Solved

Cisco 2811 Router - Dual WAN?

Posted on 2011-02-23
21
1,631 Views
Last Modified: 2013-01-22
I have inherited a Cisco 2811 at a new client and it has the two built in Ethernet ports plus a 4ESW module. Can that module be used to do a dual WAN? If not, what module might I need if the 2811 even supports dual WAN? Thanks!
0
Comment
Question by:mvalpreda
  • 10
  • 5
  • 4
  • +2
21 Comments
 
LVL 9

Expert Comment

by:ffleisma
ID: 34966237
2811 routers can handled a dual-homed set-up. the next question would be is that what kind of WAN services will you be having? Depending on the kind of WAN service, it will dictate the kind of interface you will be having for the WAN connection. another question will be is that for what purpose are needing dual WAN connection, is it for fail-over set-up redundancy set-up or will you be needing load-balancing as well? if you can give more details, be glad to help you on this :-)
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 34966257
Fair enough. :)

Router is not currently in use, it was decommissioned from a T1. Currently using a *gasp* Linksys SOHO. Two DSL connections coming in for an external app that needs as much uptime as possible. Would like the incoming on both DSL links to point to the same server on the same port. So if something hits WAN1 IP on port 80 it goes to internal server 10.10.10.10 and if something hits WAN2 IP on port 80 it also goes to internal server 10.10.10.10. A bonus would be load balancing/failover for internal people to get out to the internet.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 34966347
1. having a DSL connection, you won't be able to handle load balancing. load balancing would be avaible if you had your own AS and you lease you own private IP address space and for this you should be running BGP as your routing protocol. with regards to a DSL connection, usually this would only involve a static route towards your ISP.

2. you mentioned port 80 as an example, now i would just like to ask, would this be a web server that needs to be up and available outside? and if so is the URL registered to a public DNS, hence if that is the case you have to have both public IP (WAN1 IP and WAN2 IP) registered to a DNS server. can you specify further what type of internal application is being accessed and by whom (same company users vs the world).

3. since you are using a DSL service, to use the 2811 router you inherited, you would need an ADSL WAN interface card/ WIC

http://www.cisco.com/en/US/prod/collateral/routers/ps221/product_data_sheet0900aecd8028aa5a_ps5854_Products_Data_Sheet.html

the 4ESW module you currently have is an EtherSwitch Module (ESW) and by that it is mainly used to add switching ports to the router and you realy cant used that to connect both of the DSL conenctions.

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016bf0b_ps5855_Products_Data_Sheet.html

Lastly, I know I ask a lot of questions answering your question but it is just so as i could get a better idea of what your requirements would be.

What is your motivation to use the 2811 instead? in my opinion your better of buying a cheap (not necessarily cisco) firewall/router that can do load balancing+failover, i can suggest QNO if your really need/want to replace your existing router.

http://www.qno.com.tw/english/n_products_multiwan_qos_firewall_router.asp

Adtran is also a respectable product that can offer load balancing and fail-over for setup that uses 2 DSL service.

http://www.adtran.com/web/page/portal/Adtran/group/2891


hope this helps a little and pushes you towards more questions and more answer, be glad to help you further :-)


0
 
LVL 2

Author Comment

by:mvalpreda
ID: 34966371
My first choice would be to go with a Cisco ASA 5505 with Security Plus so I could do dual WAN with that. I don't think I need a DSL card since I think the two different DSL modems give me ethernet. If I have Ethernet from the DSL modem(s) can I use a 2 port HWIC?

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd80581fe6_ps5855_Products_Data_Sheet.html

Client is convinced the 2811 is the best thing since sliced bread so until can say with the utmost certainty that it won't work for him and he needs to buy something else....I need to do my due diligence. I'm guessing he spent a lot of money on it when they had the T1 and hates to see it go to waste.

Is it safe to say that the 4ESW is designed for internal switch ports on the inside of the router?
0
 
LVL 3

Expert Comment

by:lomejordeesto
ID: 34966398
Well 2811 supports dual wan for sure and load balancing too just by configuring too default routes with the same Administrative distance you are good, the router will load balance by flow. Now are you using an external modem for the ADSL or you are using a WIC card for the DSL??
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 34966441
yes the 4ESW is designed to add swithport (internal facing) to a router, since you have 2 DSL connection both those public IP WAN1 & WAN2 are on a different subnet.

yes cisco ASA 5505 is a good thing to go, as it would provide you with firewall capabilities as well, BUT at best you can only do a fail-over with the ASA and "not" load balance which would seems a waste of good bandwidth, there is a similar question here at EE see below.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22748232.html

at best using the 2811, you can apply a route-map to point one set of subnet within the internal network to the ISP1 and another subnet to ISP2, i'd be honest to you and say i'm not 100% for this even though i'm cisco certified but i guess that is possible (not sure because i haven't tried it before but very likely possible).

now considering the money that the company wishes to spend just buying the interface card for the 2811 or buying a new cisco ASA (which can do the load-balancing), thats why im proposing use specialized products that can provide you with the firewall capabilities + load balancing from Adtran or QNO, Adtran OS is very similar to cisco and is also an american manufacturer, QNO is China i think (what equipment is not made from China anyway? :-)

would this be for a small to medium office? aroung 100-200 users?
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 34966490
done a bit of reading, and yes (lomejordeesto) is right you may do load balancing with your 2811, sorry about my previous answer, here's a link where they discuss this.

https://learningnetwork.cisco.com/thread/7614

but still, i would suggest go with a firewall/router as this would provide more security and less hassle of trying to figure out how to configure it.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 34966580
The bottom line as I see it is that what I have right now will not do what the client wants. In order to do that I would need a HWIC-2FE

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd80581fe6_ps5855_Products_Data_Sheet.html

Correct? If so I'm money ahead with an ASA. Load balancing for traffic TO the internet is just a bonus. Failover is fine. I just need to make sure I have the ability to have dual incoming regardless of which link is utilized.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34966795
>Would like the incoming on both DSL links to point to the same server on the same port.
Ah, this is the challenge!
On Cisco kit, you cannot map the multiple IP's to the same internal host/port
However, you can add a second IP address to the server NIC, and map DSL1 public IP to server/80 and DSL2 public ip to server2/80
You really can't get load balancing, but you can easily get failover.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 34969465
Is that the case with both the 2811 and an ASA? Or just with the 2811?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Expert Comment

by:texasjpm
ID: 34975199
i would use Cisco's Optimized Edge Routing. "Optimized Edge Routing (OER) is intended for sites using multiple Internet or WAN Service Providers." More information can be found at

http://www.netcraftsmen.net/resources/archived-articles/443-basics-of-cisco-optimized-edge-routing-oer.html

and

http://www.netcraftsmen.net/resources/archived-articles/468.html
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 34975248
I appreciate the articles texasjpm, but I think that might be a bit overkill for what the client is trying to accomplish.

Unless there is something i am missing, I think the ASA 5505 Security Plus will do what I need to do.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34975708
This is the case with either a router or ASA.
The ASA can do failover routing only
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 34975780
That's fine. As stated originally load balancing would be a bonus.

ISP1 IP --> ASA port 0 --> server IP 1
ISP2 IP --> ASA port 1 --> server IP 2

So no matter what ISP the packet comes from it will get to the server as long as the server is set to listen on both of those IP addresses. That is all I am really looking for.

If the device fails over to another ISP for internal people to get out that would be great as well.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34975940
ASA will do all that, no problem.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 35152425
I assume I will need the Security Plus license in order to do the dual WAN setup on the ASA 5505?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 35152845
Yes, get the security plus license..
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 35152848
In my travels I have come across the Cisco 891 ISR. I know it's more of an all-in-one sort of unit, but how does it stack up against the ASA 5505?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 35152890
ISR is part of the router family, running IOS.
Routers were designed to route packets from dis-similiar interfaces (Etherent to serial/ATM/Token ring, etc) and to do it as effeciently as possible.
ASA was designed ground up, does not run IOS, to be a firewall. Period.
That's why it can only do backup/failover WAN and not run dual wans at the same time or a whole myriad of other advanced router functions that even the new 891 will do.
Cisco never has and never will do dual WAN's very well without BGP in IOS.
890 series are SOHO (Small Office/Home Office) that are extremely flexible, but still has nothing over the 2811 that is already on hand
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 35152898
Seeing as the 2811 as it sits will do what the customer requires, which would you go with if it was your network? The 891 ISR or the ASA?

There is only 25-30 inside users.
0
 
LVL 2

Author Closing Comment

by:mvalpreda
ID: 35338100
Thanks for the advice.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Monitor bandwidth 3 45
site to site tunnel not autostarting 5 36
Homegroup issues 6 37
How do I modify Ubigate for new ISP? 2 22
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now