Skip to main content

cisco router vs linux router

More
14 years 11 months ago #33060 by superudu
hi all,

thank you for answering

i still got some questions about what a cisco can do, because i want to be sure i will have everything working when/if i replace my linux router

A. can i set more than 2 ips on a cisco router interface?
B. and if yes, can i translate them by nat to specific private ip addresses ( 1 on 1) ?

C. and a tricky one, if now i have a database with ip addresses that are allowed to come and see web pages from my internal network (each web page corresponds a public ip) - can i also make this type of filtering on a cisco? that is, deny for all but allow for some (and tell the reason, maybe time period)

thanks.
More
14 years 11 months ago #33063 by sose
yes you can do all that with a cisco router, through creating sub interfaces on a physical interface you can apply more than one IP. kind o f in a haste now . I will make subsequent contributions in future

thanks
More
14 years 11 months ago #33065 by S0lo

A. can i set more than 2 ips on a cisco router interface?


Yes you can do that by using the secondary keyword. The secondary IP addresses can be either on the same subnet or different subnets. Sub-interfaces will work too as sose mentioned but probably requires 802.1Q on the other side too.

B. and if yes, can i translate them by nat to specific private ip addresses ( 1 on 1) ?


Yes you can. And you can even translate multiple IPs even if they are not defined as secondary on an interface.

C. and a tricky one, if now i have a database with ip addresses that are allowed to come and see web pages from my internal network (each web page corresponds a public ip) - can i also make this type of filtering on a cisco? that is, deny for all but allow for some (and tell the reason, maybe time period)


If I got you well, yes you can. But I'm not sure what do you mean by "and tell the reason, maybe time period".

Thats as far as I know. By the way, it's so happens that this post comes 24 hours right after my first try of Vyatta www.vyatta.com

If you haven't tried yet, Vyatta is an open source router based on Linux, The OS is ofcourse free but they also sell dedicated appliances for it. As you might expect the prices are much lower than Cisco's, but the real plus comes if what they claim is true that it's faster than Cisco. I have no idea how valid their claim is, but I tried the PC based OS and it really looks promising.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
14 years 11 months ago #33067 by KiLLaBeE
superudu,
Just curious, what is your own, personal reason/motivation for wanting to move from a Linux-based router to a Cisco router? I'm just curious...not trying to judge you or anything.
More
14 years 11 months ago #33084 by donanak
To not re-invent the wheel - I think you should have all your answers by now to make a decision.


Linux is a good choice when it comes to budget and customisation but could be risky if not configured well. If this has been working for you then why the change? (don't answer that)

Cisco routers as mentioned can meet your needs depending on your requirement as already mentioned above. You need to know the requirement to decide on which router to go for. Each of the routers come with different interfaces and you may be required to buy additional interface(s) based on requirement again.

As you have mentioned about "firewall" above you are now looking at ASA/Pix devices in addition to the router (for DHCP/traffic redirect etc). I'd do more feasibility study before. The rest of it can be achieved based on your requirements.

Good Luck!
-d-

A smart person knows what to say, but a wise person knows whether or not to say it.

'When perfection comes, the imperfect disappear.'
More
14 years 11 months ago #33088 by superudu
hi,

at C. I was thinking about allowing and external IP address to access my internal network on port 80, but only for a limited period of time. Hours, days, or forever.

There are many reasons why I'm thinking to replace my Linux router with a Cisco:
- the PC hardware is getting old
- software installed is a bit old too
- the many packages installed may not be to the latest version, and even if, some security holes (exploits) could be found.
- a Cisco performs better with large amount of traffic.
- is nice to have a Cisco to play with
- etc

A. can i set more than 2 ips on a cisco router interface?


Yes you can do that by using the secondary keyword. The secondary IP addresses can be either on the same subnet or different subnets. Sub-interfaces will work too as sose mentioned but probably requires 802.1Q on the other side too.

B. and if yes, can i translate them by nat to specific private ip addresses ( 1 on 1) ?


Yes you can. And you can even translate multiple IPs even if they are not defined as secondary on an interface.

C. and a tricky one, if now i have a database with ip addresses that are allowed to come and see web pages from my internal network (each web page corresponds a public ip) - can i also make this type of filtering on a cisco? that is, deny for all but allow for some (and tell the reason, maybe time period)


If I got you well, yes you can. But I'm not sure what do you mean by "and tell the reason, maybe time period".

Thats as far as I know. By the way, it's so happens that this post comes 24 hours right after my first try of Vyatta www.vyatta.com

If you haven't tried yet, Vyatta is an open source router based on Linux, The OS is ofcourse free but they also sell dedicated appliances for it. As you might expect the prices are much lower than Cisco's, but the real plus comes if what they claim is true that it's faster than Cisco. I have no idea how valid their claim is, but I tried the PC based OS and it really looks promising.

Time to create page: 0.141 seconds