Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3724
Views
20
Helpful
9
Replies

Advise before buying a router: RV345 (or upgrade to C921-4P)

Filomena
Level 1
Level 1

‎08-29-2019 01:08 AM - edited ‎08-29-2019 01:13 AM

Hi,

I Already got a great help to decide me buy the SG350 switch in this topic:

https://community.cisco.com/t5/switching/help-before-buying-cisco-sg350-series-switch/m-p/3909676/highlight/true#M471315

 

The uncertain question is to definitely confirm, from a user or someone knowing the RV series, if the RV345 isn't able to NAT traffic from VLAN subinterfaces to the internet and if the C921-4P would fit my needs

 

My planned setup:

             ISP Cable Modem (600 Mbps internet access, upgradable to 1 Gbps)
                         |
      Cisco RV345 SMB router
                 (10.0.10.1)
                         +
                Router Port 1 (Trunk/Tagged to all VLANs)
                         |
             Cisco SG350 + DHCP server enabled
                    + VLAN 10 (private): 10.0.10.0/24
                            * Port 1 (trunk) : connected to router
                            * Port 2 (trunk): connected to WLAN AP (3 tagged SSIDs for VLANs 10, 20 and 40)
                            * Port 3 (access) : management PC
                    + VLAN 20 (office): 10.0.20.0/24, Ports 1-2 (trunk), Ports 4-5 (access)
                    + VLAN 30 (shared): 10.0.30.0/24, Ports 1-2 (trunk), Ports 6-7 (access)
                    + VLAN 40 (guest): 10.0.40.0/24, Ports 1-2 (trunk), Port 8 (access)

 

Configuration:

  • SG350 switch: DHCP pools for each VLAN, IPv4 routing enabled, ACL and ACE rules to manage interVLAN communication. All intranet routing must be done on the switch.
  • RV345 router: static IP 10.0.10.1, DHCP server disabled, create VLANs, firewall access rules for subnets -> WAN1, static routes configured for each VLAN subinterface (or just enable interVLAN routing on the router ?)
  • WLAN AP: setup with the 4 VLANs, 3 SSIDs for VLANs 10,20 and 40

My needs:

  • Gigabit WAN interface
  • each VLAN can have access to internet through the router
  • DHCP server and all intranet routing is done on the switch (if I turn off the router, intranet traffic should be maintained)
  • access rules to manage communication between VLANs and different devices (+ setup exceptions): setup on both switch and router
  • a GUI to make most if not all the above configuration or a good CLI documentation/tutorials/step-by-step for my basic setup

Questions:

  • Will the RV345 NAT the traffic to internet from subinterfaces with the above setup or it just doesn't support it ? In userguide there are Firewall rules to allow VLAN <-> WAN but nothing mentioned about the NAT. So, in the GUI, enabling the firewall rules for VLAN <-> WAN also does the NAT routing to the WAN or no ? Static NAT is not an option as I only have one public IP address from my ISP
  • The C921 is still in my budget:
    1. will it better answer my needs ?
    2. Is it fast enough to do the routing at wire speed if I want to move DHCP server and inter-VLAN routing from switch to router ?
    3. does it have a GUI and a decent documentation to achieve my needs as I didn't find much resources (unlike the rich documentation for the RV340 series) ?

Many thanks for helping me buy the appropriate product.

 

9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-29-2019 09:28 AM - edited ‎08-29-2019 09:34 AM

Hello Filomena,

our discussion in that thread was about the fact that RV345 is likely not able to NAT internal subnets that are not directly connected to it (that is the case if inter-vlan routing is performed on the SG350).

RV345 should be able to enable NAT for direcly connected Vlans / Vlan based subinterfaces but moving the inter-vlan routing to the router has a very high price it becomes a bottle neck for intra site inter vlan routing.

What the C921 can give you is the ability to NAT subnets not directly connected.

 

To answer your final questions :

 

The C921 is still in my budget:

  1. will it better answer my needs ?    >>> yes it supports NAT configuration in IOS not limited to directly connected interfaces
  2. Is it fast enough to do the routing at wire speed if I want to move DHCP server and inter-VLAN routing from switch to router ?   >>>> No and you don't need to do it see above
  3. does it have a GUI and a decent documentation to achieve my needs as I didn't find much resources (unlike the rich documentation for the RV340 series) ?    >> Yes it should have a network assistant GUI

 

see

https://www.cisco.com/c/en/us/products/collateral/routers/900-series-integrated-services-routers-isr/datasheet-c78-741615.html?dtid=osscdc000283

 

https://www.cisco.com/c/dam/en/us/products/collateral/routers/900-series-integrated-services-routers-isr/guide-c07-741884.pdf

 

SL-900-IPB     base license is enough to support NAT.

 

I cannot find data about expected performance. Be aware that ISR 4000 routers have performance and boost performance licenses I don't see these options for the ISR 900 series.

 

Hope to help

Giuseppe

 

Filomena
Level 1
Level 1
In response to Giuseppe Larosa

‎08-29-2019 10:16 AM - edited ‎08-29-2019 10:19 AM

>>

@Giuseppe Larosa wrote

I cannot find data about expected performance. Be aware that ISR 4000 routers have performance and boost performance licenses I don't see these options for the ISR 900 series.

<<

 

I found this link:

http://www.anticisco.ru/pubs/ISR_G2_Perfomance.pdf

The ISR 800 has very bad WAN and firewall performance it seems, not even close to 25% of the 100 Mbps WAN interface.

I guess the WAN interface of the 900 series will never reach anything close to the 100 Mbps !! I need the fast internet 600 Mbps connection I have. Why put a 1Gb WAN port if it is capped ? Even home routers achieve these speeds on WAN ! Anyone can confirm if I can reach the advertised speeds on the WAN side for internet traffic (https, ftps...). I don't plan using licensed VPN services by the way.

Any more info about their performance for normal internet traffic (file transfers through servers...)

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Filomena

‎08-29-2019 11:33 AM

Hello Filomena,

the reported datasheet is old (year 2010) and the reported numbers are "conservative".

 

What is the performance limit in a SW based cisco router ( using a general purpose cpu to move packets) ?

the maximum packet per seconds it can process.

In cisco IOS routers this limit is reached regardless of the true packet size. For this reason the performance numbers with small packets are low.

 

To be able to support a GE wire speed with frames of minimum size 64 bytes you should use the following formula

 

pps =  1 x 10^9 /[(64+20.2)*8] = 1484560 pps

to fill a GE with frames of size 1518 bytes you need:

ppsmin = 1 x 10^9 /[(1518+20,2)*8] = 81263 pps

 

Here 20,2 accounts for : 8 byte pre-amble that allows receiver to synchronize before starting of the frame and minimum Inter Frame Gap = minimum silence time interval to make the receiver able to detect the end of a frame before the beginning of next frame.

 

A given router can process a max of N packets per seconds depending on the packet size the aggregate throughput change.

 

But as you can see from the numbers of examples above  the packet size is important.

 

 

 

Hope to help

Giuseppe

 

Filomena
Level 1
Level 1
In response to Giuseppe Larosa

‎08-29-2019 11:30 PM

@Giuseppe Larosa 

Thank you, I really need to make my decision.

I don't have a huge number of users that will browse internet all day. I mainly need transferring data files of various sizes in multi-segmented connection to maximise bandwidth use. A Netgear R7000 Home router with a smart switch actually fill my needs except for segmenting the network which is now mandatory.

The problem is that I also don't find any info about the R7000 pps performance for 64 and 512 byte packets.

So, my simple user question: I suppose the C921 should perform better than my actual R7000 home router for rather big data transfers and general web surfing for 5-10 users ? If not, I would drop to an Ubiquity router of the same price like the Edge Pro which have all specs well documented. However, I really do prefer Cisco for the community support and tech support if needed.

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Filomena

‎08-30-2019 12:27 AM

Hello Filomena,


>> I don't have a huge number of users that will browse internet all day. I mainly need transferring data files of various sizes in multi-segmented connection to maximise bandwidth use. A Netgear R7000 Home router with a smart switch actually fill my needs except for segmenting the network which is now mandatory.


a) segmenting = using multiple Vlans ? correct this is what led you to buy the new multilayer swtich SG350.


b) if I correctly remember your current router is not able to support Vlans and not able to support NAT for not directly connected subnets, but you have found a firmware upgrade that could allow you either to enable NAT For not directly connected internal subnets either ( EXOR) to enable vlans. However, you have made a note that this firmware upgrade might not be fully supported by Netgear and this moved you about considering to change it.


The C921 supports up to 32 Vlans and support IOS NAT that is not limited to directly connected internal subnets.

We are not finding the performance of this device, for now we can say it has the required features.

 

And yes, there are no performance numbers in netgear RV7000 datasheet too

I have found the following:

https://www.netgear.it/images/datasheet/networking/wifirouter/R7000.pdf

 

There is great emphasis about the performance of the WIFI embedded access points and the use of both 2.4 and 5 Ghz RF channels.

The only info about the CPU is that it is a 1GHz CPU with two cores.

 

Hope to help

Giuseppe

 

Filomena
Level 1
Level 1
In response to Giuseppe Larosa

‎08-30-2019 09:09 AM - edited ‎08-30-2019 09:46 AM

Hello @Giuseppe Larosa 

a) and b) : yes, you got it all right :-)

Wifi: I am going with a dedicated AP supporting VLANs per SSID

Performance: if it can handle at least same performance as the old R7000 Home router it would be great. That is the 900 Mbps on WAN side for large packets I guess.

Smallnetbuilder test:

https://www.smallnetbuilder.com/wireless/wireless-reviews/32239-ac1900-first-look-netgear-r7000-a-asus-rt-ac68u?showall=&start=1

Capture.JPG

 

And for the RV345P:

https://www.smallnetbuilder.com/lanwan/lanwan-reviews/33145-cisco-rv-345p-dual-wan-gigabit-poe-vpn-router-reviewed?showall=&start=2

Capture.JPG

 

1- Any info on the CPU of C921 ? I found an Intel x86 2.2 GHz which sounds way better than an ARM 1 GHz, but no idea if this spec is true:
https://www.router-switch.com/media/upload/product-pdf/cisco-900-series-integrated-services-routers-datasheet.pdf

2- Also, since I am not used to Cisco, do their other 1 Gbps WAN routers support my speed needs or they are capped with licensing fees needed ? If they are what I see for the RV345, that's enough for my needs. Any tech support could help here before I buy ?

3- IP Base license: is it free bundled on shipping the devise or also as an annual subscription ?

0 Helpful

Filomena
Level 1
Level 1
In response to Filomena

‎09-06-2019 11:42 AM

Since it is hard to find any data/specs, I started looking at pfsense.

From many guides it seems able to NAT while letting the routing on the L3 switch

Will update you, unless Cisco releases some decent specs before I find an adequate hardware to build pfsense

0 Helpful

Filomena
Level 1
Level 1
In response to Filomena

‎09-23-2019 10:25 AM - edited ‎09-23-2019 10:26 AM

Just for the feedback: I finally ordered parts to mount an i3 based pfsense ITX box. Will probably get more for my money than the consumer grade routers and at least be certain of the specs. Also, OpenVPN support vs the payed VPN options pushed me towards this choice.

I ordered the SG-350 switch though

Many thanks for all your help

0 Helpful

zl1965
Level 1
Level 1

‎01-02-2020 10:51 AM

Just so you know:

Cisco will not provide ANY support for this device unless you have a support contract. You do NOT get AnyConnect clients included. The Community is pretty silent on small business and home devices. If you anticipate a need for ANY support in configuration, or later, go with Juniper or Arista.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card