Posts with #cisco routers tag
Designed to help branch and remote offices do more with less, the Cisco 4000 Series also can be ordered as prepackaged bundled systems for deploying advanced technologies, such as security, unified communications, and application services in the branch office. So in the following part we will talk about the main ordering information of Security Bundles, AX Bundles, and AXV Bundles.
Cisco router security bundles deliver powerful security features, such as Cisco IOS Software Zone-Based Firewall, VPN, and infrastructure security services over numerous WAN access technologies, providing high levels of performance, scalability, and availability to meet today's growing business requirements. The following Table lists the security bundle for the Cisco 4000 Series ISRs that ship with the Security technology license activated and the advanced security features available for use. By default, this bundle ships with the universal Cisco IOS Software image that supports payload cryptography.
Security Bundle for Cisco 4000 Series ISRs (Includes universalk9 Image and Security License)
Cisco ISR 4431 Security Bundle w/SEC license
CON-SNT-CISCO 4431 ISRCISCO 4431 ISRS
Cisco ISR 4351 Security Bundle w/SEC license
Cisco ISR 4331 Security Bundle w/SEC license
Cisco ISR 4321 Security Bundle w/SEC license
* 8x5xNBD service is delivered 8 hours a day, 5 days a week (weekdays), by next business day.
The Cisco 4000 Series ISR voice bundles enable unified communications through a comprehensive signaling and media-processing infrastructure. It includes a variety of protocols, media interworking, signal and media security, transcoding, conferencing, and quality-of-service (QoS) capabilities. You can order these bundles with optional licenses for SRST.
The Unified Communications bundles (except ISR 4321) include the new Cisco Packet Voice DSP Module 4 (PVDM4), which has been optimized for concurrent voice support. The PVDM4 modules support all voice gateway functions of earlier generations of PVDMs.
The table below lists the voice bundle for Cisco 4000 routers that comes with PVDM4, UC technology license, and the unified communications features available for use. By default, this bundle ships with the universal Cisco IOS Software image that supports payload cryptography.
Unified Communications (UC) Bundles for the Cisco 4000 Series ISR Family (Includes universalk9 image, Unified Communications License, and Cisco PVDM4)
Cisco ISR 4431 UC Bundle, PVDM4-64, UC License
Cisco ISR 4351 UC Bundle, PVDM4-64, UC License
Cisco ISR 4331 UC Bundle, PVDM4-32, UC License
Cisco ISR 4321 UC Bundle, UC License
* 8x5xNBD service is delivered 8 hours a day, 5 days a week (weekdays), by next business day.
The bundles ship with a UC and Security (SEC) technology license and unified communications features available for use. By default, the bundles ship with the universal Cisco IOS Software image that supports payload cryptography.
Voice Security Bundles for Cisco 4000 ISR Family Routers (Include universalk9 image, UC and SEC License, and Cisco PVDM4)
Cisco ISR 4431 Voice Sec. Bundle, PVDM4-64 w/ UC and SEC License PAK
Cisco ISR 4351 VSEC Bundle, PVDM4-64 w/ UC, SEC Lic, CUBE-25
Cisco ISR 4331 VSEC Bundle, PVDM4-32 w/ UC, SEC Lic, CUBE-10
Cisco ISR 4321 VSEC Bundle, w/ UC, SEC Lic, CUBE-10
* 8x5xNBD service is delivered 8 hours a day, 5 days a week (weekdays), by next business day.
Information about the Cisco 4000 Series ISR Application Experience Bundle is available in the Cisco Application Experience (AX) ordering guide.
Cisco router AX bundles deliver a combination of security features along with Cisco Wide Area Application Services (WAAS) features. The security features include the Cisco IOS Software Zone-Based Firewall, VPN, and infrastructure security services over numerous WAN access technologies. The WAAS features include Application Visibility and Control (AVC), Cisco Performance Routing (PFRv3), and application optimization. The Table below lists the AX bundle for Cisco 4000 Series ISRs that comes with the security technology and the WAAS license activated. By default, this bundle ships with the universal Cisco IOS Software image that supports payload cryptography.
AX Bundle for Cisco 4000 (Includes universalk9 Image, WAAS, and Security License)
Technical Service Part Number
Cisco ISR 4451 AX Bundle w/APP, SEC license
Cisco ISR 4431 AX Bundle w/APP, SEC license
Cisco ISR 4351 AX Bundle w/APP, SEC license
Cisco ISR 4331 AX Bundle w/APP, SEC license
Cisco ISR 4321 AX Bundle w/APP, SEC license
* 8x5xNBD service is delivered 8 hours a day, 5 days a week (weekdays), by next business day.
Cisco router AXV bundles deliver a combination of security features along with Cisco Unified Communications (UC) and Cisco WAAS. The security features include the Cisco IOS Software Zone-Based Firewall, VPN, and infrastructure security services over numerous WAN access technologies, offering high levels of performance, scalability, and availability to meet today's growing business requirements. The WAAS features include Application Visibility and Control (AVC), Cisco Performance Routing (PFRv3) and application optimization. The bundles also ship with a UC technology license, and unified communications features available for use.
The following table lists the AXV bundle for the Cisco 4000 Routers that come with the security, UC, and WAAS licenses activated. By default, this bundle ships with the universal Cisco IOS Software image that supports payload cryptography.
AXV Bundle for Cisco 4000 Series ISRs (Includes universalk9 Image, WAAS, and SEC License)
Technical Service Part Number
Cisco ISR 4451 AXV Bundle w/APP, UC, PVDM4-64, SEC license
Cisco ISR 4431 AXV Bundle w/APP, UC, PVDM4-64, SEC license
Cisco ISR 4351 AXV Bundle w/APP, UC, PVDM4-64, SEC license
Cisco ISR 4331 AXV Bundle w/APP, UC, PVDM4-32, SEC license
Cisco ISR 4321 AXV Bundle w/APP, UC, SEC license
* 8x5xNBD service is delivered 8 hours a day, 5 days a week (weekdays), by next business day.
Cisco and Partner Services for the Branch Office
Transform the branch-office experience and accelerate business innovation and growth using intelligent, personalized services from Cisco and our partners. We have the depth and breadth of expertise to create a clear, replicable, optimized branch-office footprint across technologies. Planning and design services align technology with business goals and can increase the accuracy, speed, and efficiency of deployment. Technical services help improve operational efficiency, save money, and mitigate risk. Optimization services are designed to continuously improve performance and help your team succeed with new technologies.
● Cisco SMARTnet Services provide comprehensive technical support services for the Cisco 4000 Series ISRs (both base systems and bundled systems), Cisco IOS Software and feature licenses, and modules that include the Cisco Unified Computing System™ (Cisco UCS®) E-Series Module. Cisco SMARTnet Services include advance hardware replacement, OS updates, online tools and resources, and Cisco Technical Assistance Center (TAC) support.
● Cisco Application Support plus Upgrades (SASU) provides technical support services, including updates and upgrades for any Cisco software application running on the Cisco UCS E-Series Module.
The Cisco technical services use cases that match the system you buy.
If You Buy a Cisco 4000 Base or Bundled System with:
Cisco SMARTnet Service
Although most of Cisco 800 Series models were end of life and end of sale, it is still popular among Cisco users who need do CCNA exercise and set up a network for the branch office. The Cisco 800 Series ISRs come in various fixed configurations and deliver a consistent experience to suit heterogeneous deployment scenarios, feature requirements, performance levels and use cases.
Cisco 800 Series ISRs are available in a wide variety of performance, price, and feature tiers. The 800 Series ISR can meet almost any requirement.
Specifications at a Glance, Cisco 800 Series ISRs
860 Series (Entry-Level Fixed ISR)
880 Series (Flagship Fixed ISR)
890 Series (Premium Fixed ISR)
810 Series (Smallest Cisco Fixed ISR)
Cisco 800 Series ISR solutions are ideal for small branch offices needing voice connectivity delivered by managed-service providers.
In this article, we will compare the three Cisco 800 Series: Cisco 812, Cisco 819 and Cisco 860VAE. More features and highlights will be seen through the comparison of Cisco 800 Series.
More Related Cisco 800 Series Comparison
In this article we will introduce the new Cisco 4451-X Integrated Services Router, which builds on the concept of the truly Application Experience router by integrating multiple services into a single platform that can provide all the services a typical branch office needs. The services include increased capacities for routing, switching, unified collaboration, security, WAN acceleration, application optimization and Application Visibility and Control (AVC). At the same time, the new routers are designed for expansion that can deliver increased performance and capabilities over time without the need for expensive system upgrades or hardware as remote sites grow.
So what are the main features of Cisco 4451-X isr, benefits, capabilities, specs, software, modules, etc.? We will list more questions about Cisco 4451-X series, you can check the main points that you want to get…
Q and A: Cisco 4451-X Integrated Services Router
Q. What are the key new features and changes that are being introduced in the Cisco 4451-X?
A. The Cisco 4451-X offers:
● Default forwarding bandwidth of 1 Gbps upgradable to 2 Gbps with a software-activated upgrade license
● The ability to house three network interface modules (NIMs) and two enhanced service modules (SM-Xs)
Q. Where do I position the Cisco 4451-X in comparison to the Cisco 3900 Series and Cisco ASR 1000 Series Aggregation Services Routers?
A. The Cisco 4451-X is positioned for high-end enterprise branch offices or enterprise headend where there is a performance requirement of 1 to 2 Gbps with services. Performancewise the Cisco 4451-X is positioned between the Cisco 3945E ISR and the Cisco ASR 1001.
Q. What software is the Cisco 4451-X capable of running?
A. The Cisco 4451-X Series runs the Cisco IOS ® XE Software. The initial version of software release will be the Cisco IOS XE Software Release 3.9.1 for the Cisco 4451-X.
Q. Does the Cisco 4451-X run a similar software release as the Cisco ASR 1000?
A. Yes. The Cisco 4451-X is similar to the Cisco ASR 1000 in terms of the software release that it runs on the system.
Q. Are the Cisco ASR 1000 Shared Port Adapter (SPA) cards supported on the Cisco 4451-X?
A. No. SPAs are not compatible with the Cisco 4451-X.
Q. Can the NIMs or service modules available on the Cisco 4451-X work on the Cisco ASR 1000?
A. Neither NIMs nor service modules will work with the Cisco ASR 1000 Series.
Q. Can I use the enhanced high-speed WAN interface cards (EHWICs) available on the Cisco 1900, 2900, and 3900 Series ISRs on the Cisco 4451-X?
A. EHWIC modules available on the Cisco Integrated Services Routers Generation 2 (ISR G2) routers will not work with the Cisco 4451-X. The Cisco 4451-X is targeted at high-end branch-office environments, making most EHWICs unapplicable. Also, the newer NIM architecture allows for faster, more capable modules on a high-end platform.
Q. Can I use the NIMs on the Cisco 1900, 2900, and 3900 Series ISRs?
A. No. NIMs are designed for a newer architecture and will not work on the Cisco 1900, 2900, and 3900 Series Routers.
Q. Can I use the Cisco Unified Computing System ™ (Cisco UCS ®) E-Series Service Modules available on the Cisco 2900 and 3900 Series ISRs on the Cisco 4451-X?
A. Yes, the Cisco UCS E-Series Modules are supported on the Cisco 4451-X.
Q. Can I use the Cisco Enhanced Service T3/E3 module (SM-X-1T3/E3) available on the Cisco 2900 and 3900 Series ISRs on the Cisco 4451-X?
A. Yes, the Cisco Enhanced Service T3/E3 module SM-X-1T3/E3is supported on the Cisco 4451-X.
Q. What memory upgrade options are available on the Cisco 4451-X?
A. The Cisco 4451-X has separate data and control-plane memory. The control-plane memory comes as 4 GB default, upgradable to 16 GB. The data-plane memory comes as 2 GB default and is not upgradable today.
Q. How many dual inline memory modules (DIMMs) does the Cisco 4451-X have?
A. The Cisco 4451-X has three DIMM slots. Two slots are used for control-plane and one slot for data-plane memory.
Q. In the case of control-plane memory, can I put, say, a 4-GB DIMM in one slot and a 2-GB DIMM in the other slot?
A. No. Like the Cisco 3900 Series, the Cisco 4451-X expects both the DIMM slots to have the same size of memory; that is, either 4-GB memory in both slots, making the control-plane memory size total 8 GB, or 2-GB memory in both slots, making the control-plane memory size total 4 GB. This setup is necessary because these platforms interleave memory devices for faster access.
Q. Do all four ports with both RJ-45 and Small Form-Factor Pluggable (SFP) FPGE connections support failover?
A. No. The four front-panel GigabitEthernet ports do not support auto failover. The default media-type is RJ-45 and the user has to manually change the media-type to SFP so that the SFP connection comes up.
Q. Is MDI crossover (MDI-X) supported on the four onboard RJ-45 Ethernet interfaces?
Q. What type of backplane is used between components in the Cisco 4451-X?
A. The Cisco 4451-X uses the Multigigabit Fabric (MGF) for Layer 2 connectivity between the modules. The MGF can provide either 2 Gbps to all NIM slots or up to 10 Gbps to all SM-X slots. The MGF is completely nonblocking and can forward in excess of 50 Gbps.
Q. What power cables work with the Cisco 4451-X?
A. All power-supply options for the Cisco 4451-X use a standard IEC C13 connector. No special IEC C15 cord is necessary for the Power over Ethernet (PoE) power supply, unlike the Cisco 3900 Series because higher-efficiency power supplies (85 percent) are used in the Cisco 4451-X. This cord thus helps lower the maximum current these power supplies can draw.
Q. Are the Cisco 4451-X power supplies field replaceable units (FRUs)?
A. Yes. The power supplies can be replaced in the field.
Q. Are the Cisco 4451-X power supplies hot-swappable?
A. Yes. You do not need to power down the chassis to insert or remove a power supply. Also, unlike the Cisco 3900 Series, the bezel and fan tray can remain in place while a power supply is replaced.
Q. Does the Cisco 4451-X have a DC power-supply option?
A. No, there is no DC power-supply option for the Cisco 4451-X at first customer shipment (FCS). This enhancement is planned for future deployments.
Q. What are the power options for PoE on the Cisco 4451-X?
A. The Cisco 4451-X has two PoE options. Two of the FPGE interfaces can be powered with the addition of a dedicated power-conversion module installed into the system (PWR-GE-POE-4400). This module does not require a higher-capacity system power supply and will work with the default 450W power supply. The PoE power for the FPGE ports is completely independent from PoE power to the rest of the system.
The Cisco 4451-X also has the option of a PoE power supply to provide PoE power to modules in the system such as an Ethernet switch module. This power supply actually includes two components as a single part: a higher-capacity 1000W system power supply and a PoE conversion module that converts system power into PoE for modules within the system. The Cisco 4451-X can accept up to two PoE power supplies and power-conversion modules for redundant operation or PoE Boost Mode.
Q. What is the difference between PoE Redundancy Mode and PoE Boost Mode?
A. Both modes require that two power supplies be installed in the Cisco 4451-X. Redundancy mode provides 500W of PoE power to the chassis - the maximum amount a single power supply can offer - meaning that if a power supply fails the second power supply will be able to continue to deliver 500W of PoE power. PoE Boost Mode provides 1000W of PoE power - the maximum amount of power from both power supplies combined - meaning that if a single power supply fails the second redundant power supply will be able to provide only 500W of PoE power, cutting the amount of PoE power available by half.
Q. With redundant power supplies can we switch the power to primary when it fails and the router is running on secondary power supply?
A. There is no concept of primary or secondary power supply for the Cisco 4451-X. The power supplies are simply redundant and when one fails the other power-supply unit (PSU) takes over by transparently providing power to the entire system. No switching or intervention is required. Both share the load when running in the system; however, when one fails the other provides power to the complete unit. When the failed PSU is replaced with the new PSU in the system, the two power supplies are redundant.
Q. Are the PoE interfaces PoE+?
A. PoE+ is available on the new SM-X Ethernet switch modules as well as on the FPGE ports.
Q. How does the system fan speed vary?
A. The Cisco 4451-X uses both an inlet temperature and an altitude sensor to determine the best fan-speed setting. There are four different inlet temperature ranges and five different altitude ranges for a total of 20 possible different fan-speed settings. The addition of an altitude sensor is an industry first for a branch-office platform. With altitude data incorporated into the fan speed, the system can account for the density of air cooling in order to select the most efficient, and quietest, fan-speed setting. All system fans run at the same speed.
Q. Can the Cisco 4451-X handle the failure of a fan?
A. Yes. A fully loaded system will function normally below 6000 feet (1.82 km) with a single fan failure. In the case where the Cisco 4451-X is above 6000 feet and in 32ºF (40ºC), it may shut down because of overheating. The system is rated to operate in 32Fº at up to 10,000 feet (3.05 km).
Failure of a power-supply fan will likely result in overheating and shutdown of the power supply. If power redundancy is required, you should install two power supplies.
Q. Do we have the airflow cubic-feet-per-minute (cfm) measurements for the fan on the Cisco 4451-X?
A. The airflow information for the Cisco 4451-X follows:
● Maximum: 125 cfm
● Typical: 56 cfm
Q. Is a rack-mount kit available for the Cisco 4451-X? How do I order it?
A. Yes. A rack-mount kit is part of the default accessory kit, and it is shipped with the Cisco 4451-X. Order part number ACS-4450-RM-19= for the spare 19-inch rack-mount kit for the Cisco 4451-X. By default the router will be shipped with this default 19-inch rack-mount kit.
Q. Is a 23-inch telco rack-mount kit available for the Cisco 4451-X?
A. Order part number ACS-4450-RM-23= for the spare 23-inch rack-mount kit for the Cisco 4451-X.
Q. How can I calculate the mean time between failures (MTBF) information for the Cisco 4451-X with the plugged-in modules? Is a MTBF calculator available, such as for the ISR G2 routers?
A. This information is not currently available.
Q. What else is part of the default accessory kit?
A. The default accessory kit includes:
● Mechanical ground lug 90 feet per screw kit 19-inch rack-mount kit
● Regulatory Compliance and Safety Information (RCSI) roadmap document
● Plastic bag
● Shipping label
● Document pointer card for Cisco 4451-X
Q. What is the purpose of the GigabitEthernet0 on the Cisco 4451-X?
A. The GigabitEthernet0 is the dedicated management port on the Cisco 4451-X. This interface connects directly to the control-plane CPU and is ideal for managing the router through Telnet, Secure Shell (SSH) Protocol, Simple Network Management Protocol (SNMP), and other management protocols. It is also ideal for downloading software images, uploading logs, and connecting to other management devices such as RADIUS, Network Time Protocol (NTP), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and TACACS servers. This interface should never be used for forwarding normal data traffic through the system because every packet goes directly to the control-plane CPU, bypassing the platform data plane. Because of this sensitivity, G0 is in a dedicated Mgmt-Intf Virtual Route Forwarding (VRF) port by default. This setup prevents accidental routing mistakes that could cause data traffic to be routed to the management network.
Q. Is MDI-X supported on the management RJ-45 Ethernet interface?
Q. Is a console port available on the Cisco 4451-X?
A. The Cisco 4451-X has the option of the regular RJ-45 console port as well as the USB console port. As with the ISR G2 routers, only one console port can be used at a time, with preference given to the USB console port.
Q. Is online insertion and removal (OIR) supported on the Cisco 4451-X?
A. Yes, OIR is supported on the Cisco 4451-X for the following scenarios:
● Surprise insertion or removal of any NIM in any of the NIM slots
● Surprise insertion or removal of any SM-X in the SM-X slots
● Surprise insertion or removal of any power supply or system PoE conversion module
● Surprise replacement of the system fan tray; note, however, that this replacement must take place quickly enough that the system does not overheat, and depending on altitude and ambient temperature, the amount of time can vary greatly
Note that SM-X and NIM modules allow replacement only for like-to-like modules. A faulty module can be replaced with a good module of the same type but cannot be replaced with a completely different module of a different type.
Q. Will the NIMs and service modules continue to function as they normally do after OIR on the Cisco 4451-X?
A. Yes, provided the OIR was carried out using a like-for-like module.
Q. What type of Cisco IOS Software is available for the Cisco 4451-X?
A. The Cisco 4451-X runs the same feature-rich Cisco IOS XE Software as the current-generation Cisco ASR 1000 Series. By using the same software release as the Cisco ASR 1000 Series, the Cisco 4451-X benefits from a rich history of branch-office feature development as well as ongoing feature development.
Q. What software options are available for the Cisco 4451-X?
A. One change that customers like is the Cisco IOS Software images available on the ISR G2 routers, which reduce numerous software images into one. Therefore, the Cisco 4451-X has a single Cisco IOS XE Software image. This image is known as a universal image. It contains all features and functions in a single software image. You can selectively enable functions within this universal image by using Cisco Software Activation Licenses that activate capabilities within that image. You now need only a single Cisco IOS XE Software image for the router regardless of the features or functions you need for any particular area in your network.
Q. What is a universal image?
A. For the Cisco 4451-X, Cisco IOS XE Software is delivered in a single universal Cisco IOS XE Software image per platform for each release. With the universal image you need to choose only the Cisco IOS XE Software release you need for your network. With the Cisco 4451-X, the universal image includes all features and options.
Cisco Software Activation is used to enable feature packages such as, for instance, the Security, Application Experience, or the Unified Collaboration technology package. This new model greatly simplifies the effort required to track license compliance across a large number of devices and reduces the number of images that must be supported in a network. Simultaneously, the number of feature packages is also greatly simplified so that now only major feature packages, including the IP Base default package, are available with a single universal image.
Q. What does the software packaging and licensing model look like for the Cisco 4451-X?
A. The Cisco 4451-X has packaging and licensing similar to that of the Application Experience routers (refer to Figure 1):
● IP Base Technology Package (default)
● Application Experience Technology Package (AppX)
● Security Technology Package (SEC) and High Security (HSEC) for strong encryption throughput and tunnel count
● Unified Collaboration Technology Package (UC)
Packaging and License Model for Cisco 4451-X
Q. Is the software packaging on the Cisco 4451-X similar to that for the ISR G2, which is Right-To-Use (RTU)-based?
A. The Cisco 4451-X has software packaging similar to that of the ISR G2, and it is RTU, also known as honor-based. A 60-day evaluation license for all features is included with every Cisco 4451-X. After 60 days, an evaluation license automatically converts to a RTU license. At that point, it is expected that a RTU license will be purchased for that feature on that platform. This model is the same as that for the ISR G2.
Q. What about export and import requirements for strong encryption?
A. The strong enforcement of encryption capabilities provided by Cisco Software Activation satisfies requirements for the export of encryption capabilities, so non-k9 images are no longer needed. However, some countries have import requirements that require the release of the source code for strong payload (VPN) encryption features. To satisfy the import requirements of those countries, a universal image that lacks strong payload encryption is available. This image is identified by the “universalk9_npe” designation in the image name. The universal image with strong payload encryption is recognized by the “universalk9” tag. This image satisfies both import and export requirements for virtually all countries.
Q. Is a High Security (HSEC) license offered on the Cisco 4451-X to achieve greater cryptographic tunnel count and throughput?
A. Yes, an HSEC license is required to achieve more than 225 cryptographic tunnel count and 170 Mbps of total IP Security (IPsec) throughput (bidirectional traffic).
Q. What is an HSEC license?
A. An add-on license above the Security (SEC) technology package license, known as HSEC, provides export controls for strong levels of encryption. HSEC is available to customers in all currently nonembargoed countries as listed by the U.S. Department of Commerce. Without an HSEC license, SEC performance is limited to 225 tunnels and a total of 170 Mbps of IPsec throughput. An HSEC license removes this limitation. Because of these export control requirements, the HSEC license is the only license on the Cisco 4451-X that requires installation of a license key file to activate. In other words, HSEC is not a RTU license.
Q. What types of licenses are available for the Cisco ISR G2 routers?
● Permanent: A permanent license never expires. When a permanent license is installed on a system, it is good for that feature set for the life of the router, even across Cisco IOS XE Software releases. For example, when a Unified Collaboration, Security, or Application Experience (AppX) license is installed on a system, the subsequent features for that license are activated even if the system is upgraded to a new Cisco IOS XE Software release. A permanent license is the most common license type used when you purchase a feature set for a device.
● Temporary: A temporary license, sometimes referred to as an evaluation license, is good for a limited amount of time. The Cisco 4451-X includes a full set of 60-day temporary licenses for the AppX, Unified Collaboration, and Security feature sets. You can activate and deactivate these licenses at any time to evaluate a feature set before making the decision to purchase and upgrade to a permanent license. You also have some flexibility when you need to upgrade to a permanent license.
● Only the time a temporary license is active is counted against the available time on the license. When a temporary license expires, you cannot extend it. However, in extreme cases the Cisco Technical Assistance Center (TAC) can issue new emergency temporary licenses to aid in troubleshooting a problem.
● Counted: A counted license actually counts something in the system. A typical example is the number of Cisco Unified Border Element or SRST Licenses possible on a system. These licenses are analogous to the counted paper licenses used with systems in the past. However, the new Cisco Software Activation infrastructure greatly simplifies the management of these licenses.
Q. Is hardware or software high availability supported on the Cisco 4451-X?
A. The Cisco 4451-X does not support hardware or software high availability.
Q. Is the Cisco Locator/ID Separation Protocol (LISP) supported on the Cisco 4451-X?
A. Yes, LISP is supported on the Cisco 4451-X.
Q. Is In-Service Software Upgrade (ISSU) supported on the Cisco 4451-X?
A. ISSU is not supported on the Cisco 4451-X.
Q. Is Suite-B or Next-Generation Encryption (NGE) support available on the Cisco 4451-X?
A. Yes, Suite-B and NGE support is available on the Cisco 4451-X as part of the initial release.
Q. Is SSLVPN supported on the Cisco 4451-X?
A. No. The Cisco 4451-X does not support SSLVPN.
Q. What VPN methods are supported on the Cisco 4451-X?
A. The Cisco 4451-X supports all current and any new VPN technologies such as Easy VPN, Group Encrypted Transport VPN, Dynamic Multipoint VPN (DMVPN), and Cisco IOS FlexVPN that are supported on the ISR G2 or ASR 1000 Series.
Q. Is the intrusion prevention system (IPS) supported on the Cisco 4451-X?
A. No, IPS is not supported on the Cisco 4451-X.
Q. Is content filtering supported on the Cisco 4451-X?
A. Content filtering is presently not supported on the Cisco 4451-X.
Q. Is the Cisco Cloud Web Security (ScanSafe) connector supported on the Cisco 4451-X?
A. Cloud Web Security (ScanSafe) is planned for a software release on the Cisco 4451-X in a later release.
Q. Is the Cisco 4451-X Network Equipment Building System (NEBS) certified?
Q. Does the Cisco 4451-X have certifications such as Common Criteria and Evaluation Assurance Level 4 (EAL4)?
A. Common Criteria and EAL4 certification will be available shortly after FCS.
Q. Is the Solid State Drive SSD or hard-drive carrier card field upgradable or replaceable?
A. Yes, the carrier card is field replaceable, with some restrictions in the first release where only the third NIM slot supports it. This restriction will, however, go away in a future release.
Q. In what form factors are the serial interface NIMs available? What is the maximum serial density on the Cisco 4451-X?
A. The new NIM module type allows for a wide range of port densities for T1/E1 interfaces including 1, 2, 4, and 8 ports. A smart serial NIM will be available in 1-, 2-, and 4-port versions shortly after initial release of the Cisco 4451-X.
Q. Is OIR possible on the hard disk drive (HDD)?
Q. Is there a service module adapter available which will support hosting of any of the older network modules?
A. The older network modules are not supported on the Cisco 4451-X.
Q. What is the maximum number of SSD drives that can be present in the NIM-SSD? Do they work in a redundant fashion?
A. There can be two drives as part of the NIM-SSD. They do not work in a redundant fashion in the initial release.
Q. Is there a channelized solution on the Cisco 4451-X?
A. There is a channelized solution available on the T1/E1 interfaces. There is no channelized solution available on the T3/E3 module.
Cisco UCS E-Series Module
Q. Are the Cisco UCS E-Series modules supported on the Cisco 4451-X?
A. Yes. The Cisco UCS E140S, UCS E140D, UCS E140DP, UCS E160DP, and UCS E160DP modules are all supported on the Cisco 4451-X.
Q. Can we run Cisco virtual Wide Area Application Services (vWAAS) for larger-scale WAAS deployments on the Cisco UCS E-Series?
A. Yes, vWAAS supports up to 6000 TCP connections on the Cisco UCS E-Series. Additionally, standard VMware Virtual Machines can co-exist with vWAAS, allowing the Cisco UCS E-Series module to be used for branch-office server consolidation.
Q. Are SSD drives supported on the Cisco 4451-X?
A. Yes, the SSD drives on both a NIM-SSD for onboard services as well as the Cisco UCS E-Series module.
Q. Will WAAS performance be software licensed?
A. The Application Experience license, included with the AX bundle, includes a license for up to 2500 TCP connections. This model can be supported with WAAS integrated into the Cisco 4451-X. For additional scale, a Cisco UCS E-Series module can be added to run vWAAS. Integrated AppNav functions in the Cisco 4451-X allows the pooling of these WAAS resources to make the most efficient use of all.
Q. What technology license is required for AVC?
A. The Application Experience (AppX) technology package is required for using the AVC feature set. The AVC solution encompasses Network-Based Application Recognition 2 (NBAR2), Flexible NetFlow, Media Monitoring, and Application Response Time metrics.
Q. What WAN optimization solutions are available on the Cisco 4451-X?
A. ISR WAAS is available as an application that can run within a virtual container on the Cisco 4451-X. One other option is to run the vWAAS on the Cisco UCS E-Series module.
Q. Is NIM-SSD necessary to run applications such as ISR-WAAS on the Virtual Container?
A. Yes, NIM-SSD is required to run applications such as ISR-WAAS.
Q. Is AppNav available on the Cisco 4451-X?
A. Yes AppNav is available on the Cisco 4451-X.
Q. Is the Web Cache Control Protocol (WCCP) available on the Cisco 4451-X?
A. WCCP is available on the Cisco 4451-X, and we recommend that you use AppNav for WAN optimization deployments.
Q. Is Cisco WAAS Express one of the WAN optimization solution options on the Cisco 4451-X?
A. Cisco WAAS Express is not available on the Cisco 4451-X. The integrated ISR-WAAS solution includes full WAAS functions without compromise.
Q. Is the support for Survivable Remote Site Telephony (SRST) and Cisco United Border Element (UBE) functions on the Cisco 4451-X when it is launched?
A. Yes, support for SRST and Cisco UBE is part of the Cisco 4451-X when it is launched.
Q. Is Cisco Unified Communications Manager Express (Unified CME) supported on the Cisco 4451-X?
A. Cisco Unified Communications Manager Express is not supported on the Cisco 4451-X presently. This support may be available in a future release.
Q. For the case where we have digital signal processor (DSP) conferencing will we have similar functions as the videoconferencing feature on the ISR G2 routers? How will it scale?
A. At this time there is no support for videoconferencing on the Cisco Packet Voice Data Module 4 (PVDM4) DSPs correct.
Q. Where do I insert PVDMs on the Cisco 4451-X?
A. You can insert PVDMs on both the motherboard and directly on some NIMs, depending on the use case. Cisco UBE requires that PVDMs be installed on the motherboard, whereas time-division multiplexing (TDM) deployments require them to be installed directly on the NIM. Unlike the ISR G2 routers, the Cisco 4451-X does not have a TDM domain on its motherboard.
Q. How many PVDM slots are present on the motherboard?
A. There is only one PVDM slot on the motherboard.
Q. Can the TDM cards use the motherboard PVDMs?
Q. What version of Cisco Configuration Professional supports the Cisco 4451-X?
A. Cisco Configuration Professional Version 2.7 supports the Cisco 4451-X.
Q. Is Cisco Security Manager supported on the Cisco 4451-X?
A. No. Cisco Security Manager support is not available for the Cisco 4451-X.
Q. What version of the Cisco Prime enterprise and service provider management application supports the Cisco 4451-X?
A. Cisco Prime 2.0 supports the Cisco 4451-X.
Q. Does the Cisco Configuration Engine support the Cisco 4451-X?
A. Support for the Cisco 4451-X is available on the Cisco Configuration Engine.
More Related Cisco ISR 4451-X and Other Cisco ISR G2 Tips:
CiscoApplication Experience (AX) Router family is a part of the Cisco ISR family of routers.
The ISR-AX is a new brand of branch routers based on Cisco's popular ISR-G2 hardware, but it ships with a package of advanced services that typically require additional license activations. Cisco ISR-AX includes a security package with firewall, intrusion prevention and Secure Sockets Layer VPN functions.
It directly integrate Cisco Wide Area Application Services (WAAS), Application Visibility and Control (AVC), Data/IPBase and Security services into a platform that is simple to order, configure, and deploy for secure, optimized cloud connectivity and branch-office routing. The Cisco ISR G2 and ISR-AX Routers are based on the same hardware and software that you know and love and are deploying today.
Cisco ISR-AX adds to the rich breadth of services available on the ISRs.
Similar to the other routers in the ISR portfolio, the ISR-AX Routers consist of three product families: the Cisco 3900-AX, 2900-AX, and 1900-AX Series Routers.
From the Cisco 1921-AX through the Cisco 3945E-AX, the portfolio provides increasing performance and module slot density, and each router comes equipped and ready to deploy.
All ISR AX platforms include all required Application Experience (AX) licenses including: IP Base, Data, Security, WAAS and AVC licenses. In addition, you can configure each platform for additional features, modules, interfaces, and equipment (for example, Cisco Unified Communications Manager Express [Unified CME]) to match the needs of diverse branch offices running varying degrees of rich services.
Cisco WAAS (Wide Area Application Services)
Cisco ISR AX provides router-integrated, on-demand WAN optimization for branch offices. The Cisco Services-Ready Engine (SRE) Modules to enable WAAS and UCS-Express (UCS-E) modules to enable vWAAS (virtual WAAS) can be equipped on ISR 2911-AX platforms and higher, this decouples software services from the underlying hardware and can deliver WAN optimization as an on-demand service as required by business objectives and IT budget. This approach makes better use of existing investments while offering business agility.
Cisco WAAS Express which is a Cisco IOS® Software solution integrated into Cisco ISR-AX platforms to offer bandwidth optimization capabilities. Cisco WAAS Express increases remote user productivity, reduces WAN bandwidth costs, and interoperates with existing Cisco WAAS infrastructure. Each ISR-AX router includes WAAS Express with the Cisco 3900-AX also including a Right-to-Use (RTU) license for 2500 WAAS or vWAAS connections and a RTU license for 1300 WAAS or vWAAS connections for the Cisco 2911-AX Series platforms and later.
Cisco AVC (Application Visibility and Control) provides a powerful and pervasive integrated solution for application visibility and control based on stateful deep packet inspection (DPI). With the Cisco AVC solution, ISR-AX Routers can identify applications within the traffic flow using DPI technology. They can collect various application performance metrics such as bandwidth use, response time, and latency. Then, using Cisco industry-leading quality of service (QoS), these routers can reprioritize critical applications or enforce application bandwidth use.
Security enables standard encryption (VPN payload and secure voice) on the ISR-AX platforms. The ISR-AX security license is designed to comply with both local and U.S. export requirements for global distribution to all countries. This license enforces a curtailment on the maximum number of encrypted tunnels and the maximum encrypted throughput on the ISR-AX platforms.
The security license limits the number of concurrent encrypted sessions and maximum encrypted throughput per device. This limit helps ensure that the ISR-AX complies with U. S. government export restrictions regardless of the final destination country.
The security license limits all encrypted tunnel counts to a maximum 225 tunnels for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions. All threat defense and VPN features that are supported and available for configuration with the security license.
By packaging ISR-AX routers with Routing, Data, WAAS, AVC and Security, we have changed the economics to enable customers to easily and quickly deploy rich application services at scale across their enterprises from an integrated branch router. This will simplify application delivery to users, further enable branch office consolidation and help speed transition to cloud based services and really change the game!
Cisco's ISR-AX series will be cheaper than the ISR-G2 devices. The 3900-AX is priced from $16,200 to $24,700. The 2900-AX is priced from $3,595 to $12,900, and the 1900-AX costs from $2,945 to $2,995.
More about Cisco ISR-AX Ordering Guide you can visit:
More Cisco ISR Router Reviews:
How to set up a console server? And first we should know what a console server is.
A console server is a device which, via serial ports, has access to the physical console port of several different devices commonly located in the same rack. These are most commonly seen in two different environments: labs, where a number of different pieces of equipment will be located in close proximity and constant access to the console is essential (as the configuration changes often) and the second is in remote environments where companies locate equipment without easy access to remote personnel.
Cisco Console Router Basics
For those looking to set up a reasonably priced lab environment the older Cisco 2509 (8 ports) and 2511 (16 ports) should be considered. While these are certainly a bit dated they still work fine in many environments and operate on little power and in flexible environmental conditions. For those looking to get a more modern equivalent device there are now HWIC modules (HWIC-8A, HWIC-16A) that support the same number of serial ports as the older 2509 and 2511 devices.
In either case, they utilize what is referred to as an octal cable which connects to the device with a single connector and has 8 different serial RJ-45 connectors on the other side which connect directly to the serial port of other Cisco devices. These cables can be found online for a reasonable price.
8-port Cisco Octal Cable
Cisco Console Router Configuration
The configuration of a console router is not overly complex. Since most Cisco (and other) equipment defaults to the same console settings (9600, 8, 1, Hardware) only some minor changes need to be added to ensure a good console experience. The steps to configure the console lines are shown in Table 1:
Table1–Console Line Configuration
Enter privileged EXEC mode
Enter device configuration mode
Enter line configuration mode
Console(config)#line 1 16
Disable EXEC processing
Disable EXEC timeout
Console(config-line)#exec-timeout 0 0
Enable input telnet transport
Console(config-line)#transport input telnet
The next part is to configure easy access to those connected devices, but first let’s cover why this is necessary. To create a connection from the console router to another connected device’s console port the user has to initiate a telnet connection to the console router using a port number that maps to the specific line.
For example, on the 2511, if a device’s console was connected to line 5 then a telnet connection would be initiated to console_router_ip_address using port number 2005 (for the 2511 line 1 maps to 2001 and line 16 maps to 2016 with the other lines mapping following this order). The specific mapping that is used depends on the platform. On platforms where the console ports are connected off an add-on module then what slot the add-on module was inserted into would also affect the port number to use.
Once these numbers have been initially mapped out it is certainly not that convenient to remember each of these port numbers every time access to the lab is needed. To get around this it is common to configure a local hostname list. For example, if Router1 was connected off of line 6 and Switch 1 was connected off of line 12 the user would either have to access the console and telnet to the specific ports (2006 and 2012, respectively) or a hostname could be associated with a hostname/IP address/Port. Table 2 shows an example of the configuration needed to perform this:
Table2–IP Hostname List Configuration
Exit into global configuration mode
Configure a local host entry
Console(config)#ip host hostname port-number ip-address
For small lab environments it is common for console routers to only be accessed via a single Ethernet connection. This is fine for lab environments, but if the console server is being used as part of a larger Out-Of-Band management plan for a production network, this single point-of-failure is unacceptable. In these situations, multiple points of access to the console router are often required to meet redundancy requirements.
On newer platforms this can be done through multiple Ethernet connections through diverse switches and/or via a backup method like dial-up. In both cases the IP address being used to access the device is different depending on the access method. It is because of this that loopback IP addresses are typically configured on console routers which are then used in the console routers ip host statements. This way, regardless of access method, the ip host statements would still work and connect the user to the correct device. The configuration for this is shown in Table 3:
Table 3–Loopback Interface Configuration
Create a loopback interface
Console(config)#interface loopback 0
Configure an IP address for the interface
Console(config-if)#ip address 10.10.10.10 255.255.255.255
Assuming the configuration shown in Table 3 was entered, the configuration for Router1 shown above would be ip host Router1 2006 10.10.10.10. To access it via the console router the command telnet Router1 would be used.
As the cost of used Cisco hardware continues to come down and the interest in Cisco certification continues to rise, it is becoming more common for those getting into the field to invest in a lab. Adding a console router to this environment makes the access to the lab easy and allows the student to play around with a number of different configurations without having to worry about physical access or by inadvertently closing access to the device.
For those looking to deploy console routers into production environments, the question is why have you waited this long? Out-Of-Band options are an important part of any production environment and should be a consideration from the beginning of the planning stages.
Regardless of the environment it is the intention of this article to get the console router up and going as soon as possible.
More about Cisco Router Topics you can visit:
The New Cisco ISR 4451-X Router---ENABLING THE ULTIMATE APPLICATION EXPERIENCE
Cisco Integrated Services Routers (ISRs) are built on 30 years of our innovation and product leadership.
The Cisco 4451-X Integrated Services Router revolutionizes the delivery of applicationaware services in a branch-office environment. This platform extends the Cisco ISR Family by providing Gigabit performance with extensive Layer 7 services hosted internally to the branch office while maximizing operating expenses (OpEx) savings.
The Cisco 4451-X offers a multicore CPU architecture running modular Cisco IOS XE Software that quickly adapts to the changing needs of your branch-office environment, and enables IT to roll out services at the speed of business. The separation of the control and data planes provides the ability to deliver application-aware network services while maintaining a stable platform and a high level of performance during periods of heavy network load. With the ability to integrate application-aware services and the ability to scale performance without a complete equipment upgrade, the Cisco 4451-X offers exceptional total cost of ownership (TCO) savings and network agility through the intelligent integration of market-leading security, unified communications, and application services.
The Cisco 4451-X offers encryption acceleration, voice- and video-capable architecture, application firewall, call processing, and embedded services. In addition, the platform supports a range of wired connectivity options such as T1/E1, T3/E3, and fiber Gigabit Ethernet. This platform offers superior performance and flexibility for network deployments across large and medium-sized enterprise offices.
Key Business Benefits
Cisco ISRs provide superior services integration and agility. Designed for scalability, the modular architecture of this platform enables you to evolve and adapt with your growing business needs. The business benefits of the Cisco 4451-X include the following:
•Rich services integration: The Cisco 4451-X Router offers services integration with voice, video, security, data, and embedded services.
•Pay-as-you-grow services: The Cisco 4451-X industry-first internal services plane allows for remote installation of application-aware services without compromise. Applications run and are managed identically to their counterparts in dedicated appliances.
•High performance with integrated services: The Cisco 4451-X enables deployment in high-speed WAN environments with concurrent services enabled up to 2 Gbps.
•Network agility: The Cisco 4451-X gives you the performance and services needed to accommodate the changes in the business environment brought about by the migration to cloud-based services.
•Application aware: The Cisco 4451-X provides comprehensive application services for visibility, control, and optimization to enable customers to successfully deploy, monitor, and troubleshoot applications from anywhere.
•Pervasive security: The Cisco 4451-X enables organizations to extend the Internet edge to the branch office with industry-leading VPN, including the FlexVPN unified configuration, robust threat defense with firewall and intrusion-prevention services, and consistent policy enforcement with Cisco TrustSec security.
•Investment protection: The Cisco 4451-X maximizes investment protection by supporting a rich set of Cisco IOS XE Software features delivered in a single, universal image.
Cisco ISR 4451-X Positioning
With a unique combination of services and performance flexibility, the Cisco ISR 4451-X fills a critical role in the Cisco ISR portfolio. The 4451-X brings the best of the rich services offered by the Cisco Integrated Services Routers Generation 2 (ISR G2) portfolio and the hardware-based performance of the Cisco ASR 1000 Aggregation Services Router to a platform designed for services deployment into a high-speed WAN environment.
Cisco Services for the Branch Office
Services from Cisco and our certified partners can help you transform the branch-office experience and accelerate business innovation and growth with Borderless Networks. We have the depth and breadth of expertise to create a clear, replicable, optimized branch-office footprint across technologies that will help you:
•Increase the accuracy, speed, and efficiency of deployment
•Improve operational efficiency, save money, and mitigate risk
•Continuously improve performance
More Related Cisco Router Topics:
The Cisco 887VA is quite a capable unit, and you can see some of the specs as follows:
Cisco 887VA Integrated Services Router-Integrate Access and Security
New Cisco 887VA Routers support DSL multimode, including very-high-speed DSL 2 (VDSL2) and asymmetric DSL 2+ (ADSL2+). Part of the Cisco Integrated Services Routers Generation 2 (ISR G2) portfolio, they support VDSL2 and ADSL2+ on a single WAN interface.
Cisco 887VA Integrated Services Routers provide:
- Multimode DSL (VDSL2 and ADSL2 and 2+) over a basic telephone system
- Business continuity with primary and backup connections
- VPNs at broadband speeds up to 20 tunnels
- Built-in security capabilities such as Network Address Translation (NAT) and firewall
- Four 10/100 Mbps Fast Ethernet switch ports
- Easy deployment with Cisco Configuration Professional
- Centralized management
- Universal software image for easy expansion with software activation
Available options include:
- Advanced security, including intrusion prevention, Group Encrypted Transport VPN, and dynamic multipoint VPN (DMVPN)
- Power over Ethernet (PoE) on two switch ports
More details you can visit: http://www.cisco.com/en/US/products/ps11063/index.html
For a site that has a couple of PCs, but which need to be strictly separated (for example, staff and client PCs), the unit is great – it has a few VLANs, ACLs, firewall functionality, and even VRFs or L2TP if you want to go that far. Take note that to get the most options available and therefore the most flexibility with things like a choice of routing protocols, DMVPN, and IPSec tunnels, for a few extra dollars go for the Advanced IP feature set:
Another thing that we have been trialling is Scansafe content filtering; content filtering is a duty-of-care and in some cases legislative requirement for an organization that has under-18s in residential care. The Cisco 887VA with Advanced IP running 15.2 and up can natively integrate with Scansafe, meaning no configuration on the end-user; no pesky .Pac files to exclude the intranet sites from the filtering. I’ve had it running in a trial at two sites and it works a treat. At the management end, you can use user authentication or, as we are doing, the embedded local IP addresses to differentiate sites and groups for access and on the router only a handful of commands are required to set up a system with regex and IP whitelists. Like all content filtering, it has its flaws, and a savvy user will be able to circumvent it given enough time and effort, but at this stage, it is proving very effective.
In the image below, I just did a “dir?” to list the file systems, and then plugged in the USB, and lo and behold, there it was.
Plugging in a Toshiba 16Gb thumb drive
So now, just like any flash or nvram file system, I can copy to and from the USB drive.
Directory listing for my IOS images
Copy running config to USB drive
At this stage, you can boot with a config on the thumb drive; you can’t yet boot from an image on the drive.
We can certainly see where it could come in handy – non-technical people can usually be relied upon to plug in a thumb drive for you if you can’t do your software update remotely for some reason, or you could use the archive commands to regularly do local copies of configs, or copy logs or debugs for later analysis. Plus if you are on site, you don’t need a laptop with an ethernet and a TFTP client and a console cable to do a local update – just plug in the USB and the console cable.
The Cisco 887VA is a very capable small branch router, and if you are in the market for a fixed form factor router that gives you all the options you might need, you can choose it.
Small Branch Office Cisco ISR 1941W Platform
To simulate a small branch office, the Cisco ISR 1941W was configured as a branch router serving a dozen employees. Primary network connectivity was established via a public internet connection with a DMVPN (Dynamic Multipoint Virtual Private Network) encrypted link to corporate headquarters. A 3G wireless data connection was setup for branch redundancy in the event of a primary WAN link failure. The Cisco ISR 1941W was also configured to support wireless utilizing 802.11n radio to extend the corporate wireless network into the branch office as well as provide guest network connectivity for visitors to the office. Security features–Zone Based Firewall, Cisco IOS IPS and content filtering were activated. The Voice services were provided by a headquarters-based CUCM (Cisco Unified Communications Manager).
Medium Branch Office Cisco ISR 2911 Platform
A medium branch office deployment was simulated using a Cisco ISR 2911. This branch scenario supports about 25 users. Primary and backup network connections were to be provided by two separate Ethernet WAN links. An IP WAN provided primary network connectivity with a DMVPN secure connection serving as backup to corporate headquarters. Security features – Zone Based Firewall, Cisco IOS IPS were activated. Voice services were provided by a headquarters-based CUCM with local POTS (Plain Old Telephone Service) access from the Cisco ISR 2911. Cisco Unified SRST (Survivable Remote Site Telephony) was supported to provide redundant local call control in the branch offices in the event the central CUCM is unreachable. Telepresence and video are also supported and enabled for this deployment.
Large Branch Office Cisco ISR 2951 Platform
A large branch with 40 to 60 users was created using a Cisco ISR 2951. In this scenario, the 2951 was configured to provide both primary and backup corporate access via an IP WAN connection as the primary connection to the headquarters and a public Internet connection with a DMVPN secure connection acting as backup. In this scenario the Cisco 2951 was configured to support all voice functions including Cisco Unified Communications Manager Express (CUCME) for call control and voice-mail with Cisco Unity Express. Local PSTN access is provided by a SIP trunk from the 2951 to the local phone network. Zone Based Firewall, Cisco IOS IPS and Cisco WAAS were also activated in the router.
Regional Branch Office Cisco ISR 3945 Platform
A large regional office with 150 or more employees was simulated with a Cisco 3945. Primary and backup connectivity to the headquarters was provided with redundant IP WAN connections. The Cisco 3945 series was configured tosupport CUBE (Cisco Unified Border Element) functionality for call control in conjunction with a CUCM at corporate headquarters. SRST functionality was also enabled at the Cisco 3945 in the event that connectivity with the central CUCM is lost. Local PSTN access was provided by a SIP trunk to the local telephone network. Zone Based Firewall, Cisco IOS IPS and Cisco WAAS were also activated in the router.
More Cisco Branch Router Tips:
How to set up no-ip.com DDNS on your Cisco IOS router that actually works!
Normally we try to setup static IP addresses for our managed routers. However in this case the router was residential and in Singapore. Getting a static IP address was actually impossible.
I started the project by researching DDNS providers. Many of the DDNS providers that were free in the past are no-longer free. However no-ip.com still offers a free version of DDNS. The free version is under the section of their website for personal. At this time I could not find any statements on their site restricting the service to personal use. Here is a link to their site.
This procedure is easy to perform but due to lack of proper documentation and a lot of incorrect documentation, including that in the no-ip.com knowledgebase, it is more difficult than it should be.
This article assumes you have a basic knowledge of Cisco routers and know how to get into config mode and how to save your configuration.
There are three primary steps to setting up DDNS on a Cisco IOS router.
- Set up and confirm DNS resolution works.
- Set up a DDNS method to be called.
- Set up the external DHCP interface to call the DDNS update method.
Set up DNS resolution.
Confirm your router can ping something by name properly. A simple 'ping google.com' is an effective test. If it does not work you can setup you router DNS to use Google's public DNS servers with these two config lines:
- ip dns server
- ip name-server 18.104.22.168 22.214.171.124
Set up the DDNS method.
The method tells the router how to contact the DDNS provider, login and send the proper update command. It also controls the minimum and maximum time between DDNS updates. Do not set the maximum time too short. Many DDNS providers will lock you out if you update too frequently. I typically use one day but you need to check with your provider.
Create and name the DDNS update method.
- ip ddns update method ddns-noip
Set the update mode to HTTP
Create the ADD URL. The URL contains some special characters mainly the'?' that is problematic to enter because the router interprets it as a call for help. Use CTRL-V just before typing the '?' and the router will place it properly. Replace [username] and password with your no-ip credentials. You will need to enter your username as an email address including the '@'
<h>&myip=<a> is a macro replaced by the router during the update with hostname and ip. i.e. hostname=myhostname.no-ip.org&myip=126.96.36.199'
- add http://[username]:[Password]@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
update minimum every 5 minutes maximum 1 day.
- interval maximum 1 0 0 0
- interval minimum 0 0 5 0
Apply the update to the external DHCP interface.
Select the external interface and apply the update command to call the method you just created. For the Cisco 871 router used in this configuration it is FastEthernet 4. Replace it with your proper interface. For PPPoE it is likely interface Dialer 0.
Substitute your DDNS method name and the hostname to update at your DDNS provider with your specific details..
- interface FastEthernet4
- ip ddns update hostname [DDNS hostname]
- ip ddns update ddns-noip
Unfortunately I have not figured out a way to force a DDNS update NOW. What you can do is set your maximum update time short like 5 minutes. Turn on debugging with: debug ip ddns update.
You will get some very useful debug information. Make sure all the parameters are correct on the calls.
You may need to reload your router. I have round that changing the add command did not update properly after some changes until after a reload.
Sample Debugging Output for a working update.
*Aug 00 00:00:55.433 EDT: DYNDNSUPD: Adding DNS mapping for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNS: Update add called for myhostname.no-ip.org <=>
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Session ID = 0x7
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: URL =
*Aug 00 00:00:55.433 EDT: HTTPDNSUPD: Sending request
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: Response for update myhostname.no-ip.org <=>
*Aug 00 00:00:56.441 EDT: HTTPDNSUPD: DATA START nochg 188.8.131.52
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: DATA END, Status is Response data recieved,
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Call returned SUCCESS, update of
myhostname.no-ip.org <=> 184.108.40.206 succeeded
*Aug 00 00:00:56.445 EDT: DYNDNSUPD: Another update completed (outstanding=0, total=0)
*Aug 00 00:00:56.445 EDT: HTTPDNSUPD: Clearing all session 7 info
Resource from http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/ArticleId/39/How-to-setup-DDNS-Dynamic-DNS-on-a-Cisco-IOS-router.aspx
More Related DDNS Setup on a Cisco IOS Router
Public and private cloud drives new upgrade
Cisco ISR line to get WAN optimization, application performance monitoring, WAN path management and security license
Cisco this week extended the software capabilities of its ISR branch routers with previously separate security and application performance features, including WAN optimization.
Cisco rolled out the ISR-AX line, which takes existing ISR G2 models 3900, 2900 and 1900 and adds a security software license for VPN, firewall and intrusion prevention, as well as software-based Wide Area Application Services (WAAS) WAN optimization, application visibility and control, and WAN path management. Also included is the Cisco Services-Ready Engine processing hardware or additional random access memory to run the software.
Cisco's ISR-AX line adds security, application performance and WAN optimization features to existing models.
Cisco says it is doing this because with the advent of application centralization in data centers or hosted in the cloud, the branch office router needs to evolve to become a Layer 2-7 application service delivery engine. Customers at remote sites need applications to run faster, and require network wide visibility and control for accelerated application deployments, performance monitoring and problem resolution without the need for additional devices, Cisco says.
Indeed, Cisco says software will be the way it delivers its WAAS WAN optimization product to the branch office. The physical hardware appliance will be targeted predominantly at data centers where WAN optimization requires scale, company officials said.
And to catalyze adoption of the ISR-AX, Cisco says it is 20% to 35% less expensive than a stand-alone WAN appliance for the branch office. Cisco is offering the AX line at up to 45% less than non-AX 3900s, 2900s and 1900s.
The ISR 3900 is at the center of a current contract controversy between Cisco and the state of West Virginia.
The ISR line has 500,000 customers worldwide. Cisco had a 77% share of the $855 million enterprise router market and an 84% share of the $671 million enterprise access router market in the third quarter of 2012, according to Dell'Oro Group. It's aiming the ISR-AX squarely at Juniper and Riverbed, which recently entered into a technology licensing deal, even though Dell'Oro cites HP, Adtran and OneAccess as Cisco's closest competitors in access routing.
Asked why HP, for one, wasn't on Cisco's competitive radar for the ISR-AX, a company spokesperson stated in an email:
"While HP has the ability to host applications, they do not have an integrated offer for application performance monitoring, WAN path selection or optimization. We realize they have some APM partners and work with Riverbed, but we view that as [a] gap since [they] do not solve the problem directly, which creates integration, management and cost challenges for customers. Much like Juniper, they have too many gaps to solve the application challenges our customers are facing today with virtualization, cloud and BYOD."
HP didn't respond to a request for comment by press time.
But Juniper did respond:
"Juniper believes the market is moving towards high speed Ethernet WAN connectivity and the need for WAN acceleration in the branch is decreasing," says Brad Brooks, vice president of business strategy and marketing for Juniper. "Rather than integrate WAN optimization in branch SRX and penalize customers with a higher priced solution, Juniper has partnered with Riverbed, the leading WAN optimization provider, to deliver this service to customers should they require it. Riverbed has continuously maintained their competitive edge where other technologies have trailed behind. This partnership is aligned with Juniper's strategy of offering an open architecture with a growing ecosystem of partners that allows customers to select solutions that best fit their network needs."
Brooks also says Juniper's branch SRX router provides application level security and unified threat management, integrated with routing and network security, to eliminate the need for multiple devices and reduce TCO. Juniper also offers an application monitoring solution along with WAN path selection functionality in the branch SRX devices, Brook says.
All Cisco 3900-AX, 2900-AX and 1900-AX products are currently available. The 3900-AX is priced from $16,200 to $24,700. The 2900-AX is priced from $3,595 to $12,900, and the 1900-AX costs from $2,945 to $2,995.
Cisco says it will soon extend the AX capabilities to the 800 ISR, ASR1000 and CSR1000V routers for teleworkers, enterprise network edge, and data center and cloud, respectively.
---Article from http://www.networkworld.com/news/2013/031213-cisco-router-267582.html
More Related Cisco Branch Router Info and Guide: