cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1558
Views
0
Helpful
7
Replies

Query on SR520-ADSL and using FE ports for WAN

Chris Snape
Level 1
Level 1

Hi all,

Apologies for a noob type question here but I am hoping to save myself a junk of money:

I currently have a Cisco SR520-ADSL router in place utilising my current ADSL2+ Broadband connection.

The router is using a /29 Public address range on the ATM interface and on one of the FE ports to a firewall on the same subnet, which does the NAT to the PCs etc.

Internet <> SR520 (Public) <> Firewall (Public) <> LAN/PCs (Private/NAT)

This is all working fine but we are looking to upgrade our WAN link to a corporate Fibre link.

My ISP has given me new IP addresses, including a seperate WAN IP Subnet to my LAN IP Subnet, but all are still public.

e.g. (Addresses Just for example purposes)

WAN = 195.1.1.1 /30

My Router IP = 195.1.1.2

ISP Gateway = 195.1.1.1

LAN IP = 190.1.1.1 /29

So my question is simply this: Can I utilise my SR520 to route the two networks, using two of the FE ports and ignore the ATM (ADSL) port?

If so then I don't need to invest in a 1841 or similar and, for now, this will save me money.

I am just not sure if the useability of the 4 FE ports on the SR520 is reduced in any way when compared to a 1841 or similar?

Regards,

Chris Snape

7 Replies 7

Chris Snape
Level 1
Level 1

Any ideas guys? (Bump)

Hi Chris,

This is not supported via CCA and not a typical use case for this device - so please don't expect SBSC support.

That said, if you are happy configuring IOS using the command line, it should be possible to remove one of the LAN ports from the default bridge group and configure it as a layer 3 (WAN) interface.

I've tried this in the past and works reasonably well - there may be the odd feature that is not available on the interface configured in this way, but should certainly work for some straight forwarding routing.

Cheers

Andy

Thanks Andy,

I have changed the config quite a lot from original it came with for my current setup so no problem there.

I'll give it a try and see what happens. I do only need it to do some basic routing to the firewall behind it.

Regards,

Chris Snape

Hi Andy (and anyone else who can help!)

One thing I didn't think about in my last post which has got me stumped.

"it should be possible to remove one of the LAN ports from the default  bridge group and configure it as a layer 3 (WAN) interface."

How do I do that exactly? Never had to upgrade an L2 port to an L3 before.

Regards,

Chris Snape

Hi Chris,

I don't quite recall all the details, but I suspect you need to change the VLAN membership for the port you want to use, then add an IP address to either the port directly, or to the new VLAN interface to which it belongs.

Cheers

Andy

Hi Andy,

I have looked into upgrading a LAN port on the SR520 but it can't be done. They are L2 only. I looked into switchport and SVI but neither could be properly achieved on my current hardware.

I have gone for a reconditioned 1841 for the solution.

Thanks for your help though.

Regards,

Hi Chris,

Sure, the port itself is layer 2 only, but there is no reason why you couldn't assign that to a dedicated layer 3 vlan interface.

eg:

conf t

vlan 32

  name WAN

  exit

interface fast 1

  switchport access vlan 32

  exit

interface vlan 32

  ip address 10.10.10.10 255.255.255.0

  ....

The SR520 supports 4 VLANs, you can use the show vlan-switch command to see what is already configured.

As I mentioned previously, there may be certain limitations to using this approach, but it may be sufficient for many scenarios.

Also, just to repeat for others reading this thread, while possible, this is not a specifically supported configuration for the SR520 series routers.

Regards,

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: