Vlan Interface on a 2691 router

Similar Messages

• SG500 in L3-Mode: new VLAN Interface won't create route

  Hello,
  i have some SG500 in a stack.
  The Stack has Routing enabled and everything works as expected.
  But now i created a new VLAN10, assigned an IP-adresse and i'm not able to route into this vlan.
  There is no entry in the routing table. In VLAN10 are 2 members: one LAG (tagged) and one port untagged.
  Also deleting and recreating then vlan10 interface does not solve anything.
  How can i get my stack routing into vlan10 ?
  CiscoStack#show ip int
      IP Address         I/F      I/F Status      Type     Directed   Precedence   Status
                                  admin/oper               Broadcast
  192.168.10.254/24   vlan 10    UP/UP         Static      disable    No         Valid
  192.168.102.254/24  vlan 2     UP/UP         Static      disable    No         Valid
  192.168.112.2/24    vlan 9     UP/UP         Static      disable    No         Valid
  192.168.160.253/22  vlan 1     UP/UP         Static      disable    No         Valid
  CiscoStack#show ip route
  Maximum Parallel Paths: 1 (1 after reset)
  IP Forwarding: enabled
  Codes: > - best, C - connected, S - static
  S   0.0.0.0/0 [1/1] via 192.168.160.1, 01:20:09, vlan 1
  C   192.168.102.0/24 is directly connected, vlan 2
  C   192.168.112.0/24 is directly connected, vlan 9
  C   192.168.160.0/22 is directly connected, vlan 1

  Hello,
  i have some SG500 in a stack.
  The Stack has Routing enabled and everything works as expected.
  But now i created a new VLAN10, assigned an IP-adresse and i'm not able to route into this vlan.
  There is no entry in the routing table. In VLAN10 are 2 members: one LAG (tagged) and one port untagged.
  Also deleting and recreating then vlan10 interface does not solve anything.
  How can i get my stack routing into vlan10 ?
  CiscoStack#show ip int
      IP Address         I/F      I/F Status      Type     Directed   Precedence   Status
                                  admin/oper               Broadcast
  192.168.10.254/24   vlan 10    UP/UP         Static      disable    No         Valid
  192.168.102.254/24  vlan 2     UP/UP         Static      disable    No         Valid
  192.168.112.2/24    vlan 9     UP/UP         Static      disable    No         Valid
  192.168.160.253/22  vlan 1     UP/UP         Static      disable    No         Valid
  CiscoStack#show ip route
  Maximum Parallel Paths: 1 (1 after reset)
  IP Forwarding: enabled
  Codes: > - best, C - connected, S - static
  S   0.0.0.0/0 [1/1] via 192.168.160.1, 01:20:09, vlan 1
  C   192.168.102.0/24 is directly connected, vlan 2
  C   192.168.112.0/24 is directly connected, vlan 9
  C   192.168.160.0/22 is directly connected, vlan 1

• VLAN trunk from switch to router

  We have a 2691 cisco router and a Linksys (cisco) 24 port switch.
  Each E port is set with a different untagged VLAN ID grouped to G1 uplink port and is tagged
  The G1 port then is trunked and is tagged to native VLan 1
  One of the router ethernet ports is configued as
  interface FastEthernet0/0
  description $ETH-LAN$
  no ip address
  ip flow ingress
  duplex auto
  speed auto
  no cdp enable
  interface FastEthernet0/0.1
  description $ETH-LAN$
  encapsulation dot1Q 1 native
  ip address 216.110.213.1 255.255.255.0
  ip flow ingress
  no snmp trap link-status
  no cdp enable
  Is this correct ?
  Problem is all VLAN E ports on switch cannot get past the router.
  Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
  The config of the switch was verified with Linksys as being correct which leaves a router config issue
  So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
  Thanks for any help for cisco and linksys have been no help solving why servers on switch with vlan cannot see past router
  JR

  Is this correct ?
  A: The configuration above says that vlan 1 is native vlan, which means the router is expecting a "raw" packet to belong to vlan 1. "raw" packet menas it does not have any vlan id, I do not want to use "tag" coz "tag" might mean something else to Linksys. So, if it's "raw" as in if a PC transmit a packet, it will have no vlan id field.
  Problem is all VLAN E ports on switch cannot get past the router.
  Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
  A: If you mean, they can ping the 216.110.213.1 and beyond 216.110.213.0/24 then that would be expected.
  The ports that belongs to other vlans will need a default gateway of their own, they cannot use the vlan 1 gateway because they are in different subnet. from the cofnig above, you only have sub-interface for vlan 1, do you have sub-interface for other vlans? If not, you need it.
  The config of the switch was verified with Linksys as being correct which leaves a router config issue
  So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
  >> This goes back to above, native vlan on cisco router will be the only vlan the router will expect with no vlan id, otherwise, everything the router rx with no vlan id or dot1q encapsulation will be assumed that it belongs to vlan 1. do you have other sub-interfaces on the 2691 for the other 24 vlans?
  Please rate all posts.

• Could I use "vlan interface" as a tunnel source of DMVPN ?

  I have a router R2811 with a 9 port FE Switch module(HWIC-D-9ESW).
  Could I use vlan interface as a tunnel source when configuring DMVPN ?
  The vlan ports is on the 9 port FE Switch module.
  Because it's used now in production,I can't try it.

  Hello.
  I think there is no restriction on software routers like 2811.
  PS: using loopback could be a better idea.

• VLAN Interface Command

  Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
  However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)

  Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
  It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
  If still no worky worky, post your config.
  Cheers,

• WLC - 4402/4 - Vlan Interface Addressing

  I currently have 7 WLCs with the same Vlan interfaces defined across all 7 controllers. Does anyone know the best practice for addressing these interfaces on each of the WLCs. I currently have each unique Vlan interface assigned with the same IP address across all 7 WLCs. This is working. Should I leave it this way or should I assign each controller with a different address for the Vlan interface?

  The controllers, assuming you have it configured as such, act as dhcp relay agents. Presumably, if the router got the wrong mac address in its arp entry, the dhcp message would be lost.
  Clients could have taken a while before getting a dhcp addr (race condition for router arp entry) and not been able to work if dhcp was required.
  That said, I've seen the controllers work with the dhcp server set to 255.255.255.255 so the ip helper addresses on the routers would pick up the requests.

• High VLAN Interface utilization (6500/sup720)

  Can anyone tell me why a VLAN interface would show 100% utilization for a givin VLAN? This is a sup720 we're talking about.
  I understand that the bandwidth of a virtual interface is 1Gig but I thought this was more related to routing metric.
  Users were actually seeing performance issues until we changed how the servers on this particular interface were replicating. Once we did this the VLAN interface utilization went down and performance went up.
  It doesn't make sense to me that the VLAN interface would limit the actual throughput of the various ports that are mapped to it. Throughput should be related to the switch module 61xx, 65xx, 67xx and how it interfaces to the backplan and the backplan speed itself.
  Any insights would be helpful......

  If the layer 3 SVI was showing 100% that means it had a lot of traffic that was being layer 3 processed switched instead of hardware switched . Normally most traffic is hardware switched within the ASICS and never even gets passed up to that layer . What would cause this I'm not sure .

• VPLS with IP in the vlan interface

  I have this config in a Cat6500:
  l2 vfi XXX manual
  vpn id XXX
  neighbor 1.1.1.1
  interface vlan XXX
  ip addrr 2.2.2.2
  xconnect vfi XXX
  With this config I can't reach from 6500 other equipments on this vlan with vpls.
  It is ok to setup an ip address in a VLAN interface even if the interface have VPLS "xconnect" configuration?

  Hi Guys,
  I would like to put my idea only but i do't know if it is correct or not.
  but if we defice any ip address on the interface than this will help us to improve anything but will appear in the routing table of PE router and it could be a part of it's routing and MPLS which is not required.
  secondly we are trying to emulate layer2 briedge accross the VPLS backbone not the Layer 3 switch domain. than it could be possible that you configure routing accross the backbone but there is no such kind of mechanism to enable routing.
  please rate if it helps.
  Kamlesh SHarma

• FWSM vlan interface

  Hello, quick question I hope someone can help with.
  Is it possible for me to create 2 vlan interfaces on the 6500 and have them both in the same subnet?
  For a specific customer requirement I would like to have a vlan interface on the 6500 as default gateway, sat in it's own vrf, and then route all traffic inbound and outbound to this vlan through the FWSM interface, preferably in the same subnet. I don't think this will be possible so just looking for confirmation either way.
  As I will be running EIGRP between a pair of central 6500's and 2 remote offices it will make things much easier for me advertise the connected FWSM interfaces in to EIGRP for access in/out of all my VRF'd subnets. If I need another subnet for each VRF FWSM next hop then I'll have to reditribute a list of statics which I don't really want to do.
  The reason I am not just using the FWSM as gateway is because I need to run HSRP across 3 different devices (another 6500 in a second suite), and failover FWSM will only give me 1 level of redundancy for those gateways.
  Hope that makes sense, let me know if you have further questions.
  Thanks

  Thanks Marvin. You do understand the question, and it occurred to me after writing the above that I could just use a single FWSM inside interface and route in and out of each VRF via that 1 interface (All VRF's belong to a single customer, just required for segregation of internal traffic).
  The third 6500 running HSRP will be located in a DC 100km away connected via dual 1Gb circuits (3ms latency), and has it's own default route to a pair of ASA 5520's. If both FWSM's go down then the gateway will go live in the second site and traffic will be switched over our SP qinq tunnel to that gateway. Relevant BGP bits (MED), etc. will also be in place for seemless failover and traffic flow to and from the /23 pi range peered with the same ISP in each location..
  Thanks again.
  Chris

• Ipv6 Vlan Interface EUI-64 assignation problem

  Hello, I have 2 routers 1800 series with switch modules incorporated connected with IPv6. Everything is working fine except for the problem that when I assign an IPv6 address to a Vlan (using the EUI-64 format to the switch ports), it assigns the SAME interface id (last 64 bits of the IPv6) of a fastEthernet port (FE 0/0), to the vlan, causing an error problem of duplicity:
  " c..T, overlaps with another prefix "
  Why does the EUI-64 assigns the MAC address of the FastEthernet ports instead of the ones in the switch modules?

  Thanks for the reply, but I just solved the problem. The problem was with the command IPV6 ADDRESS AUTOCONFIGURATION. This command definitely brings up a lot of trouble with VLAN ipv6 address assignation.
  After some testing I concluded that:
  1- If one interface has the IPV6 ADDRESS AUTOCONFIGURATION mode on, the interface could end up with more than one ipv6 global interface address.
  2- You cannot assign this mode to a vlan interface without getting into configuration problems.
  3- If a FastEthernet Interface has this mode on(IPV& A. A.), the router does not let you assign a global unicast address to the vlan interface, and gives the following error message:
  %IPV6-6-ADDRESS: 3FFE:C00:C18:F100:213:C4FF:FE44:4961/64 can not be configurex
  4- For the VLAN`s Interface ID you have to manually assign the link local address with the command line
  IPV6 ADDRESS FE80::1 (or any other unique link local address) LINK-LOCAL.
  This is for Vlans that are in a switch module of the same router.
  All this testing was for a Cisco router 1800 series with a switch module integrated in the router.
  Could be that this command is used for other specific occasions which I am not aware of.
  Regards,
  Grupo GTD

• Catalyst 2912 additional Vlan interface won't come out of "shutdown"

  I've got an old 2912 and I'm currently converting this network over from using the dafault Vlan1 as the administrative Vlan. I've configured an additional Vlan interface but when I do a no shut on the interface it will not come up. Any idea what's going on? I haven't worked on a 2912 in years.
  interface VLAN1
  ip address 169.2.128.226 255.255.255.192
  no ip directed-broadcast
  no ip route-cache
  interface VLAN299
  description MGMT
  ip address 10.227.95.136 255.255.255.128
  no ip directed-broadcast
  no ip route-cache
  shutdown

  OK, I'll answer my own question. I found the answer in some 2912 documentation. "Only one management vlan can be administratively active at a time".

• ASA 5545-X SVI/Vlan Interface

  I am looking to deploy ASA 5545-X with Layer 3 Vlan Interfaces, the device out of the box dosent let you create vlan interfaces. Is there any module available which enables to create Switch Virtual Interfaces.
  I was looking at I/O 6 ports Gigabit Ethernet card, but wanted to make sure before ordering.
  Many Thanks                  

  Hi,
  You are only able to configure Sub Interfaces for the Vlan ID on your ASA model.
  You can only configure actual Vlan interfaces with ASASM and ASA5505 model. This relates to the fact that ASA5505 has a switch module while your model does not.
  I have no expirience with the ASASM but I would imagine its similiar to the FWSM which also used Vlan interfaces as its a module in an actual larger switch/router platform.
  You can check this limitation from the Command Reference also
  interface vlan For the ASA 5505 and ASASM, to configure a VLAN interface and enter interface configuration mode, use the interface vlan command in global configuration mode. To remove a VLAN interface, use the no form of this command. interface vlan number no interface vlan number Syntax Description
  number
  Specifies a VLAN ID.
  For the ASA 5505, use an ID between 1 and 4090. The VLAN interface ID is enabled by default on VLAN 1.
  For the ASASM, use an ID between 2 to 1000 and from 1025 to 4094.
  - Jouni

• Vlan Interface state constantly disabled

  Hi.
  I have a SF500 in layer 3 mode. I have 5 vlans (10,100,200,201,202)
  Of these 5 vlans, each one has a vlan interface configured.
  However, vlan 10 and 202 don't have an IPv4 route (which is created automatically I believe).
  I had a look and the vlan interface state is set to 'Disabled' (yes I'm using the GUI...)
  Whenever I click 'Edit', it brings up the new window, but it has a tick in the Enabled box. Unchecking and applying and then checking and applying makes no difference.  I just can't seem to change the state of the vlan interface.
  Am I missing something weird?
  Cheers.
  Andy

  Hi.
  Thanks forumers!! 
  Turns out that even thought it was assigned to an interface, the static route never appeared until the end device was connected (even if you tried to access that vlan from a different vlan).
  For example, the internal interface vlan 1 (192.168.1.254) would never have a route added until a device appeared on a vlan1 port - even if a device on a vlan2 port had access to vlan1,  it didn't recognise it as being valid.
  Many thanks for your help!
  Andrew

• EIGRP IPv6 and VLAN interfaces

  We've found that we have to set static link local IPs when two routers might peer over multiple VLAN interfaces.
  The issue is that the routers, 6500s with sup720s, utilize the same autoconfig'd link local address on each VLAN interface.   EIGRP IPv6 refuses to peer with the other router on multple VLANs when the link local are the same.
  Anyone else encounter this?   Did we miss a config option that would force unique link locals on different VLANs interfaces?
  Because of this issue, we've made it our best practice to configure static link local for all inter-router transits.

  HI Gary,
  I had a setup with SU720 on 2 7600s and I am able to enable the neighborship without any issues. I didnt configure static link local as below,
  Ryanair#show ipv6 int vlan 500  | inc FE
    IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
  Ryanair#sho ipv6 int vlan 501 | inc FE
    IPv6 is enabled, link-local address is FE80::21C:B0FF:FEB5:6D00
  Ryanair#show ipv6 eigrp nei
  EIGRP-IPv6 neighbors for process 100
  H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                              (sec)         (ms)       Cnt Num
  1   Link-local address:     Vl501             11 00:15:51  816  4896  0  13
      FE80::222:55FF:FE17:25C0
  0   Link-local address:     Vl500             11 00:17:14    1   200  0  12
      FE80::222:55FF:FE17:25C0
  Ryanair#
  Can you let us know the version on oth the devices?.
  Regards,
  Nagendra

• PING TO ACE VLAN INTERFACES

  Hi,
  I am not able to ping the VLAN interfaces defined on the ACE devices unless directly connected to the subnet.
  I tried options - defining Access-list,service-policy.I can ping the servers behind the ACE but i cannt ping the ACE vlan interface.
  I captured the traffic on the ACE.I cannt see any traffic on the interfaces if i ping the VLAN ip address.I can see the traffic if i am pinging the host behind the ACE.
  Is there any option available to enable icmp on the interfaces.

  In order to ping the Vlan Interface you just need management policy applied to the vlan interface.
  Class-maps used in the management-policy
  defines the source addresses from where these management accesses are allowed.
  If you can ping the interfaces from locally connected subnets but not from the remote subnets then there could be 2 reasons.
  1. Some routing issues
  2. Source IPs in Management class maps are not defined.
  Following is an example of typical management policy
  #Allow telnet & SSH from these ip addresses
  #Allow ICMP from any source
  class-map type management match-any MGMT-CLASS
  10 match protocol telnet
  20 match protocol ssh
  30 match protocol icmp any
  policy-map type management first-match MGMT-POLICY
  class MGMT-CLASS
  permit
  interface vlan 10
  ip address x.x.x.x 255.255.255.0
  service-policy input MGMT-POLICY
  no shutdown
  interface vlan 20
  ip address y.y.y.y 255.255.255.0
  service-policy input MGMT-POLICY
  no shutdown
  Syed Iftekhar Ahmed