Posts with #networking tag
Is Your Network Ready for the New Era? Cisco announced its new Catalyst series switches-the Catalyst 9000 Series, introducing an entirely new era of networking. The Network. Intuitive.
There are three series in the new Catalyst 9000 switch family:
1. Catalyst 9300 Series (LAN Access Switches): the top fixed-access enterprise network switch series, stacking to 480 Gbps.
2. Catalyst 9400 Series (LAN Access Switches): the leading modular-access switches for enterprise, the Catalyst 9400 Series supports up to 9 Tbps.
3. Catalyst 9500 Series (LAN Core and Distribution Switches): the industry’s first fixed-core 40-Gbps switch for the enterprise.
In this article we will talk about the new Catalyst 9300 Series, the Next Level of the Market-Leading Fixed Access Switching Platform.
Will the Catalyst 9300 replace the Catalyst 3850 Series? Definitely, it is the best replacement for the Catalyst 3850 Series. Why? Let’s check the more detailed features of the Cisco Catalyst 9300 Series.
Switch models and configurations
The Cisco Catalyst 9300 Series is made up of seven different switch models. Any of the models can be used together in a stack of up to eight units.
The Table below lists port scale and power details for the Cisco Catalyst 9300 Series models.
Cisco Catalyst 9300 Series Switch configurations
Total 10/100/1000 or Multigigabit Copper Ports
Default AC Power Supply
Available PoE Power
24 Cisco UPOE
48 Cisco UPOE
24 Multigigabit Cisco UPOE (100 Mbps or 1, 2.5, 5, or 10 Gbps)
The Cisco Catalyst 9300 Series Switches support optional network modules for uplink ports. The default switch configuration does not include the network module. When you purchase the switch, you can choose from the network modules described in the following Table.
- Uplink modules supported on all 9300 Series copper models
- Online Insertion and Removal (OIR) supported on all uplink modules
Network module numbers and descriptions
9300 Series 4x 1G Network Module
9300 Series 8x 10G Network Module
9300 Series 2x 40G Network Module
9300 Series 4x Multigigabit Network Module
Please note: Existing 3850 network modules are also supported in the Catalyst 9300 Series platforms.
The Cisco Catalyst 9300 Series Switches support dual redundant power supplies. The switches ship with one power supply by default, and the second power supply can be purchased when the switch is ordered or at a later time. If only one power supply is installed, it should always be in power supply bay #1. The switches also ship with three field-replaceable fans.
Table3 lists the different power supplies available in these switches and available PoE power.
Table3. Power supply models
Default Power Supply
Available PoE Power
24-port data switch
48-port data switch
24-port PoE+ switch
48-port PoE+ switch
24-port Cisco UPOE switch
48-port Cisco UPOE switch
24-port Multigigabit Cisco UPOE switch
490W – Support in Open IOS-XE 16.6
Power supply requirements for PoE and PoE+
24-Port PoE Switch
48-Port PoE Switch
PoE on all ports (15.4W per port)
1 PWR-C1-1100WAC or 2 PWR-C1-715WAC
PoE+ on all ports (30W per port)
1 PWR-C1-1100WAC or 2 PWR-C1-715WAC
2 PWR-C1-1100WAC or 1 PWR-C1-1100WAC and 1 PWR-C1-715WAC
Power supply requirements for Cisco UPOE
24-Port UPOE Switch
48-Port UPOE Switch
24-Port Multigigabit UPOE Switch
Cisco UPOE (60W per port) on all ports (24-port switch) or up to 30 ports (48-port switch)
1 PWR-C1-1100WAC and 1 PWR-C1-715WAC
● Perpetual PoE: With Perpetual PoE, the PoE power is maintained during a switch reload. This is important for IoT endpoints such as PoE-powered lights, so that there is no disruption during switch reboot.
● Fast PoE: When power is restored to a switch, PoE starts delivering power to endpoints without waiting for the operating system to fully load, thereby speeding up the time for the endpoint to start up.
Cisco Catalyst 9300 Series Switches run on Open IOS XE 16.5.1a release or later. This software release includes all the features listed earlier in the Platform Benefits section.
- Up to 8 Switches can be stacked together using back stacking cables
- All 9300 models are supported in the stack
- All the switches in the stack should run the same IOS and License
- Mixed stacking between 9300 and 9300 is not supported
Cisco Catalyst 9300 Series StackPower
“Zero-Footprint” RPS Deployment
• Provides RPS functionality with Zero RPS Footprint
• Pay-as-you-grow architecture–similar to the Data Stack
• 1+N Redundancy with Inline Power
• Up to 4 Switches in a StackPower Ring
• Multiple StackPower Possible within one Data Stack
• Up to 9 Switches in a star topology with XPS
Mapping Between Cisco Catalyst 3850 and 9300
Catalyst 9300 24-port data only switch
Catalyst 9300 24-port PoE+ switch
Catalyst 9300 24-port UPOE switch
Catalyst 9300 24-port mGig and UPOE switch
Catalyst 9300 48-port data only switch
Catalyst 9300 48-port PoE+ switch
Catalyst 9300 48-port UPOE switch
Learn More: Why Migrate to Cisco Catalyst 9300 Switches?
With the new Cisco RV340W's intuitive user interface, you'll have your Internet access set up and running in minutes.
It is easy-to-use, flexible, high-performance, and durable which makes this well suited for small businesses.
The RV340W extends the basic capabilities of Cisco RV routers:
- Dynamic web filtering helps enable business efficiency and security when connecting to the web.
- Client and application identification allow Internet access policies for end devices and cloud applications, helping to ensure performance and security.
- 4 Gigabit LAN ports facilitate high-speed connectivity of your network devices.
- The RV340W has integrated 802.11ac Gigabit Wi-Fi for your mobile devices.
The Cisco RV340W can also boost employee productivity and overall network performance. It can limit Internet surfing to appropriate site categories and can eliminate unwanted network traffic.
Features and Benefits
- 2 WAN ports (RJ-45) allow load balancing and resiliency
- 4 LAN ports (RJ-45) provide high-performance connectivity
- Integrated 802.11ac WLAN access point with external antennas (Wave 2 MU-MIMO)
- 2 USB ports support a 3G/4G modem or flash drive
- Flexible VPN functionality for secure interconnectivity
- Support for the Cisco AnyConnect Secure Mobility Client, ideal for remote access by mobile devices
- Dynamic web filtering, enabling business efficiency and security while connecting to the Internet
- Client and application identification that allows Internet access policies for end devices and Internet applications, to help ensure performance and security
Cisco RV340W Dual WAN Gigabit Wireless AC VPN Router-Ordering Information
RV Security – 1 year: Enables dynamic web filter/Internet security and Application Visibility and Client identification (no license required for a 90-day trial period)
AnyConnect Server license
RV AnyConnect Server – 1 year: Upgrade to 25 tunnels
Increases the number of supported tunnels from 2 to 25
Depending on the user device, an AnyConnect Secure Mobility User Client license is required. Recommended: L-AC-PLS-LIC=. To download the AnyConnect client from Cisco.com, you also need a support contract
USA, Canada, Mexico, and the rest of LATAM
EU, Vietnam, Ukraine, Saudi Arabia, UAE, Egypt, Qatar, Kuwait, Israel, Hong Kong, Indonesia, Malaysia, Philippines, Singapore, Thailand, South Africa
Australia, New Zealand
Cisco switches are constantly learning, constantly adapting, constantly protecting in your data center, core, or edge.
This is the new era in networking. The Network. Intuitive.
Now here comes the Cisco Catalyst 9000 Series.
Cisco’s new Catalyst 9000 switches, switching for a changing world, constantly adapt to help you solve new challenges.
- Their integrated security helps you address ever-changing threats.
- They simplify management of your evolving mobility, Internet-of-Things (IoT), and cloud requirements.
There are three series in Catalyst 9000 family:
Catalyst 9300 Series: The Catalyst 9300 Series is our top fixed-access enterprise network switch series, stacking to 480 Gbps.
Catalyst 9400 Series: Cisco’s leading modular-access switches for enterprise, the Catalyst 9400 Series supports up to 9 Tbps.
Catalyst 9500 Series: The Catalyst 9500 Series is the industry’s first fixed-core 40-Gbps switch for the enterprise.
More fast questions and answers help you learn more about the new Catalyst 9000 Series.
Cisco Catalyst 9000 network features and services (common to all Cisco Catalyst 9000 Switches)
Q: What feature sets do the Cisco Catalyst 9000 Switches support?
A: The Cisco Catalyst 9000 Series Switches support the packaging of features into Essentials and Advantage packages. The details of the features in each package are listed in the data sheets–link provided below in the Pricing and Ordering section.
Q: What programmability capabilities are available on the Cisco Catalyst 9000?
A: The Cisco Catalyst 9000 opens a completely new paradigm in network configuration, operation, and monitoring through network automation. The Cisco automation solution is open, standards-based, and extensible across the entire network lifecycle of a network device.
• Device provisioning: Through Plug-and-Play (PnP), Zero-Touch Provisioning (ZTP), and Preboot Execution (PXE)
• Configuration: Model-driven operation through open Application Programming Interfaces (APIs) over NETCONF, Python Scripting
• Customization and monitoring: Streaming telemetry
• Upgrade and manageability: In-Service Software Upgrade (ISSU), patchability, and config/replace
Q: What management capabilities are available for the Cisco Catalyst 9000?
A: You can manage it using the Cisco IOS Software Command-Line Interface (CLI), using Cisco Prime® Infrastructure 3.1.7 DP13, Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), onboard Cisco IOS XE Software Web User Interface (WebUI), Simple Network Management Protocol (SNMP), or Netconf/YANG.
Q: Is there an onboard web GUI on the Cisco Catalyst 9000?
A: Yes. An onboard web GUI is available.
Q: What is the purpose of the blue beacon LED on the Cisco Catalyst 9000?
A: The blue beacon LED is common across the Cisco Catalyst 9000 Series Switches to simplify the operations. It makes chassis identification easier when several such switches are mounted on racks. A remote administrator can enable the LED to blink to help the local operator quickly locate the chassis. The local operator presses the mode button to acknowledge.
Q: What is the maximum number of VRF instances that I can configure on a Cisco Catalyst 9000?
A: The maximum number of VRFs that you can configure on a Cisco Catalyst 9000 is 256.
Q: What is Cisco’s direction for wireless?
A: Cisco believes that the best solution for a wired or wireless network is achieved when integrated into SD-Access, Cisco’s lead architecture for the next-generation enterprise network. This solution delivers consistency with wired infrastructure around policy, segmentation, orchestration and automation, and assurance. This new architecture delivers the best experience for mobility, guest, IoT, multicast services, and overall network performance with its distributed data plane and centralized control-plane architecture.
Q: What wireless support is provided with the Cisco Catalyst 9000 platforms?
A: Cisco Catalyst 9000 products are instrumental in supporting the following wireless capabilities in the SD-Access architecture:
• Connect access points and integrate them into the SD-Access fabric. The switch integrates with the fabric control plane (LISP), thereby providing reachability for the access points and clients in the fabric.
• Deliver macro (VRF) and micro (Scalable Group Tag (SGT) [SGT] group-based) segmentation to the access points to deliver end-to-end policies.
• Can terminate guest VXLAN traffic, so there is no need for a dedicated guest anchor controller.
The support for wireless capability at launch will be together with the AireOS 8.5 Controller running on an Cisco 8540 Wireless Controller, Cisco 5520 Wireless Controller, or Cisco 3504 Wireless Controller appliance with the Cisco Catalyst platforms functioning as Fabric Edge and Fabric Border nodes.
Q: What are the SD-Access wireless capabilities?
A: The new Cisco Catalyst 9000 Series switches provide a complete solution for Campus with Cisco AireOS Conrollers and Wave 2 access points.
