2811 Router as a Layer3 switch

Unanswered Question
Jan 10th, 2008

Hi Guys,

I have a environment with only 1 1841 router that has 6 interfaces (2 came with the router and 4 from an HWIC 4-port card we added to the Router)

We also have a 24-port 2950 switch

Currently we have 5 VLANS and for every VLAN we connect one of the Router's interfaces to that VLAN so it can serve as the default gateway. As you know, this is not very scalable because we lose ports on the switch and interfaces on the router. We don't want to create virtual interfaces on this router.

What we want to do i if we can use a 2811 instead of the 1841 and buy a Network Module with 24 or perhaps 36 ports in it and use this setup as layer 3 switch.

Any ideas if this will be the route to go?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Thu, 01/10/2008 - 13:10

Hi

Haven't costed up a 2800 recently but i would have thought replacing your 2950 with a 3560 switch and doing all the inter-vlan routing on there would be more cost effective than a 2811 + a network module to go in it.

Jon

cpubob Thu, 01/10/2008 - 13:13

Why not just setup 1 switch port as a 802.1q trunk and connect that to 1 port on the 1841. Then just build vlan sub interfaces for each vlan and your done. The only thing you may have to do is upgrade IOS to IP plus or equivalent if you don't already have it.

sample 1841 config.

int fa 0/0

no shut

dup full

speed 100

!

int fa 0/0.100

encap dot1q 100

ip add 10.1.100.1 255.255.255.0

!

int fa 0/0.200

encap dot1q 200

ip add 10.1.200.1 255.255.255.0

!

int fa 0/0.300

encap dot1q 300

ip add 10.1.300.1 255.255.255.0

!

sample 2950 config

int fa 0/1

switch mode trunk

switch trunk encap dot1q

switch trunk allowed vlan 1,100,200,300,1002-1005 <---optional if you want more security.

!

Jon Marshall Thu, 01/10/2008 - 13:18

Robert

Yes you could do this as well but Angel did say he did not want to use virtual interfaces which i took to be subinterfaces as well.

Come to think of it maybe he didn't mean that :)

Jon

insccisco Thu, 01/10/2008 - 13:41

yes, and one of the reasons I said that is because I've heard that performance decreases because all of your VLAN's traffic is going thru that 10/100 single interface.

So I read and read and found out that a layer 3 switch is a much better solution.

But again, there is a reason why I am asking here... because I am not an expert :(

We have outgrown our 1841 setup and we have a 2811 sitting not doing anything so we are thinking what is the best thing to do..

Jon Marshall Thu, 01/10/2008 - 13:45

Ah okay, you didn't mention that you had a 2811 router lying around.

So yes you could purchase a network module which is based on the 3750 switch anyway and do what you want. I don't know the difference in price between a 3560/3750 standalone switch and the 2811 network module.

A layer 3 switch is definitely the way to go and personally i would go with a standalone switch but being honest that's because i haven't really used the 2800 network module that much.

Perhaps someone else could comment.

Jon

insccisco Thu, 01/10/2008 - 14:00

Jon thanks for the responses... and yes, those layer 3 switches I've heard they can do some damage, but are a bit too pricey for us.

So given the fact that we have a 2811 laying around collecting dust, I am thinking on using it because it is a lot better and more robust than the 1841 (based on a quick research I did, please confirm if I am correct)

Also, I have never touched a Network Module, so I don't even know if you could set them up in such a way that they can perhaps simulate layer 3 functions.

angel

Jon Marshall Thu, 01/10/2008 - 14:08

Angel

The network modules actually run the 3750 software so yes you can create vlans, L3 vlan interfaces, trunks etc. as you would on a 3750.

