For all kinds of customers, what can they expect from Cisco in 2017? In the following article, Zeus Kerravala (the founder and principal analyst with ZK Research, and provides a mix of tactical advice to help his clients in the current business climate.) listed the main points that users and clients expect from Cisco in 2017.
- Cisco will take a chunk of the security market. The security market is easily the most fragmented of all of the IT submarkets. It’s currently a $75 billion market, with no single vendor having anywhere close to double-digit share. Cisco, in particular, has fumbled around in security for years with different initiatives and architectures that have been ineffective.
Times are different today. As I pointed out in an earlier post, Cisco has never been positioned better in the security industry, and the company is finally using its greatest asset—its dominance in the network—to create tangible differentiation. Look for 2017 to be the year it breaks away from the competition and takes a chunk of the security share.
- Cisco breaks away in collaboration. Collaboration at Cisco has had its ups and downs over the past few years, but the company now pointed in the right direction. Spark was launched as a Slack-like team collaboration tool, but in actuality, it’s much more than that. It’s a fully integrated cloud, hardware and software experience that can deliver seamless, easy-to-use experiences on a mobile phone, desktop or meeting room. Expect Cisco to continue to innovate around Spark and create its next wave of growth in collaboration.
- The data center gets a shot in the arm with an acquisition. The Unified Computing System (UCS) carried the data center business unit at Cisco for years. Recently, though, the growth of the product has slowed. In fact, this past quarter saw the data center revenue fall 3 percent.
UCS is a great product, but the compute industry is shifting to hyperconverged infrastructure (HCI). Cisco’s current offering, HyperFlex, is an OEM from SpringPath, and channel feedback has been that they would prefer Cisco to own the product rather than OEM it. The OEM allows Cisco to dip its toe in the water, and in 2017 Cisco will jump in with both feet by acquiring SpringPath, which will stimulate data center growth.
- Expect Cisco to focus on analytics. When one thinks of analytics, the name Cisco is rarely top of mind. However, analytics is becoming a core component of Cisco’s strategy. Not only is it at the core of the recently announced Tetration product, but it is also fundamental to the company’s differentiation in security, Internet of Things, network operations and collaboration. Expect to see Cisco do more analytics on more network data to differentiate its offering from the many smaller competitors that can’t match its footprint.
- Cisco will push its engineer base to learn new skills. Markets transition. That’s a fact. And when then do, the engineers who work with the technology need to change their skills. Most vendors don’t see the transition, won’t admit its happening or don’t want to upset their engineer base by forcing them to change. And that always ends up being a disaster.
Think of engineers who worked with mainframes, Token Ring, TDM voice, SNA and other trends. Most are gone, as are the vendors that sold the stuff.
One of Cisco’s competitive advantages is its huge base of engineers, many of whom are steeped in the way networking was done. Based on my discussions with Cisco executives, including Jeanne Dunn, who runs Cisco’s learning group, I believe Cisco wants to disrupt its engineer base and have them learn new skills—such as automation, data sciences, programming and business skills. Some won’t like the changes to the certification requirements, but the fact is Cisco engineers need to start developing skills for the digital era.
- Executive churn will slow down. Since Robbins took the helm, there has been a steady churn at the executive level, including Kelly Ahuja, Rob Soderberry and the famed “MPLS” group—just to name a few.
I believe Robbins’ team is set now. And while there might be the odd departure here and there, this is the team he’s going to run with.
One question I’ve been asked is if the company would replace the recently departed CTO Zorawar Biri Singh. I believe engineering is in the best hands they can be under the co-leadership of Rowan Trollope (IoT and applications) and David Goeckeler (networking and security), and the structure will stay as is. Get used to the faces at the top; they should be sticking around for a while.
One thing that will remain the same at Cisco is the company’s commitment to changing the world. Cisco’s former CEO, John Chambers, had a great desire to have Cisco make the world a better place. As I pointed out earlier this year, Robbins has picked up the Corporate Social Responsibility (CSR) ball and is running with it faster than ever.
The world is becoming increasingly digitized, and many of the digital enablers—such as IoT, cloud and mobility—are network centric. The coming year presents Cisco a great opportunity to flex its enormous networking muscles and move into the next wave of growth.
The original article from http://www.networkworld.com/article/3148784/lan-wan/what-to-expect-from-cisco-in-2017.html
More Cisco News and Reviews
In the book Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP (it was written by Omar Santos), the author shared more contents about the Design of Cisco ASA with FirePOWER Services.