Q: What are the advantages of integrating wireless in the SD-Access fabric architecture?
A: • Highest performance and scale: Distributed data-plane forwarding in hardware distributed in the network paired with the large control-plane scale offered by the dedicated controller appliances.
• Best guest: You don’t need a dedicated guest anchor controller in the Demilitarized Zone (DMZ): Traffic is sent directly to the fabric border to exit the fabric. Also, there is no sub-optimal traffic forwarding such as from an access point to a foreign controller and on to a guest anchor controller.
• Best mobility: IP addressing is simpler; there is one subnet for the entire wireless SSID across the network, and no hairpin of traffic when roams occur.
• Simple operation: Operation is simple because wired and wireless are treated the same and operated together; they have common policies and controller-based automation.
• Wired innovations applied to wireless: First-hop security innovations available for wired can also be applied to wireless; for example, Dynamic ARP Inspection (DAI), IP Source Guard (IPSG), and DHCP Snooping.
• Segmentation across wired and wireless:
-The virtual network now passes all the way to wired as well as wireless devices.
-This segmentation is important for separation of certain devices from others, such as IoT and building automation devices connected over wireless.
-It is also important for security reasons to reduce attack the surface; if someone gets into a segment, the person can move only within that segment.
-Because segmentation is handled by the fabric, the number of SSIDs can be limited.
• Best multicast:
-The solution offers the best performance of distributed replication in hardware across the network.
These switches truly deliver the best of wired and wireless together.
It is really important that you understand the capabilities of each Cisco ASA model before you select the one that is appropriate for your specific deployment.
The following Table lists the maximum application visibility and control (AVC) and NGIPS throughput on each Cisco ASA–supported model.
Table.The Maximum Concurrent Connections and AVC/NGIPS Throughput
Maximum Concurrent Connections
Maximum AVC and NGIPS Throughput
ASA 5506-X (with Security Plus license)
ASA 5506W-X (with Security Plus license)
ASA 5506H-X (with Security Plus license)
ASA 5512-X (with Security Plus license)
ASA 5585-X with SSP10
ASA 5585-X with SSP20
ASA 5585-X with SSP40
ASA 5585-X with SSP60
For a complete and up-to-date Cisco ASA model comparison, visit Cisco’s ASA website, at cisco.com/go/asa.
When you choose to migrate to the new Cisco 860 and 880 Series routers, what features and performance you should know? In the following part, we summarize several questions and answers for the Cisco 860 and 880 Series Integrated Services Routers helping you migrate to new Cisco 860 and 880 Series options smoothly.
Q. What is the platform power consumption for the C881W, C886W, and C887W?
A. Please refer to the following Table for platform power consumptions for the C881W, C886W, and C887W.
C881W, C886W, and C887W Platform Power Consumption
Product Part Number
Power consumption without PoE
Power Consumption with PoE
Q. What is the performance with services for Cisco 860 and 880 Series ISRs?
A. The performance with services for Cisco 860 Series ISRs is 4 Mbps, and the performance with services for Cisco 880 Series ISRs is 8 Mbps.
Q. What are the default memory and memory upgrade options for Cisco 860VAE, C880W, and C880G Series ISRs?
A. Please refer to Table below for default memory and memory upgrade options for Cisco 860VAE, 880W, and 880G Series ISRs.
Default Memory and Memory Upgrade Options for Cisco 860VAE, 880W, and 880G
Product Part Number
Default Memory DRAM
Memory Upgrade Option
1 GB (max)
Q. What PoE daughter card does the C880 ISR use?
A. The C880 ISR uses a 30W 2-port PoE daughter card that is directly powered from the 12-VDC power supply of the host motherboard. It replaces the 4-port daughter card formerly used on Cisco 880 Series routers, which required a separate external -48-VDC power supply. No separate external -48-VDC power supply is required on C880 Series routers.
Q. How many PoE ports are supported on C880W Series ISRs?
A. C880W Series ISRs support 2 ports with PoE on Fast Ethernet 0 and Fast Ethernet 1. They are 802.3af-complaint, and they support 15.4W per port.
Q. Can I use the PoE daughter card from Cisco 880 Series ISRs on the C880W Series ISRs?
A. The PoE daughter card used on Cisco 880 Series routers cannot be used on C880W routers. Even though they have the same connector to the motherboard, they have different power specifications. The PoE daughter card used on Cisco 880 Series routers requires a separate external -48-VDC power supply, whereas the PoE daughter card on the C880W takes power directly from the motherboard, and no separate external power supply is required.
Q. Do the Cisco 860VAE, C880W, and C880G Series ISRs support Cisco Virtual Office?
A. Cisco Virtual Office is supported on C880W and C880G Series ISRs. The license with part number CVO800-CFG is required during the ordering process. Cisco 860VAE Series routers do not support Cisco Virtual Office at this time.
Q. Do Cisco 860VAE, C880W, and C880G Series ISRs support Cisco Wide Area Application Service Express (Cisco WAAS Express)?
A. Please refer to following Table for Cisco WAAS Express support on Cisco 860VAE, C880W, and C880G Series routers.
Cisco WAAS Express Support on Cisco 860VAE, 880W, and 880G Routers
Product Part Number
Cisco WAAS Express Optimized Bandwidth
Maximum TCP Connections
Cisco WAAS Express Features
Lite feature (No DRE, CIFS, SSL, or HTTPS)
Q. Do Cisco 860VAE, C880W, and C880G Series ISRs support Cisco ScanSafe?
A. Cisco 860VAE, C880W, and C880G Series ISRs support the Cisco ScanSafe connector in any universal Cisco IOS Software images with security feature set (SEC) licenses. The connector securely redirects HTTP and Secure HTTP (HTTPS) traffic. There is no need for client or agent software to be installed on each laptop or desktop, so any routers anywhere in your network can act as a secure managed cloud security gateway. Cisco ScanSafe allows easy deployment with no additional hardware and can integrate into any proxy server configuration.
Q. What are the maximum-transmission-unit (MTU) sizes for different DSL interfaces on Cisco 860 and 880 Series ISRs?
A. Please refer to Table below for MTU sizes for different DSL interfaces on Cisco 860VAE and 880 Series ISRs.
MTU Sizes for Different DSL Interfaces on Cisco 860VAE and 880 Series Routers
Product Part Number
MTU for ATM Mode (bytes)
MTU for PTM Mode (bytes)
MTU for ATM or EFM Mode (bytes)
Q. What are the MTU sizes for different Ethernet interfaces on Cisco 880 Series ISRs?
A. Please refer to the following Table for MTU sizes for different Ethernet interfaces on Cisco 860VAE and 880 Series ISRs.
MTU Sizes for Different Ethernet Interfaces on Cisco 860VAE and 880 Series Routers
Product Part Number
MTU for Fast Ethernet Layer 2 Ports (bytes)
MTU for Gigabit Ethernet Layer 2 Ports (bytes)
MTU for Fast Ethernet or Gigabit Ethernet Layer 3 Ports (bytes)
CISCO880 series/C880 series
Q. What new 3G plus DSL models are available in C880 Series ISRs?
A. Four new 3G plus DSL models are available: C886VAG, C887VAG, C887VAMG, and C888EG. Please refer to the data sheet “Cisco 880G Series Integrated Services Router with Embedded 3.7G” for more details.
Q. What cellular modems are integrated in the C880G Series ISRs?
A. There are two different types of carriers. One type supports third-generation Partner Project (3GPP) HSPA+, HSPA, Universal Mobile Telecommunications Service (UMTS), Enhanced Data rates for Global Evolution (EDGE), and General Packet Radio Service (GPRS), and the other supports 3GPP2 EVDO RevA/Rev0 and 1xRTT. Two cellular modems support 3GPP2: MC8705 and MC8795V, and one cellular modem supports 3GPP2: MC5728V.
Q. What is the cellular modem form factor in C880G Series ISRs?
A. The external 3G ExpressCard socket on Cisco 880G Series routers has been replaced by an internal PCIe mini-card slot on C880G Series routers. The external ExpressCard modems, therefore, have been replaced by the internal PCIe mini-card cellular modems.
Q. What is the function of the mini-USB port in C880G Series ISRs?
A. C880G Series routers have a mini-USB type B port that enables the modem to be connected to a PC and run PC-based modem provisioning and the carrier customization tool.
Q. Do the C880G Series ISRs support the Diagnostic Monitoring (DM) port?
A. C880G Series routers have removed the Diagnostic Monitoring port from the chassis front faceplate. The remote Diagnostic Monitoring function is required to collect the modem Diagnostic Monitoring log.
Q. Do the C880G Series ISRs support the National Marine Electronics Association (NMEA)?
A. C880G Series routers support NMEA. A virtual serial port is implemented to export NMEA format GPS data to external NEMA 2.0-compliant user applications.
Q. How do I configure NMEA on C880G Series ISRs?
A. To enable NMEA GPS data streaming, C880G Series routers have introduced two new command-line interfaces (CLIs): cdma|gsm gps modem standalone and cdma|gsm gps nmea. A virtual serial port has been implemented in the Cisco IOS Software to export NMEA-formatted GPS data. If end users connect the router to a Microsoft Windows-based PC through an Ethernet connection COM port emulation software is required on the PC side to emulate the COM port over the Ethernet link.
Q. What NMEA sentences do the C880G Series ISRs support?
A. C880G cellular modems support the following NMEA sentences: GGA, GSA, GSV, RMC, and VTG.
Q. How many SIM card slots do the C880G Series ISRs support?
A. C880G Series routers support two SIM card slots, which allow cellular modem failover to the secondary SIM card to continue service when the modem loses services to the primary SIM card.
Please refer to the Cisco 819 Integrated Service Router Q&A and “ Configuring Cisco EHWIC and 880G for 3.7G (HSPA+)/3.5G (HSPA)” for more information about how to use and configure dual-SIM.
Q. Is dual-SIM supported on CDMA 3GPP2 based C880G Series ISRs?
A. C880G CDMA 3GPP2 Series routers do not support the SIM card; therefore, the dual-SIM feature is not supported on these routers.
Q. How do I send, display, delete, and archive SMS on C880G Series ISRs?
A. C880G Series routers have an SMS function that enables the routers to send and receive SMS messages. This feature also enables the routers to save and store the SMS messages in an FTP server. SMS is enabled by default. You can send, display, delete, and archive SMS through the router CLI.
Q. Is encapsulation ppp supported by C880G Plus 7 Series ISRs?
A. No. C880G Plus 7 Series routers support encapsulation slip by default.
Q. What is Direct IP on C880G Plus 7 Series ISRs?
A. C880G Series routers are integrated with a Sierra Wireless MC8705 cellular modem that is running under Direct IP mode to maintain HSPA+ data throughput. Direct IP is a Sierra Wireless proprietary framing protocol used to transfer data between the host platform and the modem. Direct IP framed data have a dedicated USB connection, meaning the host can still send AT commands after the direct IP data session is established. Cisco IOS Software sets encapsulation to SLIP based on the data link protocol between the host and the modem.
Q. What WLAN antenna options are available for C880W Series ISRs?
A. All C880W Series routers embed three dual-band 2.4- or 5-GHz Planar inverted-F antenna (PIFA)-type omnidirectional antennae. External swivel-mount dipole antennae are no longer used. Antennae are attached to the cover of the chassis and covered by the front bezel, and U.FL-type RF connectors attach to the radio.
Q. Do the Cisco 880 WLAN Series routers have removable WLAN antennae?
A. Only Cisco 881 WLAN Series routers have removable swivel-mount dipole antennae. Other products in these routers have captive default dipole antennae. Removal of them and support for other types of external WLAN antenna is not supported by Cisco.
For all kinds of customers, what can they expect from Cisco in 2017? In the following article, Zeus Kerravala (the founder and principal analyst with ZK Research, and provides a mix of tactical advice to help his clients in the current business climate.) listed the main points that users and clients expect from Cisco in 2017.
- Cisco will take a chunk of the security market. The security market is easily the most fragmented of all of the IT submarkets. It’s currently a $75 billion market, with no single vendor having anywhere close to double-digit share. Cisco, in particular, has fumbled around in security for years with different initiatives and architectures that have been ineffective.
Times are different today. As I pointed out in an earlier post, Cisco has never been positioned better in the security industry, and the company is finally using its greatest asset—its dominance in the network—to create tangible differentiation. Look for 2017 to be the year it breaks away from the competition and takes a chunk of the security share.
- Cisco breaks away in collaboration. Collaboration at Cisco has had its ups and downs over the past few years, but the company now pointed in the right direction. Spark was launched as a Slack-like team collaboration tool, but in actuality, it’s much more than that. It’s a fully integrated cloud, hardware and software experience that can deliver seamless, easy-to-use experiences on a mobile phone, desktop or meeting room. Expect Cisco to continue to innovate around Spark and create its next wave of growth in collaboration.
- The data center gets a shot in the arm with an acquisition. The Unified Computing System (UCS) carried the data center business unit at Cisco for years. Recently, though, the growth of the product has slowed. In fact, this past quarter saw the data center revenue fall 3 percent.
UCS is a great product, but the compute industry is shifting to hyperconverged infrastructure (HCI). Cisco’s current offering, HyperFlex, is an OEM from SpringPath, and channel feedback has been that they would prefer Cisco to own the product rather than OEM it. The OEM allows Cisco to dip its toe in the water, and in 2017 Cisco will jump in with both feet by acquiring SpringPath, which will stimulate data center growth.
- Expect Cisco to focus on analytics. When one thinks of analytics, the name Cisco is rarely top of mind. However, analytics is becoming a core component of Cisco’s strategy. Not only is it at the core of the recently announced Tetration product, but it is also fundamental to the company’s differentiation in security, Internet of Things, network operations and collaboration. Expect to see Cisco do more analytics on more network data to differentiate its offering from the many smaller competitors that can’t match its footprint.
- Cisco will push its engineer base to learn new skills. Markets transition. That’s a fact. And when then do, the engineers who work with the technology need to change their skills. Most vendors don’t see the transition, won’t admit its happening or don’t want to upset their engineer base by forcing them to change. And that always ends up being a disaster.
Think of engineers who worked with mainframes, Token Ring, TDM voice, SNA and other trends. Most are gone, as are the vendors that sold the stuff.
One of Cisco’s competitive advantages is its huge base of engineers, many of whom are steeped in the way networking was done. Based on my discussions with Cisco executives, including Jeanne Dunn, who runs Cisco’s learning group, I believe Cisco wants to disrupt its engineer base and have them learn new skills—such as automation, data sciences, programming and business skills. Some won’t like the changes to the certification requirements, but the fact is Cisco engineers need to start developing skills for the digital era.
- Executive churn will slow down. Since Robbins took the helm, there has been a steady churn at the executive level, including Kelly Ahuja, Rob Soderberry and the famed “MPLS” group—just to name a few.
I believe Robbins’ team is set now. And while there might be the odd departure here and there, this is the team he’s going to run with.
One question I’ve been asked is if the company would replace the recently departed CTO Zorawar Biri Singh. I believe engineering is in the best hands they can be under the co-leadership of Rowan Trollope (IoT and applications) and David Goeckeler (networking and security), and the structure will stay as is. Get used to the faces at the top; they should be sticking around for a while.
One thing that will remain the same at Cisco is the company’s commitment to changing the world. Cisco’s former CEO, John Chambers, had a great desire to have Cisco make the world a better place. As I pointed out earlier this year, Robbins has picked up the Corporate Social Responsibility (CSR) ball and is running with it faster than ever.
The world is becoming increasingly digitized, and many of the digital enablers—such as IoT, cloud and mobility—are network centric. The coming year presents Cisco a great opportunity to flex its enormous networking muscles and move into the next wave of growth.
