04-13-2010 02:56 AM - edited 03-04-2019 08:08 AM
Hello guys,
I'm a little new to Cisco tech. So i have this question:
I have a 2811 router witch by default has 2 FE ports witch can be configure 1 for WAN (ISP) and 1 for LAN (internal network). My question is this: what module / solution do i have to take to have let's say ... 2 more WAN interface. I would like to have backup lines for my internet connection, and when one becomes unavailabe the traffic will be routed on the second and so on. I'm intrested in 2 more WAN ports.
Best regards,
Gabriel Tudoran
04-13-2010 03:55 AM
Hi Gabriel,
From a hardware perspective, the HWIC-2FE should suit your needs - Just be sure to check your IOS version for support.
Note that you wont actually get anywhere near fast ethernet routing speeds in the 2811.
With respect to failover, you might look at dynamic routing with your ISP or using PBR with tracking (http://www.cisco.com/en/US/products/ps6637/products_ios_protocol_option_home.html)
HTH
Kevin
Message was edited by: brennan.k
04-13-2010 04:03 AM
Hello brenan.k and thank you a lot for your quick answer.
I didn't understand this sentance: "Note that you wont actually get anywhere near fast ethernet routing speeds in the 2811.".
I don't have the same ISP for my 2 WAN connections, i have 2 optic fibers from 2 different ISP.
And another quick question that come in mind: could i use the 2 buildin ports from 2811 (FE0 and FE1) as WAN connections and then buy a much cheaper module for LAN - sitch module (like HWIC-4ESW)?
Best regards,
Gabriel Tudoran
04-13-2010 04:16 AM
Gabriel
The 2811 with CEF switch can support throughput of approx 62Mbps so you won't get anywhere near 1Gbps throughput. That's normal for routers, if you need very high throughput you use L3 switches.
Yes you could use inbuilt ports for both WAN connections if you want and then use an ethernet switch module.
Jon
04-13-2010 04:25 AM
That is a excellent news. So i will use the 2 buildin ports FE0 and FE1 as WAN ports (2 connect @ 2 different ISP) and i will buy a switch module HWIC-4ESW to connect the LAN (does it suport VLAN on SW ports ? if not that is not a big problem).
The 60Mbs is ok in the terms of speed.... is more then enough if i remember well.
04-13-2010 04:29 AM
ciscobisbucharest wrote:
That is a excellent news. So i will use the 2 buildin ports FE0 and FE1 as WAN ports (2 connect @ 2 different ISP) and i will buy a switch module HWIC-4ESW to connect the LAN (does it suport VLAN on SW ports ? if not that is not a big problem).
The 60Mbs is ok in the terms of speed.... is more then enough if i remember well.
They do support vlans but as Kevin says you need to be careful when buying them to make sure that they have all the features you need eg. some of the ethernet switches can set their ports to either routed or switched mode whereas others can only be switched.
The link i sent previously has a Q&A as well as a data sheet for each module so it would be a good idea to have a read and there are many posts on these forums about these modules where someone wants a routed port but got the wrong module so just do a bit of investigation before you purchase.
Jon
04-13-2010 05:07 AM
So, all in all to make a conclusion:
My network infrastructure looks this way:
ISP 1 -------- > FE0 | CLIENT 1
CISCO 2811 router with HWIC-4ESW > | CLIENT 2
ISP 2 -------- > FE1 | CLIENT 3
The scope of this is is:
1. provide the clients 1,2 and 3 with internet link trough NAT
2. provide a level of failover for clients 1,2 and 3 (if one link is down then 1,2 and 3 will still be able to access internet trough ISP2) - as far as i can figure it out... a i could implement that useing metric like metric 1 for primary route and metric 10 for secondary route.
3. provide access from internet to internal computers useing site to site VPN (i do have some CISCO 800 series that will be on the remote sites)
As far as i read i saw that 4ESW does not provide any routing ports (that is ok with me as far as i can use the tow buildin ports for ISP connectons)
So as far as i'm concerned ... that could be a viable network structure. As long as i can isolate the 4 ports in 4 different Vlans and every Vlan could access the internet (and i didn't saw any limitation regarding this).
Best regards,
Gabriel Tudoran
04-13-2010 05:17 AM
Hi Gabriel,
Yes, your plan looks okay.
Point 1 is fine.
Point 2 - You mentioned that your circuits were delivered via fiber? If they are ethernet and then go through a transceiver to give you copper ports you may have a small problem with detecting when a link is down. (Some of them will not pass on a no carrier condition). If this is the case, you can track the next hop ip address for that ISP.
Point 3, you might have some difficulity with because of how NAT and VPN technologies interact. WIll you be using BGP with your ISP's? and do you have your own PI address space?
HTH
Kevin
04-13-2010 06:38 AM
No we don't use BGP and we only have one IP address from our ISP (one from ISP 1 and one from ISP 2)
04-13-2010 08:00 AM
Hi Gabriel,
In that case it might be an idea to create two GRE over IPSEC tunnels from your remote 800 series router to the 2811 and then run a dynamic routing protocol. You'll get load balancing with EIGRP.
Kevin
04-13-2010 04:23 AM
Hi Gabriel,
The HWIC-2FE has two fast ethernet ports. The 2811 is not fast enough to be able to route between 2 fast ethernet ports (ie at the full 100Mbs per port)
This PDF will show you the max performance figures of the router (http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf)
With respect to your second question, yes you could do that. A port can only be called LAN or WAN once you decide what you want to do with it!
I'd recommend that you read the HWIC-4ESW (and HWIC-9ESW) datasheets carefully before you decide to use them. I tried using them some time ago and they have some small, but potentially significient, limitations depending on how you want to use them.
HTH
Kevin
04-13-2010 03:58 AM
Gabriel
You don't say what type of port you need ie. ethernet/serial etc.. Assuming ethernet see the attached link. The link is for all modules that can go in the 2800/2900 series routers so if it isn't ethernet you should be able to find what you are looking for. When you find the correct module have a look at the data sheet for that module as it tells you in there whether it can be run in your model of router, how many you can have and what IOS version you will need -
Jon
04-14-2010 09:23 AM
I suggest pl. share the current and future requirement.. and state why u want to stick to 2811 router when other options available..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide