DHCP config in switch and router

Similar Messages

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• Which Switch and Router to choose?

  I am interested in purchasing a Cisco Switch and Router, or possible a Cisco Switch Router.
  However, I am not sure of what model to go with.
  Currently, we have a network with about 200 Workstations and 30 Servers for our Corporation Infrastructure.
  Also, for our lab, we have about 50 Linux Based Servers, and 30 Solaris Based Servers, that are part of our Network. We are a Research and Development Company, and we have had issues with the Lab machines bringing down our network, as well as our corporate network adversely affecting the lab machines. What we would like to do is segment the network so that the different areas will be isolated. However, we also would like to have a lot of control over the traffic that will be able to cross from our network into the lab so that users will still be able to run their tests.
  Security is also an issue, and it would be great to have more control, and a better view of what kind of traffic is running through our network.
  Currently, we have about 8 Gigabyte Switches which are unmanaged (Linksys and NetGear). Our idea was to get a 1 or 2 Cisco Switch Routers, and then split them up into VLANS and cascade our current switches so that we can still make use of them. The other ideas was to just get a Cisco Switch and use our CheckPoint Router/Firewall to do the routing.
  Can you give me any advice as to what model of Cisco Product you would recommend?
  Is it better to go with a Switch Router, or simply get a separate Switch and Router?
  Please note that all of our Machines have 10/100/1000 NICs, so the device will need to be Gigabyte.
  Thanks you so much!

  You have two choices. Either to use a chassis based solution or to use stacable switches such as a 3750. Are all the cat 5(or 5e,6) runs coming into one centralized location ? Or are there separate wiring closets that you plan to put. If then we need to put separate switches at those locations and run fiber back to the central location which has a chassis based or stackable switch.
  If using a chassis based solution, you can get a 4506 (4507 for redundancy, with a redundant supervisor engine). Supervisor engine is nothing but the CPU of the switch. 4506 is a 6 slot modular switch with 2 power supplies for redundancy. You cannot add two Supervisor engines on a 4506 (4507 can).
  Slot 1 is always for supervisor engine, the remaining 5 slots you can fill using 48 port 10/100/1000 modules.(48 * 5 = 240). So your maximum port density is 240 ports on a 4506. (Note that there are 4507, 4510 which are similar models with more slots)
  If using 3750, you can stack upto 9 switches in a stack using stacking cables on the back side of the switch. Each switch will have 48 ports (10/100/1000) and you can stack 5 switches to get 240 ports.
  For the firewall I would recommend using a PIX 515E, (Why go for Checkpoint firewall when you can use all Cisco). For routing between the vlans, the switches that I recommended above are all Layer 3 switches. They will route between the different vlans. You can also configure ACLs to restrict traffic between multiple vlans.
  HTH

• Layer3 switch and router

  I have a network that I need to connect to the internet. All internal vlans point to a couple of layer 3 switches. On the layer 3 switch I connected a router for internet access.
  On the inside interface of the router I gave it an ip address of 10.1.0.1 - this is the ip address I want all my lan traffic to route to for internet access.
  1. Do I have to give the layer 3 switch interface port a static ip address or just connect it with a cable (the other side is the internal interface of the router 10.1.0.1)?
  2. On the layer 3 switch what command do I use to forward all lan traffic to this router, is it "ip route 0.0.0.0. 0.0.0.0 10.1.0.1?
  3. Do I use that above command on both of my layer 3 switches or just the one connected directly to the router?
  Thanks.                 

  I cant even ping the router, not sure what else to do. To make it even simpler I removed the layer 3 switch connected to the router above and now have only one layer 3 switch (10.1.0.6) and still cant ping the router. All internal hosts can communicate with each other, just need to get all the vlans routed to the internet.
  Below I pasted the show run from the layer 3 switch connected to the router and the show ip route and show ip int brief from the router.
  Layer 3 switch:
  hostname Switch
  ip routing
  spanning-tree mode pvst
  interface FastEthernet0/1
  switchport mode access
  interface FastEthernet0/24
  switchport mode access
  interface GigabitEthernet0/1
  switchport access vlan 100
  interface GigabitEthernet0/2
  switchport access vlan 100
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface Vlan1
  no ip address
  shutdown
  interface Vlan10
  description SERVERS_VLAN
  ip address 10.1.10.1 255.255.255.0
  interface Vlan20
  description SALES_VLAN
  ip address 10.1.20.1 255.255.255.0
  interface Vlan30
  description ACCOUNTING_VLAN
  ip address 10.1.30.1 255.255.255.0
  interface Vlan40
  description IT_VLAN
  ip address 10.1.40.1 255.255.255.0
  interface Vlan50
  description VOICE_VLAN
  ip address 10.1.50.1 255.255.255.0
  interface Vlan100
  ip address 10.1.0.6 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 10.1.0.1
  line con 0
  line aux 0
  line vty 0 4
  login
  end
  ROUTER:
  interface GigabitEthernet0/0
  ip address 10.1.0.1 255.255.255.0
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  duplex auto
  speed auto
  shutdown
  interface FastEthernet0/0/0
  switchport mode access
  shutdown
  interface FastEthernet0/0/1
  switchport mode access
  shutdown
  interface FastEthernet0/0/2
  switchport mode access
  shutdown
  interface FastEthernet0/0/3
  switchport mode access
  shutdown
  interface Serial0/1/0
  no ip address
  shutdown
  interface Serial0/1/1
  no ip address
  show IP route
  Router#show ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is not set
       10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C       10.1.0.0/24 is directly connected, GigabitEthernet0/0
  L       10.1.0.1/32 is directly connected, GigabitEthernet0/0
  Show ip int brief
  Router#show ip int brief
  Interface              IP-Address      OK? Method Status                Protocol
  GigabitEthernet0/0     10.1.0.1        YES manual up                    up
  GigabitEthernet0/1     unassigned      YES unset  administratively down down
  FastEthernet0/0/0      unassigned      YES unset  administratively down down
  FastEthernet0/0/1      unassigned      YES unset  administratively down down
  FastEthernet0/0/2      unassigned      YES unset  administratively down down
  FastEthernet0/0/3      unassigned      YES unset  administratively down down
  Serial0/1/0            unassigned      YES unset  administratively down down
  Serial0/1/1            unassigned      YES unset  administratively down down
  Vlan1                  unassigned      YES unset  administratively down down

• DHCP request through accesspoint and router

  This is how our setup is like:
  Laptops => Cisco 1100 AP(static IP) => Wired LAN (Subnet 1) => Cisco Router => Wired LAN (Subnet 2) => DHCP server
  What i would like is that the DHCP-request from our laptops is forwarded/relayed through the AP and Router to the DHCP-server and back.
  We dont want to use the AP's internal DHCP server but centralise this.
  At the moment i'v configured the AP through CLI and added the following command: ip dhcp-server xx.xx.xx.xx
  Where xx is the IP of the DHCP server
  On the Router i'v added the command ip helper-address xx.xx.xx.xx
  Where xx is the IP of the DHCP server
  Don't know if this is the correct way, but i do know it isn't working.
  Some help is realy appreciated.
  Grx,
  Joris

  You need at least the following connectivity for DHCP relay to work.
  Between the DHCP relay agent and the DHCP server:
  - UDP Port 67 <-> UDP Port 67
  Between the DHCP server and the DHCP client:
  - UDP Port 67 <-> UDP Port 68 (renewing/releasing a lease)
  - ICMP echo (Most DHCP servers check if an IP is still free)
  On the Cisco router you can use some debugging commands
  to check that relaying works.
  (This might produce a lot of output, careful on a production system.)
  #term mon
  #debug ip dhcp server packet
  #debug ip dhcp server events
  For Subnet 1 with the router's IP 10.0.0.1 and two configured
  DHCP servers (192.168.0.1, 192.168.9.1) as "ip helper" a successfull
  exchange looks like this:
  DHCPD: DHCPREQUEST received from client 0100.aabb.bbcc.cc.
  DHCPD: setting giaddr to 10.0.0.1.
  DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 192.168.0.1.
  DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 192.168.9.1.
  DHCPD: forwarding BOOTREPLY to client 00aa.bbbb.cccc.
  DHCPD: Forwarding reply on numbered intf
  DHCPD: creating ARP entry (10.0.0.49, 00aa.bbbb.cccc).
  DHCPD: unicasting BOOTREPLY to client 00aa.bbbb.cccc (10.0.0.49).
  #undebug all
  I would also try to ping the router's IP in Subnet 1 and a client
  with a fixed IP in Subnet 1 from the server. (The DHCP server uses
  this to check if a lease is actually free before handing it out)
  Otherwise it's time for packet sniffing on the DHCP server
  and the client. (snoop, tcpdump, ethereal)

• Discover Switch and router over VPN

  i am in contact with a company having many branches connecting over VPN tunnel and with different IP range in each branch
  how can i configure the LMs to discover my switch and my router over VPN

  LMS 3.0.1 and higher can use non-CDP discovery methods which should be able to find your remotely connected VPN devices.  You could use the Ping Sweep or Route Table modules to accomplish what you want.
  See https://supportforums.cisco.com/docs/DOC-9005 for more details.

