dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
739
share rss forum feed

mrcurto

join:2013-07-22
Canton, NY

[H/W] Looking for a starting point on home network

Hi all,

I have next to no experience with cisco gear, and would like to make a start. I'm thinking a easy/cheap place could be buy getting a EOL router (or switch with nat routing capabilities) and put it on my home cable connection (currently using a dd-wrt flashed linksys AP).
I do have experience configuring networking both on linux and windows... and from what I've read and played with it shouldn't take too much to do the basic config.
My cable is only 15Mbps so it shouldn't take anything too fancy to handle that amount of bandwidth. I currently have the modem configured as a bridge and as I use TWC no login or anything is required.

Can anyone please suggest options for a router or switch that will suit this setup? Preferably something I can pick up cheap from ebay or similar

Thanks in advance!

m1979

join:2011-04-17
Go for 800 series routers. 871 or 877 for adsl. Price? $70?

mrcurto

join:2013-07-22
Canton, NY
I have cable, so just plain ethernet connection from ISP. Thanks for the suggestion


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to m1979
871 is an ethernet only box, so would require an external bridged modem and the use of PPPoE for ADSL. This would be fine for Cable, since they usually have carrier supplied modems, but not all ISPs support PPPoE.

87x-W models include a built in wireless AP, which is also handy for playing with Cisco wireless, though its B/G only.

Even cheaper than the 870 series are the 850 series, which essentially do the same thing, just with a few less features, e.g unmanaged 4 port switch vs managed (i.e. able to do VLANs) in the 870, and wireless is typically non diverse (single antenna) vs diverse in the 870.

But as m1979 suggests, they are quite cheap on eBay, and probably a good starting point. You can do some routing protocols with the 870, but not all.

For that reason, and particularly if you're after something with a little more grunt, take a look towards the 1800 series. The 1841 has two modular slots, and there is a Cable modem WIC available which can be installed in them, but the 1841 doesn't have a built in switch. Models like 1801 and 1811 have an 8 port managed switch (10/100 only), and I believe there are wireless enabled variants of them, but they are fixed configuration so you cant stick a cable modem WIC in them for example.

1801 has a built in ADSL interface, but also an ethernet "WAN" port, while the 1811 has a dialup modem and 2 ethernet "WAN" ports. Both have an 8 port managed switch. So either are good for hooking up to your cable service.

Next question is: do you want fanless, or do you not mind?

850 and 870 series are fanless, but have a power brick. 1800 series have a small fan (but its very quiet) and built in power supply.

mrcurto

join:2013-07-22
Canton, NY
Currently the cable internet I have uses a modem that is also needed for my telephone service... so replacing the modem is not a option I'm considering at this point... so any router that can handle ethernet is fine

I'm not particuarly concerned about having a built in switch as I have switches I can use, and can always purchase a additional switch later if I need to (i.e. when I can afford to).

Fanless is not needed... I have a pc running 24x7... it won't make much difference to the existing noise level

The 1800 series look really interesting (a lot more 'fun' than the 800 series imho), and I see them on ebay for $100-150.

Going down the EOL path... would a older router like a 2621 be able to handle my 15mbps connection? I see them for half the price (cheaper purchase = happier wife )

Thanks for the input


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to mrcurto
IMO, forget about the 2600 series, including the XM variant.

I'll give them one saving grace, that is if you want to use them for something like a frame relay switch or console server, then for sure. Otherwise, they are way too old now.

But for anything else, go for ISR G1 series and above, like x800 families. For one they run IOS 15, and there are more recent and featureful modules available for them. They also use standard CF cards that you can buy at most camera and electronic stores instead of flash DIMMs, so its easier to upgrade their storage. Other than that they are just more powerful, and if I do say so myself, better looking.

