2 on the core switch1. Clients receiving DHCP IP on the Core Switch can communicate with all vlans and can browse to the Internet.
  2. IP Telephony Services is running well.
  3. Client on wireless can get IP from the DHCP on the router but cannot browse.I have pings from the router to the core switch and firewall, but clients connected to the wireless
  cannot ping other vlans on the core switch and vice versa.The port connecting the router to the core switch is an Access Port, i have changed to to trunk but still no changes.My biggest problem now is how to make the clients on the wireless communicate with other clients on the network and be able to browse to the Internet.Below is the configs on the router and core switch.Router ConfigNimc_Voice_Router#sh run
  Building configuration...
  Current configuration : 10513 bytes
  ! Last configuration change at 13:03:55 Nigeria Mon Nov 29 2010 by admin
  ! NVRAM config last updated at 13:03:56 Nigeria Mon Nov 29 2010 by admin
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Nimc_Voice_Router
  boot-start-marker
  boot-end-marker
  ! card type command needed for slot/vwic-slot 0/2
  logging message-counter syslog
  enable secret
  aaa new-model
  ! aaa authentication login default local
  aaa session-id common
  clock timezone Nigeria 1
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 10.1.12.1 10.1.12.10
  ip dhcp excluded-address 192.168.1.1 192.168.1.10
  ip dhcp pool LWAAP-AP
  network 10.1.12.0 255.255.255.0
  default-router 10.1.12.1
  option 43 hex f104.c0a8.0002
  dns-server 83.229.88.30 4.2.2.2 193.238.28.249
  option 60 ascii "Cisco AP c1240"
  ip dhcp pool Wireless
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  ip cef
  no ip domain lookup
  ip domain name nimc.gov.ng
  ip name-server 83.229.88.30
  ip name-server 193.238.28.249
  ip name-server 4.2.2.2
  no ipv6 cef
  multilink bundle-name authenticated
  voice-card 0
  archive
  log config
  hidekeys
  interface GigabitEthernet0/0
  description Connection to AP
  ip address 10.1.12.1 255.255.255.0
  ip helper-address 192.168.0.2
  load-interval 30
  duplex auto
  speed auto
  media-type rj45
  interface Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/1
  ip address 10.1.2.2 255.255.255.0
  duplex auto
  speed auto
  media-type rj45
  interface FastEthernet0/0/0
  no ip address
  shutdown
  duplex auto
  speed auto
  interface Serial0/1/0
  no ip address
  shutdown
  no fair-queue
  clock rate 2000000
  interface Serial0/1/1
  no ip address
  shutdown
  clock rate 2000000
  interface Integrated-Service-Engine1/0
  ip address 192.168.0.1 255.255.255.0
  no keepalive
  interface Integrated-Service-Engine1/0.15
  encapsulation dot1Q 15
  ip address 192.168.1.1 255.255.255.0
  interface Integrated-Service-Engine1/0.100
  encapsulation dot1Q 100
  ip forward-protocol nd
  ip forward-protocol udp 12223
  ip route 10.1.0.0 255.255.255.0 10.1.1.1
  ip route 10.1.1.0 255.255.255.0 10.1.1.1
  ip route 10.1.2.0 255.255.255.0 10.1.1.1
  ip route 10.1.3.0 255.255.255.0 10.1.1.1
  ip route 10.1.4.0 255.255.255.0 10.1.1.1
  ip route 10.1.5.0 255.255.255.0 10.1.1.1
  ip route 10.1.6.0 255.255.255.0 10.1.1.1
  ip route 10.1.7.0 255.255.255.0 10.1.1.1
  ip route 10.1.8.0 255.255.255.0 10.1.1.1
  ip route 10.1.9.0 255.255.255.0 10.1.1.1
  ip route 10.1.10.0 255.255.255.0 10.1.1.1
  ip route 10.1.11.0 255.255.255.0 10.1.1.1
  ip route 10.1.12.0 255.255.255.0 10.1.1.1
  ip route 192.168.0.0 255.255.255.0 10.1.1.1
  ip route 192.168.1.0 255.255.255.0 10.1.1.1
  no ip http server
  ip http secure-server
  !Core Switch Configsh run
  Building configuration...Current configuration : 10622 bytes
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  service compress-config
  hostname Nimc_Core
  boot-start-marker
  boot-end-marker!
  aaa new-model
  aaa authentication login default local
  aaa session-id common
  storm-control broadcast include multicast
  ip subnet-zero
  no ip domain-lookup
  ip domain-name nimc.gov.ng
  ip dhcp excluded-address 10.1.2.1 10.1.2.10
  ip dhcp excluded-address 10.1.4.1 10.1.4.10
  ip dhcp excluded-address 10.1.5.1 10.1.5.10
  ip dhcp excluded-address 10.1.6.1 10.1.6.10
  ip dhcp excluded-address 10.1.7.1 10.1.7.10
  ip dhcp excluded-address 10.1.8.1 10.1.8.10
  ip dhcp excluded-address 10.1.9.1 10.1.9.10
  ip dhcp excluded-address 10.1.10.1 10.1.10.10
  ip dhcp excluded-address 10.1.3.1 10.1.3.10
  ip dhcp pool Voice
  network 10.1.2.0 255.255.255.0
  next-server 10.1.2.1
  option 150 ip 10.1.2.2
  default-router 10.1.2.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  ip dhcp pool SF_DGs_Office
  network 10.1.3.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.3.1
  dns-server 81.199.3.7
  lease 10
  ip dhcp pool Admin_Process_Fac_Mgt
  network 10.1.4.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.4.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool SF_IDD
  network 10.1.5.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.5.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool Finance_Fin_Inv
  network 10.1.6.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.6.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool Finance_CS
  network 10.1.7.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.7.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool FF_Human_Capital_Mgt
  network 10.1.8.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.8.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool FF_Legal_Services
