Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco router/swtich recomendation ?

Reply
Thread Tools

cisco router/swtich recomendation ?

 
 
raptor
Guest
Posts: n/a
 
      01-10-2005
thanx alot... now i have better picture..
It seems 3750x will do fine, will have to check
cisco.com for details..
Probably i can miss the statefull firewall :")
(i wanted it primary to offload the shaper anyway
linux does much better than cisco at this)

>From what I understand I may not use MPLS,

but just use routing (and it will handle everything at wire speed)
Yes I will really use only one router/switch and both the
highspeed-boxes and the rest of the networks will be connected
to it.

My next question is :

- Can I group several interfaces to act as one logical interface ?
- What is the maximum number of secondary addresses that can
be applied to interface ? (logical if possible)

What I want to do is many networks under many interfaces, but not
one class-C net behind one phisical-interface i.e. I want all
ip-networks mixed.
Ex.:
10.10.20.5 and 10.10.23.56 can be behind int f5/0, and 10.10.23.13 and
10.10.20.66 behind int f9/0 !
If I can create one logical interface that encompaces them (probably
via VLAN)?!

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-10-2005
In article <(E-Mail Removed) .com>,
raptor <(E-Mail Removed)> wrote:
:My next question is :

[on the 3750 series]

:- Can I group several interfaces to act as one logical interface ?

Yes. The 3550 and 3750 support EtherChannel, Fast EtherChannel,
and Gigabit EtherChannel.

http://www.cisco.com/en/US/tech/tk38...80094647.shtml

Or were you referring to bridging? The 3550/3750 support that too.


:- What is the maximum number of secondary addresses that can
:be applied to interface ? (logical if possible)

Hmmm, I don't know that. It probably depends on the amount of
available memory you have. If it helps, the configuration guide says,

There is no defined limit to the number of SVIs and routed ports
that can be configured in a switch stack. However, the
interrelationship between the number of SVIs and routed ports and
the number of other features being configured might have an impact
on CPU usage because of hardware limitations.


:What I want to do is many networks under many interfaces, but not
ne class-C net behind one phisical-interface i.e. I want all
:ip-networks mixed.
:Ex.:
:10.10.20.5 and 10.10.23.56 can be behind int f5/0, and 10.10.23.13 and
:10.10.20.66 behind int f9/0 !
:If I can create one logical interface that encompaces them (probably
:via VLAN)?!

I can't think of any reason that couldn't be done. Sounds like
a normal application of creating a vlan, assigning a bridge-group to
it and ip address(es) to it, and putting ports into the bridge-group .


By the way, I thought of something that might influence your
decision about going with the 3550/3750: neither device supports
NAT (Network Address Translation.) The 3550 and 3750 with Enhanced
Image can do a quite a lot, but they don't do NAT and they don't
do GRE tunnels... I do not recall at the moment if they support loopback
interfaces.
--
Are we *there* yet??
 
Reply With Quote
 
 
 
 
kevinw@idpc.com
Guest
Posts: n/a
 
      01-10-2005
Hello-

Information Data Products Corp. is a reseller of new & secondary market
Cisco hardware as well as various other manufactures. I believe we can
help you with your requirement, and save you a lot of money in the
process. Please email me or call me when you receive this. Thank you
again.

Kevin Wendolowski
Information Data Products Corp.
800-362-3770 Ext. 23
http://www.velocityreviews.com/forums/(E-Mail Removed)
AIM: kwIDPC
raptor wrote:
> hi,
>
> Could u point me about the exact "number/series" of router.
> I want a router+switch combo that support :
> - MPLS
> - statesfull firewalling
> - BGP
>
> then about it i want to know aprox :
>
> - how many 100Mb and 1Gb ports
> - what layer3 troughput can be acheived
> - what layer2 troughput can be acheived
> - which IOS version is required to support these features.
>
> tia
>
> PS. main software requirement for me is to be able
> to pass traffic to specific boxes over layer2 instead
> of trought routing engine, so that i can achieve
> better troughput.


 
Reply With Quote
 
raptor
Guest
Posts: n/a
 
      01-10-2005
aha.... :") i think bridge-group is what i wanted.. i.e.
number of ports (of the 3750g) to act as a pseudo bridge/switch
connected
to one real 3750g port which have many IP addresses....
Otherwise I will have to buy separate switch for this..

I dont need NAT.
I think 20-30 secondary ip addresses will be ok.

thanx again.

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      01-10-2005
In article <(E-Mail Removed) .com>,
raptor <(E-Mail Removed)> wrote:
:aha.... :") i think bridge-group is what i wanted.. i.e.
:number of ports (of the 3750g) to act as a pseudo bridge/switch
:connected
:to one real 3750g port which have many IP addresses....

I've just looked at my 3750G configuration (warning: I don't
have it in testing yet, so some thing might change.) I did
use a bridge-group but for a different reason entirely.

What you will want to do for your purposes is just create
a vlan, then set it's mode to 'active' (default is, as I recall,
inactive but not 'shutdown'); these are via the 'vlan' command.
The 'vlan' command will *not* show up in your configuration when
you 'show run' -- the vlan database is configured a different
odd way that doesn't show up in the IOS configuration.

Before or after using the 'vlan' command, you can configure
the vlan interface at the IOS level, giving it IP characteristics.
It perhaps makes more logical sense to create the vlan first before
using the 'interface' command to give it characteristics, but in
my experience you can do it in either order.

Once you have created the vlan and given characteristics to the
vlan interface, you can assign ports to be part of the vlan.
I do not recall the exact command for that a the moment [it was
another long night.] I see from my configuration that I have, e.g.,
switchport mode access vlan 104
in my 'interface' configuration, but I seem to recall it being
more complicated than that. For a trunk, you would have
switchport trunk encapsulation dot1q
and the membership within the vlans does -not- show up at the
"show run" level. The mojo goes on at with the 'vlan' command
if I recall correctly.

All the ports that you assign into a vlan are implicitly switched
together for the purposes of that vlan. If you assigned an IP
address to the vlan then the vlan will take part in routing.

There is a role for bridge-groups, but that role has to do with
"fallback" switching. If the switch receives non-IP layer 2 traffic
[such as IPX] then you need to be able to specify which ports or
vlans the traffic should be distributed to; you do that by
putting the ports and/or vlans into the same bridge-group.

In my particular case, I have some vlans coming off Nortel
switches, which are able to place traffic from the same
port in different vlans according to protocol. I have separate
vlans for IPX 802.2, IPX 802.3, and various IP based vlans.
There is no point in allowing the IPX traffic to be sent to
ports which have attached devices that can't run IPX, and at the
same time IPX ignores layer 3 boundaries so IPX traffic from one
port might need to go to another even though they are in different
IP vlans. [I'm using vlans for efficiency in this case, not for
security.] Anyhow, these vlans are non-IP vlans, but they can
be received on the trunks from the Nortel switches even if
the 3750 doesn't have equivilent ways of classifying according
to protocol [I think... maybe using layer 2 acls...] so I use
bridge-group statements to do fallback-bridging to send the
traffic to the appropriate places. The 'bridge-group' statement
is not meant to take the place of VLANs: bridge-group applies
to non-IP traffic only.


One tidbit: on the 3550 and 3750, you can effectively segment
vlans to specify which ones will route with which other ones;
for example, you might want to do that if you had different
customers on the same switch who were using the same interior
IP address ranges. I haven't played with this feature at all yet.

--
millihamlet: the average coherency of prose created by a single monkey
typing randomly on a keyboard. Usenet postings may be rated in mHl.
-- Walter Roberson
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      01-11-2005
On 10 Jan 2005 14:05:15 -0800, "raptor" <(E-Mail Removed)> wrote:

>aha.... :") i think bridge-group is what i wanted.. i.e.
>number of ports (of the 3750g) to act as a pseudo bridge/switch
>connected
>to one real 3750g port which have many IP addresses....
>Otherwise I will have to buy separate switch for this..
>
>I dont need NAT.
>I think 20-30 secondary ip addresses will be ok.
>


Why use bridge-groups? Can't you just use VLANs with dot1q
subinterfaces?



hsb


"Somehow I imagined this experience would be more rewarding" Calvin
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      01-11-2005
In article <(E-Mail Removed)>,
Hansang Bae <(E-Mail Removed)> wrote:
:Why use bridge-groups? Can't you just use VLANs with dot1q
:subinterfaces?

Cuz I offered him incorrect advice a couple of postings up
that mentioned bridge-groups. I haven't had much chance to play with
my 3750 yet, remembered that I'd put in a bridge-group, and then
my brain farted over to the old days of C2948G-L3 configuring
with srb.

--
When your posts are all alone / and a user's on the phone/
there's one place to check -- / Upstream!
When you're in a hurry / and propagation is a worry/
there's a place you can post -- / Upstream!
 
Reply With Quote
 
raptor
Guest
Posts: n/a
 
      01-11-2005
one last question, I hope :")
Is there ability to route traffic (l3) based on incoming interface.
I want to have different default gw depending from which
interface the traffic is coming or i'm asking too much.

(probably i will be able to workaround this, but it will be good
to have it)

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      01-11-2005
In article <(E-Mail Removed). com>,
raptor <(E-Mail Removed)> wrote:
ne last question, I hope :")
:Is there ability to route traffic (l3) based on incoming interface.
:I want to have different default gw depending from which
:interface the traffic is coming or i'm asking too much.

It appears not, at least not in 12.2(1SE [there have been a couple
of releases since then.]

http://www.cisco.com/en/US/products/...b.html#1228588

The important point there are that policy routing has to be
enabled on a Layer 3 interface, which means aither an interface
that has been given a direct IP address, or else on a vlan as
a whole that has been given an IP address. There is no way to
put in different route maps for ports which are members of
the same vlan, and the conditions that you can match against
in creating a route-map do not include testing which interface
the packet was received upon.

The closest you could come to this would be if you were able to
distinguish the interfaces by the IP source addresses.
For example if you knew that 10.12.50.17 was on the interfaces
you were interested in changing the routing behaviour for,
but you did not want the same gateway-changing for other interfaces
in the same vlan, then you could create an access list that matched
that ip and set the next hop, and apply the route map to the entire vlan.


Also note this point:

To use PBR, you must first enable the routing template by using the
sdm prefer routing global configuration command. PBR is not
supported with the VLAN or default template.

The table at
http://www.cisco.com/en/US/products/...160.html#88774
lists the hardware limits of the various templates. As a brief
summary, with the 'routing' template, you give up about 3 K MAC
address entries (leaving 3 K) in favour of more potential routes
and in favour of allowing policy-based routing Access Control Entries.
The hardware limit is 512 entries total over all access-lists used
to select differing routes.

--
I don't know if there's destiny,
but there's a decision! -- Wim Wenders (WoD)
 
Reply With Quote
 
raptor
Guest
Posts: n/a
 
      01-14-2005
Hmm.. in this case what i really need is probably to route not
nececary by incoming interface but in this case by the vlan
from which the packet is comming..
I can do this by normal access-list but the networks
that i want to describe will grow, currently ~30
That is why I'm searching for solution not based on the
source ip-address but incoming vlan and/or interface

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
profiling software recomendation JML Java 5 12-13-2004 09:34 PM
USB Network Card Recomendation? Les Stewart Computer Support 0 09-23-2003 08:53 PM
pc video editor recomendation please billbo68 Computer Support 1 08-18-2003 10:11 PM
typesafe session recomendation adam ASP .Net 2 08-15-2003 03:23 AM
Game recomendation? Bill Schowengerdt Computer Support 14 07-28-2003 06:51 PM



Advertisments