Now in the following part we selected some chapters that were shared with you: Cisco ASA FirePOWER Management Options
There are several options available for network security administrators to manage the Cisco ASA FirePOWER module. The Cisco ASA FirePOWER module provides a basic command-line interface (CLI) for initial configuration and troubleshooting only. Network security administrators can configure security policies on the Cisco ASA FirePOWER module using either of these methods:
- Administrators can configure the Cisco Firepower Management Center hosted on a separate appliance or deployed as a virtual machine (VM).
- Administrators can configure the Cisco ASA FirePOWER module deployed on Cisco ASA 5506-X, 5508-X, and 5516-X using Cisco’s Adaptive Security Device Manager (ASDM).
Figure 1 shows a Cisco ASA with FirePOWER Services being managed by a Cisco Firepower Management Center (FMC) in a VM.
Cisco ASA with FirePOWER Services Managed by a Cisco Firepower Management Center
In Figure 1 the Cisco Firepower Management Center manages the Cisco ASA FirePOWER module via its management interface. The following section provides important information about configuring and accessing the Cisco ASA FirePOWER module management interface.
Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances
In the Cisco ASA 5585-X, the Cisco ASA FirePOWER module includes a separate management interface. All management traffic to and from the Cisco ASA FirePOWER module must enter and exit this management interface, and the management interface cannot be used as a data interface.
The Cisco ASA FirePOWER module needs Internet access to perform several operations, such as automated system software updates and threat intelligence updates. If the module is managed by the Firepower Management Center, the FMC is the one that needs to have Internet access to perform those tasks.
Figure 2 shows an example of how you can physically connect the Cisco ASA FirePOWER module management interface to be able to reach the Internet via the Cisco ASA interface.
Cisco ASA 5585-X FirePOWER Module Management Interface
In Figure 2, the Cisco ASA 5585-X has two modules:
- A module running Cisco ASA software
- A module running FirePOWER Services
The Cisco ASA is managed via the interface named management 0/0 in this example. This interface is configured with the IP address 192.168.1.1. The Cisco ASA FirePOWER module is managed via the interface named management 1/0, configured with the IP address 192.168.1.2. The Cisco ASA FirePOWER module is being managed by a virtual Cisco Firepower Management Center. Both interfaces are connected to a Layer 2 switch in this example.
NOTE: You can use other cabling options with the Cisco ASA FirePOWER module management interface to be able to reach the Internet, depending on how you want to connect your network. However, the example illustrated in Figure 4 is one of the most common scenarios.
In order for the Cisco ASA FirePOWER module management interface to have an Internet connection, the default gateway of the Cisco ASA FirePOWER module is set to the Cisco ASA management interface IP address (192.168.1.1 in this example). Figure 3 illustrates the logical connection between the Cisco ASA FirePOWER module management interface and the Cisco ASA management interface.
Cisco ASA FirePOWER Module Management Interface
Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances
In the rest of the Cisco 5500-X appliances, the management interface is shared by the Cisco ASA FirePOWER module and the classic Cisco ASA software. These appliances include the Cisco ASA 5506-X, 5506W-X, 5506H-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, and 5555-X appliances.
Figure 4 shows a Cisco ASA 5516-X running Cisco ASA FirePOWER Services.
Cisco ASA 5500-X FirePOWER Module Management Interface
In Figure 4, the management interface is used by the Cisco ASA FirePOWER module. The management interface is configured with the IP address 10.1.2.2. You cannot configure an IP address for this interface in the Cisco ASA configuration. For the ASA 5506-X, 5508-X, and 5516-X, the default configuration enables the preceding network deployment; the only change you need to make is to set the module IP address to be on the same network as the ASA inside interface and to configure the module gateway IP address. For other models, you must remove the ASA-configured name and IP address for management 0/0 or 1/1 and then configure the other interfaces as shown in Figure 5.
NOTE: The management interface is considered completely separate from the Cisco ASA, and routing must be configured accordingly.
The Cisco ASA FirePOWER module default gateway is configured to be the inside interface of the Cisco ASA (10.1.2.1), as illustrated in Figure 5.
Cisco ASA 5500-X FirePOWER Module Default Gateway
If you must configure the management interface separately from the inside interface, you can deploy a router or a Layer 3 switch between both interfaces, as shown in Figure 8. This option is less common, as you still need to manage the ASA via the inside interface.
Cisco ASA 5500-X FirePOWER Module Management Interface Connected to a Router
In Figure 6, the Cisco ASA FirePOWER module default gateway is the router labeled R1, with the IP address 10.1.2.1. The Cisco ASA’s inside interface is configured with the IP address 10.1.1.1. The Cisco ASA FirePOWER module must have a way to reach the inside interface of the ASA to allow for on-box ASDM management. On the other hand, if you are using FMC, the Cisco ASA FirePOWER module needs to have a way to reach the FMC.
The Cisco IP Phone 8800 Series is a big family that has 11 models.
Models in this Series
- IP Phone 8800 Key Expansion Module
- IP Phone 8811
- IP Phone 8841
- IP Phone 8845
- IP Phone 8851
- IP Phone 8861
- IP Phone 8865
- IP Phone 8865NR
- Unified IP Conference Phone 8831
- Wireless IP Phone 8821
- Wireless IP Phone 8821-EX
The Cisco Wireless IP Phone 8821 is a new member of 8800 Series. It is the a ruggedized, resilient, and secure 802.11 wireless LAN handset that delivers cost-effective, on-premises, comprehensive voice over wireless LAN (VoWLAN) communications for the highly mobile in-campus worker.
There is another 8821-EX. The EX model is also compliant with nonsparking standards, even when temporarily exposed to hazardous atmospheric environments. (ATEX Zone 1/Class 2 and CSA Zone 1/Division II compliant.)
- The 8821 is specifically designed for workers whose roles are in more rigorous, industrial settings. Examples of ideal use cases include nurses and doctors in healthcare, operations and engineering staff in manufacturing, customer service representatives in retail, service staff such as maids in hospitality, and workers on rigs in the oil and chemical industries.
- While the 8821 is sleek and lightweight, the design is hardened for users. It is Ingress Protection standard (IP67) rated and is sealed for protection against dust, splash and water. The device is also MIL-STD-810G tested, with a dozen drops onto concrete from heights of up to 6 feet (1.8 m), to help ensure shock resistance and avoid breakage if dropped.
- The 8821 enhances security and simplifies configuration management. Stronger encryption is supported for certificate management and policy enablement with the support of Secure Hash Algorithm 2 (SHA-2). Simple Certificate Enrollment Protocol (SCEP) eases IT administration by enabling automatic certificate management on the device.
- End users will enjoy a larger, higher-resolution color display and a user experience that is common with Cisco IP Phone 8800 Series desk phones. In addition, roaming between access points within the campus will support more seamless voice communications with the 8821’s support of Fast Transition (802.11r). This protocol was specifically designed for mobile voice over IP (VoIP) communications devices within Wi-Fi networks. Bluetooth is supported for the user’s choice of third-party wireless headsets and adds freedom by untethering the user from the handset.
- The 8821 supports Cisco and/or third-party XML applications such as push-to-talk.
A full suite of accessories, including desktop chargers, cases, holsters, and multicharger, are available from Cisco to support deployments.
Cisco Wireless IP Phone 8821Features
The Cisco Wireless IP Phone 8821 is designed for users in rigorous workspaces as well as general office environments. It supports a wide range of features for enhanced voice communications, quality of service (QoS), and security. Some of the main benefits and highlights are listed here:
● IEEE 802.11a/b/g/n/ac radio for VoWLAN communications support
● The large 2.4-inch (6 cm) color (240 x 320 pixels) display makes viewing easy
● IP67 rated for protection against dust, splash, and water
● MIL-STD-810G standard for shock resistance
● The phone offers exceptional voice quality with high-definition (HD) voice
● A built-in full-duplex speakerphone offers high-quality hands-free communications
● The phone supports third-party Bluetooth 3.0 headsets and a 3.5-mm headphone jack for added freedom
● The Applications key provides direct access to XML applications such as push-to-talk and Lone Worker
● Battery life delivers a minimum of 13 hours of talk time
● Enhanced encryption support for SHA-1 and SHA-2 signatures
● Fast, secure roaming using 802.11r and Cisco Centralized Key Management roaming
● Automatic certificate renewal –SCEP support
Specifications of Cisco Wireless IP Phone 8821 at a Glance
2.4-in (6 cm) color graphical TFT
Yes; full duplex
WLAN networking protocols
802.11a,b,g, n, ac
Battery rechargeable / talk time
Yes; talk time: 13 hours; standby: 240 hours
Extensible Markup Language (XML)
Desktop and multi-chargers, belt clips, handset cases, lanyards, holsters
The Main Cisco IP Phone 8800 Models-Major Features
Cisco Intelligent Proximity
To use the phone, the phone needs to be connected to a network and configured to connect to a call control system. The phones support many functions and features, depending on the call control system. Your phone might not have all functions available, based on the way your administrator has set up the phone.
The Cisco industrial router portfolio includes a range of compact, ruggedized modular products to build a highly secure, reliable, and scalable loT infrastructure. These products are certified to meet harsh environmental standards. They support a variety of communications interfaces, such as Ethernet, serial, fiber, cellular, Wi-Fi, Wi-SUN RF mesh, and others.
The Cisco Industrial Router Portfolio
The complete line of industrial routers includes:
Cisco 1000 Series Connected Grid Routers: Rugged routers designed for harsh environments, like those found in the utilities industry. Ideal for integrating multiple applications, such as advanced metering infrastructure (AMI), distribution automation, distributed energy resources (DER), street lighting, and remote workforce automation within a multi-service network.
Cisco 2000 Series Connected Grid Routers: Highly secure, reliable routers for the energy and utilities industries ideal for SCADA monitoring of transmission and distribution systems.
Cisco ASR 903 Aggregation Services Routers: Full-featured, modular, small-footprint, and fully redundant aggregation routers. They offer service flexibility and deliver Layer 2, IP, and Multiprotocol Label Switching (MPLS) transport for advanced Layer 2 VPN, Layer 3 VPN, and multicast services.
Cisco 500 Series WPAN Industrial Routers: Wi-SUN RF Mesh ruggedized routers provide unlicensed 915-MHz, ISM-band wireless personal-area network (WPAN) communications that enables IoT applications, including smart metering, distribution automation, street lighting, and remote supervisory control and data acquisition (SCADA) monitoring.
Cisco 809 Industrial Integrated Services Routers: Very compact cellular (3G and 4G/LTE) industrial routers for remote deployment in various industries. They enable reliable and secure cellular connectivity for remote asset monitoring and machine-to-machine (M2M) applications such as distribution automation, pipeline monitoring, and roadside infrastructure monitoring.
Cisco 819 Integrated Services Routers: Compact, hardened form factor, cellular (3G, WLAN, or 4G options) routers that allow businesses to deploy secure 3G WWAN loT applications, like ATMs, wireless kiosks, digital signage, and more.
Cisco 829 Industrial Integrated Services Routers: Highly ruggedized compact cellular (3G and 4G LTE with GPS and dual SIM) and WLAN (2.4/5GHz) industrial routers supporting for scalable, reliable, and secure management of IoT applications requiring mobile connectivity such as fleet vehicles and mass transit.
The Cisco IR 829 dual LTE offers multipath LTE and/or WAN backhaul for mission-critical IoT initiatives requiring highly secure data delivery, edge application execution and redundant connectivity.
Cisco 910 Industrial Router: Highly adaptable routers that you can easily integrate with third-party solutions to deliver smart city applications, such as environmental monitoring, smart parking, smart metering, and more.
Capabilities for Rugged, Industrial Settings
We designed the Cisco industrial routers to withstand harsh operating environments and to offer high-performance, secure connectivity of scale. Key features include:
• Design for industrial applications, including extended environmental, shock, vibration, and surge ratings; a complete set of power input options; convection cooling; and DIN rail, 19-inch rack or wall mounting.
• Advanced security such as Dynamic Multipoint VPN, stateful firewall, and access control lists to provide multi-layered security architecture.
• Diverse modular interfaces (Ethernet, T1/E1, 3G and 4G LTE cellular, asynch/synch, serial, and others) for diverse infrastructure needs.
• Advanced quality-of-service (QoS) capabilities to support mission-critical communications, such as command and control.
• Cisco IOx, an open, extensible environment for executing IoT applications at the network edge.
• Simple management and operation using network management tools such as IoT Field Network Director and Industrial Operations Kit.
Extend the role of the router to an application delivery platform with Cisco Integrated Services Router Generation 2 and Cisco ASR 1000 Series Aggregation Services Routers with Application Experience (AX).
This integrated solution includes Cisco Application Visibility and Control and Cisco Wide Area Application Services.
AX provides application services that:
- Deliver business applications faster
- Reduce bandwidth costs and latency by more than 50 percent
- Simplify IT management
In addition, Cisco AX:
- Delivers exceptional user experiences by meeting application-specific requirements
- Helps securely connect users to applications deployed anywhere at scale
- Provides application-level visibility and control of all passing traffic without probes
- Validates application response time and network readiness
Cisco AX offers a powerful suite of application services at up to 30 percent lower cost than standalone WAN optimization appliances. It also provides more capabilities, such as:
- Networkwide visibility to over 1000 applications
- Granular control on application prioritization and path control
- Enterprise-class optimization that increases application performance up to 70 percent
- Industry-leading security services, including VPN and threat defense
With the option to add Cisco UCS E-Series server blades and Cisco Cloud Connectors to Cisco ISR-AX, you can build a complete virtualized application platform in one branch router.
And Cisco ISR-AX includes:
- Cisco Application Visibility and Control (AVC), with NBAR2, QoS, and PfR
- WAN optimization - Cisco Wide Area Application Services (WAAS)
- Security, including firewall, IP Security (IPsec) and SSL VPN
- Cisco Services-Ready Engine (SRE) Modules or Max RAM (optional: UCS E-Series)
The Cisco ASR1000-AX is available on the ASR 1000 Series and includes:
- Cisco Application Visibility and Control (AVC), with NBAR2, QoS, and PfR
- WAN optimization - Cisco Virtual Wide Area Application Services (vWAAS) and Cisco AppNav
- Security, including firewall, IP Security (IPsec) and SSL VPN
- 5 Gbps Performance
Designed for smart buildings and optimized for low-voltage PoE, the new Catalyst Digital Building plenum-rated UPOE fan-less switches combine lighting, air conditioning, security systems, and more on one IP network with seamless security and easy installation and management.
Cisco Catalyst Digital Building Series Switch Highlights
● 8 fast Ethernet ports and 2 gigabit copper uplink ports, with line-rate forwarding performance
● Universal Power over Ethernet (Cisco UPOE) and Power over Ethernet Plus (PoE+) support with up to 480W of power budget.
● Support for Layer 2 features, optimized for robust connectivity to lighting and other building IoT devices.
● Silent operation due to fanless design, which enhances reliability
● Enhanced Limited Lifetime Warranty (E-LLW)
Cisco Catalyst Digital Building Series Switch Models and Default Software
The Cisco Catalyst Digital Building Switches are available in two switch models. They vary by the output power/port supported by the model. One model supports Power over Ethernet Plus (PoE+), which guarantees 30W/port of power. The other model supports Universal Power over Ethernet (UPOE), which guarantees double the power, 60W/port.
8 x 10/100 Fast Ethernet UPOE
2 x 10/100/1000
8 x 10/100 Fast Ethernet PoE+
2 x 10/100/1000
Embrace Efficiency and Lower Costs with Cisco Digital Building Series
The Cisco Catalyst Digital Building Series Switches are industry’s first ever purpose-built switch designed for low-voltage LED lighting and digital building systems. The switch can be used to power devices and applications with Cisco’s perpetual and fast Universal Power over Ethernet (UPOE) technologies, delivering up to 60W/port.
The Cisco Catalyst Digital Building Series Switch offers several benefits that no other competitive switch in the market does:
• Flexible deployment with semiruggedized, plenum-rated, UL-certified fanless features, multiple powering options, and support for mobile apps for easy deployment
• <0.5W power consumption on standby, Uninterrupted power during reboots and rapid power restoration under 5 seconds after power resumption
• High security and reliability with long-lasting 10+ year system life and threat sensing and mitigation when used with Catalyst 3850 upstream switches.
• Functional interoperability with CoAP proxy support, a lightweight protocol for constrained devices: lights, VAV systems, digital signage, sensors, and so on.
In a Cisco Mobility Express network, Access Point (AP) running the wireless controller function is designated as the Master AP. The other Access Points which are managed by this Master APare referred as Subordinate APs.
NOTE: In this article, Mobility Express refers to the Cisco 1800 series Access Point which supports the controller functionality. It is referred to as Master AP.
The Master AP has two roles:
1. It functions and operates as a wireless LAN controller to manage and control the Subordinate APs. The Subordinate APs operates as lightweight access points to serve clients.
2. Master AP operates as an Access Point to serve clients
Supported Cisco Aironet Access Points
Access Points which support the Mobility Express controller function capability are listed in the following table:
Table3: Access Points supporting Mobility Access (Master APs)
Access Points supported as Master AP
Supported Model Numbers
Cisco Aironet 1850 Series
Cisco Aironet 1830 Series
1. The model numbers that contain-UX support the universal regulatory domain.
2. The model numbers that contain -x- is a placeholder for the actual letter indicating the model's regulatory domain.
The Access Points which operate as subordinate APs are listed in the following table:
Table 4: Access Points supported as Subordinates
Access Points supported as Subordinate APs
Supported Model Numbers
Cisco Aironet 700i Series
• AIR-CAP702I- x-K9
Cisco Aironet 700w Series
• AIR-CAP702W- x-K9
Cisco Aironet 1600 Series
Cisco Aironet 1700 Series
• AIR-CAP1702I- x-K9
Cisco Aironet 1800 Series
Cisco Aironet 2600 Series
Cisco Aironet 2700 Series
Cisco Aironet 3600 Series
Cisco Aironet 3700 Series
How to Deploy Your Mobility Express?
In three easy steps, set up an enterprise-class WLAN in a small or medium-sized business. Or get industry-leading functionality, including guest access and RF parameter optimization, with our advanced settings. The choice is yours.
- Set up: Wirelessly connect to the Aironet 802.11ac Wave 2 access point using any laptop, smartphone, or tablet.
- Configure: From a web browser or Cisco wireless app, use the setup wizard to enable multiple APs simultaneously.
- Operate: Wirelessly access the management dashboard to operate, monitor, and troubleshoot your network.
More Detailed STEPS & Examples of Cisco Mobility Express Guide
The Cisco 2800 and 3800 Series Access Points target customers requiring support for mission-critical and best in class applications.
The 2800/3800 embodies ClientLink 4.0, an innovative antenna technology comprising four transmit radios and four receive radios called 4x4 in a Multiple Input Multiple Output (MIMO) configuration and supporting three spatial streams (3SS), together referenced as 4x4:3. Using this type of antenna system along with additional Modulation Coding Scheme (MCS) rates supporting up to 256 QAM and up to 160 MHz channel bonding, rates of up to 5 Gbps can be supported.
ClientLink 4.0 uses these features along with an additional antenna (N+1) to allow for beam-forming for all 802.11a/g/n/ac and now ac Wave-2 clients including those supporting 3 spatial streams.
MultiGigabit Ethernet, also known as MGig or NBaseT, provides multiple gigabit uplink speeds of 2.5 Gbps and 5 Gbps in addition to 100-Mbps and 1-Gbps speeds. All speeds are supported on Category 5e cabling for an industry first, as well as 10GBASE-T cabling. This is huge achievement which can result in significant cost savings for large campus network. No longer are you constrained to 1Gbps, nor do you have to worry about running new cabling in order to support the new speeds.
Cisco Catalyst Multigigabit technology solves these challenges on their newer Catalyst 3850, 4500E and 3560-CX switches, with the 3800 Series access point taking full advantage of the single-wire MGig connection. This is an incredibly important consideration for 802.11ac Wave 2 implementations, and should be reviewed before any deployment.
Peter Jones, Principle Engineer with Cisco and NBASE-T Alliance chair, gave an impressive presentation at TFDX earlier this year, detailing the technical achievements engineered to overcome this obstacle of capacity.
Expansion Module Slot
The 3800 Series AP sports a module port for future expandability. Physical modules can be fitted for value-adds like advanced security or hyperlocation technologies.
Cisco announced the end-of-sale Cisco Small Business 300 Series Managed Switches (Select Models). The last day to order the affected product(s) is May 31, 2017. Customers will continue to receive phone support from the Cisco Small Business Support Center (SBSC) as shown in Table1 of the EoL bulletin.
- Table1 describes the end-of-life milestones, definitions, and dates for the affected product(s).
- Table2 lists the product part numbers affected by this announcement. For customers with active product warranties, support will be available as stated in the product warranty terms and conditions.
Table1. End-of-Life Milestones and Dates for the Cisco Small Business 300 Series Managed Switches (Select Models)
End-of-Life Announcement Date
The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public.
March 1, 2017
The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.
May 31, 2017
End of Phone Support:
The last date to receive phone support as part of the product warranty. After this date, all phone support services for the product are available with additional charges or support fees. In some cases, support may not be available.
May 31, 2018
Last Ship Date:
The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.
August 29, 2017
End of SW Maintenance Releases Date:
The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.
May 31, 2018
Last Date of Support:
The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete**. Warranty duration is based on product ship dates; refer to warranty terms and conditions for details.
