Switch connected to cable modem?

[Dooling37]

Hi all,

As mentioned late in this previous thread, I'm looking to setup a managed switch (I got a Cisco 2912XL off ebay) in between my cable modem and wireless router. I've just received the switch, but before I plug it in and start messing around, I realized that, once again, I'm confused.
If my setup looks like this:
ISP/Internet
|
Cable modem
|
managed Switch
|
Wireless router
| | | |
Internal systems

...will my wireless router still be able to pull an IP from my ISP for its WAN interface? Or will the ISP/Cable modem see the managed switch MAC, necessitating a reboot of the cable modem and possibly reporting the new MAC to the ISP, at which point the switch will receive an IP from the cable modem?
I'd like to assign an IP address to the switch for management purposes, but don't really want this to use up my 1 IP from the cable company... instead, ideally, I'd like to assign it an RFC1918 private address, to be connected to directly by a laptop only when needed.
I'd like the wireless router to still receive its external IP directly from the ISP, via DHCP.
Will this work?

Thank you greatly..

 

[Jamsan]

Keep the router where it is now, connect one of the switch ports from the router into the Cisco switch, and hook all your systems into the Cisco switch.

 

[kevnich2]

Why would you want your switch before your router? Do as Jamsan said, hook the switch into the LAN port of the router and hook all computers into the switch. You want your router's WAN interface connected to the cable modem.

 

[Dooling37]

Originally posted by: kevnich2
Why would you want your switch before your router? Do as Jamsan said, hook the switch into the LAN port of the router and hook all computers into the switch. You want your router's WAN interface connected to the cable modem.

The original idea was to be able to sniff *all* inbound and outbound network traffic via a SPAN port on the switch, so I wanted it to be the first thing attached to the cable modem, so as to have visibility into all traffic. If I plug it in behind the wireless router, I'll have visibility into all traffic to/from wired systems, but not any wireless traffic.
So the consensus is that my original setup is not possible..? If so, I'll just have to settle for this plan.

Thank you for the responses.

 

[drebo]

It is possible. You do not have to assign an IP address to the switch.

 

[Dooling37]

Originally posted by: drebo
It is possible. You do not have to assign an IP address to the switch.

In this case, I can still manage the switch via console connection -- just not via SSH/telnet/web, correct? Also, any systems that I connect directly off of the switch will not be allowed to have IP addresses that can communicate with the internet, correct? (because I can only have one public IP address from my ISP, which will go to the wireless router)

thank you..

 

[mcmilljb]

What you can do is plug the cable modem into port 1 and the router into port 2. The make port 3 your SPAN port(you can use any port really just an example) which will monitor port 2's egress and ingress traffic. You monitor both directions of traffic on port 2 because you want to know what's going in and out of the router's wan port. Just plug your monitoring computer to port 3 and let it listen away.

Here is what you can do to solve some of your other problems. If you want to remotely configure the switch from behind the router, create a new vlan on the managed switch first. Then assign it a reserved ip address from your internal network(don't want dhcp to throw a fit) so you can remotely connect to it. Then assign the a port to that vlan and run a cable from the router's switch to the port you assigned to the new vlan. You can now SSH/Telnet to the switch. You still have to configure the switch to allow you to connect over SSH/Telnet, but the option is now available to you. The new vlan prevents a switching loop from appearing because the router's wan port, the cable modem, and the SPAN port monitor belong to a different vlan.

*edit*
You may have to assign a port to the new vlan and then connect it into the router before being able to assign the ip address to the vlan. That's according to a webpage on cisco's web site when I was verifying everything.

 

[NickOlsen8390]

There are many routers that let you do this from the wan port on the router.
Another solution plug all your computers into the switch and have one port uplinking to the router. All though that is going to be non-masqueraded traffic. You could do that.

But I like the VLAN idea better ^