Should I upgrade my 2610?

Discussion in 'Cisco' started by Brett, Oct 7, 2004.

  1. Brett

    Brett Guest

    Hi, Can I ask for your advice?

    I am currently using a 2610. It has two WIC-1DSU-T1 cards in it. I use
    the two T1s to connect my LAN to the Internet. In the near future, I
    am looking at replacing the two T1s with a 10mb/s EFM connection to the
    Internet. When I do that, I won't need the two t1 cards anymore. But
    I will need to add a second ethernet port in order to route between my
    LAN and the EFM modem.

    I actually could use no router at all in this scenerio, but I use the
    Cisco for some pretty aggressive ACLs (I allow only a few protocols and
    then DENY everything else).

    Considering the speeds involved (routing between 10mb EFM and 100mb
    LAN) and also considering that I'll have to buy a new ethernet card
    anyway, should I be looking at buying a newer, faster router? Or
    perhaps some kind of smart switch that could do the ACL work since I
    actually don't have to route in this situation.
    Any advice appreciated.

    Brett
     
    Brett, Oct 7, 2004
    #1
    1. Advertising

  2. In article <>,
    Brett <> wrote:
    :I am currently using a 2610. It has two WIC-1DSU-T1 cards in it. I use
    :the two T1s to connect my LAN to the Internet. In the near future, I
    :am looking at replacing the two T1s with a 10mb/s EFM connection to the
    :Internet.

    :Considering the speeds involved (routing between 10mb EFM and 100mb
    :LAN) and also considering that I'll have to buy a new ethernet card
    :anyway, should I be looking at buying a newer, faster router? Or
    :perhaps some kind of smart switch that could do the ACL work since I
    :actually don't have to route in this situation.
    :Any advice appreciated.

    A 'smart switch' in your context would have to be a multilayer switch with
    ACLs such as the 3550 or 3750. There are restrictions on the ACLs
    for the 3550 and 3750 that could potentially be insufficient for your
    purposes unless your ACL is very simple. (If it's more than a few lines
    long then you could potentially run into the restrictions.)
    The 3550 and 3570 are not exactly "cheap", and the router approach
    might turn out to be less expensive.

    The 2610 is rated as a maximum of 15K pps (64 byte packets), which is
    also (in round numbers) the pps rate that would fill a 10 megabits/s
    half duplex connection. If you want to be able to handle full duplex
    flat out on the EFM, you should be considering a device that gets
    closer to 30K pps. The 2620 and 2621 do 25K pps (75% of the maximum
    possible load, if you were using it full duplex with minimum sized
    packets only) so those could be considered. On the other hand, the
    2620/2621 are not recommended by Cisco anymore: they suggest instead
    the 2620XM or 2621XM, which are rated at 30K pps. A refurbished 2621XM
    is about $US1800.

    If you check for prices on 2620XM or 2621XM on some of the price
    comparison sites, or if you google for prices on the devices, look very
    carefully at the part number. Some of the devices that come up near the
    top of the google search are 2621XM-DC which is DC powered instead of AC.
    And some of the sites say "New" for the devices but give a part number
    that includes -RF : the RF stands for "refurbished"!

    The part numbers for the various 26xx devices and their option cards can
    be found near the bottom of this page:

    http://www.cisco.com/en/US/products/hw/routers/ps259/products_data_sheet0900aecd800fa5be.html


    You mention that your LAN is 100 megabits/s. If you are thinking of
    having the new device do LAN routing (such as between VLANs or between
    multiple subnets), then if you expect the device to route at wirespeed,
    you should be considering at least a 3660 (120K pps, which is 80% of
    the 148K pps possible on a 100 megabit half duplex link) and possibly
    higher. But by then you might have gotten into the price range where
    a switch would make more sense for you, if you can live with the
    ACL restrictions of the switches.
    --
    Preposterous!! Where would all the calculators go?!
     
    Walter Roberson, Oct 8, 2004
    #2
    1. Advertising

  3. Brett

    Brett Guest

    Thank you very much, Walter. Can you elaborate on what the ACL
    restrictions are exactly? (Or point me to an article about it?). What
    kind of ACL is the switch not able to do? My ACL list currently
    consists of 60 PERMIT statements which explicitly allow certain outside
    hosts or protocols to connect to certain servers on my network. I then
    end the ACLs with a "DENY IP any any log" sending the results to a
    syslog server. Can the switches you mention handle ACLs like that?
     
    Brett, Oct 8, 2004
    #3
  4. In article <>,
    Brett <> wrote:
    :Can you elaborate on what the ACL
    :restrictions are exactly? (Or point me to an article about it?).

    On the 3550:
    http://www.cisco.com/warp/public/473/145.html
    http://www.cisco.com/en/US/products...figuration_guide_chapter09186a0080211cd8.html

    The 3550 tries to handle security in hardware, but the hardware has
    limited resources. These resources are more likely to be exhausted
    if you want to configure router ACLs together with VLAN maps, or
    if you want your router ACLs to have layer 4 information.

    You can use both router ACLs and VLAN maps on the same switch.
    However, you cannot use port ACLs on a switch that contains input
    router ACLs or VLAN maps.

    [...]

    The switch hardware provides one lookup for security ACLs for each
    direction (input and output); therefore, you must merge a router
    ACL and a VLAN map when they are configured on the same VLAN.
    Merging the router ACL with the VLAN map might significantly
    increase the number of ACEs.

    Similar issues apply to the 3750:
    http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a00801e7bb9.shtml

    Since the Catalyst 3750 allows only one ACL lookup per ingress or
    egress traffic direction, security ACLs, VACLs, and RACLs need to
    be merged into one compiled ACL in the TCAM.


    Some of the other restrictions I was thinking of might perhaps
    apply only to the 2950, eg. "system defined masks" and "user defined masks".
    http://www.cisco.com/en/US/products...figuration_guide_chapter09186a008007ebdb.html
    --
    Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
    Aleph sub {Aleph sub two} little infinities...
     
    Walter Roberson, Oct 8, 2004
    #4
  5. Hi Brett,

    Why not use a firewall. A Pix506e will do the job just fine. A Pix cannot do
    "internal" routing, so just keep the existing router for that.

    Erik

    "Brett" <> wrote in message
    news:...
    > Thank you very much, Walter. Can you elaborate on what the ACL
    > restrictions are exactly? (Or point me to an article about it?). What
    > kind of ACL is the switch not able to do? My ACL list currently
    > consists of 60 PERMIT statements which explicitly allow certain outside
    > hosts or protocols to connect to certain servers on my network. I then
    > end the ACLs with a "DENY IP any any log" sending the results to a
    > syslog server. Can the switches you mention handle ACLs like that?
    >
     
    Erik Tamminga, Oct 9, 2004
    #5
  6. Brett

    mh Guest

    Check out the new Cisco 2800 series routers.

    They have faster processors, a lot more memory, onboard acceleration
    for encryption, USB ports and take most of the existing 2600 NMs and
    WICS.

    The product manager stated that IOS and PIX feature ses will be
    aligned over time.
     
    mh, Oct 10, 2004
    #6
  7. Brett

    Rob Guest

    I second this. They are looking to be the killer product.

    Robert




    On 10 Oct 2004 07:27:11 -0700, (mh) wrote:

    >Check out the new Cisco 2800 series routers.
    >
    >They have faster processors, a lot more memory, onboard acceleration
    >for encryption, USB ports and take most of the existing 2600 NMs and
    >WICS.
    >
    >The product manager stated that IOS and PIX feature ses will be
    >aligned over time.
     
    Rob, Oct 11, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rainer Temme
    Replies:
    2
    Views:
    7,647
    Michael Hatzis
    Jul 9, 2003
  2. A. Yarrington
    Replies:
    5
    Views:
    489
    A. Yarrington
    Nov 25, 2003
  3. Raymond Munyan
    Replies:
    31
    Views:
    1,385
    =?Windows-1252?Q?Frisbee=AE?=
    Dec 1, 2004
  4. Mike Rahl
    Replies:
    1
    Views:
    1,022
    Doug McIntyre
    Jun 14, 2007
  5. RichA

    Nikon should (should have) made the D9300 40MP

    RichA, May 16, 2014, in forum: Digital Photography
    Replies:
    57
    Views:
    1,099
    PeterN
    May 23, 2014
Loading...

Share This Page