Solved: Replace 2611 Functionality with a 3750G -48TS-S?

mhaskett74 · ‎08-16-2011

We have an aging 2611 router that that we need to replace due to the fact that its 10Mb/s Ethernet ports are limiting our internet connectivity throughput (we have a 20Mb/s circuit).

The purpose of the 2611 router was to route traffic from multiple devices connected to a 2950 switch's VLAN X to the internet. Can we achieve this same functionality with only a 3750C-48TS-S switch? Could a static route statement on the 3750 replace the need for the router?

Thank you for your knowledge and assistance.

Jon Marshall · ‎08-17-2011

Michael

You can simply configure the 3750 as you did the 2611 ie.

int gi1/0/49 <-- connects to ISP

no switchport

ip address 20.20.23.126 255.255.255.252

int gi1/0/50 <--- connects to 2950

no switchport

ip addres 20.20.20.222 255.255.255.224

ip route 0.0.0.0 0.0.0.0 20.20.23.125

Don't forget to enable ip routing on the 3750 ie.

3750(config)# ip routing

i'm assuming from the config you posted that the natting for internal clients is done on the firewall.

One point. You don't really need the 2950 anymore as you could use the 3750 for the DMZ as well but it won't do any harm.

This route -

20.20.20.0 255.255.255.0 20.20.23.125 makes no sense. All you need is a default-route on the 3750 pointing to the ISP which is exactly what you have on the 2600 router currently.

Jon

View solution in original post

Leo Laohoo · ‎08-16-2011

The purpose of the 2611 router was to route traffic from multiple devices connected to a 2950 switch's VLAN X to the internet.  Can we achieve this same functionality with only a 3750C-48TS-S switch?

Depends. The 3750, if loaded with the correct IOS and feature set, can do Layer 3. One thing the 3750 can't do is NAT.

hobbe · ‎08-16-2011

I would say no.

The reason for that is that the 3750 can not act as a firewall/vpn connection point.

The 2611 can.

Towards the Internet as a general rule you should have a firewall to be able to protect the devices behind it.

if I where you I would check out the asa5505

From a routing only standpoint it is possible to use a 3750.

HTH

Good luck

mhaskett74 · ‎08-17-2011

Thank you for your responses.

I should have pointed out that this switch is in front of a firewall and will be acting as a DMZ. Also, we are running version 12.2 (58) SE2 - IPBASEK9-M, so this switch is running SMI.

Would the following config work? (Our fibre connection from the ISP would connect to the 3750's G1/0/49 port.)

interface GigabitEthernet1/0/49

description ISP Connection

switchport access vlan 20

interface VLAN20

description ISP Connection

ip address 20.20.20.20 255.255.255.0

ip route 20.20.20.0 255.255.255.0 20.20.23.125

Again, thank you all for your help!

Jon Marshall · ‎08-17-2011

Michael

What is this route meant to do ? -

ip route 20.20.20.0 255.255.255.0 20.20.23.254

it's not clear how this would work. If your old setup was -

LAN -> firewall -> 2611 -> ISP

then you can simply replace the 2611 with the 3750 and use 2 ports on the 3750 as routed ports and transfer the IP addresses that are in use on the 2611. Then add static routes ie. routes for the internal subnets pointing to the firewall and a default-route pointiing to the ISP. That would work fine although note switches can't do somethings that routers can such as QOS shaping etc.

If you are natting on the 2611 then the 3750 doesn't support NAT as Leo pointed out.

You could if you wanted simply use the 3750 as L2 switch instead but it may mess up your addressing.

Perhaps if you could provide more detail and explain how the addressing is setup ?

Like i say though if all you want to do is replace the 2611 with a 3750 and there is no NAT on the 2611 currently then it should be possible.

Jon

mhaskett74 · ‎08-17-2011

Hi, Jon. Thank you for the info.

Our configuration is LAN -> Firewall -> 2950 -> 2611 -> ISP. (The 2950 supplies DMZ connectivity.)

2950 Port Configuration:

!

interface FastEthernet0/43

description Connects to Firewall

switchport access vlan 20
!

interface FastEthernet0/45

description Connects to 2611 E0/1

switchport access vlan 20

!

interface FastEthernet0/47

description Connects to 2611 E0/0

switchport access vlan 20

!

interface GigabitEthernet0/1

description Connects to ISP equipment

switchport access vlan 20

2611 Config:

interface Ethernet0/0

ip address 20.20.23.126 255.255.255.252

!

interface Ethernet0/1

ip address 20.20.20.222 255.255.255.224

!

ip classless

ip route 0.0.0.0 0.0.0.0 20.20.23.125

What I'm wondering is if I configure the new 3750 ports to use VLAN 20 and then place the "ip route 20.20.20.0 255.255.255.0 20.20.23.125" statement to direct 20.20.20.X traffic to the ISP equipment.

Does that make any sense?

Jon Marshall · ‎08-17-2011

Michael

You can simply configure the 3750 as you did the 2611 ie.

int gi1/0/49 <-- connects to ISP

no switchport

ip address 20.20.23.126 255.255.255.252

int gi1/0/50 <--- connects to 2950

no switchport

ip addres 20.20.20.222 255.255.255.224

ip route 0.0.0.0 0.0.0.0 20.20.23.125

Don't forget to enable ip routing on the 3750 ie.

3750(config)# ip routing

i'm assuming from the config you posted that the natting for internal clients is done on the firewall.

One point. You don't really need the 2950 anymore as you could use the 3750 for the DMZ as well but it won't do any harm.

This route -

20.20.20.0 255.255.255.0 20.20.23.125 makes no sense. All you need is a default-route on the 3750 pointing to the ISP which is exactly what you have on the 2600 router currently.

Jon

mhaskett74 · ‎08-18-2011

Thanks for the info, Jon. I've scheduled to test those changes tomorrow night.

mhaskett74 · ‎08-22-2011

Ultimately, this is the configuration that worked:

interface GigabitEthernet1/0/20

description typical DMZ access Workstation

switchport access vlan 20

interface GigabitEthernet1/0/49

description ISP Connection

no switchport

ip address 20.20.23.126

interface VLAN20

description ISP Connection

ip address 20.20.20.20 255.255.255.0

ip route 0.0.0.0 0.0.0.0 20.20.23.125

Thank you all for your help.