Pro tip: although things like the 2821/2851 models are bigger physically, they are quieter than the 2801/2811. This is due to bigger fans which spin slower and create more of a low droning noise rather than a high pitch scream. I once left a 2821 running for a few days at home and didn't notice, its that quiet. My 2811 on the other hand, I wouldn't leave it running longer than I need it.

mrcurto

join:2013-07-22
Canton, NY
Thanks for that info... especially the tip about the noise levels. Why would anyone choose a louder one with no other differences?

On a related note, I've been trawling ebay, would US$130 be a reasonable price for a 2821 (256D.64F) with IOS 15.1 and the rackmount hardware? It also includes a 1 year warranty.

Thanks again


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
Sounds pretty good to me.

The difference is the 2801/2811 are 1RU vs 2RU for the others. SO if you are tight on rack space ....

2801/2811 also have different numbers of slots compared to the upper models.

2801 has 4 WIC/HWIC/VWIC slots in a particular combination (I forget which, but only certain slots accept certain types of modules), where as 2811 and above have 4 WIC/HWIC/VWIC slots (i.e. all slots accept all types of modules.) 2811 has 1 NM slot, whereas 2821 and above have 2 or more.

2801 and 2811 only have 10/100 ports onboard, while 2821 and above have 10/100/1000.

Its all about what you need for your deployment.

So for a lab, and with the 2801's "limitations" I would suggest 2811 minimum, because you can put any WIC/HWIC/VWIC module in any available slot, so its more flexible. You also have the NM slot for bigger modules.

mrcurto

join:2013-07-22
Canton, NY
Thanks for those specifics.

I'm looking at the 2821 because it seems to offer more bang (features) for the buck... and the other models aren't much cheaper.

Right now I have no rack, it'll be sitting on a shelf lol

I'm watching one (2821) that's on auction and only ~$75 with 8hrs to go (incl shipping), and if I lose that there's a buy-it-now for $119 (with warranty)

Thanks for the prompt reply

HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to mrcurto
My 00000010bits...

If you're not going to upgrade your speeds anytime soon from the 15Mbps, as others have said, the older
86x and 87x series is a good start... plus you can get models with built in wireless. Anything faster
than 15Mbps -- especially if you want services on your router like firewall, QOS, VPN, etc -- puts you
into the 88x and 89x series, which will be more capable, but more expensive. Other nice thing is the 8xx
series is generally no larger than your typical home wireless router.

The 1841 and 28xxs as TomS_ See Profile mentioned allows you to add in cards that expand your functionality --
like xDSL / cable modems, switch cards, phone line connectivity, IP phone functionality, IDS / IPS -- but
this may be a but much for you right now. Thinking towards the future, IF you wanted to do more,
it may be something to keep in mind.

Price-wise, I haven't been following the costs of 2nd hand gear... I am somewhat hesitant if I were in your
shoes for that price. Do they at least offer a "show version" in the listing description? Generally speaking,
if an ebay listing for Cisco doesn't include that, I wouldn't waste my time with it.

Now After Your Purchase...

1) watch out for warranty and software updates as this is NOT like your Belkin / DLINK / etc. If this thing
is a brick or some piece of hardware fails you are going to be SOL as you don't have a support contract from
Cisco, and are going to be reliant on whatever warranty you get from the seller. Likewise, if the code is hooped,
or doesn't have the right code to do what you want, again WITHOUT A SUPPORT CONTRACT you cannot go to
Cisco to get it.

There are... alternate means of obtaining IOS code, but not officially sanctioned on this board.

I'm not trying to scare you from your purchase OP, just warning you of the potential pitfalls.

2) make sure you get a console cable (9pin to RJ45) if it isn't already included in your purchase. If you
don't have an 9pin serial connections on your computer(s), get a usb to 9pin converter. This is so you can
console in and configure the router -- again, this is NOT linke Belkin / DLINK / etc. where you automatically
get a 192.168.x.x address and configure from a web GUI.

3) if you want a web GUI, look around for Cisco Configuration Professional. Far as I know, this is freely
downloadable from Cisco's website, and can be used instead of the CLI. Most of us here are CLI purists, but
if you're adverse to CLI, this is an option.

4) nice to have software -- terminal program, like Hyperterm or Terra Term. Useful software -- TFTP server, to
back up your software and configs.

Otherwise, best of luck on the bid, and let us know how it goes!

Regards

mrcurto

join:2013-07-22
Canton, NY
Although I only have 15mbps right now, I may be moving within the next 6-12 months to a area with better services available... so I'd like some capability if I can fit it in

Using add-in cards would be a definite plus... not that I _need_ any of that for my personal use imo, but more fun to play with later.

IOS... I thought upgrades were available as long as you had the appropriate product... do you need a support contract for any upgrades? If so, can these be purchased after the fact (and any idea on the cost)? This makes the current IOS a lot more important...

I'm aware of the console requirements, and will be purchasing a usb-serial adapter.

GUIs are nice to get things up and running, but I definitely want to learn CLI

I like your tip about looking at the show version for a router... I've noticed (going back through my watch list) that not many do. If I limit myself to ones that do include one, then the current one (yes, just one) in my list is a 2811. It's listed as 512mb/128mb with rack mounts and they say the version is 12.4(15) (is that current?). I've pasted their show version below... please let me know if this looks good. It's cost would be $145 incl shipping (with a 30 day warranty)

Genuine CCisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(15)T13b, RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1)

Router uptime is 2 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-spservicesk9-mz.124-15.T13b.bin"

Cisco 2811 (revision 53.51) with 509952K/14336K bytes of memory.
Processor board ID XXXXXXXXXXXW2
2 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to mrcurto
How much faster are you looking to get, just as a question? I had a colleauge who had a 2801 and benched it I THINK
around 40Mbps or so with services, but he didn't show me what he had in his config. 1841 / 2801 / 2811 / 2821 / 2851s
use the same gen CPU (250Mhz - 450Mhz??? clock, no L2 cache) so base performance is acceptable but isn't anything to write
home about. If you were planning VPN functionality, you'll likely want to get a expansion crypto card.

The later 180x and 181x use a MUCH more beefy CPU, but don't come with any sort of expandability via the xWIC and NMx
cards mentioned.

A support contract, DEPENDING ON WHAT IS GOTTEN, will entitle you to raising TAC cases for technical assistance,
ordering RMA parts on an 8x5 or 24x7x4 level, and downloading software from CCO. If you need this, you will need
to budget for this, as this can add up to a couple hundred dollars per year, depending on what you need / want.

Two other caveats about this --

a) just because it as "Cisco" written on it doesn't mean you can automatically attach a contract to it. Ebay gear can
for sure raise red flags with contract resellers and Cisco, and they may outright refuse to sell you a support contract
based on the device serial #.

b) x8xx gear is EOL, and the last date to be able to attach a support contract was 2012. If you were to get a 28xx
router, you couldn't attach a support contract to it anyways.

If you do want Cisco gear and the support contract attached to it, then I'd look at getting from a reseller that offers
the equipment AND the support contract at time of purchase, rather than buying seperately.

Again, not trying to scare you from your purchase, just warning you of the pitfalls OP.

The show ver looks legit, you may want to take note of the following for future reference :

quote:
System image file is "flash:c2800nm-spservicesk9-mz.124-15.T13b.bin"
spservice indicates SERVICE PROVIDER this was likely a router sitting at an ISP or similar.
In the scheme of things, it's more focused on ISP / provider functionality like MPLS, ATM, etc.
but includes voice functionality, and basic IOS functionality.

It will be lacking functionality for firewall and VPN -- check this chart here to see how the packages work.
If you can, you want to find one that specifices Advanced Security (advsec), Advanced IP Services (advip),
or Advanced Enterprise Services (adventerprise) code.

K9 indicates strong crypto functionality, so you'll want to watch for that in the "show ver" output as well.

quote:
Cisco 2811 (revision 53.51) with 509952K/14336K bytes of memory.
indicates 512MB DRAM running on this.

quote:
126000K bytes of ATA CompactFlash (Read/Write)
128MB compact flash card, which is pretty bog standard.

