Encapsulation command in subif
Greets,
I have a 2610 router and I am attempting to enable DOT1Q on eth0/0.1 for router-on-a-stick configuration.
My sh ver is as follows:
Router>sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 21-Jun-02 08:50 by ccai
Image text-base: 0x80008074, data-base: 0x80A2BD40
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Router uptime is 39 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.122-8.T5.bin"
cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory.
Processor board ID JAD042108TF (1440777694)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Now the problem is I can not enter the encapsulation command as you can see here:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int eth0/0.1
Router(config-subif)#encapsulation
^
% Invalid input detected at '^' marker.
Any reason for this? I thought IOS 12.2 should have dot1q capability.
Cheers
Hi Dan.
you're right as this document does.
http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921e4.html
But you need to make sure that by using the cisco navigator.
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
As far as I see you should use c2600-is-mz.122-4.T.bin IOS that is IP-PLUS feature set.Kindly check the ios you want for sure!
Edit : Jon and Glen are absolutely right. I didn't see your replies.
Hopes this helps
Thot
Similar Messages
-
3725 with IP Base 12.3 doesn't accept encapsulation command - URGENT
Hello,
We have replave a 3620 router by a 3725, but the configuration of the vlan doesn't work on the 3725 because it doesn't accept the encapsulation command following:
- encap dot1Q 1
- encap ISL
Here after is the Vlan configuration:
interface FastEthernet0/0
description VERS CLIENT-PACKET VLAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
duplex auto
speed auto
no cdp enable
interface FastEthernet0/0.2
description vers cyber express
bandwidth 64
encapsulation dot1Q 2
ip address 10.227.2.254 255.255.255.0
ip access-group 101 in
ip nat inside
Is there someone to help us?
Thanks.I tried with IP Plus in lab and do see encapsulation options
3725-A#sh ver | include IOS
IOS (tm) 3700 Software (C3725-IS-M), Version 12.3(15a), RELEASE SOFTWARE (fc2)
3725-A#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3725-A(config)#int fastEthernet 0/1.1
W2N-3.7-3725-A(config-subif)#encapsulation ?
dot1Q IEEE 802.1Q Virtual LAN
isl Inter Switch Link - Virtual LAN encapsulation
tr-isl Token Ring Inter Switch Link - Virtual LAN encapsulation
3725-A(config-subif)#encapsulation dot1Q 1 native
3725-A(config-subif)#ip address 10.1.1.1 255.255.255.0
3725-A(config-subif)#
3725-A#dir flash:
Directory of flash:/
1 -rw- 19584036 Mar 2 1993 02:36:40 +00:00 c3725-is-mz.123-15a -
Can't set encapsulation on Sub-Interaces - 2621 Router
I am studying for my CCNA, playing around with a few of the dirfferent concepts with my hardware. I am trying to setup a router on a stick configuration using a 2600 router and a 2900 catalyst switch.
I have the FastEthernet 0/1 port plugged into Fa0/1 on the switch. The switch has three vlans setup with a client on each vlan
I have set the port on the switch as follows:
Switch(config-if)#switchport mode Trunk
Switch(config-if)#switchport trunk native vlan 1
Switch(config-if)#switchport trunk encapsulation isl
When I try to set the router, I get this:
rt01(config)#int fa0/1
rt01(config-if)#no ip add
rt01(config-if)#exit
rt01(config)#int fa0/1.1
rt01(config-subif)#encapsulation isl
^
% Invalid input detected at '^' marker.
I cannot set the encapsulation on the sub interface, ISL or dot1q - it doesn't recognize the "encapsulation command" command at all.
My show version is below. I can't confirm one way or another if this image supports IP Plus (which I've been told may be the problem), but based on the message I get when trying to set the IP address on the subif I would think it does..?
My router sh ver shows:
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.3(6), RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Wed 11-Feb-04 19:24 by kellythw
Image text-base: 0x80008098, data-base: 0x80C83E28
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
rt01 uptime is 1 day, 51 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.123-6.bin"
cisco 2621 (MPC860) processor (revision 0x200) with 61440K/4096K bytes of memory
Processor board ID JAD050309VG (2886660437)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102Hi
c2600-i-mz.123-6.bin is the IP (not IP Plus) version of software. This doesn't support dot1q or ISL trunks.
The IP Plus would be required for this feature (image name for the plus equivalent of your image would be c2600-is-mz.12.3-6.bin)
Regards
Aaron
Please rate helpful posts... -
2960 will not allow "switchport trunk encapsulation dot1q" CLI
I have a Cisco 2960 switch that is not allowing me to setup switchport trunk encapsulation dot1q on a trunking interface.
The show capabilities shows that the interface can use 802.1q, but when I try to CLI the command the work encapsulation is not an option.
Please advise with a solution.
Thanks, S
Model - WS-C2960G-24TC-L
SW Version - 12.2(44)SE6
SW Image - C2960-LANBASEK9-M
S1#
S1#sh int gi0/23 capabilities
GigabitEthernet0/23
Model: WS-C2960G-24TC-L
Type: 1000BaseLX SFP
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
Multiple Media Types: rj45, sfp, auto-select
S1#
S1#
S1#
S1(config-if)#switchport ?
access Set access mode characteristics of the interface
backup Set backup for the interface
block Disable forwarding of unknown uni/multi cast addresses
host Set port host
mode Set trunking mode of the interface
nonegotiate Device will not engage in negotiation protocol on this
interface
port-security Security related command
priority Set appliance 802.1p priority
protected Configure an interface to be a protected port
trunk Set trunking characteristics of the interface
voice Voice appliance attributes
S1#
S1#
S1#
S1(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
pruning Set pruning VLAN characteristics when interface is in trunking mode
S1#
S1#
S1#Newer devices don't support ISL so you can only run 802.1Q. That means that there is no need for an encapsulation command because only one encapsulation is supported. If the device had support for ISL then you would also have that command.
Daniel Dib
CCIE #37149
Please rate helpful posts. -
WLAN Clients not browsing on Cisco Wireless Controller WLC NME-AIR-WLC12-K9
HiI have a question and i need a solution and expert help.I have done a deployment which involves Security (ASA5540), Routing/voice gateway/wlc NME-AIR-WLC12-k9) and Switching (Cisco3845-ccme/k9)Below is the list of equipment used:1. Cisco ASA 5540 - which is connected at the edge to the ISP router
2. Core Switch WS-C4948E as core and DHCP Server for all VLANs
3. Access/Distribution Switches WS-C3560G-48PS-S connected as trunk to the core switch
4. Router/Voice Gateway/WLC Cisco3845-CCME/K9 - This is the voice gateway and also the WLC
5. Wireless APs AIR-LAP1242AG-E-K9 (12 qty)Here is the deployment scenario:1. G0/0 of the ASA is connected to a 7200 router from the ISP (Public IP Add)
2. G0/1 of the ASA is connected to gig 1/3 on the Core Switch on VLAN 2 which is the management VLAN (Local IP 10.1.1.2)
3. Port 3 of the Core switch is on vlan 2 connected to ASA - Management IP of Core Switch is 10.1.1.1. Core Switch is the DHCP Server for all VLANS on the network.
4. All the Access/Distribution switches are configured with IP Addresses on VLAN 2
5. Telephony Services is configured on the router and DHCP Pool for Access Points and Wireless Clients is running on the router.
6. Two DHCP pools were created on the router for APs and Wireless Clients.
7. G0/0 of the router is configured on the same network that issues dhcp ip to the AP and is connected to gig 1/1 on the core switch
8 G0/1 of the router is configured as the voice port for the IP Telephony Services and is connected to G 1/2 on the core switch1. Clients receiving DHCP IP on the Core Switch can communicate with all vlans and can browse to the Internet.
2. IP Telephony Services is running well.
3. Client on wireless can get IP from the DHCP on the router but cannot browse.I have pings from the router to the core switch and firewall, but clients connected to the wireless
cannot ping other vlans on the core switch and vice versa.The port connecting the router to the core switch is an Access Port, i have changed to to trunk but still no changes.My biggest problem now is how to make the clients on the wireless communicate with other clients on the network and be able to browse to the Internet.Below is the configs on the router and core switch.Router ConfigNimc_Voice_Router#sh run
Building configuration...
Current configuration : 10513 bytes
! Last configuration change at 13:03:55 Nigeria Mon Nov 29 2010 by admin
! NVRAM config last updated at 13:03:56 Nigeria Mon Nov 29 2010 by admin
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Nimc_Voice_Router
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/2
logging message-counter syslog
enable secret
aaa new-model
! aaa authentication login default local
aaa session-id common
clock timezone Nigeria 1
dot11 syslog
ip source-route
ip dhcp excluded-address 10.1.12.1 10.1.12.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LWAAP-AP
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
option 43 hex f104.c0a8.0002
dns-server 83.229.88.30 4.2.2.2 193.238.28.249
option 60 ascii "Cisco AP c1240"
ip dhcp pool Wireless
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip cef
no ip domain lookup
ip domain name nimc.gov.ng
ip name-server 83.229.88.30
ip name-server 193.238.28.249
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
archive
log config
hidekeys
interface GigabitEthernet0/0
description Connection to AP
ip address 10.1.12.1 255.255.255.0
ip helper-address 192.168.0.2
load-interval 30
duplex auto
speed auto
media-type rj45
interface Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
interface Integrated-Service-Engine1/0
ip address 192.168.0.1 255.255.255.0
no keepalive
interface Integrated-Service-Engine1/0.15
encapsulation dot1Q 15
ip address 192.168.1.1 255.255.255.0
interface Integrated-Service-Engine1/0.100
encapsulation dot1Q 100
ip forward-protocol nd
ip forward-protocol udp 12223
ip route 10.1.0.0 255.255.255.0 10.1.1.1
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.2.0 255.255.255.0 10.1.1.1
ip route 10.1.3.0 255.255.255.0 10.1.1.1
ip route 10.1.4.0 255.255.255.0 10.1.1.1
ip route 10.1.5.0 255.255.255.0 10.1.1.1
ip route 10.1.6.0 255.255.255.0 10.1.1.1
ip route 10.1.7.0 255.255.255.0 10.1.1.1
ip route 10.1.8.0 255.255.255.0 10.1.1.1
ip route 10.1.9.0 255.255.255.0 10.1.1.1
ip route 10.1.10.0 255.255.255.0 10.1.1.1
ip route 10.1.11.0 255.255.255.0 10.1.1.1
ip route 10.1.12.0 255.255.255.0 10.1.1.1
ip route 192.168.0.0 255.255.255.0 10.1.1.1
ip route 192.168.1.0 255.255.255.0 10.1.1.1
no ip http server
ip http secure-server
!Core Switch Configsh run
Building configuration...Current configuration : 10622 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Nimc_Core
boot-start-marker
boot-end-marker!
aaa new-model
aaa authentication login default local
aaa session-id common
storm-control broadcast include multicast
ip subnet-zero
no ip domain-lookup
ip domain-name nimc.gov.ng
ip dhcp excluded-address 10.1.2.1 10.1.2.10
ip dhcp excluded-address 10.1.4.1 10.1.4.10
ip dhcp excluded-address 10.1.5.1 10.1.5.10
ip dhcp excluded-address 10.1.6.1 10.1.6.10
ip dhcp excluded-address 10.1.7.1 10.1.7.10
ip dhcp excluded-address 10.1.8.1 10.1.8.10
ip dhcp excluded-address 10.1.9.1 10.1.9.10
ip dhcp excluded-address 10.1.10.1 10.1.10.10
ip dhcp excluded-address 10.1.3.1 10.1.3.10
ip dhcp pool Voice
network 10.1.2.0 255.255.255.0
next-server 10.1.2.1
option 150 ip 10.1.2.2
default-router 10.1.2.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
ip dhcp pool SF_DGs_Office
network 10.1.3.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.3.1
dns-server 81.199.3.7
lease 10
ip dhcp pool Admin_Process_Fac_Mgt
network 10.1.4.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.4.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_IDD
network 10.1.5.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.5.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_Fin_Inv
network 10.1.6.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.6.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool Finance_CS
network 10.1.7.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.7.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Human_Capital_Mgt
network 10.1.8.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.8.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool FF_Legal_Services
network 10.1.9.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.9.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip dhcp pool SF_Procurement_Serv
network 10.1.10.0 255.255.255.0
domain-name nimc.gov.ng
default-router 10.1.10.1
dns-server 83.229.88.30 193.238.28.249 4.2.2.2
lease 10
ip vrf mgmtVrf
errdisable recovery cause bpduguard
errdisable recovery interval 180
power redundancy-mode redundant
spanning-tree mode mst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree mst configuration
name xxxx
revision 1
instance 1 vlan 1-20
spanning-tree mst 1 priority 0
spanning-tree vlan 1-20 priority 0
vlan internal allocation policy ascending
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/2
switchport access vlan 4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/3
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/4
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/5
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/6
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/7
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/8
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast!
interface GigabitEthernet1/9
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/10
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/11
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/12
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/13
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/14
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/15
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/16
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/17
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/18
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/19
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/20
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/21
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/22
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/23
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/24
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/25
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/26
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/27
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/28
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/29
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/30
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/31
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfastinterface GigabitEthernet1/32
switchport access vlan 2
switchport voice vlan 4
interface GigabitEthernet1/33
switchport mode access
interface GigabitEthernet1/34
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/35
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/36
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/37
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/38
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/39
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/40
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/41
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/42
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/43
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/44
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/45
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/46
switchport access vlan 2
switchport mode access
switchport voice vlan 4
spanning-tree portfast
interface GigabitEthernet1/47
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/48
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
no ip address
shutdown
interface Vlan2
description Management
ip address 10.1.1.1 255.255.255.0
interface Vlan3
description Enterprise
ip address 10.1.0.1 255.255.255.0
interface Vlan4
description Voice
ip address 10.1.2.1 255.255.255.0
interface Vlan5
description SS_DGs_Office
ip address 10.1.3.1 255.255.255.0
interface Vlan6
description Admin_Process_Fac_Management
ip address 10.1.4.1 255.255.255.0
interface Vlan7
description SF_National_Identity_Database
ip address 10.1.5.1 255.255.255.0
interface Vlan8
description Fin_Finance_Investment
ip address 10.1.6.1 255.255.255.0
interface Vlan9
description Fin_Corporate_Services
ip address 10.1.7.1 255.255.255.0
interface Vlan10
description FF_Human_Capital_Management
ip address 10.1.8.1 255.255.255.0
interface Vlan11
description FF_Legal_services
ip address 10.1.9.1 255.255.255.0
interface Vlan12
description SF_Procurement_Services
ip address 10.1.10.1 255.255.255.0
ip default-gateway 10.1.1.2
ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip route 10.1.1.0 255.255.255.0 10.1.1.2
ip route 10.1.2.0 255.255.255.0 10.1.1.2
ip route 10.1.3.0 255.255.255.0 10.1.1.2
ip route 10.1.4.0 255.255.255.0 10.1.1.2
ip route 10.1.5.0 255.255.255.0 10.1.1.2
ip route 10.1.6.0 255.255.255.0 10.1.1.2
ip route 10.1.7.0 255.255.255.0 10.1.1.2
ip route 10.1.8.0 255.255.255.0 10.1.1.2
ip route 10.1.9.0 255.255.255.0 10.1.1.2
ip route 10.1.10.0 255.255.255.0 10.1.1.2
ip route 10.1.11.0 255.255.255.0 10.1.1.2
ip http server
--More--
control-plane
line con 0
stopbits 1
line vty 0 4
end
Please i need somebody to help meI wouldn't configure an ip address on the service engine subinterface.
Try setting up a vlan interface on the router with that ip address and the subinterface will be linked to the vlan interface through the encapsulation command. A vlan interface will better work as a gateway for the wireless clients
Nicolas -
Quesiton about PVID , SA520, Native VLAN
Is PVID the same thing as "native vlan"? Can the native VLAN be changed on a SA520? Currently I believe it to be 1, I'd like to change the native VLAN to 10.
I have a scenario where I have a prexisting production LAN of 192.168.1.0/24 . It's a small organization (a church), but they purchased 3 Aironet 1130ag units. They want to have a "private" WLAN that is part of 192.168.1.0/24 , and a guest WLAN of a different subnet (I chose 192.168.20.0/24) . The two should never meet. There will likely never be a guest computer connected via ethernet. Guest computers would always have to connect wirelessly.
I accomplished this to a point.
I left VLAN 1 on the SA520 192.168.75.0/24 subnet as default.I created a VLAN 10 , 192.168.1.0/24 subnet, and I created a VLAN 20, 192.168.20.0/24 subnet.
VLAN Recap:
VLAN 1 , 192.168.75.0/24
VLAN 10, 192.168.1.0/24
VLLAN 20, 192.168.20.0/34
Ports 1-3 of the SA520 are members of VLAN 1, 10, and 20 (cannot remove membership of VLAN1, which is pretty annoying).
The Aironets have been configured correctly.
SSID: Priv is part of VLAN 10
SSID: Pub is part of VLAN 20
Both are secured by WPA, and when I connect, the proper DHCP subnet passes from the firewall through to the wireless client, for each respective SSID.
Ultimately, I'd like the SBS 2003 server to handle DHCP for VLAN 10, and have the SA520 handle DHCP for VLAN 20, but i'll take what I can get.
Here's my challenge:
The original production LAN is connected via an unmanged switch.
I'd like to trunk the unmanaged switch to Port 4 on the SA520. However, since the PVID (native vlan?) of SA520 is 1, and I cannot make Port 4 on the SA520 ony a member of VLAN 10, then anything traffic coming from the unanaged switch will automatically be tagged with VLAN1, correct? Thus causing the already existing production network to start receiving DHCP from the firewall in the 192.168.75.0/24 range.
Any ideas or help on the above?
What I would do if I had a managed switch on the production LAN:
If I had a managed switch on the production LAN, what I think I would do is make one port a trunk port, connect that port to Port 4 on the SA520, then make all the rest of the ports on the managed switch access ports, and members of VLAN 10. Am I on the right track there?
Hiccups when setting up the WAP:
I would have changed the VLAN 1 on SA520 to 192.168.1.0/24 subnet, and only created a second subnet, but there was a challenge with that and the WAP's.
Cannot change the VLAN the dot11radio0 is a part of. There's not encapsulation command.
Could not broadcast the SSID's successfully and secure via WPA unless the SSID's were on VLAN's other than 1. The dot11radio0 would go into a "reset" state.
Could change the VLAN subinterfaces of dot11radio0 were on, for example dot11radio0.10 is a member of VLAN 10. Dot11radio0.20 is a member of VLAN2.
In any event, it's working, but the rest of the infrastructure is the challenge.
Here's one of my WAP configs as an example:
Building configuration...
Current configuration : 2737 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname WAP2
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
no aaa new-model
no ip domain lookup
dot11 syslog
dot11 ssid CASPRIV
vlan 10
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 107E1B101345425A5D4769
dot11 ssid CASPUB
vlan 20
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 132616013B19066968
username Cisco password 7 0802455D0A16
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 20 mode ciphers aes-ccm
encryption vlan 10 mode ciphers aes-ccm
ssid CASPRIV
ssid CASPUB
mbssid
channel 6
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.10
encapsulation dot1Q 10
ip address 192.168.1.5 255.255.255.0
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
ip address 192.168.20.3 255.255.255.0
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode ciphers aes-ccm
ssid CASPRIV
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface BVI1
no ip address
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login localHello Paul,
You have a lot going on here so forgive me if I miss something.
PVID is for Primary/Port Vlan ID. It is used to identify the vlan on a port and can be used to change the native vlan of a port. You can change the PVID on port 4 of the SA520 to be vlan 10 if you need to.
The simplest setup would be for you to have your private network all be on the native vlan 1 and set your guest to be on another vlan. All of this would be possible without any problem on the SA520. Unfortunately I do not have much experience with the Aironet APs but they should allow you to continue this configuration onto the wireless network. For assistance with the Aironet APs I would have to refer you to someone more familiar.
I do hope this helps with setting your network. -
Ubr7200 (7246) and VLAN Trunks
Has anyone successfully setup a VLAN subinterface on a ubr7200? All of the documents I have seen on TAC state I should use the encapsulation command but it is not available. I want to do something like:
interface gig 2/0.500
encapsulation dot1q 500
ip address x.x.x.x y.y.y.y
uBR7246VXR (NPE300) 13.3(17a)BC
1 FastEthernet/IEEE 802.3 interface(s)
1 Gigabit Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
1 Cable Modem network interface(s)I thought I had tried an IP+ feature this weekend out of desperation. I downloaded it but I guess I didn't copy it to flash. Is there a decent chart that shows the differences? I kind of got burned on something similiar when I ordered a 3750. I was assured the base install was sufficient for my needs. A few weeks later and before the 3750 came in (I had the delivery pushed for budget reasons), I was discussing adding some additional equipment, the VAR sales rep suddenly realized I needed the enterprise version. My CFO was not happy about the unexpected expenditure. At least this router isn't in my cost center and instead belongs to an engineering department.
-
Setting Inter VLAN in the Router.
Hi,
I trying to set up inter VLAN on the Cisco 2651XM router. I try to type the IP address on the sub interface but it gives me an error. I need to set up first
the encapsulation dot1 q. I type encapsulation command but it doesn't recognized.
