Basic Question: LAN Ports or WAN Ports for Different Subnets?

Unanswered Question
Aug 20th, 2009

This seems to be a very basic question.

I have 3 subnets (say, 10.1.x.x, 11.1.x.x, 12.1.x.x). I'd like to connect allow communication between the subnets, and I'm looking at purchasing the Cisco 1812 router to do so.

To connect the subnets, I understand that I'd need 3 network interfaces, with 3 different IP addresses (say 10.1.1.1, 11.1.1.1, and 12.1.1.1). Could I do this using 2 WAN ports (for the 10.1.x.x and 11.1.x.x subnets) and the 8-port integrated switch for the 12.1.x.x subnet?

A CISCO pre-sales support employee told me that this isn't how you use the WAN ports, and that I'd configure the switch ports for this. I don't believe his response to be correct.

Thank you in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mohamed Sobair Thu, 08/20/2009 - 10:19

Hi,

A cisco pre-sales is correct.

You can use the switch ports for that by assigning 3 ports to 3 different vlans and assign the addresses to 3 SVI interfaces.

The WAN ports should be used for WAN connections if any.

HTH

Mohamed

northwest_trail Thu, 08/20/2009 - 10:27

Great, thanks for the help. I have a quick follow-up question, just to make sure this satisfies my requirements prior to moving forward with my research.

After assigning the VLANs to the SVI interfaces, is there a way to only allow traffic on specific ports?

Also, it seems that I will need to do some research regarding the SVI interfaces (I didn't know these existed), do you have any recommendation on where to start.. other than google?

Mohamed Sobair Thu, 08/20/2009 - 14:14

Hi Trevor,

what do you mean by allowing traffic on specific ports?

As I mentioned earlier, by Assigning the ports for 3 different vlan with SVI interfaces, you are just inheriting the port to act as pure layer-3 port.

for example: talking about ur networks (10.1, 11.1,12.1) all will be assigned 3 differnet Access vlans on the ports, Moreover, each vlan should be assigned SVI. This will allow communication between your Networks at layer-3.

An excellent way to start is here:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

please let me know if you have any other inquiries,

HTH

Mohamed

northwest_trail Thu, 08/20/2009 - 14:24

Wow, thank you for the awesome link Mohamed. That looks like a very great starting point.

As for the "allowing traffic on specific ports" question, I was referring to TCP/UDP ports, and not to the physical ports on the switch. I believe I found the answer: use IOS access list filtering to specify which ports to allow traffic for each interface.

From what you've said and after looking at the configuration example, it appears that I don't necessarily need a router, and that I can meet my requirements with a Catalyst switch.

Mohamed Sobair Thu, 08/20/2009 - 14:47

Hi,

I see, you meant TCP/UDP ports, yes an access-list would suffice here.

with regard to your requirment, keep in mind that some QoS features and Natting is not supported in a mutilayer switch while its supported in a router.

The difference between Mutilayer switch & routers is the forwarding mechanism & performance wise.

The forwarding in multilayer switch is done on Application Specific Integrated Service (Data Plane), while the router do forwarding on Software (Control plane).

Also Switches do switching at layer-3 by preserving the TTL value of the Ip header and the Source and destination mac, while routers do routing lookups.

But in the end, After introducing Cisco Express Forwarding,IP packets on routers are also CEF Switched which has done big difference performance wise.

HTH

Mohamed

northwest_trail Thu, 08/20/2009 - 15:03

By assigning the 3 ports to VLANs and then assigning the addresses to the SVI interfaces, wouldn't all traffic be handled the same as a multilayer switch? It would seem this way to me, since all of the routing is being configured within the 8-port integrated switch. Perhaps I'm missing some details here...

Also, if you don't mind explaining, what are the problems associated with treating two subnets as WANs and utilizing the dual WAN ports, as I asked in the first post? The IT manager at my work seems to think that this is the right approach. Would this work at all?

Thank you very much, once again. You're help is very appreciated.

Mohamed Sobair Thu, 08/20/2009 - 15:26

Hi,

There is no problems at all,

I assumed that your (10.1,11.1,12.1) Networks are your LAN Networks, and since you have a Switch module, why dont you use 3 ports of the Switch for you Internal Network communication, leaving the 2 WAN Integrated ports for the WAN connection.

You can use the WAN ports for this purpose, but you have a switch module there, which serves your layer-2 and layer-3 needs, and you have 8 available ports that could be utilized for any expansion. although the 8 ports , every one could be used as a layer-3 port by the approach we have just spoken of.

If its me, I would use the Switch module for connecting my internal Networks while leaving the WAN ports for the WAN ALTHOUGH the opposite is also possible but not the right one as the Switch WIC/module is not designed for this purpose.

HTH

Mohamed

Actions

This Discussion