So other than the software, doesn't look half bad.

Regards

mrcurto

join:2013-07-22
Canton, NY
Thanks for all that info... so right now I'm looking for a 28xx/38xx series router, and not worrying about service contracts - but rather looking for a appropriate IOS image already loaded on the device.

For my purposes (router on my home cable - no voice or vpn needs. Just basic NAT routing and basic firewall) would it be sufficient for it to be IPBASE?

mrcurto

join:2013-07-22
Canton, NY
I found a 2821 on ebay for $155 shipped, 1 year warranty, and has adventerprise ios 15.1 on it. Just waiting for a reply from the seller - I can't see from the pictures if it has a front panel, and it's not specified as included or missing in the description... BAH!

On a side note, if I get a router like this and add more ethernet ports (either by switch modules or network modules (like NM-2FE2W) does that have much affect on the cpu load on the router and/or throughput? This is just for a home network... and most of the time I'm the only user lol

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to mrcurto
said by mrcurto:

Just basic NAT routing and basic firewall) would it be sufficient for it to be IPBASE?

Going to make your head hurt some more, but that depends on which "firewall" config you're going to use.
The 3 out there are Reflexive ACLs, which IP BASE will do; Context Based Access Control and Zone Based
Firewall will definately need Advanced Security code or better.

said by mrcurto:

add more ethernet ports (either by switch modules or network modules (like NM-2FE2W) does that have much affect on the cpu load on the router and/or throughput?

Again, depends HOW they are used. Generally speaking, adding an IP address configuration to an interface
doesn't do much CPU-wise. Add stuff like NAT, QOS, inspection, and CPU utilization does go up.

Regards

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to mrcurto
If this is going to be for Internet-facing gateway, a firewall like Cisco ASA 5505 or Juniper SRX100 should be preferred since firewall feature is embedded and is simpler approach than the IOS-based firewall.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to mrcurto
ASA's a viable option, but not that great a suggestion overall.

The ASA 5505 pros :

- small -- 1.75 x 7.89 x 6.87 in. (4.45 x 20.04 x 17.45 cm)
- quiet -- the power adapter quite literally makes more noise than the unit itself!
- 100Mbps wirespeed
- flash and RAM can be upgraded with off the shelf components
- still can be attached to a support contract

but the ASA 5505 cons :

- "everything as a licence" model, including # of inside hosts, # of VLANs, max # of session counts, etc.
- no other expandability -- voice, crypto, WAN interfaces, wireless, etc. -- beyond an add-in IDS card
- CLI difference compared to IOS -- believe me, when you have to switch between the two, you'll see what I mean
- better prosumer firewalls are available for cheaper or same price and less feature limitations

The 1st two cons can be a dealbreaker for some... I'll leave that to the OP to evaluate for themselves if they can live with it or not...

Regards

mrcurto

join:2013-07-22
Canton, NY
I think in a nutshell the 2821 will give me a lot more to 'play' with. I'm not looking to extra expense in licenses, and I definitely want expandability so I have more things I can learn with.

I do appreciate everyones input however

mrcurto

join:2013-07-22
Canton, NY
Aaaaaand I got a reply from the seller to say it will have the faceplate... in 2-3 days I'll have my 2821

Thanks for all the input everyone!


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
Nice router to start with, it will be the "backbone" of your lab for years to come I am sure.

I picked up a 2821 from work, it was sitting on a pile of other gear to be thrown in the bin. Has some voice cards and PVDMs in it, and a VWIC2-2MFT-T1/E1. Not a bad save.

Im in the process of rebuilding my lab at the moment. Having moved internationally twice in the last 2.5 years Ive had to shed a lot of stuff. Over the coming months Im looking to pick up a rack (probably a Skeletek one, seem to be pretty good), and a few more bits and pieces. I'll be sure to post some pics of it here (or perhaps in the »Home/Office setup photos forum) as I go.