  network 10.1.9.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.9.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip dhcp pool SF_Procurement_Serv
  network 10.1.10.0 255.255.255.0
  domain-name nimc.gov.ng
  default-router 10.1.10.1
  dns-server 83.229.88.30 193.238.28.249 4.2.2.2
  lease 10
  ip vrf mgmtVrf
  errdisable recovery cause bpduguard
  errdisable recovery interval 180
  power redundancy-mode redundant
  spanning-tree mode mst
  spanning-tree portfast bpduguard default
  spanning-tree extend system-id
  spanning-tree mst configuration
  name xxxx
  revision 1
  instance 1 vlan 1-20
  spanning-tree mst 1 priority 0
  spanning-tree vlan 1-20 priority 0
  vlan internal allocation policy ascending
  interface FastEthernet1
  ip vrf forwarding mgmtVrf
  no ip address
  speed auto
  duplex auto
  interface GigabitEthernet1/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface GigabitEthernet1/2
  switchport access vlan 4
  switchport mode access
  spanning-tree portfast
  interface GigabitEthernet1/3
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/4
  switchport mode access
  spanning-tree portfast
  interface GigabitEthernet1/5
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/6
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/7
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/8
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast!
  interface GigabitEthernet1/9
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/10
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/11
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/12
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/13
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/14
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/15
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/16
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/17
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/18
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/19
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/20
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/21
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/22
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/23
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/24
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/25
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/26
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/27
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/28
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/29
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/30
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/31
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfastinterface GigabitEthernet1/32
  switchport access vlan 2
  switchport voice vlan 4
  interface GigabitEthernet1/33
  switchport mode access
  interface GigabitEthernet1/34
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/35
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/36
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/37
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/38
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/39
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/40
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/41
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/42
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/43
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/44
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/45
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/46
  switchport access vlan 2
  switchport mode access
  switchport voice vlan 4
  spanning-tree portfast
  interface GigabitEthernet1/47
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface GigabitEthernet1/48
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface Vlan1
  no ip address
  shutdown
  interface Vlan2
  description Management
  ip address 10.1.1.1 255.255.255.0
  interface Vlan3
  description Enterprise
  ip address 10.1.0.1 255.255.255.0
  interface Vlan4
  description Voice
  ip address 10.1.2.1 255.255.255.0
  interface Vlan5
  description SS_DGs_Office
  ip address 10.1.3.1 255.255.255.0
  interface Vlan6
  description Admin_Process_Fac_Management
  ip address 10.1.4.1 255.255.255.0
  interface Vlan7
  description SF_National_Identity_Database
  ip address 10.1.5.1 255.255.255.0
  interface Vlan8
  description Fin_Finance_Investment
  ip address 10.1.6.1 255.255.255.0
  interface Vlan9
  description Fin_Corporate_Services
  ip address 10.1.7.1 255.255.255.0
  interface Vlan10
  description FF_Human_Capital_Management
  ip address 10.1.8.1 255.255.255.0
  interface Vlan11
  description FF_Legal_services
  ip address 10.1.9.1 255.255.255.0
  interface Vlan12
  description SF_Procurement_Services
  ip address 10.1.10.1 255.255.255.0
  ip default-gateway 10.1.1.2
  ip route 0.0.0.0 0.0.0.0 10.1.1.2
  ip route 10.1.1.0 255.255.255.0 10.1.1.2
  ip route 10.1.2.0 255.255.255.0 10.1.1.2
  ip route 10.1.3.0 255.255.255.0 10.1.1.2
  ip route 10.1.4.0 255.255.255.0 10.1.1.2
  ip route 10.1.5.0 255.255.255.0 10.1.1.2
  ip route 10.1.6.0 255.255.255.0 10.1.1.2
  ip route 10.1.7.0 255.255.255.0 10.1.1.2
  ip route 10.1.8.0 255.255.255.0 10.1.1.2
  ip route 10.1.9.0 255.255.255.0 10.1.1.2
  ip route 10.1.10.0 255.255.255.0 10.1.1.2
  ip route 10.1.11.0 255.255.255.0 10.1.1.2
  ip http server
  --More--                 
  control-plane
  line con 0
  stopbits 1
  line vty 0 4
  end
  Please i need somebody to help me

