Basic ethernet routing requirement

[IMW0908]

Hello


Hopefully this is an easy one for you Cisco experts to answer. We have a requirement to segment off a portion of our LAN so that we can configure a new set of IP addresses for some production kit yet still have each side reachable by the other - these devices are already in their own switch therefore I just need to stick soemthing in the chain to provide a separate segment so to speak. My question is really what kind of Cisco will do this easily. Most other vendors don't seem to do a basic ethernet router, just cable or ADSL. VLANs are a no go due to cost. We have a fair bit of experience with Cisco 878's for EPS 9 circuits but not pure ethernet.

I have found this Cisco

http://www.cisco.com/en/US/prod/collateral/routers/ps9305/data_sheet_c78-484356.html

the SR520-FE-K9 specifically, and would be really grateful if someone could confirm that this will do the job for us.

 

[silverhairb]

You indicate some experience with an 878. How about just an 871? That's similar to an 878 with ethernet WAN and LAN.

[the other] Bill

 

[unclerico]

what kind of switches are you using??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

What is the capital of Asyria?

Burt

 

[IMW0908]

1) Not sure about switches as this is a customer site but they are nothing special - not managed.

2) There were two capitals of ancient Asyria. Nineveh was the first and Assur (Ashur) was the second

 

[silverhairb]

Regardless of appearances, Burt doesn't drink. Really.

[the other] Bill

 

[burtsbees]

Uncle and Bill---that was another Monty Python old-man-bridgekeeper question.

The 520 would be perfect for you, as it does 4 vlans---one switchport could be for one vlan and another for your LAN, and be able to communicate by virtue of being directly connected. The traffic between both can also be filtered, controlled (QoS, CAR) etc. The K9 is the security feature set of any Cisco IOS, and the IPS, IDS, CBAC, and IPSEC/SSL VPN support is all great---I love those features.

So to answer your question---yes.

The Knights Who Say "BURT!

 

[IMW0908]

OK - thanks for the useful and straightforward advice. You obviously didn't design the Cisco web site!!

I assume that the 871 as recommended by silverhairb would do the job also?

 

[silverhairb]

Oops, missed that Python reference. I guess I need to lighten up. It IS Friday. Mea culpa.

If you're familiar with an 878, the 871 is all ethernet and (IMVHO) a bit simpler. Why go too far from that tree?

What address ranges are you trying to use?


[the other] Bill

 

[IMW0908]

They are currently in the range 197.80.35.x (don't ask) and we will just add 192.168.10.x Both on /24

 

[silverhairb]

Any possibility of changing the first range to 192.168.35.x so that you could put them on the same subnet (/18)?

[the other] Bill

 

[burtsbees]

Bill---his entire point of doing this is to separate the traffic at layer 3.

Yes the 871/877/878 would do the same trick. I am actually not really sure what the difference is, except maybe SSL VPN support, and maybe zone-based firewalls?

The 197.x.x.x...yeah, I'm not touching that one...kind of like me setting my edge router up as a stratum 1 NTP Master so everyone on the internet can sync up to it...lol

I did that to make it easy for any clients on my LAN to get NTP info. There is the issue of anyone out there getting past the acl that denies NTP to the rest of the world...

Burt