[c-nsp] Will the Cisco 2911 push GigE with NAT enabled ?

Mackinnon, Ian ian.mackinnon at atos.net
Mon Apr 30 11:46:34 EDT 2012 

Apart from the NAT requirement, I have had success deploying switches
instead of routers. 
But NAT is not available on switches :-(

Perhaps you could offload the NAT to another device?

Ian

-----Original Message-----
From: Dave [mailto:dcostell-cisconsp at torzo.com] 
Sent: 30 April 2012 16:44
To: Nick Hilliard
Cc: Mackinnon, Ian; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Will the Cisco 2911 push GigE with NAT enabled ?

On 04/30/2012 08:41 AM, Nick Hilliard wrote:
> On 30/04/2012 16:30, Mackinnon, Ian wrote:
>> It says a 2911 will top out at about 180M with no features.
>
> that's the figure for 64 byte packets.  For imix the feature-free 
> result will be quite a chunk higher.  But then every feature you add 
> (NAT, policy routing, full dfz, etc) will cause the performance to
drop off significantly.
>
> Dave, can you post your interface configuration?
>
> Nick

Yup, tho I think this is most likely the wrong device for the job. I'd
love to get feedback on what I could do better.


interface GigabitEthernet0/0
  ip address xxx.xxx.xxx 255.255.255.252
  ip access-group OFFICE_LAN in
  no ip unreachables
  no ip proxy-arp
  ip flow egress
  ip nat outside
  no ip virtual-reassembly in
  duplex auto
  speed auto
  no mop enabled
!
interface GigabitEthernet0/1
  no ip address
  no ip unreachables
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  ip nat inside
  no ip virtual-reassembly in
  duplex auto
  speed auto
  no mop enabled
!
interface GigabitEthernet0/1.1
  description Old Office Network
  encapsulation dot1Q 1 native
  ip address 10.0.0.1 255.128.0.0
  ip flow ingress
  ip nat inside
  no ip virtual-reassembly in
  ipv6 enable
  ipv6 nd ra suppress
  ipv6 ospf 15082 area 0
  no cdp enable
!


the OFFICE_LAN acl is a 3 line rule to block ssh from all but one 
specific external IP.

Dave



_______________________________________________________
Atos and Atos Consulting are trading names used by the Atos group.  The following trading entities are registered in England and Wales:  Atos IT Services UK Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380) and Atos IT Solutions and Services Limited  (registered number 01203466) The registered office for each is at 4 Triton Square, Regents Place, London, NW1 3HG. The VAT No. for each is: GB232327983

This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information.  If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it.  Please notify the sender immediately and delete this email from your systems.   As emails may be intercepted, amended or lost, they are not secure.  Atos therefore can accept no liability for any errors or their content.  Although Atos endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email.
_______________________________________________________

More information about the cisco-nsp mailing list