100MB. Moving to 1GB in 2015.

100MB. Moving to 1GB in 2015.

If this is the case, then stop what you are doing.  2921 router is not designed to push 100 Mbps.

To be able to push 1 Gbps you should be looking at an ASR 1002 with RP2 and ESP 5 as a minimum.  Otherwise, you are just wasting money on your WAN when your router is unable to push that much amount of bandwidth. 

Thanks. Do you have some supporting documentation you could link me to? I'd be keen to reference it.

If we forget about that for a moment (as the speeds are currently OK and 2015 is a way off when I can review it) can anyone offer help with the original question?

Thank you.

Anyone able to offer any help?

Thank you.

It is not clear to me exactly what the requirements will be when you cluster your non Cisco firewalls and connect them to your router. Would I be correct in assuming that the requirements include: two physical interfaces on the router both in the same subnet and with a single IP address on the router? Perhaps the easiest way to achieve this would be to put a small switch module into the router, configure a vlan in the switch module assigning an IP address to the vlan interface, assign 2 of the switch ports to the vlan.

I am also not clear how the firewalls will connect to the router. Will each firewall have a direct physical connection to the router? Or is it possible that the firewalls will connect to a switch and the switch connects to the router? If the firewalls connect to a switch then perhaps you need only a single interface on the router?

HTH

Rick

Thank you.

The non-Cisco firewalls will each require 1 ethernet port from each firewall in the cluster to plug directly into the Cisco Router.

I could plug the firewalls into a switch - then plug that switch into the router using just one ethernet port.

However that's introducing a single point of failure (and nother device to maintain).

The ehwic card would hopefully do the same - I know that can still fail but we'd likely have a spare on standby.

So yes - switch module into router, configure vlan etc. I'm just not sure how I would do this.

It is currently configured like this:

interface GigabitEthernet0/1

mtu 1600

ip address 10.0.50.30 255.255.255.0

ip ospf message-digest-key 1 md5 7 xxxxxxxxxxx

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 10.0.60.70 255.255.255.0

ip flow ingress

ip ospf message-digest-key 1 md5 7 xxxxxxxxxxxx

duplex auto

speed auto

!

I'm just not sure what the process/commands would be to move from that to the whwic switch card etc.

Thanks.

The exact command syntax might vary a bit depending on the particular ehwic card that you use. But in general the process and the commands might look a bit like this:

! create a vlan on the switch module

vlan 101

name firewalls

! assign 2 switch ports to the vlan

interface fasteth0/0/0

switchport mode access

switchport access vlan 101

interface fasteth0/0/1

switchport mode access

switchport access vlan 101

! remove the ip from the existing interface

interface GigabitEthernet0/2

no ip address

! create the vlan interface and assign IP address to it

interface vlan 101

ip address 10.0.60.70 255.255.255.0

ip ospf message-digest-key 1 md5 7 xxxxxxxxxxxx

You might need to check and/or experiment a bit to determine whether the ip flow ingress is supported on the ehwic or not.

HTH

Rick