Cisco switches+Router and Win2k server

Unfortunetly the 1720 does not support inter-VLAN routing, the 1721 and up does. Also you MUST run IP Plus IOS code or better.

Here is a sample switchport config off switch:
!
interface FastEthernet0/1
description TRUNK TO INTER-VLAN ROUTER
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
duplex full
speed 100
!
*** dont forget to add the vlans to the vlan database!!!!

Here is the router interface that it is plugged into:
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
description VLAN1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.2
description VLAN2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.3
description VLAN1
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0

After port 1 on the switch is configured, and the router interface is set you can put put the remaining switchports into their "access" vlan (including the server which only needs to be in one vlan if you use the IP helper command on the subinterfaces on the router.)

This can be confusing stuff to get a grasp on, if you need clarification please feel free to drop another post on this thread.

THANK you very much for your generous and kindness Help. I will try it tonite. I should by 1721 instead of 1720 :(. I will look at Ebay to see any good deal on 1721.

Timolthy

Unfortunetly the 1720 does not support inter-VLAN routing, the 1721 and up does. Also you MUST run IP Plus IOS code or better.

Here is a sample switchport config off switch:
!
interface FastEthernet0/1
description TRUNK TO INTER-VLAN ROUTER
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
duplex full
speed 100
!
*** dont forget to add the vlans to the vlan database!!!!

Here is the router interface that it is plugged into:
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
description VLAN1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.2
description VLAN2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.3
description VLAN1
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0

After port 1 on the switch is configured, and the router interface is set you can put put the remaining switchports into their "access" vlan (including the server which only needs to be in one vlan if you use the IP helper command on the subinterfaces on the router.)

This can be confusing stuff to get a grasp on, if you need clarification please feel free to drop another post on this thread.

FYI all 2600's support dot1q routing, even the plain old 2610 as long as you are running at least 12.2 IP Plus. These may be cheaper than a newer 1721.

Thank you for the Post. I just checked ebay, yea, 2620 is about less than $200 used. I am looking for router with two 100MB ports - are there exist? or would be way more expensive?

Other note: As previous note, my Win2k server-3 DHPC Scopes will be plug in port 1 (Vlan1). How about the router? which port on swtich I should connect to?

The 1720 that I have, there are two NIC ports, 1 is module plug-in, I believe it's 10MBps and it's for WAN/DSL something, the other port is 100MBps for LAN.

Thanks again.

Timolthy

FYI all 2600's support dot1q routing, even the plain old 2610 as long as you are running at least 12.2 IP Plus. These may be cheaper than a newer 1721.

The smallest Cisco router with two 10/100 ports built in that I am aware of is the 2621.

I usually use the first port on the first switch to plug in my router and configure it as a trunk. I also use a special color cable in production networks to warn admins that it is special, then label it, my best practice.

I would plug your server into port 2 and make it vlan 1 only. Configure your three scopes on the server (did you know you could run a dhcp server on the router itself? check out www.routergod.com for a tutorial) On the subinterface of vlan 2 and 3 on the router put an ip-helper pointing to the ip of the server, dhcp should be served! Ip-helper has a tutorial on routergod too if you want to know all the ports being forwarded.

BTW there should be a model number on that card "WIC-????" which card to you have in your 1720?

You can connect the server with aany switch port, configured with Vlan 1.
For router which will support your requirement is:

1. 2611 XM
2. 2621
3. 2621 XM
4. 2651
5. 2651 XM
etc.

Raj

Hi w1r3sp33d,

It was a while that I was no able to resume.

I did setup as you suggested. the VLANs can communicate between Vlans; however, they can not get IP address from the DHCP server. Only ports on Vlan1 are able to get. ports on Vlan2 and Vlan3 are not able to. In Win2kSrv DHCP server, I did create 3 scopes, 192.168.1.x for VLAN1, 192.168.2.x for VLAN2, and 192.168.3.x for VLAN 3. (only 1 interface is connected to port on VLAN1 - Not Trunking port)

Are there any additional settings I have to proceed?

When there is an IP discover packet how the Win2kSrv would know which VLAN it come from and which scope it would release IP?

Thanks,

I think you need Trinity's help: http://www.routergod.com/trinity/

Probably much more info than you need, but it will address other issues with splitting a M$ environment across subnets without adding remote servers.

Trinity was so good !

Please shred the light further:
"Well, put you ip helper-address command on the interface that receives the broadcasts, then in global config mode enter the command: ip forward-protocol udp 2000 and that should do the trick."

My DCHP Srv IP address 192.168.1.1 with 3 scopes (1.x, 2.x and 3.x), the Switches IP is 192.168.1.2, and the router IP is 192.168.1.3.

Should I enter command ip helper-address in every ports (interface) and which IP shall be input after 'ip helper-address'? I assume 192.168.1.1 across all the ports of all Vlans?

Mille Thanks.

Timolthy

You will only need IP helper at your layer three boundry, ideally your intervlan router.