  I wouldn't configure an ip address on the service engine subinterface.
  Try setting up a vlan interface on the router with that ip address and the subinterface will be linked to the vlan interface through the encapsulation command. A vlan interface will better work as a gateway for the wireless clients
  Nicolas

• Quesiton about PVID , SA520, Native VLAN

  Is PVID the same thing as "native vlan"? Can the native VLAN be changed on a SA520? Currently I believe it to be 1, I'd like to change the native VLAN to 10.
  I have a scenario where I have a prexisting production LAN of  192.168.1.0/24 . It's a small organization (a church), but they purchased 3 Aironet 1130ag units. They want to have a "private" WLAN that is part of 192.168.1.0/24 , and a guest WLAN of a different subnet (I chose 192.168.20.0/24) . The two should never meet. There will likely never be a guest computer connected via ethernet. Guest computers would always have to connect wirelessly.
  I accomplished this to a point.
  I left VLAN 1 on the SA520 192.168.75.0/24 subnet as default.I created a VLAN 10 , 192.168.1.0/24 subnet, and I created a VLAN 20, 192.168.20.0/24 subnet.
  VLAN Recap:
  VLAN 1 , 192.168.75.0/24
  VLAN 10, 192.168.1.0/24
  VLLAN 20, 192.168.20.0/34
  Ports 1-3 of the SA520 are members of VLAN 1, 10, and 20 (cannot remove membership of VLAN1, which is pretty annoying).
  The Aironets have been configured correctly.
  SSID: Priv is part of VLAN 10
  SSID: Pub is part of VLAN 20
  Both are secured by WPA, and when I connect, the proper DHCP subnet passes from the firewall through to the wireless client, for each respective SSID.
  Ultimately, I'd like the SBS 2003 server to handle DHCP for VLAN 10, and have the SA520 handle DHCP for VLAN 20, but i'll take what I can get.
  Here's my challenge:
  The original production LAN is connected via an unmanged switch.
  I'd like to trunk the unmanaged switch to Port 4 on the SA520. However, since the PVID (native vlan?) of SA520 is 1, and I cannot make Port 4 on the SA520 ony a member of VLAN 10, then anything traffic coming from the unanaged switch will automatically be tagged with VLAN1, correct? Thus causing the already existing production network to start receiving DHCP from the firewall in the 192.168.75.0/24 range.
  Any ideas or help on the above?
  What I would do if I had a managed switch on the production LAN:
  If I had a managed switch on the production LAN, what I think I would do is make one port a trunk port, connect that port to Port 4 on the SA520, then make all the rest of the ports on the managed switch access ports, and members of VLAN 10. Am I on the right track there?
  Hiccups when setting up the WAP:
  I would have changed the VLAN 1 on SA520 to 192.168.1.0/24  subnet, and only created a second subnet, but there was a challenge  with that and the WAP's.
  Cannot change the VLAN the dot11radio0 is a part of. There's not encapsulation command.
  Could  not broadcast the SSID's successfully and secure via WPA unless the  SSID's were on VLAN's other than 1. The dot11radio0 would go into a  "reset" state.
  Could change the VLAN subinterfaces  of dot11radio0 were on, for example dot11radio0.10 is a member of VLAN  10.  Dot11radio0.20 is a member of VLAN2.
  In any event, it's working, but the rest of the infrastructure is the challenge.
  Here's one of my  WAP configs as an example:
  Building configuration...
  Current configuration : 2737 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname WAP2
  enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
  no aaa new-model
  no ip domain lookup
  dot11 syslog
  dot11 ssid CASPRIV
     vlan 10
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 107E1B101345425A5D4769
  dot11 ssid CASPUB
     vlan 20
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 132616013B19066968
  username Cisco password 7 0802455D0A16
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 20 mode ciphers aes-ccm
  encryption vlan 10 mode ciphers aes-ccm
  ssid CASPRIV
  ssid CASPUB
  mbssid
  channel 6
  station-role root
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.10
  encapsulation dot1Q 10
  ip address 192.168.1.5 255.255.255.0
  no ip route-cache
  bridge-group 10
  bridge-group 10 subscriber-loop-control
  bridge-group 10 block-unknown-source
  no bridge-group 10 source-learning
  no bridge-group 10 unicast-flooding
  bridge-group 10 spanning-disabled
  interface Dot11Radio0.20
  encapsulation dot1Q 20
  ip address 192.168.20.3 255.255.255.0
  no ip route-cache
  bridge-group 20
  bridge-group 20 subscriber-loop-control
  bridge-group 20 block-unknown-source
  no bridge-group 20 source-learning
  no bridge-group 20 unicast-flooding
  bridge-group 20 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  encryption mode ciphers aes-ccm
  ssid CASPRIV
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.10
  encapsulation dot1Q 10
  no ip route-cache
  bridge-group 10
  no bridge-group 10 source-learning
  bridge-group 10 spanning-disabled
  interface FastEthernet0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface BVI1
  no ip address
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local

  Hello Paul,
  You have a lot going on here so forgive me if I miss something.
  PVID is for Primary/Port Vlan ID. It is used to identify the vlan on a port and can be used to change the native vlan of a port. You can change the PVID on port 4 of the SA520 to be vlan 10 if you need to.
  The simplest setup would be for you to have your private network all be on the native vlan 1 and set your guest to be on another vlan. All of this would be possible without any problem on the SA520. Unfortunately I do not have much experience with the Aironet APs but they should allow you to continue this configuration onto the wireless network. For assistance with the Aironet APs I would have to refer you to someone more familiar.
  I do hope this helps with setting your network.

• Ubr7200 (7246) and VLAN Trunks

  Has anyone successfully setup a VLAN subinterface on a ubr7200? All of the documents I have seen on TAC state I should use the encapsulation command but it is not available. I want to do something like:
  interface gig 2/0.500
  encapsulation dot1q 500
  ip address x.x.x.x y.y.y.y
  uBR7246VXR (NPE300) 13.3(17a)BC
  1 FastEthernet/IEEE 802.3 interface(s)
  1 Gigabit Ethernet/IEEE 802.3 interface(s)
  1 ATM network interface(s)
  1 Cable Modem network interface(s)

  I thought I had tried an IP+ feature this weekend out of desperation. I downloaded it but I guess I didn't copy it to flash. Is there a decent chart that shows the differences? I kind of got burned on something similiar when I ordered a 3750. I was assured the base install was sufficient for my needs. A few weeks later and before the 3750 came in (I had the delivery pushed for budget reasons), I was discussing adding some additional equipment, the VAR sales rep suddenly realized I needed the enterprise version. My CFO was not happy about the unexpected expenditure. At least this router isn't in my cost center and instead belongs to an engineering department.

• Setting Inter VLAN in the Router.

  Hi,
  I trying to set up inter VLAN on the Cisco 2651XM router. I try to type the IP address on the sub interface but it gives me an error. I need to set up first
  the encapsulation dot1 q. I type encapsulation command but it doesn't recognized.
  This is the version of my router
  Cisco Internetwork Operating System Software
  IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5,  RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 1986-2002 by cisco Systems, Inc.
  Compiled Fri 21-Jun-02 08:50 by ccai
  Image text-base: 0x80008074, data-base: 0x80A2BD40
  ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
  Router uptime is 32 minutes
  System returned to ROM by power-on
  System image file is "flash:c2600-i-mz.122-8.T5.bin"
  cisco 2651XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of memory.
  Processor board ID JAD07130B30 (708131756)
  M860 processor: part number 5, mask 2
  Bridging software.
  X.25 software, Version 3.0.0.
  2 FastEthernet/IEEE 802.3 interface(s)
  2 Serial network interface(s)
  32K bytes of non-volatile configuration memory.
  32768K bytes of processor board System flash (Read/Write)
  Configuration register is 0x2142
  Do I need to update my cisco IOS if I do what os version I need and how can i download the cisco IOS.

  Thanks for the help. I don't need to change the version. I figure it out already..

• Etherchannel - Config Question

  First time configuring etherchannel.  I have followed the documentation, watched videos, etc.  The channel is up, but wanted to verify I did it right - and have not missed something.
  Scenario:
  Connecting a brand new 3650X into a 3750.  The 3750 is the "Core" and does the layer 3 routing, etc.  The 3650 is going to become a new Server Backbone - should participate on VLAN 10 only.  All servers in our data farm will connect into it (eventually).
  Normally we just create one trunk port on each switch and call it done (we do not have a big data farm/and or IT team) but I wanted to start looking at Etherchannel, etc.
  Config - Core:
  interface GigabitEthernet2/0/12
   description ***Trunk to 203 - Server Backbone***
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10
   switchport mode trunk
   switchport nonegotiate
   channel-group 1 mode on
  interface Port-channel1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10
   switchport mode trunk
   switchport nonegotiate
  Server Backbone:
  interface GigabitEthernet1/0/1
   description ***Server Backbone - Switch 3 - Trunk***
   switchport trunk allowed vlan 10
   switchport mode trunk
   switchport nonegotiate
   channel-group 1 mode on
  interface Port-channel1
   switchport trunk allowed vlan 10
   switchport mode trunk
   switchport nonegotiate
   (Does not have the encapsulation command, as not available in that IOS - assuming it is automatic?).
  Basically I am looking to improve throughput and redundancy.  Is there anything else I should add and/or change about what was configured?
  (NOTE:  I know these may or may not be the best switches to use - but they are what we can afford on our budget).

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Well, of course, you want more than one link in your port-channel, both for additional aggregate bandwidth and additional redundancy.
  You may want to review whether you're using the optimal hashing algorithm for your port-channel.

• Trunking Catalyst 2950 to Catalyst 3750 problem

  I cannot seem to figure out how to trunk a catalyst 3750 to a Catalyst 2950.
  I've set
  3750(config)#interface fastethernet 1/0/2
  switchport mode trunk
  switchport trunk encapsulation dot1q
  BUT my Catalyst 2950 does not offer the "switchport trunk encapsulation dot1q" command
  My 2950 is running IOS version 12.1(20)EA1a
  is there a work around for this situation. Our network still employs a bunch of these 2950's.

  The Catalyst 2950 series can only do 802.1Q trunking. It's the default, and only, choice. So there's no need to specify it when trunking.
  In fact, since you don't have a choice of which encapsulation to use, there's no need for a "switchport trunk encapsulation" command. Which is why it's missing from the Cat2950 switch IOS.
  This took me by surprise too, when I first transitioned out of the 3500XL series into 2950 and 3550 switches.

• What function can a 2501 router possibly serve?

