Re: Public IPs - Usable via FE Ports?

iPhrankie · ‎07-23-2009

Hello Everyone,

Our new T3 connection has been assigned a block of public IP addresses (/29). One IP gets used on the FE port as the gateway with 5 public IP addresses remaining.

Our router has 4 FE ports.

I was hoping I could attach our 4 devices directly to the FE ports. Each device would have one of the 5 public IP addresses.

The FE port with the gateway IP assinged to it works. But the other FE ports aren't working. I guess it was wishful thinking that the other 3 FE ports would automatically work.

How can I make this work without getting 4 separate IP blocks for each FE port and without using an external switch?

Thanks in advance.

Giuseppe Larosa · ‎07-23-2009

Hello Frankie,

what device is this and if it is an ISR router do you have an etherswitch module installed ?

if there is an etherswitch the ports have to be configured like switch ports

IP address goes to interface SVI vlan X

let's say X=5

you need to do the following:

to create L2 vlan 5 (broadcast domain)

depending on the type of module this has to be done in different ways

for example:

router# vlan database

vlan 5

apply

exit

( to be written don't use ctrl-Z here!)

int vlan 5

! public ip address here

ip address x.x.x.x y.y.y.y

! note important

no shut

! repeat for all 4 ports

! also for the one you have configured

int f0/0

switchport

switchport mode access

switchport access vlan 5

if you haven't an etherswitch module you should connect the routed FE (the one you have configured) to an external lan switch and then the servers to other ports in the switch

Hope to help

Giuseppe

iPhrankie · ‎07-24-2009

It is a Cisco Router 3825.

We are using the two on board gigabit FE ports and an HWIC-2FE card that gives us two more FE ports.

So, I guess these aren't really a switch. They are more like four independent ethernet ports?

Can you still do a VLAN with the four FE ports?

Giuseppe Larosa · ‎07-24-2009

Hello Frank,

the best thing to do is to place an external lan switch even a cheap one.

I'm not sure it works on C3825 but the following is proposed and used on C877 devices:

the idea is to use IRB= integrated routing and bridging.

! routed ports

int f0/0

no ip address

bridge-group 1

int f0/1

no ip address

bridge-group 1

creating a vlan or using default vlan1

int vlan1

no ip address

bridge-group 1

! switch like ports

int f1/0

switchport

swithport mode access

switchport access vlan 1

int f1/1

switchport

swithport mode access

switchport access vlan 1

int bvi1

! L3 device

ip addr public mask

no shut

bridge 1 protocol ieee

bridge 1 route ip

two notes:

I'm not sure it works on C3825

there can be performance penalties

And you close the possibility to future changes: if you need a second ip subnet in the future ?

Hope to help

Giuseppe

iPhrankie · ‎07-24-2009

Thank you, Giuseppe.

Is their a recommendation on switch speeds?

Since our T3 tops at 45mb would a 100mb switch be enough or would we see a performance gain going with a gigabit switch?

Edison Ortiz · ‎07-28-2009

A switch will provide faster throughput over a router but you need to take into consideration the features that you will lose by moving from a software based routing solution to a hardware based routing solution.

QoS and NetFlow may be features that you need on a WAN Edge device and low-end switches do not support that.

HTH,

__

Edison.

iPhrankie · ‎07-28-2009

I've been doing research on this for the last two days on this problem.

I have 4 FastEthernet ports I was hoping to attach 4 devices to.

1. Web Server

2. FTP Server

3. Etc

4. Etc

These particular servers need to face the internet and have public IP addresses.

Based on what I can find, I have two options.

1. Do vlan trunking on the FastEthernet ports.

2. Connect a simple switch to one of the FastEthernet ports and plug the devices into the switch.

I honestly don't know which one will provide better performance.

I'm open to recommendations. Thanks.

Edison Ortiz · ‎07-28-2009

You don't need to do Vlan trunking on the FastE ports, simply create a L2 Vlan and assign the ports to it.

If you need to route this L2 Vlan with other subnets, simply create a Switch Virtual Interface - assign an IP address and configure the devices on that subnet to point to this IP address as the gateway.

If your needs are small and the 4 ports provides the port density required, a switch won't provide that much speed over the router.

In the original post, you mentioned a T3 and a switch won't support a T3 module hence you still need a router in the picture.

HTH,

__

Edison.