1. Home
  2. Cisco Systems
  3. Cisco 3620: wich IOS to choose

Cisco 3620: wich IOS to choose

Hello I am ready to put on production one cisco 3620 (32F/64D) with two NM: NM-1FE-TX 10/100mbit FE interface NM with FE Combo Port Module, 1 Token Ring, 2 WAN

On this router I will do the following:

NM with FE combo: trunk interface with lot of vlan (this router is the gw for the vlans) NM-1FE-TX "uplink" port to a c3745 that does QoS.

The c3620 needs to ROUTE only packets between the interface, nothing else. I could put there a second c3620 later on GLBP.

The router has the following specs:

cisco 3620 (R4700) processor (revision 0x81) with 60416K/5120K bytes of memory. Processor board ID 26434690 R4700 CPU at 80MHz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s) 1 Token Ring/IEEE 802.5 interface(s) DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 32768K bytes of processor board System flash (Read/Write)

I have this question for you guys:

since the router needs to route only, wich IOS is better to be put inside?

I have these on hand:

Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support:

formatting link
(c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 16:20 by dchih

That is the latest 12.3(26) complete

Also I have this:

Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.2(46a), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2007 by cisco Systems, Inc. Compiled Wed 11-Jul-07 20:37 by pwade Image text-base: 0x60008930, data-base: 0x6113CEF0

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

c3620-1 uptime is 11 minutes System returned to ROM by power-on System image file is "flash:c3620-is-mz.122-46a.bin"

That is the latest 12.2(46a) IP/PLUS (the minimum that supports vlan trunking)

I don't know if the free RAM is an issue when routing only...

what is your advice?

This is the conf, very simple indeed:

(used with 12.2 software)

version 12.2 service config service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service internal service sequence-numbers ! hostname c3620-1 ! logging buffered 4096 notifications logging console informational enable password 7 xxxxxxx! username 2312312312 privilege 15 password 7 1231231231321312 clock timezone CET 1 ip subnet-zero no ip source-route no ip gratuitous-arps ip cef ! ! ip tcp selective-ack ip tcp timestamp ip tcp window-size 2144 ip tcp synwait-time 10 ip domain round-robin ip domain-name spadhausen.local ip name-server 212.97.32.2 ip name-server 94.141.24.92 ! no ip bootp server call rsvp-sync ! ! ! ! ! ! ! ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description Interfaccia TRUNK verso le TORRI no ip address no ip redirects no ip proxy-arp duplex auto speed auto ! interface FastEthernet0/0.2 description TORRE 2 - Distribuzione diretta capannone encapsulation dot1Q 2 ip address 172.16.2.254 255.255.255.0 no ip redirects no ip proxy-arp ! interface FastEthernet0/0.3 description TORRE 3 - Consorzio di Bonifica - Traversara encapsulation dot1Q 3 ip address 172.16.3.254 255.255.255.0 no ip redirects no ip proxy-arp ! interface FastEthernet0/0.4 description TORRE 4 - Casalboni - Villanova di Bagnacavallo encapsulation dot1Q 4 ip address 172.16.4.254 255.255.255.0 no ip redirects no ip proxy-arp ! interface FastEthernet0/0.5 description TORRE 5 - Palo Ponte Villanova di Bagnacavallo encapsulation dot1Q 5 ip address 172.16.5.254 255.255.255.0 no ip redirects no ip proxy-arp ! interface FastEthernet0/0.6 description TORRE 6 - Boncellino encapsulation dot1Q 6 ip address 172.16.6.254 255.255.255.0 no ip redirects no ip proxy-arp ! interface FastEthernet0/0.7 description TORRE 7 - Mezzano Campanile encapsulation dot1Q 7 ip address 172.16.7.254 255.255.255.0 no ip redirects no ip proxy-arp ! interface TokenRing0/0 no ip address shutdown ring-speed 16 ! interface FastEthernet1/0 description Interfaccia verso il router QoS /28 ip address 10.0.0.11 255.255.255.240 no ip redirects no ip proxy-arp duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 10.0.0.1 no ip http server ! no logging trap access-list 99 permit 77.93.235.238 access-list 99 permit 172.16.0.0 0.0.1.255 access-list 99 deny any no cdp run snmp-server community public RO 99 snmp-server enable traps tty ! dial-peer cor custom ! ! ! ! line con 0 login local line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ! scheduler max-task-time 5000 ntp server 192.43.244.18 ntp server 193.204.114.105 end

Reply to
Elia S.
Loading thread data ...

You are asking pretty basic stuff from it, something they were doing quite readily 13-15 years ago. Anything should be fine..

Okay, 64k of DRAM, 32k of Flash. As long as your IOS image fits in the DRAM and flash you have, you're set.

Whichever, Cisco had that kind of feature set nailed down decades ago..

The IK903S6 is a superset of IS. Since its newer, and would fit into your RAM/Flash, I'd go with it just because its newer. Even if you aren't going to use the crypto features of it (would be pretty slow on a 3620), there could be some bugs fixed.

Overall, its not going to matter.

RAM isn't consumed by routing, its all fixed allocation buffers upon boot. You only use up RAM for dynamic protocols like EIGRP/OSPF/BGP/etc. etc.

Reply to
Doug McIntyre

Hello doug, thank you for your answer. My answers are below:

"Doug McIntyre" ha scritto nel messaggio news:4cd05aa4$0$87582$ snipped-for-privacy@newsreader.iphouse.net...

64M of DRAM and 32M of Flash is the maximum allowed in the 3620, and I upgraded it to the max.

Whichever, Cisco had that kind of feature set nailed down decades ago..

The latest 12.2 is really light, but the 12.3 has SSH, since the 12.2 is IP/PLUS it is light and has the minimum feature set to support vlans.

If I could fine the latest 12.3 IP/PLUS I will go with that. I don't like to use big IOS if they are not needed.

With routing in wich way I could use the spare RAM? Maybe with buffers?

Thanks

Reply to
Elia S.

It's not really going to matter what IOS you use Cisco routers have been routing packets for a long time:-)

If you are internet facing you might want to check out any security bugs.

I suppose you could choose one that was not deferred and was currently availabe.

I would choose the most recent one that was not T or any other letters and met the feature requirements.

My view on memory is that if not using big routing domains (lots of routers) with dynamic routing and you have not got big routing tables is pretty much "if it will boot it will run". It is also (as I see you have) worth turning off proxy arp in case you get huge memory eating arp cache. Once upon I time we had an internet facing switch that crashed every year until we figured it out.

Obviously you need a bit of spare memory for vty sessions and the like.

If you want specific advice on memory on a particular release post the first three lines of the show mem command with the release running and details of the recommended memory.

One thing you don't mention is the throughput you expect to see. By modern standards a 3620 will be pretty poor.

Oh, turning off logging console is good practise since that is very CPU intensive.

Reply to
bod43

"bod43" ha scritto nel messaggio news: snipped-for-privacy@j25g2000yqa.googlegroups.com...

It's not really going to matter what IOS you use Cisco routers have been routing packets for a long time:-)

This router is an internal one that is not directly internet facing. It routes packet from the users to a 3745 QoS router, and then to internet. It is not directly accessible from outside.

The 12.2 is currently discontinued.

This is mainline (not-T)

What throughput should I expect?

logging buffered 4096 notifications no logging console no logging trap no logging monitor

Is ok now?

thank you

Reply to
Elia S.

Do you have any particular reason for putting such an ancient box in a production environment? Are you on a zero budget?

When your only use is to route between a network and a vlan trunk I would advise getting a low-end L3 routing switch. It will outperform the 3620 by a factor of 100.

Reply to
Rob

Hello

"Rob" ha scritto nel messaggio news: snipped-for-privacy@xs8.xsall.nl...

Elia S. wrote:

Well, I need a box that routes only, I have plenty of old box here sleeping in my depot :) A choice between one C3620, one C2651XM, some 2650 (not XM) and 1700s

When the router will be in difficulties, I will put another one in GLBP :)

I dont have a L3 switch here :(

maybe an HP 2626

Reply to
Elia S.

IIRC, for a 3620, somewhere on the order of 20Mbps-30Mbps in the setup you are proposing.

Of the boxes you later list, this would be the "fastest" one. Although again something that is over 13 years old isn't exactly the fastest thing out there.

Reply to
Doug McIntyre

Compared to modern IOS, anything that can fit into 32k is super lightweight, being a tiny percentage of the size in current use..

You couldn't use the spare RAM for routing buffers. The buffer allocations are fairly fixed, with tiny tweaks allowed. Using more RAM gains you nothing.

Reply to
Doug McIntyre

Yes a HP 2626 would be fine. Or if you buy it new, a HP 2610-24 for example.

There are also cheaper alternatives available e.g. from 3com, but now that 3com has been bought by HP it might be that they are merging product lines.

We are using a 3com 4500G which is also offering L3 routing and is less expensive than the HP line, but HP is concealing the 3com product line from their site so maybe it will not be available much longer...

Switches like this can be configured with multiple VLANs that are each on a different IP subnet, and can IP route between the subnets using static routes.

Often good enough for a situation like you seem to have, and much faster than a router of similar pricing, because they operate at network wire speed. For a 3620 you are looking at a routing performance around 10 megabit/s, while the switch will do 1 gigabit/s no sweat.

Reply to
Rob

"Rob" ha scritto nel messaggio news: snipped-for-privacy@xs8.xsall.nl...

I have an HP2626 here with the latest firmware on it, I will begin configuring it this morning.

So I have this situation:

UPLINK port (to a QoS router where all the VLANS go as a default route)

10.0.0.11/28 (the remote QOS router is 10.0.0.1)

VLAN2 172.16.2.254/24 VLAN3 172.16.3.254/24 VLAN4 172.16.4.254/24

If I set a default route on the switch to route 0.0.0.0 0.0.0.0 to 10.0.0.1 I should be ok, since I need that each VLAN goes upwards to the 10.0.0.1 and I am not interested now in inter-vlan routing (I mean if 172.16.2.20 reaches

172.16.3.30, I need a static route?? )

From the QoS router at 10.0.0.1 I have static routes on it as:

ip route 172.16.2.0 255.255.255.0 10.0.0.11 (the switch IP) and so on for each subnet.

