dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7723
share rss forum feed


BliZZardX
Premium
join:2002-08-18
Toronto, ON

2 edits

[Config] Cisco 881 help adding VLAN to FE4?

Hi all. I have a Cisco 881 router here. I want to add vlan 35 where my internet traffic runs to my WAN port (FE4). I was able to create vlan 35:
cisco#vlan database
cisco(vlan)#show
VLAN ISL Id: 35
Name: VLAN0035
Media Type: Ethernet
VLAN 802.10 Id: 100035
State: Operational
MTU: 1500

The problem I got was when I wanted to add that VLAN to my WAN interface:
cisco(config)interface FastEthernet4
cisco(config-if)#switchport access vlan 35
^
% Invalid input detected at '^' marker.

Switchport isn't an available command on Fe4. Any ideas what's wrong? My full config: »pastebin.com/raw.php?i=QVk1tpZB. Any help is greatly appreciated.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
FE4 isn't a switch port. It's an actual ethernet port.


BliZZardX
Premium
join:2002-08-18
Toronto, ON
Thanks cramer. So you're saying I should move my uplink to a switch port (Fe0-Fe3) and move the pppoe-client config into that block?

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to BliZZardX
As cramer said, fe4 is a routed port, as such should be easy to have the ISP assign a public IP address to it.

Any particular reason why you're insistent on assign it a VLAN as well?

Regards


BliZZardX
Premium
join:2002-08-18
Toronto, ON

4 edits
Hi Hellfire, my ISP runs an ethernet network with VLAN 35 for Internet service and VLAN 36 for IPTV. I am using my own VDSL2 bridge instead of their rental bridge router combo where these settings are pre-configured and nobody else really worries about them.

If customers are not on 35 or 36, the pppoe client cannot communicate with the DSL access concentrator, and they won't get a connection.

If it helps to give a working example to relate to, in linux I can do vconfig add eth0 35 to create a new virtual interface, ifconfig eth0.35 up, make sure my ppp-client conf file connects on eth0.35, type pon dsl-provider, and then the connection comes up with a public IP.

Basically trying to get the same thing going here with a more power efficient, less noisy and stable 881.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to BliZZardX
VLAN 35 / 36, or do you mean VPI/VCI 0/35, BliZZardX?

Dumb question, does the VDSL modem you're using right now sync properly on its own?
If it is, VLANs shouldn't come into the 881's config at all.

Regards

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
If the feed to the modem is VLAN tagged, it does. (see recent-ish thread w.r.t. BT and VLAN 100) If it's like my 3745, you'd add "vlan-id dot1q 35" to the config. (or set the encap to dot1q and use subinterfaces.)

[See Also: »supportforums.cisco.com/docs/DOC-12746]


BliZZardX
Premium
join:2002-08-18
Toronto, ON

3 edits
reply to HELLFIRE
Hellfire I mean VLAN 35/36, I remember modems needed VPI/VCI preconfigured for ADSL though. The modem I have now syncs fine but it's just a dumb bridge, you have to use your own router behind it: »Re: [DSL] Cellpipe random reboots / loss of sync (Check logs ple. My ISP use the same setup for their GPON network. Customers get an optical to ethernet converter/bridge. If you want to use your own router instead of the pre-supplied one you have to match up the VLANs.

cramer I tried looking for that vlan-id dot1q option, it's not under interface Fe0-4 :(

The only place I found dot1q was this:
cisco(config-if)#dot1q tunneling ethertype ?
0x88A8 dot1q tunneling etype 0x88A8
0x9100 dot1q tunneling etype 0x9100


BliZZardX
Premium
join:2002-08-18
Toronto, ON
reply to BliZZardX
I just drew this network diagram, maybe it helps to understand the setup better

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to BliZZardX
Then you'll need to use a subinterface. (click the link I gave you to see BOTH methods.) Keep in mind PPPoE may not work on a subinterface. (that's why vlan-id was created.) The other option is to connect the modem to a switch (external, or the internal 881's switch) that can handle the tags.


BliZZardX
Premium
join:2002-08-18
Toronto, ON
Thanks cramer, does this look right?

interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN
duplex auto
speed auto
!
interface FastEthernet4.35
description Subinterface for Internet over VLAN35
encapsulation dot1q 35
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pppoe enable group global
pppoe-client dial-pool-number 1


BliZZardX
Premium
join:2002-08-18
Toronto, ON
reply to cramer
The alternative of connecting to the 881 internal switch: I could have a cable going from my VDSL bridge to Fa3 with 35,36 tags added on, setup a bridge between Fa3 and Fa2, and plug Fa2 into Fa4? Is that what you mean?

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
No. Once VLANs 35 and 36 are setup on the internal switch, there will be VLAN35 and VLAN36 virtual interfaces. (just like there's a VLAN1 interface now.)


BliZZardX
Premium
join:2002-08-18
Toronto, ON

2 edits
Once 35 is in the VLAN database I just rename the Fa4.35 interface to Vlan35? I must remove the encapsulation option as well that is not available.

interface Vlan1
description LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Vlan35
description Internet
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
pppoe enable group global
pppoe-client dial-pool-number 1
!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
The vlan database is for the SWITCH. Fe4 is not a switch interface.

Fe1-3 are switch interfaces. The are configured as tho you have an IOS based switch. They are L2 interfaces; they cannot have ip addresses, etc. You put them in specific VLAN(s) and configure higher level protocols (IP) per vlan.

Fe4 is a routed interface. It is configured like any other IOS routed interface. You configure each vlan as a subinterface. General convention is to number the subintf the same as the vlan, but this is not required.


BliZZardX
Premium
join:2002-08-18
Toronto, ON
I get the vlan database is for the switch and the routed interface doesnt support vlans.

So are you saying I can't use Fe4 at all & I should move the internet cable over to Fe3?

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
NO. [censored] That is not what I said.

Stop wasting time on the internet. Go try some configurations and see what does and does not work. There's a dozen ways to do what you want done.


BliZZardX
Premium
join:2002-08-18
Toronto, ON
No need to blow a gasket. I have tried a few combinations and nothing works so far, can you paste an actual config to show what you're saying?
--
Fiber Optics are the future of high-speed internet access. Stop by the BBR »Fiber Optic Forum.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
»Re: [Config] Cisco 881 help adding VLAN to FE4? should work as long as pppoe is supported on a subinterface.

»Re: [Config] Cisco 881 help adding VLAN to FE4? should work as long as the interface is "no shut" (and pppoe is supported on vlan interfaces.) This also assumes you've assigned a switch port (one of Fe0-Fe3) as a trunk port (switchport mode trunk) and set the correct vlan list (switchport trunk allowed vlan 35-36)


BliZZardX
Premium
join:2002-08-18
Toronto, ON
OK thanks. I switched the cable to Fe3 earlier tonight and have been playing with that config since.

Turning Fe3 into a trunk port seemed to work, my PPP light lit up:

interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport mode trunk
switchport trunk allowed vlan 35-36
!
interface FastEthernet4
!
interface Vlan1
description LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Vlan35
description Internet
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan36
description IPTV
no ip address

ping works, dns works.. that was the hard part, now I can work on getting my computers connected. Thanks cramer.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to cramer
/ hands cramer a cold brewski

Regards


BliZZardX
Premium
join:2002-08-18
Toronto, ON