02-14-2022 05:06 AM
Hello, I am using a Cisco 4331 and intend to use the Cisco 1111-8P as router with 2 WAN ISP where I have IPSEC tunnels constructed.
I have seen that there is a constraint on etherchannel supported on the 2 routed ports and not the LAN ports.
To address this i will be the routed ports and construct the lacp etherchannel to the LAN and connect the two wan on the LAN ports and use vlans.
My question is whether I can apply crypto-map or construct vti from the vlan wan interface from the LAN switched ports.
Thanks,
02-14-2022 05:46 AM
Hello,
can you draw this out ? I am not clear on what you want the topology to look like...
02-14-2022 08:13 AM
Hello Georg ,
Please find a simplified topology with the main objective is to have an etherchannel with internal lan
ROUTED PORT1 internal LAN LACP ----ISR 1100 --- wan isp 1 LAN PORT VLAN 100 APPLY CRYPTO MAP
ROUTED PORT2 internal LAN LACP ----- --- wan isp 2 LAN PORT VLAN 200 APPLY CRYPTO MAP
The ISR 1100 fits our requirement in terms of routing performance, WAN links will not be more than 50 Mbps and encryption throughput not more than 10 Mbps so the ISR 4300 is an overkill for our requirements but the redundant LAN is a requirement and I wanted to confirm if it can be achieved with the ISR 1100.
02-14-2022 08:47 AM
Hello,
so basically you are moving the uplinks to the switchports, and use the 2 routed ports for the port channel connected to the LAN ?
I guess that should work. However, keep in mind that anything 'crypto map' is considered legacy, and VTIs are the better option, but both work.
That said, I read about the LAN ports not having the option of being bundled into an Etherchannel...it looks like the router cannot handle that amount of (multigigabit) traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide