VRF configuration on subinterface and VLAN subinterface

Similar Messages

• Aironet 1252 doesn't broadcast SSID and VLANs

  Best regards.
  I have an autonomus AP Aironet 1252 (software version: 12.4(18a)JA1)
  I configured 3 SSID and VLANs, but the AP doesn't broadcast SSID, the vlans are working fine because I tested configuring manually the hide SSID on laptops.
  Also the AP broadcasts the SSID whe only one SSID is configured!!!
  How I can do the AP to broadcast all SSIDs?
  Thanks in advance.

  From the command line of your AP.
  Change each SSID as follows.  You want to turn off "guest-mode" and enable "mbssid" at each SSID.  Guest-mode will only broadcast one SSID, you must use mbssid  to allow all SSIDs to broadcast.
  #config t
  #dot11 ssid
  #no guest-mode
  #mbssid
  Now from each radio
  #int d0
  #mbssid
  #int d1
  #mbssid

• Cisco 877w -Configuration of subinterfaces and main interface within the same bridge group is not permitted

  Hi,
  I have another problem - after upgrade ios wirelles connection not work.
  After reload i have :
  Configuration of subinterfaces and main interface
  within the same bridge group is not permitted
  STP: Unable to get the port parameters.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  SETUP: new interface NVI0 placed in "shutdown" state
  my old configuration work propertly in the old software, but after update i have notificatio.
  Old thread:
  https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
  my current sh run:
  version 12.4 
  no service pad 
  service tcp-keepalives-in 
  service tcp-keepalives-out 
  service timestamps debug datetime msec localtime 
  service timestamps log datetime msec localtime 
  service password-encryption 
  hostname cisco 
  boot-start-marker 
  boot system flash:c870-advipservicesk9-mz.124-24.T6.bin 
  boot-end-marker 
  logging message-counter syslog 
  logging buffered 4096 informational 
  enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s. 
  aaa new-model 
  aaa session-id common 
  dot11 syslog 
  dot11 ssid ciscowifi 
   vlan 1 
   authentication open 
   authentication key-management wpa 
   guest-mode 
   wpa-psk ascii 7 050D031D26595D0617 
  dot11 wpa handshake timeout 500 
  ip source-route 
  no ip dhcp use vrf connected 
  ip dhcp excluded-address 192.168.56.1 
  ip dhcp pool CLIENT 
     import all 
     network 192.168.56.0 255.255.255.0 
     default-router 192.168.56.1 
     dns-server 8.8.8.8 194.204.159.1 194.204.152.34 
     lease 0 2 
  ip cef 
  no ip domain lookup 
  no ipv6 cef 
  multilink bundle-name authenticated 
  username marek password 7 00121A0908500A 
  archive 
   log config 
    hidekeys 
  ip tcp path-mtu-discovery 
  bridge irb 
  interface ATM0 
   description Polaczenie ADSL do ISP$ES_WAN$ 
   no ip address 
   no atm ilmi-keepalive 
   pvc 0/35 
    encapsulation aal5mux ppp dialer 
    dialer pool-member 1 
   hold-queue 224 in 
  interface FastEthernet0 
   description Edzia 
  interface FastEthernet1 
   description dom 
  interface FastEthernet2 
   description Dziadek 
  interface FastEthernet3 
  interface Dot11Radio0 
   no ip address 
   no ip redirects 
   ip local-proxy-arp 
   ip nat inside 
   ip virtual-reassembly 
   no dot11 extension aironet 
   encryption vlan 1 mode ciphers tkip 
   encryption mode ciphers aes-ccm tkip 
   broadcast-key change 3600 
   ssid ciscowifi 
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 
   station-role root 
   world-mode dot11d country AU indoor 
   no cdp enable 
   bridge-group 1 
   bridge-group 1 subscriber-loop-control 
   bridge-group 1 spanning-disabled 
   bridge-group 1 block-unknown-source 
   no bridge-group 1 source-learning 
   no bridge-group 1 unicast-flooding 
  interface Dot11Radio0.1 
   description ciscowifi 
   encapsulation dot1Q 1 native 
   no cdp enable 
  interface Vlan1 
   no ip address 
   bridge-group 1 
  interface Dialer0 
   description Interfejs dzwoniacy 
   ip address negotiated 
   ip nat outside 
   ip virtual-reassembly 
   encapsulation ppp 
   dialer pool 1 
   dialer-group 1 
   ppp chap hostname [email protected] 
   ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx 
  interface BVI1 
   description Polaczenie dla sieci LAN 
   ip address 192.168.56.1 255.255.255.0 
   ip nat inside 
   ip virtual-reassembly 
  no ip forward-protocol nd 
  ip route 0.0.0.0 0.0.0.0 Dialer0 
  no ip http server 
  no ip http secure-server 
  ip nat inside source list 100 interface Dialer0 overload 
  ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80 
  ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22 
  logging trap debugging 
  logging 192.168.56.10 
  access-list 100 permit ip 192.168.56.0 0.0.0.255 any 
  access-list 100 deny   ip any any 
  no cdp run 
  snmp-server community ciskacz RO 
  snmp-server chassis-id ciskacz 
  control-plane 
  bridge 1 protocol ieee 
  bridge 1 route ip 
  line con 0 
   no modem enable 
  line aux 0 
  line vty 0 4 
   exec-timeout 0 0 
   transport preferred ssh 
   transport input ssh 
  scheduler max-task-time 5000 
  end 
  please help - thanks!

  Hello Marek,
  I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
  In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
  Remove the Dot11Radio0.1 subinterface entirely
  In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
  In the dot11 ssid ciscowifi section, remove the vlan 1 command
  After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
  Best regards,
  Peter

• ISP Handoff and VLAN configuration...

  I am completely new to the cisco configurations, but do have some experience configuring other routers and firewalls.
  The problem I am having is configuring my cisco 2911 integrates services router to work with the IP info they provided me:
  WAN BLOCK: X.X.254.108/30
  WAN SUB: 255.255.255.252
  LAN BLOCK: X.X.255.72/29
  LAN SUB: 255.255.255.248
  USABLE IP's: X.X.255.73-78
  CUSTOMER SERIAL: X.X.254.110
  ISP SERIAL: X.X.254.109
  In the setup I am working with, the Cisco 2911 will then connect to our firewall so it will be: ISP ethernet > CISCO 2911 GE0/1> CISCO 2911 GE0/2 > fiewall...
  The ISP said I needed to "strip the VLAN" which I assumed the router should do on its own, however, I am unsure pf the IP address that I need to configure for the GE0/1 and GE0/2 interfaces... and if there is additional configuration necessary because the circut is comming to us over a metro ethernet VLAN (if thats what its called).
  THANKS SO MUCH FOR YOUR HELP!
  -Dan

  Some more info:
  Not that this makes a huge difference but our usable IP's are 74-78, not 73-78
  also, I was told by my ISP that our VLAN ID is 125 (I dont know if I need this in the configuration, I assume I don't) and that I need to 'strip the VLAN' which I am pretty sure is done by the router itself???
  Finally- since I am new to this - I was wondering if I need to configure anything on the router that would incorporate the "VLAN" - I will try simply setting the WAN interface to the xxx.xxx.254.110 and the LAN interface to xxx.xxx.255.74 and see if that works tomorrow and see if that works.
  Thanks~

• SLM2024 and VLANs

  I am trying to understand what I am doing wrong here, if anything. I am trying to seperate a lab network into 2 vlans. The fist (vlan1) is the default management vlan which has a bunch of hosts on it including the WAN gateway host. All the ports on this vlan are set to untagged, yet will accept both tagged and untagged packets. This is the default, out of the box set up for this device. All hosts on this vlan use 192.168.0.0/24.
  I added a second vlan, vlan2. I set two ports on this vlan. One I gave mobility over both vlan1 and vlan2 by setting the PVID to 1, which according to the manual simply tags all untagged packets to vlan1. I don't know why this feature exists, but I digress. This host is a bsd router with 1 Nic and on the nic I configured a vlandev or subinterface and gave it an IP for the vlan2 subnet(192.168.1.0/24). This worked fine and once I set up my routing I could talk from hosts on the default vlan(192.168.0.0/24) to the vlan interface on the router (192.168.1.0/24)
  host-192.168.0.3--->router-192.168.0.254--->routers vlan_interface-192.168.1.1
  The second vlan port on vlan2 I joined to the vlan with the "join" button. It is now a member of vlan2 exclusively. I set the the nic with 192.168.1.2/24 and pointed to the routers vlan_interface as the default gateway (192.168.1.1)
  his host cannot even talk to the gateway, let alone pass traffic accross to vlan1. I have set uop similar network segments using smc and hp procurve gear but they provide a great deal more in terms of standard features. This time around I am stuck working with this slm2024 which is "supposed" to be able to do actually 802.1q properly yet seems to be missing the necessary feautes required to actually do the job. As far as my undertanding is concerned I need to set the switch port that feeds the layer3 bsd router as a trunk. This has always been the case regardless of switch yet this is not an option on the slm2024. Has anyone ever configured more than one vlan on these things and had hosts in either vlan communicate. To confrim this I bridged the vlandev on the router to a second nic I installed. Plugged that bridged interface into a dumb switch and plugged a host into the switch. I gave the host 192.168.1.2/24 and presto it could talk to the router on vlan2, and any host on vlan1 as well as passing traffic upstream to the internet. The minute I plug that host inot a switch port on the slm2024 that is a member of vlan2 it all goes to pot. Any feedback is appreciated.

  the SLM series have all the ports set to general already.
  if you need to set a trunked port on the SLM, all you need to do is member the port to all the VLAN you need and tag them accordingly with the native VLAN being the PVID.

• EVC and VLAN Stacking

  Hi all,
  I'm trying to configure a interface with two dot1q tags but I can't do it.
  I think thats is because my line card doesn't support it but I can't find any doc to confirm it.
  I have a 7606-S chassis with two WS-SUP32-GE-3B, one WS-X6548-RJ-45 and one WS-X6516A-GBIC.
  When I try to configure a subinterface in any line module with the command "encapsulation dot1Q X second-dot1q Y" the router doesn't accept second-dot1q part of the command,
  Router(config-subif)#do sh run interface GigabitEthernet2/1.2
  Building configuration...
  Current configuration : 38 bytes
  interface GigabitEthernet2/1.2
  end
  Router(config-subif)#interface GigabitEthernet2/1.2
  Router(config-subif)#encapsulation dot1Q 3 ?
    native  Make this as native vlan
    <cr>
  I tried it in a interface of each module and always is the same output.
  After, I have tried to use service instance but I can't set encasulation under service instance configuration part,
  Router(config)#interface GigabitEthernet6/5
  Router(config-if)#service instance 1 ethernet
  Router(config-if-srv)#?
  Ethernet EFP configuration commands:
    default      Set a command to its defaults
    description  Service instance specific description
    ethernet     ethernet
    exit         Exit from ETHER EFP configuration mode
    ipv6         IPv6 interface subcommands
    mac          Commands for MAC Address-based features
    no           Negate a command or set its defaults
    shutdown     Take the Service Instance out of Service
    snmp         Modify SNMP service instance parameters
  The easy way is upgrade hardware but is not a choice now...
  Anybody know if it's possible to do it with my hardware config?
  Thanks in advance.
  David.

  Hello.
  Yes, this kind of MPLS configuration is supported on SIP400, ES20/ES40 LC, but ES20/40 requires SUP720, so SIP400 is your only chose.
  If you configure xconnect under service instance, you need SIP400 V2 SPA; if you configure under sub-interface -> just SIP400. In this case SIP400 is customer-facing LC.
  Also you have an option to configure xconnect under interface VLAN -> SIP400 should be CORE-facing LC.

• WLC2112 with Guest / Web-Auth and vlan

  Hi
  I'm trying to configure my WLC with guest SSID and vlan 10.
  The security is only set to Web-auth, and it is all working if the guest network is set to nativ vlan (1) But it seems that the http(s)://1.1.1.1/login.html is not reacheble from the guest SSID/VLAN??
  Please help.
  Management IP Address 192.168.14.252
  Software Version 6.0.182.0
  Emergency Image Version
  I have tried with ver. 5.2 also -

  I think that 1.1.1.1 is only reachable from a wireless client during webauth. They should not be able to reach that address once they have passed through the web auth page.
  Don't know if that helps, or not.

• VRF configuration on IOS-XR 4.1.

  Hi
  I have some questions about VRF configuration on IOS-XR 4.1.
  I'm trying to configure BGP routing with vrf and I get the
  following error when trying to commit my config:
  ===================================================
  address-family ipv4 unicast
  !!% 'BGP' detected the 'warning' condition 'The parent address family
  has not been initialized'
  ===================================================
  However, It is solved by configure "address-family vpnv4 unicast"
  before committing the vrfs.
  But, I'm not sure about that above configure are best practice or not.
  Q1. Do you have a best practice configuration of BGP with VRF?
  or
  Q2. I have to use "address-family vpnv4 unicast" on IOS-XR ?
  Please advice me.
  Best regards,
  Kim

  Hi Kim ,
  you must configure "address-family vpnv4 unicast" on BGP globally so you will be able to commit the configuration for the address-family.
  You can refer the below link to understand how MPLS L3VPN's are configured on IOS-Xr.
  http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.5/mpls/configuration/guide/gc35v3.html#wp1026378

• SD205 (unmanaged) switch and VLANs

  In addition to all my Cisco Catalyst (managed) switches, I have a bunch of Linksys SD205 unmanaged switches on my LAN. 
  I want to configure my network for VLANs, which means I will be changing all of my Cisco managed switches to a "trunking" configuration.   This configuration is working correctly with the Cisco Catalyst switches
  Question: can the SD205 function in this environment?  I know I can't set any of the ports on the SD205 to be "trunking", but I would like to connect the SD205 to a Cisco port that is "trunked", so the devices on the SD205 can communicate to the rest of the world.
  So far, I have not been successful, so -- maybe they just won't work in a trunked environment.  Anyone have a definitive answer?  If they simply can't do it, I'll stop wasting my time!
  Thanks
  Solved!
  Go to Solution.

  No. An unmanaged switch does not support 802.1q. It will drop any ethernet frame that has been 802.1q tagged. The only frames which go through an unmanaged switch are untagged frames, i.e. the native VLAN of the port on the Catalyst.
  If you want to use unmanaged switches you have to connect them to a port configured in access mode, member of a single VLAN. For example, you can configure a port on the Catalyst for access mode in VLAN 10 and connect an unmanaged switch to this port. Then all devices connected to the unmanaged switch will be VLAN 10. This is as much as you can do.
  But getting multiple VLANs through unmanaged switches is impossible as all ethernet frames on the unmanaged switch must be untagged.

• Help with wireless controller and VLANs

  Hi I'm trying to setup a wireless controller in preparation for a large site go live later this year. I'm struggling to get the controller and the WLAN using the correct VLAN. I want the controller on VLAN 100 and the clients on the WLAN on VLAN 200.                 
  My thought is that I would need a config similar to:
  Switchport for wireless controller management port set to trunk VLAN 100 and 200 with no native VLAN set.
  The management interface on the controller set to VLAN 100.
  A dynamic interface created on VLAN 200.
  When setup like this I can get to the controller on its management address but only from VLAN100 not from another VLAN on site or from other sites over the WAN.
  I have setup a WLAN which is set to use the dynamic interface on VLAN 200.
  I have set the AP to use HREAP and set the native VLAN as 200 and added the dynamic interface into the VLAN mappings
  When I connecting a client to the WLAN I get an address on VLAN 100.
  The switchport for the AP is set to native VLAN 100 and trunk 200 – this setup works for standalone APs at other sites.
  What am I missing?
  Also any idea why the management interface address is not routing? The netmask and gateway are set correctly.
  Thanks
  Paul

  Just to add to Steve's post... You only need to create a dynamic interface for vlan 200 if you have ap's also in local mode.  If your ap's are in H-REAP/FlexConnect mode, you don't need a dynamic interface for vlan 200.
  In you H-REAP/FlexConnect ap, you would set the wlan to vlan mapping there and the switchport configuration would be a trunk allowing vlan 100 (im assuming your native vlan for your ap) and vlan 200.  You should see something like the following:
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Replicating Configuration of Service and Content Sections

  I have 2 CSS11050 in a Active/Backup scenario useing Redundant-VIP and Virtual Routers. I want to have a script of something replicate the Service and owner section of the config form the ACtive Switch to the backup without effecting the VLAN or int sections. I tried teh Script that come in the OS but it want the redundant protocol loaded.
  Anyone have a solution or idea on how to handle this?

  I would suggest looking at this link which deals with configuration of redundancy on the CSS as well as the two types of configuration synchronizations (complete and partial) and redundant protocols.
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_500/advcfggd/redndncy.htm#xtocid4

• SSID and Vlans

  I can to have two SSIDs for all branch of my country, but each ones in a differents subnets,for example:
  Area 1
  SSID 1 : guest -> 192.168.1.1
  SSID 2 : office -> 192.168.2.1
  Area 2
  SSID 1 : guest -> 192.168.3.1
  SSID 2 : office -> 192.168.4.1
  I have configured AP-Group, and this works succesfull but only with one SSID, I need two SSID, each one associated a multiples vlans, when the user are connect to SSID guest they receive the correct ip from the subnet corresponding,(Area1 ip address of host is 192.168.1.X and the Area 2 the usuer receibe the address 192.168.3.X both using the same SSID "guest"), How I can reach this requerimients using two SSID?. Using Ap-Group or there is other methods.

  AP Group VLANs are used in a setup where a Universal WLAN (service set identifier [SSID]) is required but clients need to be differentiated (placed on different interfaces configured on the WLC) by virtue of physical LAPs they associate with. Refer URL
  http://cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml#c2

• IPMP and VLANs

  I would like to have two NICs in IPMP configuration and public connections tagged with VLANs.
  I know the naming convention when one VLAN tag assigned to the physical NIC but I do not quite understand how to add multiple VLAN tags to one NIC and VLAN tags to pseudo interfaces.
  Here is the configuration I have:
  /etc/hostname.e1000g8
  netmask + broadcast + group ipmpgroup4 deprecated -failover up addif sunsolaris10-6 netmask + broadcast + failover up
  /etc/hostname.e1000g9
  netmask + broadcast + group ipmpgroup4 deprecated -failover up addif sunsolaris10-7 netmask + broadcast + failover up
  netmask + broadcast + group ipmpgroup4 deprecated -failover up addif sunsolaris10-12 netmask + broadcast + failover up
  netmask + broadcast + group ipmpgroup4 deprecated -failover up addif sunsolaris10-13 netmask + broadcast + failover up
  netmask + broadcast + group ipmpgroup4 deprecated -failover up addif sunsolaris10-14 netmask + broadcast + failover up
  ... and here how it looks like once configured:
  e1000g8: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 13
  inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
  groupname ipmpgroup4
  ether 0:50:56:23:29:c8
  e1000g8:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 13
  inet 10.10.1.116 netmask ff000000 broadcast 10.255.255.255
  e1000g9: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 14
  inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
  groupname ipmpgroup4
  ether 0:50:56:24:f:2e
  e1000g9:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 14
  inet 10.10.1.117 netmask ff000000 broadcast 10.255.255.255
  e1000g9:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 14
  inet 10.10.1.118 netmask ff000000 broadcast 10.255.255.255
  e1000g9:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 14
  inet 10.10.1.119 netmask ff000000 broadcast 10.255.255.255
  e1000g9:4: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 14
  inet 10.10.1.120 netmask ff000000 broadcast 10.255.255.255
  Regards
  Leonid

  Does anybody familiar with setting up multiple VLANs tags on network interfaces in Solaris 10?
  Regards
  Leonid

• RPR+ and VLAN creation on Cat6500 running IOS

  I've got a 6500 running native IOS 12.1(19)E1. I want to create a new VLAN on this switch but ran across some documentation that states:RPR+ redundancy does not support a configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy.
  I am running RPR+.
  I've never done it this way before and after reading over the documentation to do this it seems to easy. It seems like I'm missing something. Can someone outline the steps to do this?
  Thanks,

  Hi Jeff,
  I believe you are referring to the following restriction in this document:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/redund.htm#wp1095579
  "RPR+ redundancy does not support configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy"
  vlan creation via vlan database has been deprecated in order to simplify the configuration process as well as to better integrate with features such as RPR+
  Here's a simple example that creates vlan10 (assume VTP transparent mode):
  Router# configure terminal
  Router(config)# vlan 10
  Router(config-vlan)#
  This document explains the process further in case you don't already have it.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/vlans.htm#wp1020848

• AP541N cluster and VLAN

  Hi.
  Simple but not obvious question.
  I've added separated wifi for guest with VLAN ID 300. Now I have 2 more access points. They are in cluster but only one is connected to smart switch SLM2008.
  Should I need to connect all of them to smart switch? I do not understand how cluster and VLAN work.

  Hello Tomasz,
  Yes. I guess you need to connect all APs to the switch (same bridged network). Clustering only makes all your AP act as one single entity ( you don't have to connect to the second AP In a cluster separately. Same wireless configuration will do).
  Refer Clustering section under the below manual for further details:
  http://www.cisco.com/en/US/docs/wireless/access_point/csbap/AP541N/administration/guide/AP541Nadmin.pdf#page139
  Hope this helps,
  Vijay
  Please rate useful posts.
  Sent from Cisco Technical Support iPad App