This is the version of my router
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 21-Jun-02 08:50 by ccai
Image text-base: 0x80008074, data-base: 0x80A2BD40
ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Router uptime is 32 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.122-8.T5.bin"
cisco 2651XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of memory.
Processor board ID JAD07130B30 (708131756)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142
Do I need to update my cisco IOS if I do what os version I need and how can i download the cisco IOS.Thanks for the help. I don't need to change the version. I figure it out already..
-
Etherchannel - Config Question
First time configuring etherchannel. I have followed the documentation, watched videos, etc. The channel is up, but wanted to verify I did it right - and have not missed something.
Scenario:
Connecting a brand new 3650X into a 3750. The 3750 is the "Core" and does the layer 3 routing, etc. The 3650 is going to become a new Server Backbone - should participate on VLAN 10 only. All servers in our data farm will connect into it (eventually).
Normally we just create one trunk port on each switch and call it done (we do not have a big data farm/and or IT team) but I wanted to start looking at Etherchannel, etc.
Config - Core:
interface GigabitEthernet2/0/12
description ***Trunk to 203 - Server Backbone***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
Server Backbone:
interface GigabitEthernet1/0/1
description ***Server Backbone - Switch 3 - Trunk***
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
interface Port-channel1
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
(Does not have the encapsulation command, as not available in that IOS - assuming it is automatic?).
Basically I am looking to improve throughput and redundancy. Is there anything else I should add and/or change about what was configured?
(NOTE: I know these may or may not be the best switches to use - but they are what we can afford on our budget).Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Well, of course, you want more than one link in your port-channel, both for additional aggregate bandwidth and additional redundancy.
You may want to review whether you're using the optimal hashing algorithm for your port-channel. -
Trunking Catalyst 2950 to Catalyst 3750 problem
I cannot seem to figure out how to trunk a catalyst 3750 to a Catalyst 2950.
I've set
3750(config)#interface fastethernet 1/0/2
switchport mode trunk
switchport trunk encapsulation dot1q
BUT my Catalyst 2950 does not offer the "switchport trunk encapsulation dot1q" command
My 2950 is running IOS version 12.1(20)EA1a
is there a work around for this situation. Our network still employs a bunch of these 2950's.The Catalyst 2950 series can only do 802.1Q trunking. It's the default, and only, choice. So there's no need to specify it when trunking.
In fact, since you don't have a choice of which encapsulation to use, there's no need for a "switchport trunk encapsulation" command. Which is why it's missing from the Cat2950 switch IOS.
This took me by surprise too, when I first transitioned out of the 3500XL series into 2950 and 3550 switches. -
What function can a 2501 router possibly serve?
obviously i'm a newb. but i'm pulling my hair out trying to understand cisco. in order to figure things out i bought a cheap 2501 router. and i have no clue what its for.
#1. it has no ethernet port. So it must not go on a network? No thats untrue! the AUI port has a tranceiver you can buy to get it onto the network. But that's all the AUI port can do. So instead of putting an ethernet port they put an AUI port. Great thanks, the tranceiver costs more than the whole router! why didn't cisco put a ethernet port to begin with? whats so much better about having a AUI port?
#2 You cannot configure subinterfaces on the 2501. ie you can't do e0.1 or e0.2 why? because there is no encapsulation command for subinterfaces and it wont let you assign ip addressess to subinterfaces until you set an encapsulation method. So if you ever thought "router on a stick" WRONG, 2501 has no capability of doing that. its not compatible with vlans period.
#3 "but it has 2 serial ports", so what? i can connect to another router? this lets me do what? share router resources while at a throughput cost? or is this so i can give my router another AUI port,err, i mean ethernet port? why not just give it another ethernet port then? obviously cisco thought serial>ethernet and aui>ethernet but i don't understand their thought process at all on that!
#4 again with only 1 ethernet port you can't connect one end of this router to the internet, and the other end to your lan, theres not enough ports. so forget saying you use it as a firewall or special ACL's. how would the topology look? is your internet connect to a switch which then goes to your 2501? then your 2501 filters and sends it back to the switch? won't the switch just broadcast everything to begin with essentially bypassing the router anyways? or would you hook this router up next to a router already, and if thats the case then why not put a firewall on that router, why introduce the 2501. it's a stub network and its pointless in any topology.
so... wtf is the point of the 2501. obviously i'm missing a HUGE part of cisco routing. i know i'll smack myself in the head for not thinking of it. but grrr i'm so confused, what in the world is this thing used for!?Hi There
In answer to your questions, there is quite a lot you can do with a 25xx routers. Granted a single 2501 router is not much use, but if you had a couple of them attached together and maybe 1 26xx, the possibilities are huge. See the attached file for what my original Lab looked like.
As the previous poster has stated, the 2500 series routers are from a time where 10mbps LANs were cutting edge. Each 25xx router would mostly look after routing 1 LAN network/subnet to the rest of the LAN or WAN.
My Initial CCNA home practice lab was made up of 4 25xx routers and 1 26xx router. With these routers I could configure a Frame Relay network, direct serial connections, run RIP, IGRP, EIGRP and OSPF, configure ISDN (with the help of an ISDN simulator). Admittedly, ROAS was not available on the 25xx routers, but I had the 26xx for that with switches capable of VLAN's.
The reason that the 2501's Ethernet port (AUI connector) cannot do ROAS is because it only runs at 10mbps/half duplex. So even if the interface was an RJ45 interface it still would not be able to provide ROAS functionality.
The 25xx routers were quite cheap and when maxed out with DRAM & Flash (16mb of each), they could run IOS 12.3. I am quite grateful to the 25xx routers for providing me with a low cost option which allowed me to practice the hands on skills required to pass my CCNA.
And today even though my home lab has evolved to meet the requirements of my CCNP studies, my 25xx routers are still in the mix and working like a charm.
See My current Lab here http://homepage.eircom.net/~keeleym/home-Lab2.jpg
So in my opinion if you look positively at what you can do with your 2501 instead of what you cannot do, I think you will be pretty surprised at just how useful it actually is.
Best Regards,
Michael -
Hi Guys,
a Quick question, let's say we are connecting 2 routers (PE and CE) with eBGP over an sub interfaces that are serving different services.... should the sub interface number match on each router for each service ? or that would not effect the eBGP peering??
For example, would it work if im configuring 1/0/0.10 for X service on the PE and 2/0/0.20 for the same service on the CE??
Thanks,Thanks Rick and John for your answers.
Rick,
My case is exactly as John's question, both routers will be connected directly to each others without any switch in between with 10G interface that is divided to many sub interfaces serving different services (each subinterface will be associated with different VRF from the PE side). Now in this case is encapsulation needed? or should the interfaces numbers match in any case for this scenario?
I ask because according to friend of mine he tried to do this scenario with a Juniper CE connected to a Cisco PE without adding encapsulation command manually on the juniper from the juniper side (this command could have been added from cisco side but i'm not sure since the guy was working on juniper) ,and said that when he used different sub interface number on the juniper router the ebgp did not establish but when he used the same number the ebgp was established!! does that make any sense? would the encapsulation be enabled by default?
and if so, let's say you have a requirement to establish new ebgp connectivity (L3) with vlan 10 , but then you discovered that this vlan is configured internally on your router for an existing network (different subnet) and has an svi (irb) would it be fine to proceed? or the subinterface (vlan) number for ebgp peering should be unique.
Thanks, -
I have a Cisco 2950 on which I have configured vlan3 and vlan4. I've assigned half the ports to vlan3 and the other half to vlan4. When I do a "show int vlan3" and "show int vlan4", one of the vlans is up and other is down. I go to the interface that is down and issue a "no shut" command. That interface comes up, but the other automatically goes down. I can't seem to have both up simultaneously. Any ideas as to what is going on with this? Thanks.
Hi Andy,
Yes you are perfectly right. On the 2050 switch only one management interface up because it is layer 2 switch and managmenet interface is only used for manageremt purpose.
Rest on royter you can configure subinterfaces with encapsulation command and can get vlans talk to each other.
Make sure the connection from the switch to the router should be trunk connection to carry inf for more than one vlan which is vlan 1 and vlan 2 in your case.
HTH
Ankur -
Port channel from 2960 to Cisco Core 6513
I have a Cisco 6513 Core Switch, which is in a vtp domain and the core is the Server. There are a number of other port channels going from the 6513 to other 2960 switch stacks. The other switch stacks are in vtp client mode and are getting all vlans form the Server 6513 within this vtp domain.
