[c-nsp] Cisco VLAN configuration - total newbie

Crooks, Samuel scrooks at aristocrat-inc.com
Thu Aug 12 23:56:11 EDT 2004 

Nate:

A couple things;


I don't have the equipment you have (2950 and 7200), but seems to me
that I couldn't create a subinterface on a 1700 series FastEthernet int
without first removing it's IP... last time I tried...

I think you should:

Create 2 subnets of appropriate size from your block, and have the
customers re-address themselves into the IP range you allocate to
them.... set their access ports into the right VLAN's.  (don't use VLAN
1 for customer VLAN's)...it sounds like you are using a /24  ... you
could subnet this or use another range for each customer, and give each
one a /24 or larger, depending on your network...

Remove the IP on the fa2/2 int in the VXR

Setup a dotq1 trunking on the VXR fa2/2 interface and the uplink
interface from the 2950.

Configure 2 subinterfaces on fa2/2  numbered the SAME as the VLAN
numbers for each customer (it helps keep things straight to have the
VLAN correspond to the subinterface)

Assign the first host IP (or last.. your preference...I prefer first IP
in the range to be the router interface) in the range to the
subinterface as it's IP address.


This article may help:

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configura
tion_example09186a00800ef797.shtml


Sam Crooks


------------------------------

Message: 9
Date: Wed, 11 Aug 2004 16:44:04 -0500 (CDT)
From: Nate Carlson <natecars at real-time.com>
Subject: [c-nsp] Cisco VLAN configuration - total newbie
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Message-ID:
	<Pine.LNX.4.58.0408111636040.14671 at enchanter.real-time.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII

Hey all,

I'm a total newbie to Cisco VLAN configuration, and mostly a newbie to
VLAN's in general. I'd like to reconfigure one of my networks so that I
have a bit more control over it; here is what the network currently
looks
like:

Cisco 7206VXR
	e2/0	IP: 10.0.0.254/24, connected to a cisco 2950 switch

Cisco 2950
	vlan1: 	IP: 10.0.0.253/24
	fa0/23:	uplink to e2/2
	fa0/24:	monitor
	fa0/1-22:	customers directly connected

The customers directly connected to fa0/1-22 just use IP's out of the
/24; 
kind of an ugly config, since any of them can just take another person's

IP and such.

I'd like to set up what I believe is called 'VLAN Trunking', where each 
individual port of the 2950 is assigned to a VLAN, and a virtual
ethernet 
interface is created on the 7206 with a gateway IP for them. Here is the

configuration that I tried:

7206 config:

--
interface Ethernet2/2
 ip address 10.0.0.254 255.255.255.252
 no ip directed-broadcast
 ip route-cache flow
 no ip mroute-cache
 full-duplex
!
interface Ethernet2/2.101
 encapsulation dot1Q 101
 ip address 10.0.0.6 255.255.255.248
 no ip directed-broadcast
--

2950 config:

--
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 101

interface FastEthernet0/23
 ip address 10.0.0.253 255.255.255.252
--

When I bring up the 2950, I am able to ping 10.0.0.254, but a box 
connected to Fa0/1 with the IP of 10.0.0.1 is not able to ping 10.0.0.6.

I know I'm missing something basic (may be going around this the totally

wrong way); I'd appreciate it if someone could clue me in. Thanks!

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500



------------------------------

Message: 10
Date: Wed, 11 Aug 2004 22:54:38 +0100
From: "Ryan O'Connell" <ryan at complicity.co.uk>
Subject: Re: [c-nsp] AS5300 + RADIUS - IP Address Assignment
To: mtinka at africaonline.co.sz
Cc: cisco-nsp at puck.nether.net
Message-ID: <411A959E.4030504 at complicity.co.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed

Mark Tinka wrote:

>I have a situation where 2 providers, ISP A and ISP B are sharing a
single 
>AS5300.
>
>Both ISP's have their own circuits to their upstreams, and even though
both 
>their customers would be dialing the same NAS, they don't want one ISP
to 
>provide the Internet connectivity for both sets of customers.
>  
>
[snip]

Even if you find a way of doing this, it won't do what you want because 
IP address assignments can only influence inbound traffic - you would 
also need to make the outbound traffic go via the correct route.

If each ISP has their own T1/E1 to the AS5300, you could possibly put 
each one in it's own VRF - I have no idea if the AS5300 suppots VRFs 
however. Another alternative is to tunnel the calls over L2TP to 
seperate routers for each ISP... again, no idea if the AS5300 can do 
that but it's starting to get into the kind of sutuation where you might

as well just buy another AS5300.

-- 
         Ryan O'Connell - CCIE #8174
<ryan at complicity.co.uk> - http://www.complicity.co.uk

I'm not losing my mind, no I'm not changing my lines,
I'm just learning new things with the passage of time



------------------------------

_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp


End of cisco-nsp Digest, Vol 21, Issue 36
*****************************************

More information about the cisco-nsp mailing list