dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed

markysharkey
Premium
join:2012-12-20
united kingd
reply to markysharkey

Re: 887 with Gigabit ports and Gigabit "internet"

Cramer... yes I need to double check the 2960S for NAT commands. I agree it's doubtful, but I need to console in and be 100% sure...

Aryoba, the ISP is providing ethernet connectivity independently of the PSTN line. I could keep the ADSL line for bonding / back-up, but with a 1Gb (yes 1 Gb) internet connection, bonding an extra ~10Mb ADSL line doesn't really seem worthwhile. Failover is a different story so I may well add an ADSL WIC for that purpose.
--
Binary is as easy as 01 10 11


aryoba
Premium,MVM
join:2002-08-22
kudos:4

said by markysharkey:

Cramer... yes I need to double check the 2960S for NAT commands. I agree it's doubtful, but I need to console in and be 100% sure...

The only Cisco Catalyst switch model that I know supports NAT is 6500 series. Since you are getting 1 Gbps connection, getting 6500 series is not a bad idea especially when you can get one for cheap on ebay

said by markysharkey:

Aryoba, the ISP is providing ethernet connectivity independently of the PSTN line. I could keep the ADSL line for bonding / back-up, but with a 1Gb (yes 1 Gb) internet connection, bonding an extra ~10Mb ADSL line doesn't really seem worthwhile. Failover is a different story so I may well add an ADSL WIC for that purpose.

Cisco switches/routers are not that smart in handling failover that involves NAT with two different subnets. Using firewall for such purpose (i.e. Cisco ASA or Juniper SRX) is more fitting since firewall has elegant way of handling and is natively designed for such purpose.

I imagine this 1 Gbps connection is a broadband type (Cable Internet) instead of actual circuit of Unprotected Wave or OC-48?

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

Cisco switches/routers are not that smart in handling failover that involves NAT with two different subnets...

To be fair, NOTHING can. NAT into two different public subnets is going to end up with broken connections when the link fails. NAT into ISP1's addresss space is going to break with the link, as you cannot use ISP1's addresses through ISP2. No one should have to think about that equation.

(Using your own address space announced to each ISP is a different story. Since the ASA doesn't do BGP, it's ruled out here.)

aryoba
Premium,MVM
join:2002-08-22
kudos:4

For non-critical or non-sensitive application such as Internet browsing, shifting from ISP 1 subnet to ISP 2 subnet is likely to be transparent from users perspective unless the backup ISP link bandwidth is significantly smaller or congested than the primary one.

In regards of having firewall announcing your own address space to each ISP via BGP, Juniper SRX is better choice than the ASA


markysharkey
Premium
join:2012-12-20
united kingd
reply to aryoba

It's ethernet. The ISP is an independent here in the UK building their own infrastructure. They present me with an RJ45 hanging off some CAT6.
Local equipment is installed to (usually) the apartment block plant room with fibre back to the local distribution point and CAT6 to any apartment signing up to the service.
I'm taking an 887 to test SVI and "raw" ethernet port behaviour and do some basic speed tests with NAT and CBAC configured.
I may suggest an ASA but as this is a domestic install an ASA might be overkill. A 1921 with a Sec licence should do I would think.
--
Binary is as easy as 01 10 11


aryoba
Premium,MVM
join:2002-08-22
kudos:4

said by markysharkey:

It's ethernet. The ISP is an independent here in the UK building their own infrastructure. They present me with an RJ45 hanging off some CAT6.
Local equipment is installed to (usually) the apartment block plant room with fibre back to the local distribution point and CAT6 to any apartment signing up to the service.

It sounds like the 1 Gbps pipe will be shared among multiple tenants, which you may end up getting 10% or 5% of it depending on tenant usage pattern or any bandwidth shaping methodology the building management implemented.

With that in mind, a 1921 router, ASA 5505, and SRX 100 should fit the bill.

said by markysharkey:

I may suggest an ASA but as this is a domestic install an ASA might be overkill. A 1921 with a Sec licence should do I would think.

If I were you, I would ask price, feature, and performance comparison table from your authorized Cisco reseller. You will then decide which one is most suitable.