Cisco 871 as a "router on a stick"

Answered Question
May 5th, 2009

Hi guys,

I'm looking for a basic Cisco router I can use in a "router on a stick" scenario to route traffic for our video conferencing system either across our IPSec VPN network or through our Checkpoint firewall to the web. Our main gateway handles other traffic so I want to keep this link seperate. It will need to support HSRP in case of failover.

Would the Cisco 871 router be up to the job for 2 VC units that are not heavily used?

Thanks,

Martin

I have this problem too.
0 votes
Correct Answer by j98me2 about 7 years 7 months ago

The 871 does support subinterfaces. Here is a sample I just tried placing on an 871 to be sure. I also included the show ver. Perhaps it is a IOS thing. I also know that the 851 does not support it. I also believe the 831 does not, though I am not certain on the 831.

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4.1

description Voice Vlan 65

encapsulation dot1Q 65

ip address 10.65.1.2 255.255.0.0

ip helper-address 10.1.1.10

ip helper-address 10.1.1.11

ip flow ingress

no snmp trap link-status

no cdp enable

!

interface FastEthernet4.2

description Voice Vlan 10

encapsulation dot1Q 10

ip address 10.1.10.2 255.255.254.0

ip helper-address 10.1.1.10

ip helper-address 10.1.1.11

ip flow ingress

no snmp trap link-status

no cdp enable

yourname#show ver

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(6)T, RE

LEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Thu 23-Feb-06 04:00 by ccai

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

yourname uptime is 1 hour, 12 minutes

System returned to ROM by power-on

System image file is "flash:c870-advipservicesk9-mz.124-6.T.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

[email protected].

Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memo

ry.

Processor board ID FHK102950SK

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

128K bytes of non-volatile configuration memory.

28672K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Tue, 05/05/2009 - 07:30

I'm not able to create sub-interface on a 871 (test router), I don't believe it supports it. The 1800 series should work for you though.

Hope that helps.

martinpugh Tue, 05/05/2009 - 07:35

Hi Collin,

Thanks for the quick reply. I was hoping I could build a similarly simple configuration I have with the old 3600 router that's way out of warranty and needs to be replaced.

I've simply configured an HSRP IP address so the new router can be slotted in with no downtime and created about a dozen static routes for the VC gear we reach across our IPSec network plus a default gateway pointing to our Checkpoint for any internet based links. The IPSec links, by the way, are provided by another router so all this unit needs to do is throw the traffic in the right direction.

Thanks,

Martin

Correct Answer
j98me2 Tue, 05/05/2009 - 07:49

The 871 does support subinterfaces. Here is a sample I just tried placing on an 871 to be sure. I also included the show ver. Perhaps it is a IOS thing. I also know that the 851 does not support it. I also believe the 831 does not, though I am not certain on the 831.

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4.1

description Voice Vlan 65

encapsulation dot1Q 65

ip address 10.65.1.2 255.255.0.0

ip helper-address 10.1.1.10

ip helper-address 10.1.1.11

ip flow ingress

no snmp trap link-status

no cdp enable

!

interface FastEthernet4.2

description Voice Vlan 10

encapsulation dot1Q 10

ip address 10.1.10.2 255.255.254.0

ip helper-address 10.1.1.10

ip helper-address 10.1.1.11

ip flow ingress

no snmp trap link-status

no cdp enable

yourname#show ver

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(6)T, RE

LEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Thu 23-Feb-06 04:00 by ccai

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

yourname uptime is 1 hour, 12 minutes

System returned to ROM by power-on

System image file is "flash:c870-advipservicesk9-mz.124-6.T.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

[email protected].

Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memo

ry.

Processor board ID FHK102950SK

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

128K bytes of non-volatile configuration memory.

28672K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Jon Marshall Tue, 05/05/2009 - 07:53

Martin

As Jeremy has confirmed the 871 does support 802.1q. It is down to the IOS feature set ie. you need Advanced IP services to support the 802.1q feature.

Jon

Collin Clark Tue, 05/05/2009 - 08:13

That's the weirdest thing. If I clear the config I can create the sub-interfaces and VLAN interfaces. If I create the VLAN interfaces first, I can not create sub-interfaces (the command takes, but no configuration). I am running 12.4(24)T though. Sorry for the mis-leading information.

martinpugh Sun, 05/10/2009 - 04:14

Hi guys,

Thanks for all your replies. Looks like I will be able to do what I was hoping to.

Actions

This Discussion