Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   What equipment to go for? (http://www.velocityreviews.com/forums/t583454-what-equipment-to-go-for.html)

HangaS 01-09-2008 04:41 PM

What equipment to go for?
 
Hi

I currently have in a network a Linux box acting as router. This box
as acts an interVLAN router that connects 3 VLANs and provides DHCP
to
each VLAN. A fourth interface is connected to a Cisco 805 that does
the NAT for each of the VLANs access the internet.


I now want to replace this linux box with a dedicated router, which
can have ate least 4 interfaces and can also provide DHPC to each
one.


It doesn't have to support VLANs, as VLANs are handled by a 3COM 3300
Switch I just want a router with can router between the 3 vlans and
the internet router.


I was looking as the CISCO 2801 Integrated services router. Does It
do
what I need?
Can anyone suggest a model for the job?


Kind Regards
Hangas



Theiss 01-09-2008 06:13 PM

Re: What equipment to go for?
 
Why can't you use the Cisco 805 to take over the routing job of the linux
box?
You should be able to use sub-interfaces on the lan port to do this.
You still need the linux box to supply the DHCP, unless the Cisco 805 can
supply it (I haven't worked much with that series).

A router with 4 interfaces can be costly.

Theiss

"HangaS" <mafonso@gmail.com> wrote in message
news:cd9ebe8a-ca9c-41c5-a0ab-351178b08b5e@j20g2000hsi.googlegroups.com...
> Hi
>
> I currently have in a network a Linux box acting as router. This box
> as acts an interVLAN router that connects 3 VLANs and provides DHCP
> to
> each VLAN. A fourth interface is connected to a Cisco 805 that does
> the NAT for each of the VLANs access the internet.
>
>
> I now want to replace this linux box with a dedicated router, which
> can have ate least 4 interfaces and can also provide DHPC to each
> one.
>
>
> It doesn't have to support VLANs, as VLANs are handled by a 3COM 3300
> Switch I just want a router with can router between the 3 vlans and
> the internet router.
>
>
> I was looking as the CISCO 2801 Integrated services router. Does It
> do
> what I need?
> Can anyone suggest a model for the job?
>
>
> Kind Regards
> Hangas
>
>


Network Blackjack 01-09-2008 09:31 PM

Re: What equipment to go for?
 
HangaS wrote:
> I currently have in a network a Linux box acting as router. This box
> as acts an interVLAN router that connects 3 VLANs and provides DHCP
> to
> each VLAN. A fourth interface is connected to a Cisco 805 that does
> the NAT for each of the VLANs access the internet.
>
>
> I now want to replace this linux box with a dedicated router, which
> can have ate least 4 interfaces and can also provide DHPC to each
> one.
>
>
> It doesn't have to support VLANs, as VLANs are handled by a 3COM 3300
> Switch I just want a router with can router between the 3 vlans and
> the internet router.
>
>
> I was looking as the CISCO 2801 Integrated services router. Does It
> do
> what I need?
> Can anyone suggest a model for the job?


I'm a big fan of the 877-sec-k9. It's like working with a layer 3 switch. Utilization of the dsl interface is optional. Just trunk it to a switch and rock out. Supports vlans, trunking, zone policy firewall, v6v4 tunneling, dmvpn. Very cool router.

HangaS 01-10-2008 12:00 AM

Re: What equipment to go for?
 
Hi Theiss,

Well, I didn't knew I could.
In fact altough I also have 805, the router that will be part of this
setup is in fact a 836, but its also a 800 series so should be the
same.

The reason why I thought I couldn't use the 386 is because it only has
2 interfaces ethernet0 and ethernet2(if enabled) and I though that I
had to have
an interface to terminate each VLAN.

What you are saying also makes sense to me, hook all the VLAN "ends"
in the ethernet0 and use subinterfaces. I'm not very familiar with
subinterfaces in IOS
but I believe it should be the same as IP aliasing in Linux.

A few questions though.

Can I use acess lists to filter trafing between subinterfaces?
Wouldn't the traffic from on VLAN "leak" to the other VLANs because
their are also tied up in the same phisical connection?

That's the main reason I tought of a router with several interfaces.

Regarding the DHCP, yes the 836 (and I believe the 805 also) can
provide a DHCP pool. I'm currently using one for the VPDN tunnel.


Many thanks by the tip!
HangaS


On Jan 9, 6:13*pm, "Theiss" <the...@shaw.ca> wrote:
> Why can't you use the Cisco 805 to take over the routing job of the linux
> box?
> You should be able to use sub-interfaces on the lan port to do this.
> You still need the linux box to supply the DHCP, unless the Cisco 805 can
> supply it (I haven't worked much with that series).
>
> A router with 4 interfaces can be costly.
>
> Theiss
>
> "HangaS" <mafo...@gmail.com> wrote in message
>
> news:cd9ebe8a-ca9c-41c5-a0ab-351178b08b5e@j20g2000hsi.googlegroups.com...
>
>
>
> > Hi

>
> > I currently have in a network a Linux box acting as router. This box
> > as acts an interVLAN router that connects 3 VLANs and provides DHCP
> > to
> > each VLAN. A fourth interface is connected to a Cisco 805 that does
> > the NAT for each of the VLANs access the internet.

>
> > I now want to replace this linux box with a dedicated router, which
> > can have ate least 4 interfaces and can also provide DHPC *to each
> > one.

>
> > It doesn't have to support VLANs, as VLANs are handled by a 3COM 3300
> > Switch I just want a router with can router between the 3 vlans and
> > the internet router.

>
> > I was looking as the CISCO 2801 Integrated services router. Does It
> > do
> > what I need?
> > Can anyone suggest a model for the job?

>
> > Kind Regards
> > Hangas- Hide quoted text -

>
> - Show quoted text -



HangaS 01-10-2008 12:05 AM

Re: What equipment to go for?
 
Hi,

As I mentioned in the previous reply, the router that I'm talking
about is in fact an 836 (which I believe was replaced by the 876)
So I can probably do the same with my 836.

Do you say the 877 (same as the 876 by over ISDN) supports VLANs? You
mean VLAN tagging et all?

Miguel

On Jan 9, 9:31*pm, Network Blackjack <b...@bj.invalid> wrote:
> HangaS wrote:
> > I currently have in a network a Linux box acting as router. This box
> > as acts an interVLAN router that connects 3 VLANs and provides DHCP
> > to
> > each VLAN. A fourth interface is connected to a Cisco 805 that does
> > the NAT for each of the VLANs access the internet.

>
> > I now want to replace this linux box with a dedicated router, which
> > can have ate least 4 interfaces and can also provide DHPC *to each
> > one.

>
> > It doesn't have to support VLANs, as VLANs are handled by a 3COM 3300
> > Switch I just want a router with can router between the 3 vlans and
> > the internet router.

>
> > I was looking as the CISCO 2801 Integrated services router. Does It
> > do
> > what I need?
> > Can anyone suggest a model for the job?

>
> I'm a big fan of the 877-sec-k9. It's like working with a layer 3 switch. Utilization of the dsl interface is optional. Just trunk it to a switch and rock out. Supports vlans, trunking, zone policy firewall, v6v4 tunneling, dmvpn. Very cool router.- Hide quoted text -
>
> - Show quoted text -



Theiss 01-10-2008 03:16 AM

Re: What equipment to go for?
 
HangaS

If you assign different subnet to your vlans, the router will route between
the vlan/subnets. However, you can use access-list to filter our the
traffic between vlan/subnet. You may need to assign a vlan/subnet
exclusively for the server so that every other vlan can access the server
but can't see/talk amongst themselves.

Theiss



"HangaS" <mafonso@gmail.com> wrote in message
news:b28a4efc-7f38-44c4-a748-c0cafd020939@q39g2000hsf.googlegroups.com...
> Hi Theiss,
>
> Well, I didn't knew I could.
> In fact altough I also have 805, the router that will be part of this
> setup is in fact a 836, but its also a 800 series so should be the
> same.
>
> The reason why I thought I couldn't use the 386 is because it only has
> 2 interfaces ethernet0 and ethernet2(if enabled) and I though that I
> had to have
> an interface to terminate each VLAN.
>
> What you are saying also makes sense to me, hook all the VLAN "ends"
> in the ethernet0 and use subinterfaces. I'm not very familiar with
> subinterfaces in IOS
> but I believe it should be the same as IP aliasing in Linux.
>
> A few questions though.
>
> Can I use acess lists to filter trafing between subinterfaces?
> Wouldn't the traffic from on VLAN "leak" to the other VLANs because
> their are also tied up in the same phisical connection?
>
> That's the main reason I tought of a router with several interfaces.
>
> Regarding the DHCP, yes the 836 (and I believe the 805 also) can
> provide a DHCP pool. I'm currently using one for the VPDN tunnel.
>
>
> Many thanks by the tip!
> HangaS
>
>
> On Jan 9, 6:13 pm, "Theiss" <the...@shaw.ca> wrote:
>> Why can't you use the Cisco 805 to take over the routing job of the linux
>> box?
>> You should be able to use sub-interfaces on the lan port to do this.
>> You still need the linux box to supply the DHCP, unless the Cisco 805 can
>> supply it (I haven't worked much with that series).
>>
>> A router with 4 interfaces can be costly.
>>
>> Theiss
>>
>> "HangaS" <mafo...@gmail.com> wrote in message
>>
>> news:cd9ebe8a-ca9c-41c5-a0ab-351178b08b5e@j20g2000hsi.googlegroups.com...
>>
>>
>>
>> > Hi

>>
>> > I currently have in a network a Linux box acting as router. This box
>> > as acts an interVLAN router that connects 3 VLANs and provides DHCP
>> > to
>> > each VLAN. A fourth interface is connected to a Cisco 805 that does
>> > the NAT for each of the VLANs access the internet.

>>
>> > I now want to replace this linux box with a dedicated router, which
>> > can have ate least 4 interfaces and can also provide DHPC to each
>> > one.

>>
>> > It doesn't have to support VLANs, as VLANs are handled by a 3COM 3300
>> > Switch I just want a router with can router between the 3 vlans and
>> > the internet router.

>>
>> > I was looking as the CISCO 2801 Integrated services router. Does It
>> > do
>> > what I need?
>> > Can anyone suggest a model for the job?

>>
>> > Kind Regards
>> > Hangas- Hide quoted text -

>>
>> - Show quoted text -

>


Network Blackjack 01-10-2008 02:50 PM

Re: What equipment to go for?
 
HangaS wrote:
> As I mentioned in the previous reply, the router that I'm talking
> about is in fact an 836 (which I believe was replaced by the 876)
> So I can probably do the same with my 836.
>
> Do you say the 877 (same as the 876 by over ISDN) supports VLANs? You
> mean VLAN tagging et all?


The 870 advanced image supports 4 vlans and 802.1q trunking. I have found the need to do extensive feature research when selecting a cisco router, as many devices lack a number of features. The sec-k9 is loaded. What type of wan connection do you have? There is probably no reason that one device can't do it all.

rpcblast 01-10-2008 04:40 PM

Re: What equipment to go for?
 
On Jan 10, 9:50*am, Network Blackjack <b...@bj.invalid> wrote:
> HangaS wrote:
> > As I mentioned in the previous reply, the router that I'm talking
> > about is in fact an 836 (which I believe was replaced by the 876)
> > So I can probably do the same with my 836.

>
> > Do you say the 877 (same as the 876 by over ISDN) supports VLANs? You
> > mean VLAN tagging et all?

>
> The 870 advanced image supports 4 vlans and 802.1q trunking. I have found the need to do extensive feature research when selecting a cisco router, as many devices lack a number of features. The sec-k9 is loaded. What type of wan connection do you have? There is probably no reason that one device can't do it all.


I am not sure fmo a performance standpoint, but from a features
standpoint it sounds like a 1721 might be another option. I have this
set up at home where I have one physical connection to my
router(802.1q trunk between my switch), and everything plugs into my
switch. One vlan is for the internet connetion from comcast, one is
for my main internal network, one is for my wireless, one is for a
test network. As far as I can tell nothing leaks between Vlans. Now
performance may be an issue as I have found it is fairly easy to
overload the 1721 with p2p programs or extensive vpn use.

HangaS 01-10-2008 04:58 PM

Re: What equipment to go for?
 
I have an ADSL connection over ISDN. That was the reason I elected the
836 in the past.
I also had an 805 on Leased Line but was disabled in the beggining of
the year.
So now I only have the 836 connected to the linux router. In a near
future I will also have another ADSL2+ connection so I may connect a
837 that I have in the closet.

HangaS

On Jan 10, 2:50*pm, Network Blackjack <b...@bj.invalid> wrote:
> HangaS wrote:
> > As I mentioned in the previous reply, the router that I'm talking
> > about is in fact an 836 (which I believe was replaced by the 876)
> > So I can probably do the same with my 836.

>
> > Do you say the 877 (same as the 876 by over ISDN) supports VLANs? You
> > mean VLAN tagging et all?

>
> The 870 advanced image supports 4 vlans and 802.1q trunking. I have found the need to do extensive feature research when selecting a cisco router, as many devices lack a number of features. The sec-k9 is loaded. What type of wan connection do you have? There is probably no reason that one device can't do it all.



Network Blackjack 01-10-2008 05:01 PM

Re: What equipment to go for?
 
> > HangaS wrote:
> > > As I mentioned in the previous reply, the router that I'm talking
> > > about is in fact an 836 (which I believe was replaced by the 876)
> > > So I can probably do the same with my 836.

> >
> > > Do you say the 877 (same as the 876 by over ISDN) supports VLANs? You
> > > mean VLAN tagging et all?


> Network Blackjack wrote:
> > The 870 advanced image supports 4 vlans and 802.1q trunking. I have found the need to do extensive feature research when selecting a cisco router, as many devices lack a number of features. The sec-k9 is loaded. What type of wan connection do you have? There is probably no reason that one device can't do it all.


rpcblast wrote:
> I am not sure fmo a performance standpoint, but from a features
> standpoint it sounds like a 1721 might be another option. I have this
> set up at home where I have one physical connection to my
> router(802.1q trunk between my switch), and everything plugs into my
> switch. One vlan is for the internet connetion from comcast, one is
> for my main internal network, one is for my wireless, one is for a
> test network. As far as I can tell nothing leaks between Vlans. Now
> performance may be an issue as I have found it is fairly easy to
> overload the 1721 with p2p programs or extensive vpn use.


I used a 1721 before I migrated to the 877. The difference in cost is substantial: 1200 for the 1721 base image vs. 500 for the 877 advanced image. Obviously, the 1700 probably offers superior performance. Just had to go with the advanced image for v6 tunneling.


All times are GMT. The time now is 01:56 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.