May 31, 2022
HW=Hardware OS SW=Operating System Software App. SW=Application Software
Table2. Product Part Numbers Affected by This Announcement
End-of-Sale Product Part Number
Replacement Product Part Number
Replacement Product Description
SF300-24MP 24-port 10/100 Max PoE Managed Switch
SG300-28MP 28-port Gigabit Max-PoE Managed Switch
SF300-24MP 24-port 10/100 Max PoE Managed Switch
SG300-28MP 28-port Gigabit Max-PoE Managed Switch
SF302-08MPP 8-port 10/100 Max PoE+ Managed Switch
SG300-10MPP 10-port Gigabit Max PoE+ Managed Switch
SG300-28SFP 28-port Gigabit SFP Managed Switch
Cisco SG550XG-24F 24-Port 10G SFP+ Stackable Managed Switch
SF 300-08 8-port 10/100 Managed Switch
SG300-10 10-port Gigabit Managed Switch
SF 302-08 8-port 10/100 Managed Switch with Gigabit Uplinks
SG 300-10 10-port Gigabit Managed Switch
SF 300-48 48-port 10/100 Managed Switch with Gigabit Uplinks
Cisco SF350-48 48-port 10/100 Managed Switch
Product Migration Options: Service prices for Cisco products are subject to change after the product End-of-Sale date. The Cisco Takeback and Recycle program helps businesses properly dispose of surplus products that have reached their end of useful life. The program is open to all business users of Cisco equipment and its associated brands and subsidiaries. For more information, go to: http://www.cisco.com/web/about/ac227/ac228/ac231/about_cisco_takeback_recycling.html.
For More Information
For more information about the Cisco End-of-Life Policy, go to:
**For more information about the Cisco Product Warranties, go to:
To subscribe to receive end-of-life/end-of-sale information, go to:
EoL and EoS News from
More Cisco EoL and EoS News you can read here:
When your enterprises or organization are going to choose the Cisco ASR 1000 Series, you should know these Cisco ASR 1000 Series Enterprise and Service Provider Applications.
Cisco ASR 1000 Series routers sit at the edge of your enterprise data center or large office connecting to the WAN, as well as in service provider points of presence (POPs). The Cisco ASR 1000 Series will benefit the following types of customers:
- Enterprises experiencing explosive network traffic as mobility, cloud networking, and video and collaboration usage increase: Cisco ASRs consolidate these various traffic streams and apply traffic management and redundancy properties to them to maintain consistent performance among enterprise sites and cloud locations.
- Network service providers needing to deliver high-performance services, such as DCI and branch-office server aggregation, to business customers: Service providers can also use the multiservice routers to deploy hosted and managed services to business and multimedia services to residential customers.
- Existing Cisco 7200 Series Router (end-of-sale) customers looking for simple migration to a new multiservice platform that delivers greater performance with the same design.
Tables2 and Table3 describe enterprise and service provider application examples, respectively.
Table2. Cisco ASR 1000 Series Enterprise Applications
WAN edge: Guarantee high-priority applications by creating a virtual “glass ceiling” for lower-priority applications. Improve user experiences.
● Applies Modular QoS CLI (MQC) policies on VLANs or tunnels
● Limits an arbitrary collection of low‑priority traffic to a certain bandwidth
● Classifies based on differentiated services code point (DSCP), Network-Based Application Recognition (NBAR), and Cisco IOS Cisco IOS FPM (FPM) into numerous hierarchies, one for high priority and one for low priority
● Implements flexible hierarchies
● Supports 464,000 queues
● Allows all queues to have a minimum, maximum, and excess bandwidth with priority propagation
Multiservice, scalable, and secure headend:
IP Security (IPsec) VPN aggregation scales to meet the new bandwidth demands of service provider IP VPNs.
● Reduces capital expenditures (CapEx) and operating expenses (OpEx) by migrating and consolidating to fewer Cisco ASR 1000 Series Routers
● Protects investment through easy transition to much higher encryption support, offering encryption support of up to 78 Gbps with the 200-Gbps Cisco ASR 1000 Series ESP (ASR1000-ESP200)
● Offers easier management through embedded security services in the Cisco Flow Processor, with no additional service modules or blades required
● Optimized for QoS and IP Multicast applications
● Supports thousands of sites
● Supports 8,000 IPsec tunnels
● Offers up to 78-Gbps encryption performance and up to 200-Gbps noncryptographic throughput support with the Cisco ASR 1000 Series 200-Gbps Embedded Services Processor
Embedded high-speed firewall:
With the Zone-Based Policy Firewall, the Cisco ASR 1000 Series acts as an implicit and complete barrier between any interfaces not members of the same zone. An explicit zone-pair policy must be specified (using Cisco Policy Language; that is, MQC) in each direction between each zone pair. The policy establishes within the router the kind of stateful inspection (Layer 4, Layer 7, or application) and session parameters to apply to each zone pairing.
Example: An explicit policy allowing HTTP and Domain Name System (DNS) to traverse the Internet-demilitarized zone (DMZ) zone boundary would be required.
● The firewall is embedded in the Cisco Flow Processor; no additional service blades or modules are required.
● Multiple gigabits of bandwidth are routed while at the same time the router performs Zone‑Based Policy Firewall and other baseline features such as QoS, IPv4, IPv6, NetFlow, and others.
● The Cisco ASR 1000 Series provides logging of all firewall session states off to network management applications capable of accepting relatively huge amounts of flow data. Third-party applications can handle the session data.
● Provides firewall performance of 2.5 to 200 Gbps, depending on the ESP used
● Offers high-speed logging of 40,000 sessions per second with NetFlow Version 9
Managed CPE: This implementation of branch-office architecture offers powerful investment protection with services and scale.
● Managed customer premises equipment (CPE) helps branch offices route correctly over various types of Ethernet to comply with service-level agreements (SLAs).
● This application encrypts multiple gigabits of bandwidth without any additional service blades or modules.
● Managed CPE optimizes the WAN to route around brownouts in the service provider network to further guarantee mission-critical applications.
● This application offers small form factors (1 rack unit [1RU] for the Cisco ASR 1001-X and ASR 1001-HX and 2RUs for the Cisco ASR 1002-HX and ASR 1002-X Routers), including software modularity and ISSU.
● Note: ISSU is not supported on Cisco ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1002-X, or ASR 1004. Managed CPE offers accessibility even when the Cisco IOS Software is down.
● Offers first-in-industry software redundancy support, without any additional hardware module, on Cisco ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1002-X, and ASR 1004; hardware redundancy and ISSU are supported on the Cisco ASR 1006 and ASR 1013.
● Offers powerful firewall and NAT performance of 2.5 to 200 Gbps and 1.8- to 78-Gbps encryption support in addition to WAN optimization and voice features
Table3. Cisco ASR 1000 Series Service Provider Applications
Broadband L2TP Access Concentrator (LAC) or L2TP Network Server (LNS):
The solution offers Layer 2 Tunneling Protocol (L2TP) endpoint-to-tunnel
● The application is ideal for triple-play (data, voice, and video) wholesale deployments.
● It offers integral service delivery.
● Per-user firewall, session border controller (SBC), etc. are supported.
● Provides very high scalability of up to 64,000 subscribers and up to 16,000 tunnels
Service provider edge: Layer 3 VPN (L3VPN) provider edge:
Example: You can deploy the solution at the distributed provider edge or provider edge in global VPN networks for bandwidth demands such as asymmetric DSL (ADSL), T1/E1, STM-1, STM-4, Fast Ethernet, Gigabit Ethernet, etc.
● The application provides integral services in the Cisco Flow Processor.
● It provides encryption, FPM, NBAR, SBC, IP Multicast, etc.
● Offers excellent multicast performance
● Scales to 8,000 Virtual Route Forwarding (VRF) instances, 1 million Label Distribution Protocol (LDP) labels, and 4,000 access control lists (ACLs)
● Supports up to 4 million IPv4 routes
● Supports up to 4 million IPv6 routes
Service provider edge: High-end route reflector:
You can use the solution as a route reflector for bandwidth support of 40 Gbps.
● The application provides high scalability.
● It offers a modular design of the route processor and ESP with hardware and software redundancy.
● Scales up to 29 million IPv4 routes
● Supports 64,000 Layer 3 adjacencies
Next-generation voice and multimedia example: Cisco Unified Border Element Enterprise Edition (ENT Edition):
The SBC application (named Cisco Unified Border Element [ENT Edition]) performs the voice and video gateway functions simultaneously with regular IP data services. No appliance or additional service blade is required. The control protocols and media protocols work transparently within a complex voice architecture. For more information, refer to the CUBE data sheet at http://www.cisco.com/go/cube.
● Secure and authenticated Session Initiation Protocol (SIP) trunk connections enable service providers to offer real-time voice and video services.
● The WAN edge is simpler to manage because there is only one egress and one ingress point for access to Internet or service provider services.
● The control plane is separated from the data-forwarding plane, so the signaling and control processes are separate from media processing.
● The CUBE SBC application can be used for SIP trunk video and/or audio services provided by service providers or for Internet-accessible SIP line-side services to Cisco Unified Communications Manager.
● Facilitates SBC with security, QoS, IPv4, and IPv6 (IP Unicast and IP Multicast simultaneously)
● Supports 16,000 simultaneous voice calls and multimedia data of up to 200 Gbps with accounting, firewall, and call quality enabled
● Integrated with inbox high-availability infrastructure and Dynamic Host Configuration Protocol (DHCP) Relay