I have a CISCO 2811 router with 2 Gigabit Ethernet ports. One port is used by a firewall, and the other port is for the LAN. Currently, I have a flat network that I want to chnage by putting the servers in my data center on a different subnet. Since I don't have spare port on the router, is it possible to create subinterface (on the ethernet port connected to LAN) and how? What is the best practice?
Zennon, It all depends on size , the cons in doing it this way is you will be spliting the FE ports into logical subnets by which all intervlan routing traffic be routed through that one port, depending on how many servers total hosts you have.. you could place 3750-E and create SVIs, have 3750-E act as access/distribution if you will, crete vlans as well as do intervlan routing for local subnets in 3570, link up switch to FE port using /30 subnet on 2811 and have switch default route pointing to 2811 if using static routing.
There are many ways of doing but normally you want to follow basic model .Check this link at some branch office design example models to get an idea.
I would like to comment on one aspect of your question. You ask about VLANs and subnetting as if they were different and as if doing one prevented doing the other. In fact VLANs and subnetting go together. When you create multiple VLANs you need multiple subnets. Basically each VLAN requires a unique subnet. (it is not necessarily true that each subnet requires its own VLAN, but it is true that each VLAN requires its own subnet)
Jorge has some good comments about the differences between doing VLANs with a trunk to the router (which would have subinterfaces on the router interface) and which would do inter-vlan routing or the alternative of doing VLANs and using a layer 3 switch to do the inter-vlan routing. But these considerations come after you have made the decision to change from a flat network with only a single VLAN to a network with several VLANs and several subnets.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...