Catalyst 4908G-L3 VLAN Routing and Bridging Example Configuration

Available Languages

Download Options

  • PDF     (41.7 KB)
    View with Adobe Reader on a variety of devices
Updated:October 6, 2005
Document ID:14972

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document provides a sample configuration for the Catalyst 4908G-L3 switch to support inter-VLAN routing and bridging VLANs between several Layer 2 (L2) switches.

Prerequisites

Requirements

Readers of this document must be knowledgeable of the Catalyst 4908G-L3 switch:

  • From a configuration standpoint, the Catalyst 4908G-L3 is a router. It uses a Cisco IOS® configuration interface, and, by default, all interfaces are routed interfaces.

  • The Catalyst 4908G-L3 does not support several Layer 2-oriented protocols, such as VLAN Trunking Protocol (VTP), Dynamic Trunking Protocol (DTP), or Port Aggregation Protocol (PAgP) found on other Catalyst switches.

  • In release 12.0(7)WX5(15d), the Catalyst 4908G-L3 does not support these:

    • Data-plane (security) Access Control Lists (ACLs): in other words, user data traffic cannot be restricted with input or output access lists on the router interfaces. Data-plane ACLs are now supported in release 12.0(10)W5(18e).

    • Bridging on 802.1q subinterfaces, that is, a subinterface with both encapsulation dot1q and bridge-group n commands applied: bridging on InterSwitch Link (ISL) subinterfaces is supported. Bridging on 802.1q subinterfaces is now supported in release 12.0(10)W5(18e).

    • AppleTalk routing

    • Port snooping, also known as SPAN, port mirroring, promiscuous mode

Components Used

The information in this document is based on these software and hardware versions:

  • Catalyst 4908G-L3 switch-router that runs Cisco IOS 12.0(7)W5(15d)

  • Three Catalyst 3512XL switches that runs Cisco IOS 12.0(5.2)XU

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Configure

Catalyst 4908G-L3 VLAN Routing and Bridging Example

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

In this example configuration, a Catalyst 4908G-L3 switch is deployed for two purposes:

  • Extend five VLANs (VLAN 1, 10, 20, 30, and 40) across several Layer 2 switches: in this case, three Catalyst 3512XLs

  • Perform inter-VLAN routing for IP and Internetwork Packet Exchange (IPX) to allow communication between devices in the different VLANs

In order to extend the VLANs across the switches, the 3512XLs connect to the 4908G-L3 through trunk links and traffic that arrive on a given VLAN from one 3512XL switch, which is bridged on that VLAN to the other switches with a bridging configuration that follows normal bridging rules. Two of the 3512XL switches use Gigabit EtherChannel to connect to the 4908G-L3 switch. The other 3512XL switch uses a single Gigabit Ethernet link.

In order to support inter-VLAN routing, Integrated Routing and Bridging (IRB) and Bridge Virtual Interfaces (BVIs), which are configured to route IP and IPX between different VLANs.

End-stations and servers are attached to the Catalyst 3512XL switches. If a device in one VLAN needs to connect to a device in another VLAN, traffic is sent to the Catalyst 4908G-L3, and it routes traffic on the BVI interfaces.

In the case where the deployment is part of a larger network, traffic destined for the core is routed onto an additional subnet (this configuration is not considered here) through a connection to the core switch or router.

This configuration is applied to the switches:

  • Basic initial configuration is applied.

  • IP addresses and default gateways are assigned to the switches for management.

  • The VTP mode is set to transparent, and the VLANs are configured on the Catalyst 3512XL switches.

  • Gigabit EtherChannel links are configured between the Catalyst 4908G-L3 and the 3512xl-01 and 3512xl-02 switches.

  • Bridging, BVI interfaces, and IP and IPX routing are configured on the Catalyst 4908G-L3.

  • ISL trunks are configured between the Catalyst 4908G-L3 and the three Catalyst 3512XL switches, and bridging is configured on the trunk subinterfaces.

  • These are the IP and IPX network-to-VLAN mappings:

    VLAN IP Subnet IPX Network
    1 10.10.1.0/24 N/A
    10 10.10.10.0/24 1000
    20 10.10.20.0/24 2000
    30 10.10.30.0/24 3000
    40 10.10.40.0/24 4000

  • Access VLANs are assigned, and spanning-tree portfast is enabled on all Fast Ethernet interfaces of the Catalyst 3512XL switch.

Network Diagram

This document uses this network setup:

40a.gif

Configurations

This document uses these configurations:

General Configuration Tasks

On the Cisco IOS-based switches, such as the Catalyst 4908G-L3 and Catalyst 3512XL switches, this basic configuration must be applied to each switch: 


!-- The calendar set command does not apply to the Catalyst 3500XL switches.

Router#calendar set 18:00:00 Jan 8 2003
Router#clock set 18:00:00 Jan 8 2003
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname 4908G-L3
4908G-L3(config)#clock timezone PST -8
4908G-L3(config)#clock calendar-valid
4908G-L3(config)#service timestamps log datetime localtime msec
4908G-L3(config)#service timestamps debug datetime localtime msec
4908G-L3(config)#enable password verysecret
4908G-L3(config)#line vty 0 4
4908G-L3(config-line)#password secret
4908G-L3(config-line)#exit
4908G-L3(config)#no logging console
4908G-L3(config)#^Z
4908G-L3#

Notes:

  • The calendar set command sets the time and date on the internal calendar chip of the switch. This command does not apply to the Catalyst Catalyst 3512XL switches.

  • The clock set command sets the time and date for the clock of the switch.

  • The hostname command sets the host name for the switch.

  • The clock calendar-valid command tells the switch to set the clock date and time with the date and time stored in the calendar chip at the next reload. This command does not apply to the Catalyst 3548XL switches.

  • The service timestamps log datetime localtime msec and the service timestamps debug datetime localtime msec commands aid in management and troubleshooting by timestamping syslog and debug output with the current date and time (to the millisecond).

  • The enable password command defines a password to enter privileged mode on the switch.

  • The line vty 0 4 command enters into line configuration mode, so we can define a password for inbound Telnet sessions on the virtual terminal (vty) lines. On the Catalyst 3512XL switches, use line vty 0 15.

  • The password command defines a password to enter normal mode on the switch through a Telnet session on the vty lines.

  • The no logging console command does not allow syslog messages to appear on the terminal console; the command is used in these examples to simplify the screen captures.

Configuring the Switches for Management

On the Catalyst 3512XL switches, an IP address and default gateway are configured in VLAN 1 for switch management. The default gateway is the IP address of the BVI 1 interface on the Catalyst 4908G-L3; the BVI interfaces are configured later.

Note: You are not able to Telnet to the Catalyst 4908G-L3 until an IP address has been assigned to an interface.

Catalyst 3512XL-01:

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface vlan 1
3512XL-01(config-if)#ip address 10.10.1.10 255.255.255.0
3512XL-01(config-if)#management
3512XL-01(config-if)#exit
3512XL-01(config)#ip default-gateway 10.10.1.1
3512XL-01(config)#^Z
3512XL-01#

Notes:

  • The ip default-gateway command defines the default gateway IP address for the next-hop router interface. This is needed because the switch does not participate in IP routing and has no knowledge of the Layer 3 (L3) topology of the network.

  • The IP address used for the default gateway is 10.10.1.1, the IP address of the BVI 1 interface (configured later in this example) on the Catalyst 4908G-L3 switch..

Catalyst 3512XL-02: 

3512XL-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-02(config)#interface vlan 1
3512XL-02(config-if)#ip address 10.10.1.20 255.255.255.0
3512XL-02(config-if)#management
3512XL-02(config-if)#exit
3512XL-02(config)#ip default-gateway 10.10.1.1
3512XL-02(config)#^Z
3512XL-02#

Catalyst 3512XL-03: 

3512XL-03#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-03(config)#interface vlan 1
3512XL-03(config-if)#ip address 10.10.1.30 255.255.255.0
3512XL-03(config-if)#management
3512XL-03(config-if)#exit
3512XL-03(config)#ip default-gateway 10.10.1.1
3512XL-03(config)#^Z
3512XL-03#

Configuring VLANs

The Catalyst 4908G-L3 switches do not support VTP. In this example, the Catalyst 3512XL switches are configured in VTP transparent mode because a VTP domain cannot be extended across the Catalyst 4908G-L3.

The configuration is the same on Catalyst 3512XL-01, 3512XL-02, and 3512XL-03: 

3512XL-01#vlan database
3512XL-01(vlan)#vtp transparent
Setting device to VTP TRANSPARENT mode.
3512XL-01(vlan)#vlan 10 name Vlan10
VLAN 10 added:
    Name: Vlan10
3512XL-01(vlan)#vlan 20 name Vlan20
VLAN 20 added:
    Name: Vlan20
3512XL-01(vlan)#vlan 30 name Vlan30
VLAN 30 added:
    Name: Vlan30
3512XL-01(vlan)#vlan 40 name Vlan40
VLAN 40 added:
    Name: Vlan40
3512XL-01(vlan)#exit
APPLY completed.
Exiting....
3512XL-01#

You can verify the VLAN configuration with the show vtp status and show vlan commands: 

3512XL-01#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 254
Number of existing VLANs        : 9
VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xF0 0xEA 0x28 0x34 0xA1 0xC6 0x2A 0xDE
Configuration last modified by 10.10.1.10 at 9-18-00 18:04:06
3512XL-01#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Gi0/1, Gi0/2
10   Vlan10                           active
20   Vlan20                           active
30   Vlan30                           active
40   Vlan40                           active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
30   enet  100030     1500  -      -      -        -    -        0      0
40   enet  100040     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        IBM  -        0      0
3512XL-01#

Configuring EtherChannel

This output shows how to configure the EtherChannel links between the Catalyst 4908G-L3 and the Catalyst 3512XL-01 and 3512XL-02 switches. Interfaces gig0/1 and gig0/2 on 3512XL-01 connect to interfaces gig1 and gig2 on the Catalyst 4908G-L3. Interfaces gig0/1 and gig0/2 on 3512XL-02 connect to interfaces gig3 and gig4 on the Catalyst 4908G-L3.

In order to configure an EtherChannel on the Catalyst 4908G-L3, you must assign the physical interfaces to a logical (port-channel) interface with the channel-group command. On the Catalyst 3512XL switches, the physical interfaces are assigned to port groups. There is no logical port-channel interface on the Catalyst 3512XL.

Catalyst 4908G-L3: 

4908G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4908G-L3(config)#interface port-channel 1
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig1
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 1

GigabitEthernet1 added as member-1 to port-channel1
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig2
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 1

GigabitEthernet2 added as member-2 to port-channel1
4908G-L3(config-if)#exit
4908G-L3(config)#interface port-channel 2
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig3
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 2

GigabitEthernet3 added as member-1 to port-channel2
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig4
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 2

GigabitEthernet4 added as member-2 to port-channel2
4908G-L3(config-if)#^Z
4908G-L3#

Notes:

  • The interface port-channel command creates a logical interface; in this example, two logical port-channel interfaces are created.

  • The channel-group command adds the physical interface to the logical port-channel interface; the channel-group number corresponds to the port-channel interface number.

You can verify the EtherChannel configuration with the show interface port-channel command: 

4908G-L3#show interface port-channel 1
Port-channel1 is up, line protocol is up
  Hardware is GEChannel, address is 0030.78fe.a007 (bia 0000.0000.0000)
  MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  Half-duplex, Unknown Speed, Media type unknown, Force link-up
  ARP type: ARPA, ARP Timeout 04:00:00
    No. of active members in this channel: 2
        Member 0 : GigabitEthernet1
        Member 1 : GigabitEthernet2
  Last input 00:00:25, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/300, 0 drops
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     489 packets input, 41461 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     19 packets output, 8668 bytes, 0 underruns(0/0/0)
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
4908G-L3#

Notes:

  • Notice that the show interface port-channel command shows the number of active members and the specific interfaces that belong to the EtherChannel.

Catalyst 3512XL-01: 

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface gig0/1
3512XL-01(config-if)#port group 1
3512XL-01(config-if)#exit
3512XL-01(config)#interface gig0/2
3512XL-01(config-if)#port group 1
3512XL-01(config-if)#^Z
3512XL-01#

Notes:

  • The port group command adds the physical port to a logical port group (EtherChannel).

You can verify the EtherChannel configuration with the show port group command: 

3512XL-01#show port group
Group  Interface              Transmit Distribution
-----  ---------------------  ---------------------
    1  GigabitEthernet0/1     source address
    1  GigabitEthernet0/2     source address
3512XL-01#

Catalyst 3512XL-02: 

3512XL-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-02(config)#interface gig0/1
3512XL-02(config-if)#port group 1
3512XL-02(config-if)#exit
3512XL-02(config)#interface gig0/2
3512XL-02(config-if)#port group 1
3512XL-02(config-if)#^Z
3512XL-02#

You can verify the EtherChannel configuration with the show port group command.

Configuring Bridging and Routing

This output shows how to configure the Catalyst 4908G-L3 for bridging and routing. For each VLAN, a separate bridge process is defined; interfaces are assigned to bridge-groups in the Configuring the ISL Trunks Between Switches section, later in this example. Because inter-VLAN routing is required, Integrated Routing and Bridging (IRB) must be enabled with the bridge irb command.

In addition, to route IP and IPX traffic between the different bridge groups, a bridge virtual interface (BVI) must be created.

In the section Configuring the ISL Trunks Between Switches, the VLAN subinterfaces on the ISL trunks are joined to the appropriate bridge-groups to create a single Layer 2 domain for each VLAN, with the correspondent BVI that acts as the router interface in that VLAN.

Catalyst 4908G-L3: 

4908G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4908G-L3(config)#ipx routing
4908G-L3(config)#bridge irb
4908G-L3(config)#bridge 1 protocol ieee
4908G-L3(config)#bridge 1 route ip
4908G-L3(config)#bridge 10 protocol IEEE
4908G-L3(config)#bridge 10 route ip
4908G-L3(config)#bridge 10 route ipx
4908G-L3(config)#bridge 20 protocol IEEE
4908G-L3(config)#bridge 20 route ip
4908G-L3(config)#bridge 20 route ipx
4908G-L3(config)#bridge 30 protocol IEEE
4908G-L3(config)#bridge 30 route ip
4908G-L3(config)#bridge 30 route ipx
4908G-L3(config)#bridge 40 protocol IEEE
4908G-L3(config)#bridge 40 route ip
4908G-L3(config)#bridge 40 route ipx
4908G-L3(config)#interface bvi 1
4908G-L3(config-if)#ip address 10.10.1.1 255.255.255.0
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 10
4908G-L3(config-if)#ip address 10.10.10.1 255.255.255.0
4908G-L3(config-if)#ipx network 1000
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 20
4908G-L3(config-if)#ip address 10.10.20.1 255.255.255.0
4908G-L3(config-if)#ipx network 2000
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 30
4908G-L3(config-if)#ip address 10.10.30.1 255.255.255.0
4908G-L3(config-if)#ipx network 3000
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 40
4908G-L3(config-if)#ip address 10.10.40.1 255.255.255.0
4908G-L3(config-if)#ipx network 4000
4908G-L3(config-if)#^Z
4908G-L3#

Notes:

  • The ipx routing command enables IPX routing on the Catalyst 4908G-L3.

  • The bridge irb command enables Integrated Routing and Bridging on the router, which allows you route traffic within the bridge groups.

  • The bridge number protocol IEEE command creates a bridge process that runs the IEEE spanning tree.

  • The bridge number route ip command allows IP traffic to be routed between the BVI number interface and the other IP interfaces on the router.

  • The bridge number route ipx command allows IPX traffic to be routed between the BVI number interface and the other IPX interfaces on the router; notice that this command is omitted for bridge process 1 [the management VLAN].

  • The interface bvi number command creates a Bridge Virtual Interface (BVI) interface to serve as a L3 interface in the number bridge-group.

  • The ip address command assigns an IP address to the BVI interface.

  • The ipx network command assigns an IPX network number to the BVI interface; notice that the BVI in the management VLAN [BVI 1] does not have an IPX network number assigned.

We can verify the bridging configuration later in this example, after we configure the ISL trunk links and add the trunk subinterfaces to the proper bridge-groups.

Configuring the ISL Trunks Between Switches

This output shows how to configure the trunk links between the Catalyst 4908G-L3 and the Catalyst 3512XL switches.

In order to configure trunking on the Catalyst 4908G-L3, it requires the addition of subinterfaces under the main interface, one subinterface for each VLAN transmitted on the trunk. In this example, two trunks are configured on the logical port-channel interfaces, while the third trunk is configured on the physical interface.

In addition, bridge-group commands are configured under the subinterfaces to join each VLAN subinterface to the appropriate bridge-group, which completes the bridging and routing configuration started in the Configuring Bridging and Routing section that is found earlier in this example.

Catalyst 4908G-L3: 