Here is a pair of examples from today if it helps. The router should have a sub interface for each subnet/vlan with a VLAN id and a IP address, add a ip helper to each pointing to your server. MAKE SURE YOU HAVE ALL VLANS ACTIVE Then you add a scope for each subnet and they should auto magically get IP's to the right vlans from the correct scopes.

************************Router:
!
interface GigabitEthernet0/0
description Local LAN
no ip address
duplex full
speed 100
!
interface GigabitEthernet0/0.1
description *** Local Data VLAN ***
encapsulation dot1Q 1 native
ip address 10.128.6.1 255.255.255.0
ip helper-address 10.127.30.110
!
interface GigabitEthernet0/0.2
description *** Local Voice VLAN ***
encapsulation dot1Q 2
ip address 10.129.6.1 255.255.255.0
ip helper-address 10.127.30.110
!

************************Switch:
!
interface FastEthernet0/1
desc *** 802dot1Q trunk to 2821 ***
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
duplex full
speed 100
!

Does this shore it up? If not let us know where you need more assistance.

Please see the show run - Thnks. Timolthy

PC
||
Catalyst 2950 Port/12 <----- Hub ------> Cisco Router (192.168.22.1)
||
||
DCHP server (192.168.22.20)

The Vlans can ping between them in static ip addresses
can not get IP address from DCHP srv
(3 scopes, 22.x vlan1, 33.x vlan2, 44.x vlan3)

-------------------

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1
=================

vlan 2
name VLAN2_33.x
!
vlan 3
name VLAN3_44.x
!
vlan 100
!
interface FastEthernet0/1
switchport trunk allowed vlan 1
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport trunk allowed vlan 1
switchport mode access
no ip address
!
interface FastEthernet0/3
switchport trunk allowed vlan 1
switchport mode access
no ip address
!
interface FastEthernet0/4
switchport trunk allowed vlan 1
switchport mode access
no ip address
!
interface FastEthernet0/5
switchport access vlan 2
switchport trunk allowed vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/6
switchport access vlan 2
switchport trunk allowed vlan 2 <-- If I turn off this then cannot ping other
switchport mode access
no ip address
spanning-tree portfast trunk
!
interface FastEthernet0/7
switchport access vlan 2
switchport trunk allowed vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/8
switchport access vlan 2
switchport trunk allowed vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/9
switchport access vlan 3
switchport trunk allowed vlan 3
switchport mode access
no ip address
!
interface FastEthernet0/10
switchport access vlan 3
switchport trunk allowed vlan 3
switchport mode access
no ip address
!
interface FastEthernet0/11
switchport access vlan 3
switchport mode access
no ip address
!
interface FastEthernet0/12
switchport mode trunk <-- Did not show allowed vlan all
no ip address
duplex full
speed 100
!
interface Vlan1
ip address 192.168.22.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.22.20 <-- DHCP Srv IP.connected to port 12)
ip http server

+++++Switch interface fa 0/12 +++++

(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
pruning Set pruning VLAN characteristics when interface is in trunking mode

(config-if)#switchport trunk allowed vlan all
--- available to set and has been set

Options available:

(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
pruning Set pruning VLAN characteristics when interface is in trunking mode

(config-if)#switchport trunk pruning vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list

++++++++++++++

ALSO: in any port if I turn off the 'switchport trunk allowed vlan x' then it will not be able to ping to other vlan ip address (diff subnet)

=====================

Router

interface FastEthernet0/0
no ip address
no ip redirects
ip local-proxy-arp
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.22.1 255.255.255.0
ip helper-address 192.168.22.20
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.33.1 255.255.255.0
ip helper-address 192.168.22.20
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.44.1 255.255.255.0
ip helper-address 192.168.22.20 <-- DHCP Srv IP addr.

on the switch, from the # prompt:
vlan data
vlan 2
vlan 3
apply
exit
(should be back to #)

See if that helps while I read throught the rest of your post.

(BTW the all vlans augment is default, so it wont show up in the config)

Timolthy and I finished this up, here is a summary of the working configurations incase anyone needs them:

Router:
-------
!
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.22.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.33.1 255.255.255.0
ip helper-address 192.168.22.20
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.44.1 255.255.255.0
ip helper-address 192.168.22.20
!

Switch:
-------
!
vlan 2
name VLAN2
!
vlan 3
name VLAN3
!
interface FastEthernet0/1
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport mode access
no ip address
!
interface FastEthernet0/3
switchport mode access
no ip address
!
interface FastEthernet0/4
switchport mode access
no ip address
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/9
switchport access vlan 3
switchport mode access
no ip address
!
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
no ip address
!
interface FastEthernet0/11
switchport access vlan 3
switchport mode access
no ip address
!
interface FastEthernet0/12
switchport mode trunk
no ip address
duplex full
speed 100
!
interface Vlan1
ip address 192.168.22.2 255.255.255.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
interface Vlan3
no ip address
no ip route-cache
shutdown
!
ip default-gateway 192.168.22.1
!

Thanks! w1r3sp33d, that was good and very nice of you.