Deleting a vlan on a cisco 877

edgedemon · 10 Sep 2010 at 14:26

Im trying to add another vlan to an 877 which supports 2 vlans (I have the ADVSecurity IOS image - the default one)

I had previously added vlan 2 but screwed it up so deleted the config - or thought I had!

switchport mode access
switchport access vlan 2

gives me the error "vlan can not be added - maximum number of 2 vlans in the database"

sho vlan gives me "ambiguous command"

no vlan 2

wri me - seems to work, but re-running the cmd at the top of the post gives me the maximum vlans added error again

vlan database - tells me to use the config mode, but does give me a router(vlan) prompt/mode

So I then type

no vlan 2 - and I get "vlan 2 does not exist"

Sho run has no reference or mention of vlan 2

How can I delete vlan 2 so that I can try again?

RSR · 10 Sep 2010 at 14:34

I didn't know Cisco routers support vlan'ing like switches, I was under the impression it should be setup under .1q trunking.

edgedemon · 10 Sep 2010 at 14:38

Thats for multiple vlans though?
For a single vlan, dot1q should be needed - I think?

RSR · 10 Sep 2010 at 14:42

edgedemon said:
Thats for multiple vlans though?
For a single vlan, dot1q should be needed - I think?

Scrap that thought, I was thinking about the 1841 router

RSR · 10 Sep 2010 at 14:45

Can you post a show run, show vlan and dir

A

edgedemon · 10 Sep 2010 at 14:52

Sho vlan gives me nowt :confused:

orhba#sho vlan
% Ambiguous command: "sho vlan"
orhba#sho run
Building configuration...

Current configuration : 4084 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname orhba
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$pC5q$R.d5hksqXUyygk3rFYgo.0
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-763996200
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-763996200
revocation-check none
rsakeypair TP-self-signed-763996200
!
!
crypto pki certificate chain TP-self-signed-763996200
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
0DB61CDD 9DB4AFB1 B7DA
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool ccp-pool
import all
network 1xx.xx.xxx.0 255.255.255.0
default-router 1xx.xx.xxx.1
dns-server xx.xxx.xxx.xxx
lease 0 2
!
!
no ip bootp server
ip domain name london.edu
ip name-server xxxxxxxxx
ip name-server xxxxxxxxxx
!
!
!
username admin privilege 15 secret 5 $1xxxxxxxxxxxxxxxxxbG.
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh version 2
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
description Link to Be Unlimited$FW_OUTSIDE$
ip address xx.xxx.xx.xx 255.255.240.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
atm route-bridged ip
pvc 0/101
encapsulation aal5snap
!
!
interface FastEthernet0
description LBS Uplink
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description user-ip-range$FW_INSIDE$
ip address 172.17.172.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 78.105.0.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
access-list 1 permit xxx.xx.0.0 0.0.255.255
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

RSR · 10 Sep 2010 at 14:53

can you do a "dir" as well please

edgedemon · 10 Sep 2010 at 15:01

No worries

orhba#dir
Directory of flash:/

2 -rwx 16483100 --- -- ---- --:--:-- ----- c870-advsecurityk9-mz.124-15.T12.bin
3 -rwx 3331 Aug 17 2010 19:53:57 +00:00 cpconfig-8xx.cfg
4 -rwx 1697952 Aug 17 2010 19:53:15 +00:00 securedesktop-ios-3.1.1.45-k9.pkg
5 -rwx 415956 Aug 17 2010 19:53:47 +00:00 sslclient-win-1.1.4.176.pkg
6 -rwx 1038 Aug 17 2010 19:53:57 +00:00 home.shtml
7 -rwx 527849 Mar 1 2002 00:04:55 +00:00 128MB.sdf
8 -rwx 660 Jul 27 2010 16:43:11 +00:00 vlan.dat
9 -rwx 122880 Aug 17 2010 19:54:04 +00:00 home.tar
10 -rwx 2938880 Aug 17 2010 19:58:25 +00:00 cpexpress.tar

All I want to do is assign a vlan (2) to int fa1 and uplink it to another switch
Im thinking add the port to vlan 2 assign an IP to vlan 2, same the other end of the link and I should be able to ping the interface both ends?

Moley · 10 Sep 2010 at 15:01

I believe your current IOS only supports one vlan, you probably need to upgrade to the Advanced IP Services IOS - "Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M)".

Hope this helps.

RSR · 10 Sep 2010 at 15:10

Moley said:
I believe your current IOS only supports one vlan, you probably need to upgrade to the Advanced IP Services IOS - "Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M)".

Hope this helps.

As above, you need a IOS licence update to advanced IP services

http://tools.cisco.com/support/down...null&imname=&treeName=Routers&hybrid=Y&imst=N

edgedemon · 10 Sep 2010 at 15:11

My understanding is that the advsecurity supports 2 vlans and the advipservices supports 4?

Will try and dig the datasheet out

edgedemon · 10 Sep 2010 at 15:14

hmmm

Support for 2 VLANs with Base Image. One VLAN dedicated to DMZ.

branddaly · 10 Sep 2010 at 15:30

back up the vlan.dat file in your flash, then delete it. Not sure if a reboot is then required.

cp flash:vlan.dat vlan.bak
dele flash:vlan.dat

vlan data is stored in that file.

RSR · 10 Sep 2010 at 15:59

Edit.

edgedemon · 10 Sep 2010 at 16:16

orhba(config)#int fa1
orhba(config-if)#
orhba(config-if)#switchport mode access
orhba(config-if)#
orhba(config-if)#switchport access vlan 2
% Access VLAN does not exist. Creating vlan 2
orhba(config-if)#

interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
bridge-group 1

interface FastEthernet1
switchport access vlan 2

Does this mean it has worked..

Is it now a case of assigning an IP to vlan 2

edit - dont look like it..

orhba#conf t
Enter configuration commands, one per line. End with CNTL/Z.
orhba(config)#vlan 2
orhba(config-vlan)#ip address xxxxxxxx
^
% Invalid input detected at '^' marker.

Damn, maybe it doesn't allow the 2nd vlan to have an IP

edit 2

orhba#show vlans

No Virtual LANs configured.

orhba#show vlan-s
orhba#show vlan-switch

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0, Fa2, Fa3
2 VLAN0002 active Fa1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0

It looks like it does support the 2nd vlan???

branddaly · 10 Sep 2010 at 16:43

Don't you add the vlan's ip via;
conf t
interface vlan 2
ip address x.x.x.x

?

bigredshark · 10 Sep 2010 at 16:47

edit - dont look like it..

orhba#conf t
Enter configuration commands, one per line. End with CNTL/Z.
orhba(config)#INTERFACE vlan 2
orhba(config-vlan)#ip address xxxxxxxx
^
% Invalid input detected at '^' marker.

Damn, maybe it doesn't allow the 2nd vlan to have an IP

edgedemon · 10 Sep 2010 at 16:50

tried that
orhba#conf t
Enter configuration commands, one per line. End with CNTL/Z.
orhba(config)#vlan 2
orhba(config-vlan)#ip address
^
% Invalid input detected at '^' marker.

orhba(config-vlan)#?
VLAN configuration commands:
are Maximum number of All Route Explorer hops for this VLAN (or zero
if none specified)
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
exit Apply changes, bump revision number, and exit mode
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
no Negate a command or set its defaults
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
shutdown Shutdown VLAN switching
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN (or
zero if none specified)
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero
if none)

edit - just seen your cmd's

why int vlan 2 rather than vlan 2

Guess Im too used to using procurves...

branddaly · 10 Sep 2010 at 17:11

edgedemon said:
edit - just seen your cmd's

why int vlan 2 rather than vlan 2

Guess Im too used to using procurves...

Not sure as to the why. I think that the 'Interface vlan2' is for layer 3 information, and 'vlan 2' just for the switch part. Not got an 877 to hand to take a look unfortunately. You'd have to look at the commands available under each to get a good idea of what each one allows you to do.