Basic WAN / Vlan Interface Configurations

Similar Messages

• Vlan Interface state constantly disabled

  Hi.
  I have a SF500 in layer 3 mode. I have 5 vlans (10,100,200,201,202)
  Of these 5 vlans, each one has a vlan interface configured.
  However, vlan 10 and 202 don't have an IPv4 route (which is created automatically I believe).
  I had a look and the vlan interface state is set to 'Disabled' (yes I'm using the GUI...)
  Whenever I click 'Edit', it brings up the new window, but it has a tick in the Enabled box. Unchecking and applying and then checking and applying makes no difference.  I just can't seem to change the state of the vlan interface.
  Am I missing something weird?
  Cheers.
  Andy

  Hi.
  Thanks forumers!! 
  Turns out that even thought it was assigned to an interface, the static route never appeared until the end device was connected (even if you tried to access that vlan from a different vlan).
  For example, the internal interface vlan 1 (192.168.1.254) would never have a route added until a device appeared on a vlan1 port - even if a device on a vlan2 port had access to vlan1,  it didn't recognise it as being valid.
  Many thanks for your help!
  Andrew

• Could I use "vlan interface" as a tunnel source of DMVPN ?

  I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
  Could I use vlan interface as a tunnel source when configuring DMVPN ?
  The vlan ports is on the 9 port FE Switch module.
  Because it's used now in production,I can't try it.

  Hello.
  I think there is no restriction on software routers like 2811.
  PS: using loopback could be a better idea.

• Netflow on 6509 in Native Mode from Vlan Interface

  I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
  2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
  The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
  I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
  Or could it be that MLS is not configured except for a couple commands:
  mls netflow interface
  mls cef error action reset 
  netflow setup:
  Flow export v5 is enabled for main cache
    Export source and destination details :
    VRF ID : Default
      Source(1)       10.31.101.1 (Vlan52)
      Destination(1)  10.30.2.196 (2055)
    Version 5 flow records
    14927339 flows exported in 615072 udp datagrams
    0 flows failed due to lack of export packet
    0 export packets were sent up to process level
    0 export packets were dropped due to no fib
    0 export packets were dropped due to adjacency issues
    0 export packets were dropped due to fragmentation failures
    0 export packets were dropped due to encapsulation fixup failures
    0 export packets were dropped enqueuing for the RP
    0 export packets were dropped due to IPC rate limiting
    0 export packets were dropped due to Card not being able to export  
  interface:
  interface Vlan52
   description AN.VDI.stu
   ip address 10.31.101.1 255.255.255.0
   ip helper-address 10.31.149.200
   no ip redirects
   ip flow ingress
   ip flow egress
   ip pim neighbor-filter 98
   ip pim sparse-dense-mode
   ip cgmp

  Enabling MLS was the fix.
  mls netflow interface
  mls flow ip interface-full
  mls nde sender version 5
  mls cef error action reset   

• VLAN Interface Command

  Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
  However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)

  Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
  It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
  If still no worky worky, post your config.
  Cheers,

• ACE - Query VLAN Interfaces Status

  Hi,
  I am wondering what the status of the query vlan interface means in the command 'show ft peer detail':
  Query Vlan IF State          : UP, Manual validation - please ping peer
  I am pretty sure that I did not see this status when I configured query vlan last time. Current version is A2(2.3).
  Unfortunately this status does not seem to be documented anywhere on CCO.
  I appreciate any help!
  Thanks,
  Daniel

  Hi Daniel,
  The FT Query VLAN interface is an optional, yet very good, feature to be used when using redundant ACE modules or appliances. Without it, if the FT VLAN was to go down, the standby ACE will no longer receive FT heartbeats from the active ACE and therefore take the active role.  However, if the active ACE is still running fine in the active role, then you don't want the standby ACE to take over as active because that will put them into an active/active scenario, which may lead to connectivity issues.
  This is where the FT Query VLAN interface comes in.  If the FT VLAN goes down, the standby ACE will notice this, but before taking the active role, it will ping it's peer IP address configured on the interface that is designated as the FT Query VLAN.  If the ping is successful, then it will stay in the standby role, thereby saving you some headaches.
  The status that you are seeing is the ACE's way of telling you that the interface is UP, but if you want to know if it can successfully ping the peer IP address, then you would have to manually ping the peer IP address from the CLI.  The ACE does not periodically check the ping connectivity through any automatic mechanism.  The automatic mechanism is only triggered by the FT VLAN going down.
  Does this help?
  Sean

• WLC - 4402/4 - Vlan Interface Addressing

  I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?

  The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
  Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
  That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests.

• VLAN interface on ME2600X

  I'm trying to configure a VLan interface on my ME2600X (for inband management), but the switch won't accept the command.
  What am I missing? I need a way to combine layer-2 services and a management vlan on the same dot1q trunk into the ME2600X.
  Geir Jensen

  Hello Geir,
  You can use service instances e.g.:
  interface GigabitEthernet0/3
  switchport trunk allowed vlan none
  switchport mode trunk
  dampening
  mtu 9100
  load-interval 30
  media-type rj45
  service instance 5 ethernet
  description Management VLAN
  encapsulation dot1q 5
  rewrite ingress tag pop 1 symmetric
  bridge-domain 5             – this will pop up message:
  Bridge-domain 5 created
  VLAN 5 does not exist, creating vlan
  interface Vlan5
  description Management VLAN
  ip address 10.0.0.1 255.255.255.0
  ip access-group MNGT-ACL in
  end
  adam

• VPLS with IP in the vlan interface

  I have this config in a Cat6500:
  l2 vfi XXX manual
  vpn id XXX
  neighbor 1.1.1.1
  interface vlan XXX
  ip addrr 2.2.2.2
  xconnect vfi XXX
  With this config I can't reach from 6500 other equipments on this vlan with vpls.
  It is ok to setup an ip address in a VLAN interface even if the interface have VPLS "xconnect" configuration?

  Hi Guys,
  I would like to put my idea only but i do't know if it is correct or not.
  but if we defice any ip address on the interface than this will help us to improve anything but will appear in the routing table of PE router and it could be a part of it's routing and MPLS which is not required.
  secondly we are trying to emulate layer2 briedge accross the VPLS backbone not the Layer 3 switch domain. than it could be possible that you configure routing accross the backbone but there is no such kind of mechanism to enable routing.
  please rate if it helps.
  Kamlesh SHarma

• Ipv6 Vlan Interface EUI-64 assignation problem

  Hello, I have 2 routers 1800 series with switch modules incorporated connected with IPv6. Everything is working fine except for the problem that when I assign an IPv6 address to a Vlan (using the EUI-64 format to the switch ports), it assigns the SAME interface id (last 64 bits of the IPv6) of a fastEthernet port (FE 0/0), to the vlan, causing an error problem of duplicity:
  " c..T, overlaps with another prefix "
  Why does the EUI-64 assigns the MAC address of the FastEthernet ports instead of the ones in the switch modules?

  Thanks for the reply, but I just solved the problem. The problem was with the command IPV6 ADDRESS AUTOCONFIGURATION. This command definitely brings up a lot of trouble with VLAN ipv6 address assignation.
  After some testing I concluded that:
  1- If one interface has the IPV6 ADDRESS AUTOCONFIGURATION mode on, the interface could end up with more than one ipv6 global interface address.
  2- You cannot assign this mode to a vlan interface without getting into configuration problems.
  3- If a FastEthernet Interface has this mode on(IPV& A. A.), the router does not let you assign a global unicast address to the vlan interface, and gives the following error message:
  %IPV6-6-ADDRESS: 3FFE:C00:C18:F100:213:C4FF:FE44:4961/64 can not be configurex
  4- For the VLAN`s Interface ID you have to manually assign the link local address with the command line
  IPV6 ADDRESS FE80::1 (or any other unique link local address) LINK-LOCAL.
  This is for Vlans that are in a switch module of the same router.
  All this testing was for a Cisco router 1800 series with a switch module integrated in the router.
  Could be that this command is used for other specific occasions which I am not aware of.
  Regards,
  Grupo GTD

• Catalyst 2912 additional Vlan interface won't come out of "shutdown"

  I've got an old 2912 and I'm currently converting this network over from using the dafault Vlan1 as the administrative Vlan. I've configured an additional Vlan interface but when I do a no shut on the interface it will not come up. Any idea what's going on? I haven't worked on a 2912 in years.
  interface VLAN1
  ip address 169.2.128.226 255.255.255.192
  no ip directed-broadcast
  no ip route-cache
  interface VLAN299
  description MGMT
  ip address 10.227.95.136 255.255.255.128
  no ip directed-broadcast
  no ip route-cache
  shutdown

  OK, I'll answer my own question. I found the answer in some 2912 documentation. "Only one management vlan can be administratively active at a time".

• ASA 5545-X SVI/Vlan Interface

  I am looking to deploy ASA 5545-X with Layer 3 Vlan Interfaces, the device out of the box dosent let you create vlan interfaces. Is there any module available which enables to create Switch Virtual Interfaces.
  I was looking at I/O 6 ports Gigabit Ethernet card, but wanted to make sure before ordering.
  Many Thanks                  

  Hi,
  You are only able to configure Sub Interfaces for the Vlan ID on your ASA model.
  You can only configure actual Vlan interfaces with ASASM and ASA5505 model. This relates to the fact that ASA5505 has a switch module while your model does not.
  I have no expirience with the ASASM but I would imagine its similiar to the FWSM which also used Vlan interfaces as its a module in an actual larger switch/router platform.
  You can check this limitation from the Command Reference also
  interface vlan For the ASA 5505 and ASASM, to configure a VLAN interface and enter interface configuration mode, use the interface vlan command in global configuration mode. To remove a VLAN interface, use the no form of this command. interface vlan number no interface vlan number Syntax Description
  number
  Specifies a VLAN ID.
  For the ASA 5505, use an ID between 1 and 4090. The VLAN interface ID is enabled by default on VLAN 1.
  For the ASASM, use an ID between 2 to 1000 and from 1025 to 4094.
  - Jouni

• EIGRP IPv6 and VLAN interfaces

  We've found that we have to set static link local IPs when two routers might peer over multiple VLAN interfaces.
  The issue is that the routers, 6500s with sup720s, utilize the same autoconfig'd link local address on each VLAN interface.   EIGRP IPv6 refuses to peer with the other router on multple VLANs when the link local are the same.
  Anyone else encounter this?   Did we miss a config option that would force unique link locals on different VLANs interfaces?
  Because of this issue, we've made it our best practice to configure static link local for all inter-router transits.

  HI Gary,
  I had a setup with SU720 on 2 7600s and I am able to enable the neighborship without any issues. I didnt configure static link local as below,
  Ryanair#show ipv6 int vlan 500  | inc FE
    IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
  Ryanair#sho ipv6 int vlan 501 | inc FE
    IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
  Ryanair#show ipv6 eigrp nei
  EIGRP-IPv6 neighbors for process 100
  H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                              (sec)         (ms)       Cnt Num
  1   Link-local address:     Vl501             11 00:15:51  816  4896  0  13
      FE80::222:55FF:FE17:25C0
  0   Link-local address:     Vl500             11 00:17:14    1   200  0  12
      FE80::222:55FF:FE17:25C0
  Ryanair#
  Can you let us know the version on oth the devices?.
  Regards,
  Nagendra

• 2612 - vlan interfaces

  I just recently bought a couple 2612s for a home lab. I intended on creating layer 3 interfaces on them to route between vlans. I can creat a subinterface off of e0/0, but I cannot configure encapsulation (dot1q or isl). Can I create a VLAN interface on a 2612?
  Thanks!

  According to below info. starting from 12.2(2)T, 2612 can support 802.1q.
  http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921e4.html
  Hope this helps.

• 3550 VLAN Interfaces Problem

  I was setting up two VLAN interfaces for my 3550. I had two VLAN interfaces. One for VLAN 10 and one for VLAN 15. After configuring each VLAN Interface, VLAN 15 was down and wouldnt come up. VLAN 10 was up however. After issuing the no shutdown command for VLAN 15, it said VLAN 15 is not shutdown, but, when i checked the interface again, the VLAN interface was up. Now, I would think, if I had to do the no shutdown command on VLAN 15, why didnt I have to do that on the VLAN 10 interface? With switches, is the first VLAN interface automatically always up and all later VLAN interfaces automatically shut down.

  A 'feature' of all the newer Catalyst switches and newer IOS is that the logical VLAN interface will remain down until a port in that VLAN is up.
  The VTP config/status can also complicate this as a VTP client doesn't have the VLANs that the IOS config actually has because the VTP client hasn't learned the VLANs yet. In other words, the switch is in a state in which the IOS config puts a port in a VLAN that doesn't yet exist because VTP hasn't downloaded the VLAN database.
  Keep in mind that VTP requires an operating trunk and if it is 802.1q then the native VLANs must match (so a native VLAN other than 1 will not work if the VLAN database hasn't been dowloaded by VTP or has been corrupted).
  Not that you are running into the VTP issue, but in the effort of full disclosure...
  Hope that helps...