  obviously i'm a newb. but i'm pulling my hair out trying to understand cisco. in order to figure things out i bought a cheap 2501 router. and i have no clue what its for.
  #1. it has no ethernet port. So it must not go on a network? No thats untrue! the AUI port has a tranceiver you can buy to get it onto the network. But that's all the AUI port can do. So instead of putting an ethernet port they put an AUI port. Great thanks, the tranceiver costs more than the whole router! why didn't cisco put a ethernet port to begin with? whats so much better about having a AUI port?
  #2 You cannot configure subinterfaces on the 2501. ie you can't do e0.1 or e0.2 why? because there is no encapsulation command for subinterfaces and it wont let you assign ip addressess to subinterfaces until you set an encapsulation method. So if you ever thought "router on a stick" WRONG, 2501 has no capability of doing that. its not compatible with vlans period.
  #3 "but it has 2 serial ports", so what? i can connect to another router? this lets me do what? share router resources while at a throughput cost? or is this so i can give my router another AUI port,err, i mean ethernet port? why not just give it another ethernet port then? obviously cisco thought serial>ethernet and aui>ethernet but i don't understand their thought process at all on that!
  #4 again with only 1 ethernet port you can't connect one end of this router to the internet, and the other end to your lan, theres not enough ports. so forget saying you use it as a firewall or special ACL's. how would the topology look? is your internet connect to a switch which then goes to your 2501? then your 2501 filters and sends it back to the switch? won't the switch just broadcast everything to begin with essentially bypassing the router anyways? or would you hook this router up next to a router already, and if thats the case then why not put a firewall on that router, why introduce the 2501. it's a stub network and its pointless in any topology.
  so... wtf is the point of the 2501. obviously i'm missing a HUGE part of cisco routing. i know i'll smack myself in the head for not thinking of it. but grrr i'm so confused, what in the world is this thing used for!?

  Hi There
  In answer to your questions, there is quite a lot you can do with a 25xx routers. Granted a single 2501 router is not much use, but if you had a couple of them attached together and maybe 1 26xx, the possibilities are huge. See the attached file for what my original Lab looked like.
  As the previous poster has stated, the 2500 series routers are from a time where 10mbps LANs were cutting edge. Each 25xx router would mostly look after routing 1 LAN network/subnet to the rest of the LAN or WAN.
  My Initial CCNA home practice lab was made up of 4 25xx routers and 1 26xx router. With these routers I could configure a Frame Relay network, direct serial connections, run RIP, IGRP, EIGRP and OSPF, configure ISDN (with the help of an ISDN simulator). Admittedly, ROAS was not available on the 25xx routers, but I had the 26xx for that with switches capable of VLAN's.
  The reason that the 2501's Ethernet port (AUI connector) cannot do ROAS is because it only runs at 10mbps/half duplex. So even if the interface was an RJ45 interface it still would not be able to provide ROAS functionality.
  The 25xx routers were quite cheap and when maxed out with DRAM & Flash (16mb of each), they could run IOS 12.3. I am quite grateful to the 25xx routers for providing me with a low cost option which allowed me to practice the hands on skills required to pass my CCNA.
  And today even though my home lab has evolved to meet the requirements of my CCNP studies, my 25xx routers are still in the mix and working like a charm.
  See My current Lab here http://homepage.eircom.net/~keeleym/home-Lab2.jpg
  So in my opinion if you look positively at what you can do with your 2501 instead of what you cannot do, I think you will be pretty surprised at just how useful it actually is.
  Best Regards,
  Michael

• EBGP connectivity

  Hi Guys,
  a Quick question, let's say we are connecting 2 routers (PE and CE) with eBGP over an sub interfaces that are serving different services.... should the sub interface number match on each router for each service ? or that would not effect the eBGP peering??
  For example, would it work if im configuring 1/0/0.10 for X service on the PE and 2/0/0.20 for the same service on the CE??
  Thanks,

  Thanks Rick and John for your answers.
  Rick,
  My case is exactly as John's question, both routers will be connected directly to each others without any switch in between with 10G interface that is divided to many sub interfaces serving different services (each subinterface will be associated with different VRF from the PE side).  Now in this case is encapsulation needed? or should the interfaces numbers match in any case for this scenario? 
  I ask because according to friend of mine he tried to do this scenario with a Juniper CE connected to a Cisco PE without adding encapsulation command manually on the juniper from the juniper side (this command could have been added from cisco side but i'm not sure since the guy was working on juniper) ,and said that when he used different sub interface number on the juniper router the ebgp did not establish but when he used the same number the ebgp was established!! does that make any sense? would the encapsulation be enabled by default? 
  and if so, let's say you have a requirement to establish new ebgp connectivity (L3) with vlan 10 , but then you discovered that this vlan is configured internally on your router for an existing network (different subnet) and has an svi (irb) would it be fine to proceed? or the subinterface (vlan) number for ebgp peering should be unique.  
  Thanks,

• Vlans up and down

  I have a Cisco 2950 on which I have configured vlan3 and vlan4. I've assigned half the ports to vlan3 and the other half to vlan4. When I do a "show int vlan3" and "show int vlan4", one of the vlans is up and other is down. I go to the interface that is down and issue a "no shut" command. That interface comes up, but the other automatically goes down. I can't seem to have both up simultaneously. Any ideas as to what is going on with this? Thanks.

  Hi Andy,
  Yes you are perfectly right. On the 2050 switch only one management interface up because it is layer 2 switch and managmenet interface is only used for manageremt purpose.
  Rest on royter you can configure subinterfaces with encapsulation command and can get vlans talk to each other.
  Make sure the connection from the switch to the router should be trunk connection to carry inf for more than one vlan which is vlan 1 and vlan 2 in your case.
  HTH
  Ankur

• Port channel from 2960 to Cisco Core 6513

  I have a Cisco 6513 Core Switch, which is in a vtp domain and the core is the Server.  There are a number of other port channels going from the 6513 to other 2960 switch stacks.  The other switch stacks are in vtp client mode and are getting all vlans form the Server 6513 within this vtp domain.
  I am trying to connect 2 - 2960S FPD L switches, which are connected together via flex module/flex cable.  I have 2 sfp's in the sfp ports on one of these switches and am creating one port channel of 20G(2 10G ports Te1/0/1 and Te1/0/2) going to two 10Gig ports on the Cisco 6513(Te9/7 and Te9/8) as a port channel created on the 6513 end. 
  I want to know first of all if it is possible to keep the 2960's in transparent mode and only allow 2 vlans to go to these 2 2960's.  I don't need all vlans on these switches, and the other 2960 stacks going to the 6513 do have all vlans and are in the vtp domain.  This one would only all vlans 4, and 20.
  Can someone give me an example of the setup on each end to make this work?  I have tried and get a subnet mask error, so I must be going something wrong.  The vlans:  vlan 4: 10.35.3.0/22 and vlan 20 :  10.35.20.0/24 would be the only ones I would want to tag ports for on these 2 2960 switches in transparent mode.
  Wanted to also setup a management interface for vlan 20 so I can remotely connect to 2960 stack.  It would be 10.35.20.30 for the int management IP.
  Thanks in advance
  Dave 

  Many Cisco switches support two methods of trunking - dot1q and ISL.  ISL is a Cisco-proprietary method of trunking.  The 2960's do not support ISL, so dot1q is on by default.  There's no need for the trunk encapsulation command.
  When a frame is transferred over a trunk, dot1q trunking adds a tag to the frame so that the receiving switch knows which vlan the frame belongs to.  Your native vlan is a special vlan which does not have a tag applied.  Among other things, it's used for administrative traffic between the switches such as the messages the switches exchange to negotiate a port channel.  You can use one of your two vlans - vlan 4 or 20 - as your native vlan but it's recommended that you use a different vlan to segregate the traffic.  If you do not specify a native vlan, the switch will use vlan 1 as the native.  It's considered more secure to not use vlan 1 on your network, so it's recommend to have a different vlan explicitly configured as native.  If you're using vlan 1 as native through the rest of the network - if none of your other trunks have a native vlan explicitly configured - it doesn't do much good to change it on this one trunk.  You do not have to explicitly allow the native vlan on the trunk.  If you leave your native vlan as 1 and allow vlans 4 and 20 it will work fine.  You might want to do some research on the security implications and consider changing it through the whole network but that's a separate issue from getting this to work.
  Port channel numbers are locally significant.  They don't have to match on opposite ends of the channel, they just have to be the same on each interface of a particular switch.  You can use either mode desirable or mode on.  It changes the way the switches set up the port channel a little bit but it doesn't change the way the channel operates. 

• IOS feature set for subinterface routing . . .

  I just acquired a couple of 2600s with single eth. interfaces. I would like to configure subinterfaces (one for public IP, the other for internal.) However, my current IOS insists that I can not assign IP addresses until I make the main interface a part of an ISL or dotq VLAN. Can someone tell me which feature I'm looking for in the feature navigator? I have a feeling I'm going to need to upgrade my routers from their current 32/8 mem.
  -Shikamaru

  Hi Shikamaru,
  You need to have atleast IP PLUS feature IOS on your box to make encapsulation command working on subinterface.
  Regards,
  Ankur