Have just checked the data sheet though. Looks like the 2811 only supports the 16 port etherswitch module. The 24 and 36 port modules are not supported on the 2811. See attached link.

http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd8028d15f.html

Jon

Jon Marshall Thu, 01/10/2008 - 14:15

Angel

Sorry i forgot to mention. You may only be able to use a 16 port module but that is fine for you. You can keep your 2950 switch for port capacity and link it to the network module with a L2 trunk and then you just create the L3 vlan interfaces on the 2811 network module.

Jon

insccisco Thu, 01/10/2008 - 14:28

yes, I was just looking at the same link. It is sad that it can't take the 36's but at least it takes the 16.

Oh and great stuff about the module, now I know that it can do layer 3 functions inside and that I can setup my VLANs in this module, without the need to waste a port for every VLAN. :)

So, given a 2811, a 16-port module, and a 2950 switch, how would you go about setting up the best solution for what I need to get done? basically I will be growing to 15 Vlans soon and I only have about 4 to 8 hosts on each

insccisco Thu, 01/10/2008 - 14:31

oh, what is the difference between a

One 16-port 10/100 EtherSwitch service module, 1 10/100/1000 port, and IP Base

and a

One 16-port 10/100 Cisco EtherSwitch service module with802.3af, 1 10/100/1000 port, and IP Base

?

Is it the power over ethernet thing?

Im not too sure :(

Jon Marshall Thu, 01/10/2008 - 14:37

Fairly straightforward.

Obviously insert the network module into your 2811.

Then connect the 2950 to one of the 16 ports. Configure this as a trunk on both ends. NOTE: check your VTP setup as you do not want the network module overwriting your vlans on the 2950. Just to be sure make your 2811 VTP transparent to start off with, then configure it as a VTP client.

Ensure the trunk is working. Configure the 2950 as a VTP server with a domain name and then make sure you add the same domain name to the 2811 net module.

The vlans that are on the 2950 should then show up on the 2811 net module. Up to you but i would probably then make the 2811 net module a VTP server and the 2950 a VTP client.

Assuiming you do this you can add a vlan to the 2811 and it will get propogated to the 2950.

On the 2811 net module create L3 vlan interfaces for each of the vlans you want to route.

Then you can either connect the 2811 to the 1841 or just remove the 1841 and replace completely with 2811.

802.3af means it supplies PoE - Power over ethernet, useful for running VOIP phones or wireless access points.

Jon

insccisco Thu, 01/10/2008 - 14:46

jon greatt. I will definitely use this recommendation.

Also, I will then assume that all this inter-vlan routing stuff will happen within the module and then when each of those VLANs want to communicate with another host in the other end of the VPN tunnel (for every VLAN, I have 2 or 3 different subnets they communicate with via a l2l tunnel), these packets will properly get routed from within the module, to the outside interface of the 2811 which will then send them to their destination???

excuse the simple questions, but I am still learning

Jon Marshall Thu, 01/10/2008 - 15:11

No need to apologise for the questions, that's what NetPro is for after all.

Think of the network module as a L3 switch that you just happened to have slotted into your 2811 router.

So to answer your question yes you can route between the network module and the 2811 router so you should be able to do what you need to.

Jon

Jon Marshall Thu, 01/10/2008 - 15:12

Forgot to say thanks for the ratings and feel free to ask as much as you need to.

Jon

jwdoherty Fri, 01/11/2008 - 17:56

Before going with a Ethernet module within a 2811, a couple of technical points you might want to note.

Many of the Ethernet modules don't provide sufficient bandwidth for the module's backplane connection to support all of the ports at wire speed.

Not sure that any of the Ethernet modules actually do L3 on the module but instead rely on the router for L3.

If traffic forwarding is dependent on the 28xx, it doesn't have nearly the performance of most L3 switches.

You also want to look at the Catalyst 3560-8PC.

keegan.holley Sat, 01/12/2008 - 18:20

I think you should at least consider sub-interfaces. The bandwidth constraints depend on what is connected to the vlans. For example I doubt 24 users connected to various ports could generate 100M to the uplink if you offered to pay them.

Actions

This Discussion