Will it work?

Around 10mbit is enough for the beginning :)

Reply to
Elia S.

No you don't need any additional routes for this case. The directly accessible interfaces are automatically routed, you need routes only for the default gateway and for any networks that are reachable via other routers/switches external to the switch.

Yes that will work.

You will have a couple of VLAN defs like this: vlan 1 name "UPLINK" ip address 10.0.0.11 255.255.255.240 exit vlan 2 name "VLAN2" ip address 172.16.2.254 255.255.255.0 exit

then the IP routing like: ip routing ip route 0.0.0.0 0.0.0.0 10.0.0.1

We have good experiences with the switches routing like that.

Reply to
Rob

Hello Rob I have just tested this conf in my lab:

Running configuration:

-------------------------------------------- ; J4900A Configuration Editor; Created on release #H.10.83

hostname "ProCurve Switch 2626" snmp-server contact " snipped-for-privacy@spadhausen.com" snmp-server location "HQ Bagnacavallo (RA)" max-vlans 16 time timezone 1 interface 1 flow-control exit interface 2 flow-control exit interface 3 flow-control exit interface 4 flow-control exit interface 5 flow-control exit interface 6 flow-control exit interface 7 flow-control exit interface 8 flow-control exit interface 9 flow-control exit interface 10 flow-control exit interface 11 flow-control exit interface 12 flow-control exit interface 13 flow-control exit interface 14 flow-control exit interface 15 flow-control exit interface 16 flow-control exit interface 17 flow-control exit interface 18 flow-control exit interface 19 flow-control exit interface 20 flow-control exit interface 21 flow-control exit interface 22 flow-control exit interface 23 flow-control exit interface 24 flow-control exit interface 25 flow-control exit interface 26 flow-control exit ip default-gateway 10.0.0.1 sntp server 192.43.244.18 ip routing timesync sntp sntp unicast snmp-server community "public" vlan 1 name "DEFAULT_VLAN" untagged 1-7,11-17,20-24,26 ip address 172.16.0.100 255.255.254.0 no untagged 8-10,18-19,25 ip igmp exit vlan 2 name "ROCKET_HQ" untagged 8 ip address 172.16.2.254 255.255.255.0 tagged 2 ip igmp exit vlan 3 name "TRAVERSARA" ip address 172.16.3.254 255.255.255.0 tagged 3 ip igmp exit vlan 4 name "CASALBONI" ip address 172.16.4.254 255.255.255.0 tagged 4 ip igmp exit vlan 5 name "VLNV_PONTE" ip address 172.16.5.254 255.255.255.0 tagged 5 ip igmp exit vlan 6 name "BONCELLINO" ip address 172.16.6.254 255.255.255.0 tagged 6 ip igmp exit vlan 7 name "MEZZANO" ip address 172.16.7.254 255.255.255.0 tagged 7 ip igmp exit vlan 256 name "MG_LAN" untagged 9,25 no ip address tagged 24 ip igmp exit vlan 255 name "MG_WAN" untagged 10 ip address 172.16.255.254 255.255.255.0 ip igmp exit vlan 257 name "QOS_NETWORK" untagged 18-19 ip address 10.0.0.11 255.255.255.240 exit fault-finder bad-driver sensitivity high fault-finder bad-transceiver sensitivity high fault-finder bad-cable sensitivity high fault-finder too-long-cable sensitivity high fault-finder over-bandwidth sensitivity high fault-finder broadcast-storm sensitivity high fault-finder loss-of-link sensitivity high fault-finder duplex-mismatch-HDx sensitivity high fault-finder duplex-mismatch-FDx sensitivity high ip route 0.0.0.0 0.0.0.0 10.0.0.1 password manager

---------------

Some questions: it is useful to set ip igmp filtering ? According to the docs, yes. Will it give additional work to the switch?

What routing througput should I expect from this switch?

The full specs are here:

formatting link
My model is HP-2626 4900A

Reply to
Elia S.

We are not using igmp on our network so I did not study this topic... It will probably give processor load but if this is a problem I cannot tell.

I have tested with our 3com 4500G and I could not saturate it with two Dell servers with gigabit card. I.e. the transfer rate with the switch in between was the same no matter if it was routing or only switching. Of course the specs also tell that but it never hurts to try :-)

I think it is the same with the HP. We have those HP 2626 switches only with a 100 Mbit trunk inbetween them, and we have no problem to saturate the trunk. I did not test those at 1 gigabit.

They specify 9.6 Gbps routing/switching capacity, so with a few ports in use you should not be able to saturate it.

Basically what these devices do is use a processor route lookup for the first packet in a stream and then use the switch hardware to forward the remainder of the packets directly without processor intervention. I.e. the same as when using it as a switch only, except that it now switches on IP addr instead of MAC addr.

It is WAY faster than what you get with a 3620...

Reply to
Rob

Thank you for your suggestion, I definitely will choose HP2626 as routing beast :)

Thank you!

Reply to
Elia S.

freelance writer

Reply to
WinnieDunn19

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.