What equipment to go for?

Why can't you use the Cisco 805 to take over the routing job of the linux box? You should be able to use sub-interfaces on the lan port to do this. You still need the linux box to supply the DHCP, unless the Cisco 805 can supply it (I haven't worked much with that series).

A router with 4 interfaces can be costly.

Theiss

I'm a big fan of the 877-sec-k9. It's like working with a layer 3 switch. Utilization of the dsl interface is optional. Just trunk it to a switch and rock out. Supports vlans, trunking, zone policy firewall, v6v4 tunneling, dmvpn. Very cool router.

Hi Theiss,

Well, I didn't knew I could. In fact altough I also have 805, the router that will be part of this setup is in fact a 836, but its also a 800 series so should be the same.

The reason why I thought I couldn't use the 386 is because it only has

2 interfaces ethernet0 and ethernet2(if enabled) and I though that I had to have an interface to terminate each VLAN.

What you are saying also makes sense to me, hook all the VLAN "ends" in the ethernet0 and use subinterfaces. I'm not very familiar with subinterfaces in IOS but I believe it should be the same as IP aliasing in Linux.

A few questions though.

Can I use acess lists to filter trafing between subinterfaces? Wouldn't the traffic from on VLAN "leak" to the other VLANs because their are also tied up in the same phisical connection?

That's the main reason I tought of a router with several interfaces.

Regarding the DHCP, yes the 836 (and I believe the 805 also) can provide a DHCP pool. I'm currently using one for the VPDN tunnel.

Many thanks by the tip! HangaS

Hi,

As I mentioned in the previous reply, the router that I'm talking about is in fact an 836 (which I believe was replaced by the 876) So I can probably do the same with my 836.

Do you say the 877 (same as the 876 by over ISDN) supports VLANs? You mean VLAN tagging et all?

Miguel

Utilization of the dsl interface is optional. Just trunk it to a switch and = rock out. Supports vlans, trunking, zone policy firewall, v6v4 tunneling, dm= vpn. Very cool router.- Hide quoted text -

HangaS

If you assign different subnet to your vlans, the router will route between the vlan/subnets. However, you can use access-list to filter our the traffic between vlan/subnet. You may need to assign a vlan/subnet exclusively for the server so that every other vlan can access the server but can't see/talk amongst themselves.

Theiss

The 870 advanced image supports 4 vlans and 802.1q trunking. I have found the need to do extensive feature research when selecting a cisco router, as many devices lack a number of features. The sec-k9 is loaded. What type of wan connection do you have? There is probably no reason that one device can't do it all.

the need to do extensive feature research when selecting a cisco router, as = many devices lack a number of features. The sec-k9 is loaded. What type of w= an connection do you have? There is probably no reason that one device can't= do it all.

I am not sure fmo a performance standpoint, but from a features standpoint it sounds like a 1721 might be another option. I have this set up at home where I have one physical connection to my router(802.1q trunk between my switch), and everything plugs into my switch. One vlan is for the internet connetion from comcast, one is for my main internal network, one is for my wireless, one is for a test network. As far as I can tell nothing leaks between Vlans. Now performance may be an issue as I have found it is fairly easy to overload the 1721 with p2p programs or extensive vpn use.

I have an ADSL connection over ISDN. That was the reason I elected the

836 in the past. I also had an 805 on Leased Line but was disabled in the beggining of the year. So now I only have the 836 connected to the linux router. In a near future I will also have another ADSL2+ connection so I may connect a 837 that I have in the closet.

HangaS

the need to do extensive feature research when selecting a cisco router, as = many devices lack a number of features. The sec-k9 is loaded. What type of w= an connection do you have? There is probably no reason that one device can't= do it all.

the need to do extensive feature research when select> I am not sure fmo a performance standpoint, but from a features

I used a 1721 before I migrated to the 877. The difference in cost is substantial: 1200 for the 1721 base image vs. 500 for the 877 advanced image. Obviously, the 1700 probably offers superior performance. Just had to go with the advanced image for v6 tunneling.

I personally would lean toward a layer3 switch. If a 3650/3750 isn't in your budget range, I would look for a used 3550 running the layer3 image.

Scott

HangaS wrote:

2801 and a managed switch can do exactly what you wanted.

Yes, it is way far behond my buget range. I was hopping something in the price range of the 2801 or cheaper.