2821 router and connecting to a switch/firewall

Unanswered Question
Dec 23rd, 2007


First, thank you for any help you can provide.

We have a 2821 router. It only has the 2 10/100/1000 fast ethernet ports. We have two high speed (GB) connects going to those 2 ports.

Because we are new to this, we didn't get anything else so we have no way to connect to our switch.

What do we need to connect to the switch (10/100/1000 gigabit switch)?

I am thinking we need the HWIC-1GE with the GLC-T.

Or do we need the HWIC-1FE? Or the HWIC-D-9ESW (but isn't that a switch)?

We will be connecting a firewall, a load balance and three servers

additional notes:

we will be setting up 3 VLANS on the switch.

Thank you again.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jeacpa2007 Sun, 12/23/2007 - 10:57

Hi Dandy,

I am not sure what you meant my trunking but I am thinking the 1GE is not what we need and that the 1FE is. Someone was telling me that the 1FE is for fiber, but I thought we just connect cat 5 to it for ethernet. Am I off base? is the 1FE for fiber only?

Thank you again for the help.

Danilo Dy Sun, 12/23/2007 - 19:15


What I mean is VTP http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_4_2/config/vlans.htm where one router physical interface can be configured to multiple sub-interface to serve multiple VLAN or broadcast domain. Can you post a diagram how you intend to connect all your devices and VLANs?

You need Cat 5e for GE, Cat 5 only support up to FE.

HWIC-1FE is copper not fibre http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd80581fe6.html and yes you can use HWIC-1FE (not HWIC-2FE) as mentioned in the link.



Danilo Dy Mon, 12/24/2007 - 00:29

er, can you save it in JPG? I don't have Visio at home :)



Danilo Dy Mon, 12/24/2007 - 08:50


From the diagram.

In your 2821 router, since you have two interface connected to Internet, you need a third interface (HWIC-1FE) for your 2821 router to connect to your firewall.

In your envirnoment, most setup are Internet>Router>Firewall1>SwitchVLAN1>LoadBalancer>SwitchVLAN2(Web_Servers)>Firewall2>SwitchVLAN3>DB_Server

Outside of LB is VLAN1 and inside is VLAN2. Web_Server is only VLAN2.

If you have a Backup Server, you can put a third dedicated switch. All servers have a second NIC connected to this switch. Routing Service is disabled in the servers. The switch will not be connected to the firewall but will be configured with PVLAN for one way traffic.



jeacpa2007 Mon, 12/24/2007 - 10:26

Hi Dandy,

Thank you very much for your help. It is truly appreciated.




This Discussion