Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
3
Helpful
6
Replies

Replace ISR4331 and 3650 switch with a single 9200 L3 switch

russjstewart
Level 1
Level 1

‎07-08-2024 02:15 PM

I am hoping someone can explain why this is a terrible idea, because I am sure there is something really obvious that I am missing.

We currently have a 1Gb Internet connection terminated on an ISR4331, one interface Gi0/0/0 has an ISP supplied IP address and the other Gi0/0/1 has one of our public IP addresses on it. Gi0/0/1 connects to a Cisco 3650 switch which only has 1Gb interfaces on it. The 3650 also terminates the outside interface of a CP firewall and an ASA used for site to site VPN.

We are upgrading the internet connection to 10Gb and the existing router and switch do not have 10Gb interfaces and while we can get 10Gb modules for the ISR4331 it will probably melt under the load if we get 10Gb in/out.

The current idea is to replace both devices with something like a 9200L with a suitable number of interfaces on it, and enable routing. We do not have an ASN so the ISP advertises our /24 public IP address range  and the 4331 only has a few static routes and ACL to limit traffic from the Internet.

The idea would be to put the ISP IP address on a physical 10Gb interface and then our IP address on an SVI and then put all the other interfaces for firewall/ASA on that VLAN.

I can't find any information about routing performance on the 9200 other than figures for the forwarding rate in Mpps and I am not sure if that is L2 or L3 forwarding or both.

I need to ensure that whatever is put in can deal with sustained 10 Gb in both directions at the same time.

Are there performance or security issues that I have overlooked. This just seems to be too simple. I will raise this with the vendor, but am trying to get a head start

Thanks for taking the time to read this.

Cheers

 

 

 

 

 

 

 

 

 

0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

‎07-08-2024 02:21 PM

What ypu need in routing 

1- perform NAT 

2- do routing like IGP or BGP

3- VPN with and without IPSec 

All three points above can not done in cat9200 series

And if it config it come with many limitations

So replace router with SW that not good idea 

MHM

russjstewart
Level 1
Level 1
In response to MHM Cisco World

‎07-08-2024 02:33 PM

Hi MHM

Thanks for replying.

1. There is no need for NAT, that is done either on the firewall or ASA

2. As we do not have an ASN we are using static routes and the ISP is advertising out /24 on our behalf.

3. No need for VPN we are using site to site VPN on the downstream ASA and MS Always On  via the downstream firewall.

Cheers

 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-08-2024 04:03 PM

"I can't find any information about routing performance on the 9200 other than figures for the forwarding rate in Mpps and I am not sure if that is L2 or L3 forwarding or both"

It's usually both.

As to selecting only a L3 switch, it might be as simple as, do you need the features often only found on routers?  @MHM Cisco World lists many of the big ones, advanced QoS is another, but if a L3 switch fulfills all your needs, using a L3 switch is fine.

That said, not all L3 switches often the same features or performance capacity.

Most likely, any current Cisco Enterprise switch is wire-speed, at least in the sense, all its port, concurrently, can run at line-rate.  However, there's much more to switch capacity than just ports capable of wire-speed.  Also, other features vary, between switch series and even models within the same series.  For example, I believe the 9200L is lacking features found on the 9200.  Again, if you don't have need of the more expensive switch's features now, or near future, the less expensive switch can be fine.

If you're looking for (or only need) basic L3 switching, supporting 10g, you might also want to investigate Cisco's SMB series of devices.  Possibly one of the CBS350 series models or Catalyst 1300 series models might be potential candidates too.

russjstewart
Level 1
Level 1
In response to Joseph W. Doherty

‎07-09-2024 04:54 PM

Thanks Joseph,

I will look into those options

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎07-08-2024 11:33 PM

You only getting ISP from 10GB interface presentation or deliver of through put also 10GB ?

You Router does not support that kind of throughput  even you install boost License.

Cat 9200 meant to be just Layer 2 switch deployment. (or you looking only to connect to ISP using 10GB uplink interface ?)

ISR getting end of Life, so suggest for Long term invest in Cat 8K router that support your need. ( but getting 10GB License on router is very expensive)

Is your network all over 10GB network ? or 1GB network? if all over 1GB network getting 10GB speed not going to get much effective or technically not really a use case.

If you looking only 10GB interface on switch, suggest to look for Cat 9300 model (i suggest here)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

russjstewart
Level 1
Level 1
In response to balaji.bandi

‎07-09-2024 05:01 PM

Hi Balaj,

Thanks for taking the time to reply.

The new connection will have a 10 Gb interface but capped at 2Gb with the option to increasing to 10Gb later, so I would be looking t future proofing the hardware by sizing for 10 Gb throughput.

I am aware of the limitations of the ISR, but thanks for raising them.

Other than WAN sites the network is 10 Gb, the WAN and our Internet connections are the choke points

 

Cheers 

 

 

0 Helpful
Customers Also Viewed These Support Documents