You want to connect an InterSwitch Link (ISL) VLAN trunk to your router.
The following set of commands will allow you to connect an ISL trunk to your router:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface FastEthernet0/0 Router1(config-if)#no ip address Router1(config-if)#speed 100 Router1(config-if)#full-duplex Router1(config-if)#exit Router1(config)#interface FastEthernet0/0.1 Router1(config-subif)#encapsulation isl 1 Router1(config-subif)#ip address 172.25.1.5 255.255.255.0 Router1(config-subif)#exit Router1(config)#interface FastEthernet0/0.2 Router1(config-subif)#encapsulation isl 2 Router1(config-subif)#ip address 172.16.2.1 255.255.255.0 Router1(config-subif)#exit Router1(config)#interface FastEthernet0/0.3 Router1(config-subif)#encapsulation isl 574 Router1(config-subif)#ip address 10.22.1.2 255.255.255.0 Router1(config-subif)#end Router1#
A trunk is a point-to-point link containing one or more Virtual LANs (VLANs). The main purpose of a trunk is to save physical interfaces. Without VLANs, if you wanted to connect two LAN segments into a router, you would need two Ethernet interfaces. Unfortunately, this does not scale well and it is relatively common for a single switch to support many VLANs. Using trunks to bundle the VLANs together into a single link offers some clear advantages.
While trunks carry traffic for many different VLANs, they are able to keep them separate by tagging each frame with the unique identification number for the appropriate VLAN. This allows traffic from multiple LAN segments to share the same physical link without any danger of frames leaking onto the wrong segment. When a network device receives a tagged frame from a trunk link, it removes the tag and forwards the frame to the appropriate LAN segment as a normal frame.
When you connect a router to a trunk, it can route Layer 3 packets between the various VLANs on the trunk. Because of the VLAN tagging scheme, Layer 2 frames cannot pass from one VLAN to another. So, without a router device of some kind, there is no way to interconnect the VLANs. A configuration in which a router is connected to a trunk to allow routing between the different VLANs is often called a router on a stick or a one-armed router because the router routes its packets back out onto the same physical interface that it received them through.
Cisco routers support two main trunking protocols, ISL and 802.1Q. ISL is a proprietary Cisco protocol, so you can only use it between Cisco devices. Conversely, 802.1Q is an IEEE open standard that is supported by most manufacturers of network hardware. Recipe 16.12 shows how to configure an 802.1Q trunk interface on a router.
Unfortunately, the 802.1Q open standard reached the market some time after the initial demand for trunking protocols. So most manufacturers of Layer 2 switching equipment developed their own proprietary standards to fill the void. Cisco developed ISL. All newer Cisco equipment now supports 802.1Q, but there are still many older Catalyst switches that cannot support the open standard. ISL is your only choice with this equipment. In any case, Cisco's ISL support is generally more mature and stable than its 802.1Q implementations. So, while we generally recommend working with open standards where possible, ISL is still clearly the more viable option in some networks.
The first step when configuring a trunk on a router is to select a physical LAN interface to connect the trunk to. In general, we don't recommend using anything slower than a FastEthernet interface for this purpose:
Router1(config)#interface FastEthernet0/0
Router1(config-if)#no ip address
Router1(config-if)#speed 100
Router1(config-if)#full-duplex
As you can see, no special configuration is necessary on the physical interface.
Next, you need to create one subinterface on this physical interface for each different VLAN. Because each VLAN represents a different Layer 3 network, you need to give each of the subinterfaces IP addresses from the corresponding IP subnets:
Router1(config)#interface FastEthernet0/0.1 Router1(config-subif)#encapsulation isl 1 Router1(config-subif)#ip address 172.25.1.5 255.255.255.0
The encapsulation command associates this subinterface with a particular ISL VLAN number. ISL VLAN numbers can have any value between 1 and 1000. With this subinterface configured, the router is now able to route packets for any devices on this VLAN, exactly as if it were directly connected to the physical LAN segment.
The show vlans command displays information about all of the VLANs configured on the router:
Router1#show vlans
Virtual LAN ID: 1 (Inter Switch Link Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.1
Protocols Configured: Address: Received: Transmitted:
IP 172.25.1.5 203626 342261
Virtual LAN ID: 2 (Inter Switch Link Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.2
Protocols Configured: Address: Received: Transmitted:
IP 172.16.2.1 0 153807
Virtual LAN ID: 574 (Inter Switch Link Encapsulation)
vLAN Trunk Interface: FastEthernet0/0.3
Protocols Configured: Address: Received: Transmitted:
IP 10.22.1.2 0 6
Router1#
We have configured this router to support three different VLANs, each with its own subinterface and IP address. The subinterface number does not necessarily need to correspond to the VLAN ID, as we have assigned VLAN number 574 to subinterface FastEthernet0/0.3. But if you make it a general rule to always keep the subinterface number the same as the VLAN number, it will make maintenance and troubleshooting considerably simpler in a large network.
It is useful to remember that you don't need to create a distinct subinterface for every VLAN on the switch. There may be some VLANs on this switch that you don't wish to terminate on the router. In this case, the router simply ignores any frames that are tagged with VLAN numbers that it doesn't support.
You can use the show interfaces command to see information about the trunking configuration of a particular subinterface:
Router1#show interfaces FastEthernet0/0.3
FastEthernet0/0.3 is up, line protocol is up
Hardware is AmdFE, address is 0001.9670.b780 (bia 0001.9670.b780)
Internet address is 10.22.1.2/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ISL Virtual LAN, Color 574.
ARP type: ARPA, ARP Timeout 04:00:00
Router1#
This shows the encapsulation type (ISL) and the VLAN number (574), along with the interface's IP address information.
 |
|
|
| Top |