4908G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4908G-L3(config)#interface port-channel 1.1
4908G-L3(config-subif)#encapsulation isl 1
4908G-L3(config-subif)#bridge-group 1
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.10
4908G-L3(config-subif)#encapsulation isl 10
4908G-L3(config-subif)#bridge-group 10
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.20
4908G-L3(config-subif)#encapsulation isl 20
4908G-L3(config-subif)#bridge-group 20
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.30
4908G-L3(config-subif)#encapsulation isl 30
4908G-L3(config-subif)#bridge-group 30
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.40
4908G-L3(config-subif)#encapsulation isl 40
4908G-L3(config-subif)#bridge-group 40
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.1
4908G-L3(config-subif)#encapsulation isl 1
4908G-L3(config-subif)#bridge-group 1
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.10
4908G-L3(config-subif)#encapsulation isl 10
4908G-L3(config-subif)#bridge-group 10
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.20
4908G-L3(config-subif)#encapsulation isl 20
4908G-L3(config-subif)#bridge-group 20
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.30
4908G-L3(config-subif)#encapsulation isl 30
4908G-L3(config-subif)#bridge-group 30
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.40
4908G-L3(config-subif)#encapsulation isl 40
4908G-L3(config-subif)#bridge-group 40
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig 5.1
4908G-L3(config-subif)#encapsulation isl 1
4908G-L3(config-subif)#bridge-group 1
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.10
4908G-L3(config-subif)#encapsulation isl 10
4908G-L3(config-subif)#bridge-group 10
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.20
4908G-L3(config-subif)#encapsulation isl 20
4908G-L3(config-subif)#bridge-group 20
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.30
4908G-L3(config-subif)#encapsulation isl 30
4908G-L3(config-subif)#bridge-group 30
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.40
4908G-L3(config-subif)#encapsulation isl 40
4908G-L3(config-subif)#bridge-group 40
4908G-L3(config-subif)#^Z
4908G-L3#

Notes:

  • In order to create logical subinterfaces on the main interface, specify the main interface, for example, interface port-channel 1, followed by a period (.) and the subinterface number, for example, interface port-channel 1.10. The subinterface number/VLAN number/bridge-group number do not have to be the same, but this makes management easier.

  • The encapsulation isl vlan command specifies the encapsulation type (ISL) and the VLAN to receive on the subinterface.

  • Notice that the VLAN subinterfaces are not assigned an IP address or IPX network number but are instead added to bridge-groups with the bridge-group number command, which allows each VLAN to span all switches at Layer 2. The BVIs configured in the Configuring Bridging and Routing section have the IP addresses and IPX network numbers.

You can verify the configuration with the show interface, show ip interface, and show ipx interface commands. For example, use these commands to verify the configuration on the port-channel 1.10 (VLAN 10) subinterface on the EtherChannel link to Catalyst 3512XL-01 and the correspondent BVI (BVI 10) for VLAN 10: 

4908G-L3#show interface port-channel 1.10
Port-channel1.10 is up, line protocol is up
  Hardware is GEChannel, address is 0030.78fe.a007 (bia 0000.0000.0000)
  MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
  Encapsulation ISL Virtual LAN, Color 10.
  ARP type: ARPA, ARP Timeout 04:00:00
4908G-L3#show ip interface bvi 10
BVI10 is up, line protocol is up
  Internet address is 10.10.10.1/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  Web Cache Redirect is disabled
  BGP Policy Mapping is disabled
4908G-L3#show ipx interface bvi 10
BVI10 is up, line protocol is up
  IPX address is 1000.0030.78fe.a00b, NOVELL-ETHER [up]
  Delay of this IPX network, in ticks is 2 throughput 0 link delay 0
  IPXWAN processing not enabled on this interface.
  IPX SAP update interval is 60 seconds
  IPX type 20 propagation packet forwarding is disabled
  Incoming access list is not set
  Outgoing access list is not set
  IPX helper access list is not set
  SAP GNS processing enabled, delay 0 ms, output filter list is not set
  SAP Input filter list is not set
  SAP Output filter list is not set
  SAP Router filter list is not set
  Input filter list is not set
  Output filter list is not set
  Router filter list is not set
  Netbios Input host access list is not set
  Netbios Input bytes access list is not set
  Netbios Output host access list is not set
  Netbios Output bytes access list is not set
  Updates each 60 seconds aging multiples RIP: 3 SAP: 3
  SAP interpacket delay is 55 ms, maximum size is 480 bytes
  RIP interpacket delay is 55 ms, maximum size is 432 bytes
  RIP response delay is not set
  IPX accounting is disabled
  IPX fast switching is configured (disabled)
  RIP packets received 0, RIP packets sent 19, 0 Throttled
  RIP specific requests received 0, RIP specific replies sent 0
  RIP general requests received 0, 0 ignored, RIP general replies sent 0
  SAP packets received 0, SAP packets sent 5, 0 Throttled
  SAP GNS packets received 0, SAP GNS replies sent 0
  SAP GGS packets received 0, 0 ignored, SAP GGS replies sent 0
4908G-L3#

You can verify the bridging configuration with the show bridge group and the show spanning-tree number commands. In addition, you can use the show bridge command to view the bridge forwarding table.

On the Catalyst 3512XL switches, the configuration is the same on Catalyst 3512XL-01, 3512XL-02, and 3512XL-03. The trunk links are configured on the appropriate Gigabit Ethernet interfaces. In the case of the EtherChannel links, the trunking configuration only has to be applied to one interface in the port group. The trunk is automatically applied to the other interfaces in the same group and appears in the configuration: 

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface gig 0/1
3512XL-01(config-if)#switchport mode trunk
3512XL-01(config-if)#^Z
3512XL-01#

Notes:

  • In the case of 3512XL-01 and 3512XL-02, when the configuration is applied to a single interface in the channel group, the same configuration is applied to the other interface(s) in the group automatically and appears in the configuration for each interface.

  • The switchport mode trunk command configures the interface as a trunk port.

  • The 3500XL switches use ISL encapsulation by default when you enable trunking, so there is no need to specify the encapsulation in this case.

You can verify the configuration with the show interface switchport command:

3512XL-01#show interface gig0/1 switchport
Name: Gi0/1
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,10,20,30,40
Pruning VLANs Enabled: 2-1001

Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
3512XL-01#

Configuring End-Station Ports

Now, ports on the Catalyst 3512XL switches are assigned to VLANs and spanning-tree portfast is enabled. Any port on any of the 3512XL switches can be assigned to any of the configured VLANs.

End stations in a particular VLAN must be assigned an IP address in the range associated with that VLAN and must use the IP address of the BVI on the Catalyst 4908G-L3 for that VLAN as their default gateway.

This output shows how to configure interface fast0/1 and fast 0/2 in VLAN 10 and enable portfast on the interfaces: 

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface fast0/1
3512XL-01(config-if)#switchport access vlan 10
3512XL-01(config-if)#spanning-tree portfast
3512XL-01(config-if)#exit
3512XL-01(config)#interface fast0/2
3512XL-01(config-if)#switchport access vlan 10
3512XL-01(config-if)#spanning-tree portfast
3512XL-01(config-if)#^Z
3512XL-01#

You can verify the configuration with the show interface switchport command and the show spanning-tree interface commands: 

3512XL-01#show interface fast0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 10 (Vlan10)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE

Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
3512XL-01#show spanning-tree interface fast 0/1
Interface Fa0/1 (port 13) in Spanning tree 10 is FORWARDING
   Port path cost 19, Port priority 128
   Designated root has priority 16384, address 0090.ab28.d000
   Designated bridge has priority 16384, address 0090.ab28.d000
   Designated port is 193, path cost 0
   Timers: message age 2, forward delay 0, hold 0
   BPDU: sent 1, received 73
   The port is in the portfast mode
3512XL-01#

Notes:

The show interface switchport command shows the Operational Mode (static access) and the Access Mode VLAN (10) of the interface.

The show spanning-tree interface command shows the spanning-tree state of the port, and indicates that "The port is in the portfast mode."

Saving the Switch Configurations

Make sure you save the running configuration to NVRAM (startup configuration) on all switches so that the configuration is retained across a reload.

Catalyst 4908G-L3: 

4908G-L3#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
4908G-L3#

Catalyst 3512XL switches: 

3512XL-01#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

3512XL-01#

Full Device Configurations

These are the full configurations for the devices used in this example:

Catalyst 4908G-L3 
4908G-L3#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 14:09:14 PST Tue Sep 19 2000
! NVRAM config last updated at 14:09:15 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 4908G-L3
!
no logging console
enable password verysecret
!
clock timezone PST -8
clock calendar-valid
ip subnet-zero
ipx routing 0030.78fe.a000

!-- Enables IRB to route between bridge groups.

bridge irb
!
!
!

!-- Creates a logical interface (1) to group physical interfaces into a channel.

interface Port-channel1
 no ip address
 no ip directed-broadcast
 hold-queue 300 in
!

!-- A subinterface is added to allow VLAN 1 traffic to be transmitted on the trunk.

interface Port-channel1.1
 
!-- Specifies ISL encapsulation for VLAN 1. 

encapsulation isl 1
 no ip redirects
 no ip directed-broadcast
 !-- Assign the subinterface to the appropriate bridge-group 
   for bridging and routing. 
bridge-group 1
!

!-- A subinterface is added to allow VLAN 10 traffic to be transmitted on the trunk.

interface Port-channel1.10 
   !-- Specifies ISL encapsulation for VLAN 10.
 encapsulation isl 10
 no ip redirects
 no ip directed-broadcast 

!-- Assign the subinterface to the appropriate bridge-group for bridging and routing.

 bridge-group 10
!

!-- VLAN 20 configuration.

interface Port-channel1.20
 encapsulation isl 20
 no ip redirects
 no ip directed-broadcast
 bridge-group 20
!

!-- VLAN 30 configuration. 

interface Port-channel1.30
 encapsulation isl 30
 no ip redirects
 no ip directed-broadcast
 bridge-group 30
!

!-- VLAN 40 configuration.

interface Port-channel1.40
 encapsulation isl 40
 no ip redirects
 no ip directed-broadcast
 bridge-group 40
!

!-- Creates a logical interface (2) to group physical interfaces into a channel.

interface Port-channel2 
No ip address
 no ip directed-broadcast
 hold-queue 300 in
!

!-- VLAN 1 configuration.

interface Port-channel2.1
 encapsulation isl 1
 no ip redirects
 no ip directed-broadcast
 bridge-group 1
!

!-- VLAN 10 configuration.

interface Port-channel2.10
 encapsulation isl 10
 no ip redirects
 no ip directed-broadcast
 bridge-group 10
!

!-- VLAN 20 configuration.

interface Port-channel2.20
 encapsulation isl 20
 no ip redirects
 no ip directed-broadcast
 bridge-group 20
!

!-- VLAN 30 configuration.

interface Port-channel2.30
 encapsulation isl 30
 no ip redirects
 no ip directed-broadcast
 bridge-group 30
!

!-- VLAN 40 configuration.

interface Port-channel2.40
 encapsulation isl 40
 no ip redirects
 no ip directed-broadcast
 bridge-group 40
!
interface GigabitEthernet1
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 1. 

channel-group 1
!
interface GigabitEthernet2
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 1. 

channel-group 1
!
interface GigabitEthernet3
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 2. 

channel-group 2
!
interface GigabitEthernet4
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 2. 

channel-group 2
!
interface GigabitEthernet5
 no ip address
 no ip directed-broadcast
!

!-- A subinterface is added to allow VLAN 1 traffic to be transmitted on the trunk.

interface GigabitEthernet5.1

!-- Specifies ISL encapsulation for VLAN 1. 

encapsulation isl 1 
 no ip redirects
 no ip directed-broadcast

!-- Assign the subinterface to the appropriate bridge-group for bridging and routing. 

bridge-group 1
!

!-- VLAN 10 configuration.

Interface GigabitEthernet5.10
 encapsulation isl 10
 no ip redirects
 no ip directed-broadcast
 bridge-group 10
!

!-- VLAN 20 configuration.

interface GigabitEthernet5.20
 encapsulation isl 20
 no ip redirects
 no ip directed-broadcast
 bridge-group 20
!

!-- VLAN 30 configuration.

interface GigabitEthernet5.30
 encapsulation isl 30
 no ip redirects
 no ip directed-broadcast
 bridge-group 30
!

!-- VLAN 30 configuration.

interface GigabitEthernet5.40
 encapsulation isl 40
 no ip redirects
 no ip directed-broadcast
 bridge-group 40
!
interface GigabitEthernet6
 no ip address
 no ip directed-broadcast
 shutdown
!
interface GigabitEthernet7
 no ip address
 no ip directed-broadcast
 shutdown
!
interface GigabitEthernet8
 no ip address
 no ip directed-broadcast
 shutdown
!

!-- BVI 1 is an L3 interface for bridge-group 1 (VLAN 1).

interface BVI1

!-- The IP address assigned to bridge-group 1. 

ip address 10.10.1.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
!

!-- BVI 10 is an L3 interface for bridge-group 10 (VLAN 10).

interface BVI10

!-- The IP address assigned to bridge-group 10. 

   ip address 10.10.10.1 255.255.255.0 
 no ip directed-broadcast
 no ip route-cache cef
!-- Assigns IPX network 1000 to BVI 10. ipx network 1000
!
!-- BVI 20 is a Layer 3 interface for bridge-group 20 (VLAN 20).
Interface BVI20

!-- IP address assigned to bridge-group 20.
 
ip address 10.10.20.1 255.255.255.0 
   no ip directed-broadcast
 no ip route-cache cef

 !-- Assigns IPX network 1000 to BVI 20. 

ipx network 2000!

!-- BVI 30 configuration.interface BVI30

 ip address 10.10.30.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
 ipx network 3000
!

!-- BVI 40 configuration.

interface BVI40
 ip address 10.10.40.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
 ipx network 4000
!
ip classless
!
!
!
!

!-- Applies IEEE Ethernet Spanning-Tree Protocol (STP) to bridge-group 1.

bridge 1 protocol ieee

!-- Allows IP traffic to be routed between the BVI 1 and other IP interfaces. 

bridge 1 route ip
bridge 10 protocol ieee
 bridge 10 route ip

!-- Allows IPX traffic to be routed between the BVI 10 and other IP interfaces.

 bridge 10 route ipx
bridge 20 protocol ieee
 bridge 20 route ip
 bridge 20 route ipx
bridge 30 protocol ieee
 bridge 30 route ip
 bridge 30 route ipx
bridge 40 protocol ieee
 bridge 40 route ip
 bridge 40 route ipx
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password secret
 login
!
end

4908G-L3#

Catalyst 3512XL-01 
3512XL-01#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 08:24:03 PST Tue Sep 19 2000
! NVRAM config last updated at 08:24:03 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 3512XL-01
!
no logging console
enable password verysecret
!
!
!
!
!
clock timezone PST -8
!
ip subnet-zero
!
!
!
interface FastEthernet0/1

!-- The switchport access command configures the port to be an L2 2 port. !-- Assigns the port to be a member of VLAN 10.

 switchport access vlan 10

!-- Enables spanning-tree portfast.

 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/4

!-- Assigns the port to be a member of VLAN 20. 

switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7

!-- Assigns the port to be a member of VLAN 30. 

switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/10

!-- Assigns the port to be a member of VLAN 40.

 switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet0/1

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 
 
port group 1

!-- Configures the port to be an ISL trunk.

 switchport mode trunk
!
Interface GigabitEthernet0/2

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 

port group 1

!-- Configures the port to be an ISL trunk. switchport mode trunk

!
Interface VLAN1

!-- The IP address of the management interface. 

ip address 10.10.1.10 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!

!-- The default gateway is set to the BVI 1 interface on the 4908G-L3.

ip default-gateway 10.10.1.1
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end
 
3512XL-01#

Catalyst 3512XL-02 
3512XL-02#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 08:25:22 PST Tue Sep 19 2000
! NVRAM config last updated at 08:25:22 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 3512XL-02
!
no logging console
enable password verysecret
!
!
!
!
!
clock timezone PST -8
!
ip subnet-zero
!
!
!
interface FastEthernet0/1

!-- The switchport access command configures the port to be an L2 port. !-- Assigns the port to be a member of VLAN 10. 

switchport access vlan 10

!-- Enables spanning-tree portfast. 

spanning-tree portfast
!
Interface FastEthernet0/2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/3

!-- Assigns the port to be a member of VLAN 20.

 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9

!-- Assigns the port to be a member of VLAN 30.

 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/11

!-- Assigns the port to be a member of VLAN 40. 

switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet0/1

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 

port group 1

!-- Configures the port to be an ISL trunk.

 switchport mode trunk
!
Interface GigabitEthernet0/2

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 

port group 1

!-- Configures the port to be an ISL trunk. 

switchport mode trunk
!
Interface VLAN1

!-- The IP address of the management interface. 

ip address 10.10.1.20 255.255.255.0
 No ip directed-broadcast
 no ip route-cache
!

!-- The default gateway is set to the BVI 1 interface on the 4908G-L.

ip default-gateway 10.10.1.1
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end
 
3512XL-02#

Catalyst 3512XL-03 
3512xl-03#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 12:13:33 PST Tue Sep 19 2000
! NVRAM config last updated at 12:13:34 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 3512xl-03
!
no logging console
enable password verysecret
!
!
!
!
!
clock timezone PST -8
!
ip subnet-zero
!
!
!
interface FastEthernet0/1

!-- The switchport access command configures the port to be an L2 port. !-- Assigns the port to be a member of VLAN 10.

 switchport access vlan 10

!-- Enables spanning-tree portfast.

 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/7

!-- Assigns the port to be a member of VLAN 20.

 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9

!-- Assigns the port to be a member of VLAN 30.

 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/11

!-- Assigns the port to be a member of VLAN 40.

 switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet0/1

!-- Configures the port to be an ISL trunk.

 switchport mode trunk
!
Interface GigabitEthernet0/2
!
interface VLAN1

!-- The IP address of the management interface.

 ip address 10.10.1.30 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!

!-- The default gateway is set to the BVI 1 interface on the 4908G-L3.

 ip default-gateway 10.10.1.1
!
Line con 0
 transport input none
 stopbits 1
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end
 
3512xl-03#

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Revision History

Revision Publish Date Comments
1.0
06-Oct-2005
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco