Friday, December 25, 2009

IPSEC not supported!!!! Reason you go for router

One of the many things that my customer ask why we donot go for layer 3 switch instead of router when ethernet is our only requirement. Cisco 1 port FE card still have GPL of 950 USD. While L3 switches comes with 24/48 port and this is really cheaper when customer require many Ethernet interfaces.

Well although in some cases the customer may opt the option but i still don't encourage them as one obvious answer is router is still intended for routing while L3 switch is still have switching hardware and intended for LAN . It cannot support many necessary features like IPSEC VPN, GRE tunnel and even NAT that are necessary for WAN edge

Well i still remember from my previous job experience that one of my colleague purchase 3560 for site to site vpn with router, only to figure out that IPsec is not supported on it.

To summarize L3 switches were introduced by keeping mind to perform efficient intervlan routing and are best within campus. Routers are destined for edge and will still be used at WAN edges.

Subinterface, SVI and Catalyst Catch!!!

Well there are many who do not know this

You cannot make subinterfaces on Cisco switches. No matter its 2960,3560 or 3750. No matter its LANLITE or LAN base. No matter its standard image or enhanced image. Subinterfaces are simply not supported.

So what the alternative solution? You get it. Use SVI instead. You can do almost every thing that you can do with physical interface

Int vlan 10
ip address x.x.x.x x.x.x.x
Access-group 101
IP ospf cost 10