05-17-2011 06:50 AM
Hello to all,
on our FCX624SHPOE-ADV I try to create a virtual routing interface by the following commands:
but all I get is "Error - invalid virtual ethernet interface number".
After adding one untagged port to the vlan, everything is fine... but: these vlans must not have any ports assigned by config. We try to do dot1x vlan assignment and no ports are allowed to enter these vlans by default.
Does anyone have any suggestions? Any help appreciated!
05-18-2011 02:28 AM
If no ports are up then the VE will not be up either, this is normal.
Maybe try leaving a port connected to the VLAN, enther your VE and dot1x config then remove the port form the vlan and test the auto assign VLAN via a dot1x client.
05-18-2011 02:34 AM
Have you defined the port range for the VLAN?
I guess there is a certain sequence which needs to be followed, like the following example:
Assigning an IP address to a virtual routing interface
A virtual interface is a logical port associated with a Layer 3 Virtual LAN (VLAN) configured on a
Layer 3 switch. You can configure routing parameters on the virtual interface to enable the Layer 3
switch to route protocol traffic from one Layer 3 VLAN to the other, without using an external router.
This section describes how to configure an IP address on a virtual interface.
The switch uses the lowest MAC address on the device (the MAC address of port 1 or 1/1/1) as the
MAC address for all ports within all virtual interfaces you configure on the device.
Enter commands similar to the following to add a virtual interface to a VLAN and configure an IP
address on the interface.
FCX624 Router(config)# vlan 2 name My_Vlan
FCX624 Router(config-vlan-2)# untag 1/1/1 to 1/1/4
FCX624 Router(config-vlan-2)# router-interface ve1
FCX624 Router(config-vlan-2)# interface ve1
FCX624 Router(config-vif-1)# ip address 22.214.171.124/24
The first two commands in this example create a Layer 3 protocol-based VLAN name
“My_Vlan” and add a range of untagged ports to the VLAN. The router-interface
command creates virtual interface 1 as the routing interface for the VLAN. The last two commands
change to the interface configuration level for the virtual interface and assign an IP address to the
Syntax: router-interface ve <num>
Syntax: interface ve <num>
05-19-2011 01:21 AM
thx for your response.
Sadly, after removing the last port from the vlan, the ve information is purged out of the config. I dont know if it will reappear after dynamically assign a port via dot1x (and I don't think so) but if any user saves the switch config while not having ports in the vlan, the information will be purged out of the config as well.
This is no problem with vlans wich span across our network because at least the uplink trunks ports will remain in the vlan. But we plan to isolate users/ports dynamically solely on one switch ,e.g. external Users, and provide connection between them but not with the rest of the network: as these users use multiple devices (private and corporate equipment), the ports may dynamically switch to vlans which will not span on other switches. As we must provide dhcp on the isolated vlan, we need a virtual interface for dhcp relay...
05-19-2011 01:28 AM
also thx for your help!
It seems that there have to be ports in a vlan to set up a virtual interface. In my opinon this is not very helpful in an dot1x environment. A workaround coul be spanning all vlans across our backbone, having the uplink port in all possible vlans. Then we can create our virtual interface.
Hope, security will not find out :-)