Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Edge router design

I have a 2811 with the 9 port switch module. We have a /28 block if addresses. Due to the fact we have a business unit with specific firewall needs they need their own specific wan IP address. I have set up the 9 port switch as a single VLAN with the IP address of our core business. The other business unit then plugs their firewall (m0n0wall atm) into one of the available switch port and assigned their address to their router. 1 gig port is used for DMZ and the other gig port is directly connected to our ISA server. The questions I have is..

1. Is this a bad design. Is there another option besides putting a separate switch outside the 2811 to allow this business unit to have a direct IP address?

2. When I monitor traffic with NTop across all switch ports I see Vlan tags on outbound traffic. Is this a concern?

3. We also use the 2821 for VOIP with all phones on a seperate VLAN. I do not have this vlan assigned to any of the switch ports but I am also seeing the traffic for this vlan in Ntop as well. Any ideas why this is?

Any help would be appreciated. Thanks