• Cisco Prime 2.1.2 auto sync config for switches and Routers

  hello Support,
  how to configure auto sync config in CPI? when the customer make a changes in the switches and Routers, the customer expect a new version of the configuration in CPI immediately. but we are getting the new version after 10 minutes. if we not configure in the switches and Routers to send syslog we are not getting anything.
  where we have to configure in CPI to get the new versions immediately?
  thanks!

  Make sure you have completed the recommended preparation steps given in Before You Begin Installing the Patch.
  If you are not using the Prime Infrastructure High Availability (HA) feature, follow the steps in Installing the Patch instead of the steps below.
  If your current Prime Infrastructure implementation has High Availability enabled, follow the steps below to install the patch. You must start the patch installation with the primary server in “Primary Active” state and the secondary server in “Secondary Syncing” state.
  Patching of the primary and secondary servers takes approximately one hour. During that period, both servers will be down. If you have trouble at any point, see Troubleshooting Patch Installs in HA Implementations.
  Step 1 Ensure that your HA implementation is enabled and ready for update:
  a. Log in to the primary server using an ID with Administrator privileges.
  b. Select Administration > System Settings > High Availability , The primary server state displayed on the HA Status page should be “Primary Active”.
  c. Select HA Configuration . The current Configuration Mode should show “HA Enabled”.
  d. The Failover Type must be set to “Manual” throughout the patch installation. If Failover Type is currently set to “Automatic”, select “Manual” and then click Save .
  e. Access the secondary server’s Health Monitor (HM) web page by pointing your browser to the following URL:
  https:// <ServerIP> :8082
  where ServerIP is the IP address or host name of the secondary server.
  f. You will be prompted for the authentication key entered when HA was enabled. Enter it and click Login .
  g. Verify that the secondary server state displayed on the HM web page is “Secondary Syncing”.
  Step 2 Download the patch:
  a. Point your browser to the software patches listing for Cisco Prime Infrastructure 2.1.
  b. Click the Download button for the Release 2.1.2 patch file (pi212_20141118_01.ubf), and save the file locally.
  Step 3 Install the patch on the secondary server:
  a. Access the secondary server’s HM web page by pointing your browser to the following URL:
  https:// <ServerIP> :8082
  where ServerIP is the IP address or host name of the secondary server.
  b. You will be prompted for the authentication key entered when HA was enabled. Enter it and click Login .
  c. Choose the HM web page’s Software Update link. You will be prompted for the authentication key a second time. Enter it and click Login again.
  d. Click Upload Update File and browse to the location where you saved the patch file.
  e. Click OK to upload the patch file.
  f. When the upload is complete: On the Software Upload page, verify that the Name, Published Date and Description of the patch file are correct.
  g. Select the patch file and click Install . When the installation is complete, you will see a popup message confirming this.
  h. After the installation is complete on the secondary server, verify that the Software Updates page shows:
  – In the “Installed” column: A “Yes” opposite the listing for this patch.
  – In the “Pending Restart” column: A “Yes” for the secondary server. Do not restart the secondary server at this point.
  Step 4 Install the patch on the primary server:
  a. Log in to the primary server using an ID with administrator privileges and choose Administration > Software Update .
  b. Click Upload Update File and browse to the location where you saved the patch file.
  c. Click OK to upload the patch file.
  d. When the upload is complete: On the Software Upload page, verify that the Name, Published Date and Description of the patch file are correct.
  e. Select the patch file and click Install . When the installation is complete, you will see a popup message confirming this.
  f. After the installation is complete on the primary server, verify that the Software Update page shows:
  – In the “Installed” column: A “Yes” opposite the listing for this patch.
  – In the “Pending Restart” column: A “Yes” for the primary server. Do not restart the primary server at this point.
  Step 5 Stop the servers in the following sequence, using the commands explained in Running Commands:
  a. On the secondary server, run the ncs stop command.
  b. On the primary server, run the ncs stop command.
  Step 6 Re-start and monitor the servers in the following sequence, using the commands explained in Running Commands:
  a. On the secondary server, run:
  – The ncs start command to restart the secondary server. Wait for the processes on the secondary to restart.
  – The ncs status command to verify that the processes on the secondary have re-started.
  – The ncs ha status command to verify that the secondary state is “Secondary Lost Primary”.
  b. Once the secondary server is in “Secondary Lost Primary” state: On the primary server, run:
  – The ncs start command to restart the primary server. Wait for the processes on the primary to restart.
  – The ncs status command to verify that the primary’s Health Monitor and other processes have re-started.
  Once all the processes on the primary are up and running, automatic HA registration will be triggered. This normally completes after a few minutes.
  Step 7 Once registration completes, verify the patch installation as follows:
  a. Run the ncs ha status command on both the primary and secondary servers. You should see the primary server state change from “HA Initializing” to “Primary Active”. You should see the secondary server state change from “Secondary Lost Primary” to “Secondary Syncing”.
  b. Log in to the primary server and access its Software Update page as you did earlier. The “Installed” column should show “Yes” and the “Pending Restart” column should show “No” for the installed patch.
  c. Access the secondary server’s Health Monitor page as you did earlier. The “Installed” column should show “Yes” and the “Pending Restart” column should show “No” for the installed patch.

• Can you control switch and router access with AD (Kerberos)

  I am standing up a small environment with less than 20 switches and I want to configure the authentication so that dedicated Active Directory accounts provide access to the switches. We are not going to be able to put up an ACS box, and I don't want to use RADIUS unless I have to. Since both AD and Cisco support Kerberos, is it possible to us an AD group to control access to my switches and routers?

  Sam,
  Have you looked at these at Cisco?
  http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_kerberos.html
  Section "Login Authentication Using Kerberos"
  http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfindx.html
  or these
  http://www.techrepublic.com/article/configure-cisco-routers-to-use-active-directory-authentication-the-windows-side/6180954
  HTH,
  Arnold

• Using Cisco MDS 9148 switch for switching and routing

  Hi Gurus,
  Can you please advice me! Can i configure interface trunking, routing and dhcp services on the Cisco MDS 9148 switch?
  Thanks for your response!!

  Tommy,
  MDS9148 is a Storage SAN Fibre Channel switch, it doesn't support Ethernet, IP, VLANs, VLAN trunking, 802.1Q, IP routing, DHCP. It's meant for Fibre Channel connectivity between Fibre Channel server HBAs and Fibre Channel storage.
  Roman

• Switch and Router Redundant Network

  I am trying to learn as much as possible about networking and cisco. I trying to build the following network to practice redundancy. I set up HSRP on my routers because it the only protocol available on packet tracer. The following setup works but how would I go about adding the vlans to switch ALPHA and switch BETA. I would like to use access list for security, for example Sales can't access Accounting but Accounting can access sales. I can do that with one layer 3 switch but how do I do it with 2? Do I add the same VLans to both switches? Should the configurations to both switches be exactly the same? Because I tried that and for some reason the Vlans could not communicate unless I changed the interface to dot1q and trunk mode. I thought it be easier to change all interfaces at one time but when I tried that STP failed. I tried setting only the interfaces being used to dot1q and trunk mode on one switch it worked but as soon as I did it for the other STP failed again. Read layer 3 switches can have HSRP but seems like a waste of a switch. Ive looked online and can't seem to figure it out. So my question is how do I set this up, I would like to add hosts and a server later but I can't even get this to work. Hopefully someone can help me out with this as I find it very interesting and am eager to figure it out. 

  Ok thanks again John. I will set that up as soon as I can. But the issue I was having don't know if its because of HSRP not configured but when I did identical configs on both switches I couldn't ping between Vlans unless I changed the interface, for example the interfaces between Sales to Alpha then Alpha to Marketing, using the command
  Switch(config-if)#int f0/?
  Switch(config-if)#switchport trunk encapsulation dot1q
  Switch(config-if)#switchport mode trunk
  for both interfaces.
  It worked ok until I did the same thing for the interfaces between Alpha and Beta then STP turned off and everything started blinking. But I had to because I couldn't get to Accounting without doing that to Beta since STP blocks ports and sends traffic through Beta also.The I tried using the same command on all the interfaces for Vlan switches Sales, Marketing, Acc instead of Alpha or Beta to try something different and same thing happened. Not sure if you know why its happening? Wrong interface encapsulation or mode on either side? needed HSRP? 
  Basically if I change all interfaces on Alpha and Beta to dot1q and trunk mode STP fails or if I change all the interfaces and the bottom switches to dot1q and trunk mode everything also fails.
  I guess I try what you said first if it fails I show you what I'm talking about.
  Thanks, 
  John

• Set up of Switch and router

  I just got a router and switch. I am studying for the ccna. How do I initially connect to them with a pc? I have the Console cable.

  As the other posters have noted, if using a Windows PC, Hyperterminal can be used to access the network device's "console".
  You will need to insure Hyperterminal is using the correct comm port (the one you've connected the cable to), and insure the comm parameters match your Cisco network device's settings. Parmeters 9600/8/none/1/none will likely work (NB: these might be set if you "press" the Restore Defaults button [as also noted by Ohassairi].)

• How to set up Qos for Microsoft Lyncs 2013 in cisco Switches and Router

  Hi
  as i am new to Qos part , please send the complete qos configuration command has to apply in my cisco 2960s switchs as well as 4506 chassis(L3 mode act as my router).
  as i know from microsoft, DSCP 46 and 34 should give highest priory
  please send the completed configuration for priorities this DSCP
  thanks
  Sujish

  Hi,there,
  The rule setting should be same as in Exchange 2010,you can configure it via outlook or OWA if you have full access permission. I also believe it should be something related to Repliation,would you please check the event log to see if the
  AD and Exchange replication has completed.
  In some cases, replication can take longer depending on how many AD sites and Exchange servers in the environment:
  http://support.microsoft.com/kb/148381
  http://support.microsoft.com/kb/158989
  Hope these useful!
  Regards,
  Sharon
  Sharon Shen
  TechNet Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

• Performance of switch and router

  i am confused the different between switching capacity and forwarding rate ( performance of CE500 show at this link http://www.cisco.com/en/US/products/ps6545/products_data_sheet0900aecd80322aeb.html ), and In some data sheet such as router 1841, they say that the performance of 1841 is wire-speed performance, can anyone help to explain something about this.
  Thanks.

  Hi
  A device which is capable of transmitting traffic without slowing it down is said to work at wire-speed. That is that the processing by the device is not adding delay to normal trasmit speed.
  Switch Fabric interconnects the various components of the networking device. For eg. Line cards,forwarding engine etc. The capacity is measure in Mbps or Gbps.
  Forwarding Engine inspects packet headers; Determines outgoing line card of a packet; Rewrites the header. The capacity is measured in Mpps or Kpps.
  Data rate is the total number of Megabits-per-second (Mbps) that a networking element can handle.
  Packet rate is the number of million-packets-per-sec
  (Mpps) that the networking element can handle. The relation between the data rate and packet rate is simple:
  Packet rate (Mpps) = Data rate (Mbps)/ 8* packet size
  I think the packet size normally taken by Cisco is 64 Bytes.

• Etherchannel trunking between 2970 switch & 2851 router

  Hi.
  I'm planning to do router on a stick with my Catalyst 2970 and my Cisco 2851 router. I got it working to do router on a stick with one physical link to do interVLAN routing, but when I try to configure it using an etherchannel trunk between them, I can't get it working. Please help. Here's my running config for the switch and router:
  2970 Switch:
  <removed irrelevant info>
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  duplex full
  interface GigabitEthernet0/23
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  duplex full
  channel-group 1 mode on
  interface GigabitEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  duplex full
  channel-group 1 mode on
  interface Vlan1
  no ip address
  no ip route-cache
  interface Vlan10
  ip address 172.16.1.18 255.255.255.240
  no ip route-cache
  ip default-gateway 172.16.1.17
  2851 Router:
  interface Port-channel1
  no ip address
  duplex full
  speed 1000
  interface Port-channel1.10
  encapsulation dot1Q 10 native
  ip address 172.16.1.17 255.255.255.240
  interface Port-channel1.20
  encapsulation dot1Q 20
  ip address 172.16.2.1 255.255.255.240
  interface Port-channel1.30
  encapsulation dot1Q 30
  ip address 172.16.3.1 255.255.255.240
  interface GigabitEthernet0/0
  no ip address
  channel-group 1
  interface GigabitEthernet0/1
  no ip address
  channel-group 1
  Thank you.

  The following is a similar example , try some debuging to find encapsulation errors.
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_example09186a00800ef797.shtml
  Also see whether you are meeting the following requirements
  http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a0080094646.shtml

• Cisco Switches and Dell EqualLogic PS series integration

  Scanrio: In head office there is Dell EqualLogic PS series and in branch also same for replicaiotn from head office to branch i want to know the ios feature set of Switch and Router.

  If the Dell EqualLogic systems are using iSCSI to communicate there is no specific feature required on the Cisco gear. The Cisco gear will pass iSCSI traffic just like any other IP traffic.
  Make sense?
  Cheers,
  Brad