I am trying to connect 2 - 2960S FPD L switches, which are connected together via flex module/flex cable. I have 2 sfp's in the sfp ports on one of these switches and am creating one port channel of 20G(2 10G ports Te1/0/1 and Te1/0/2) going to two 10Gig ports on the Cisco 6513(Te9/7 and Te9/8) as a port channel created on the 6513 end.
I want to know first of all if it is possible to keep the 2960's in transparent mode and only allow 2 vlans to go to these 2 2960's. I don't need all vlans on these switches, and the other 2960 stacks going to the 6513 do have all vlans and are in the vtp domain. This one would only all vlans 4, and 20.
Can someone give me an example of the setup on each end to make this work? I have tried and get a subnet mask error, so I must be going something wrong. The vlans: vlan 4: 10.35.3.0/22 and vlan 20 : 10.35.20.0/24 would be the only ones I would want to tag ports for on these 2 2960 switches in transparent mode.
Wanted to also setup a management interface for vlan 20 so I can remotely connect to 2960 stack. It would be 10.35.20.30 for the int management IP.
Thanks in advance
DaveMany Cisco switches support two methods of trunking - dot1q and ISL. ISL is a Cisco-proprietary method of trunking. The 2960's do not support ISL, so dot1q is on by default. There's no need for the trunk encapsulation command.
When a frame is transferred over a trunk, dot1q trunking adds a tag to the frame so that the receiving switch knows which vlan the frame belongs to. Your native vlan is a special vlan which does not have a tag applied. Among other things, it's used for administrative traffic between the switches such as the messages the switches exchange to negotiate a port channel. You can use one of your two vlans - vlan 4 or 20 - as your native vlan but it's recommended that you use a different vlan to segregate the traffic. If you do not specify a native vlan, the switch will use vlan 1 as the native. It's considered more secure to not use vlan 1 on your network, so it's recommend to have a different vlan explicitly configured as native. If you're using vlan 1 as native through the rest of the network - if none of your other trunks have a native vlan explicitly configured - it doesn't do much good to change it on this one trunk. You do not have to explicitly allow the native vlan on the trunk. If you leave your native vlan as 1 and allow vlans 4 and 20 it will work fine. You might want to do some research on the security implications and consider changing it through the whole network but that's a separate issue from getting this to work.
Port channel numbers are locally significant. They don't have to match on opposite ends of the channel, they just have to be the same on each interface of a particular switch. You can use either mode desirable or mode on. It changes the way the switches set up the port channel a little bit but it doesn't change the way the channel operates. -
IOS feature set for subinterface routing . . .
I just acquired a couple of 2600s with single eth. interfaces. I would like to configure subinterfaces (one for public IP, the other for internal.) However, my current IOS insists that I can not assign IP addresses until I make the main interface a part of an ISL or dotq VLAN. Can someone tell me which feature I'm looking for in the feature navigator? I have a feeling I'm going to need to upgrade my routers from their current 32/8 mem.
-ShikamaruHi Shikamaru,
You need to have atleast IP PLUS feature IOS on your box to make encapsulation command working on subinterface.
Regards,
Ankur
Maybe you are looking for
-
RMAN catalog fails to show target database information when in nomount mode
Hello everyone, I am trying to restore a dev. database from its own backup taken a week back. The DB is in noarchivelog mode and recently 2 of the datafiles were removed from the files system and thus the need to restore the DB from its backup. Howev
-
PO in backend classic scenario
Hi experts I am triing to create Po in backend from a catalog shopping cart but an error occur ERROR CREATING SUBSEQUENT DOCUMENT` But no log that help me to solve the problem are displayed. Im PPOMA_BBP the users have BSA atribute ECPO. IN Define Nu
-
Appleworks Speadsheet Randomly not saving data
I have a few small spreadsheets I've created that seem to be reverting and not retaining changes. Even save as created files are not saving. If I just add one line of data at a time and save it, it seems to retain it, but multiple lines are lost as i
-
Retrieve password from public database-link
In the past we have created a public database-link to another database. Unfortunately we forgot the password and want to have it back. Sice the database-link is public, the password can not be found in user_db_links. Is it possible to retrieve a pass
-
ITunes does not automaticly start on connecting iPhone.
As above really, when i connect my iPhone 3G iTunes does not automaticly come up and sync the phone like it used to. I now have to connect the iPhone and them click on iTunes. Any ideas how to change this back, i've checked the iPhone settings in iTu