The original article from http://www.networkworld.com/article/3148784/lan-wan/what-to-expect-from-cisco-in-2017.html
More Cisco News and Reviews
In the book Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP (it was written by Omar Santos), the author shared more contents about the Design of Cisco ASA with FirePOWER Services.
Now in the following part we selected some chapters that were shared with you: Cisco ASA FirePOWER Management Options
There are several options available for network security administrators to manage the Cisco ASA FirePOWER module. The Cisco ASA FirePOWER module provides a basic command-line interface (CLI) for initial configuration and troubleshooting only. Network security administrators can configure security policies on the Cisco ASA FirePOWER module using either of these methods:
- Administrators can configure the Cisco Firepower Management Center hosted on a separate appliance or deployed as a virtual machine (VM).
- Administrators can configure the Cisco ASA FirePOWER module deployed on Cisco ASA 5506-X, 5508-X, and 5516-X using Cisco’s Adaptive Security Device Manager (ASDM).
Figure 1 shows a Cisco ASA with FirePOWER Services being managed by a Cisco Firepower Management Center (FMC) in a VM.
Cisco ASA with FirePOWER Services Managed by a Cisco Firepower Management Center
In Figure 1 the Cisco Firepower Management Center manages the Cisco ASA FirePOWER module via its management interface. The following section provides important information about configuring and accessing the Cisco ASA FirePOWER module management interface.
Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances
In the Cisco ASA 5585-X, the Cisco ASA FirePOWER module includes a separate management interface. All management traffic to and from the Cisco ASA FirePOWER module must enter and exit this management interface, and the management interface cannot be used as a data interface.
The Cisco ASA FirePOWER module needs Internet access to perform several operations, such as automated system software updates and threat intelligence updates. If the module is managed by the Firepower Management Center, the FMC is the one that needs to have Internet access to perform those tasks.
Figure 2 shows an example of how you can physically connect the Cisco ASA FirePOWER module management interface to be able to reach the Internet via the Cisco ASA interface.
Cisco ASA 5585-X FirePOWER Module Management Interface
In Figure 2, the Cisco ASA 5585-X has two modules:
- A module running Cisco ASA software
- A module running FirePOWER Services
The Cisco ASA is managed via the interface named management 0/0 in this example. This interface is configured with the IP address 192.168.1.1. The Cisco ASA FirePOWER module is managed via the interface named management 1/0, configured with the IP address 192.168.1.2. The Cisco ASA FirePOWER module is being managed by a virtual Cisco Firepower Management Center. Both interfaces are connected to a Layer 2 switch in this example.
NOTE: You can use other cabling options with the Cisco ASA FirePOWER module management interface to be able to reach the Internet, depending on how you want to connect your network. However, the example illustrated in Figure 4 is one of the most common scenarios.
In order for the Cisco ASA FirePOWER module management interface to have an Internet connection, the default gateway of the Cisco ASA FirePOWER module is set to the Cisco ASA management interface IP address (192.168.1.1 in this example). Figure 3 illustrates the logical connection between the Cisco ASA FirePOWER module management interface and the Cisco ASA management interface.
Cisco ASA FirePOWER Module Management Interface
Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances
In the rest of the Cisco 5500-X appliances, the management interface is shared by the Cisco ASA FirePOWER module and the classic Cisco ASA software. These appliances include the Cisco ASA 5506-X, 5506W-X, 5506H-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, and 5555-X appliances.
Figure 4 shows a Cisco ASA 5516-X running Cisco ASA FirePOWER Services.
Cisco ASA 5500-X FirePOWER Module Management Interface
In Figure 4, the management interface is used by the Cisco ASA FirePOWER module. The management interface is configured with the IP address 10.1.2.2. You cannot configure an IP address for this interface in the Cisco ASA configuration. For the ASA 5506-X, 5508-X, and 5516-X, the default configuration enables the preceding network deployment; the only change you need to make is to set the module IP address to be on the same network as the ASA inside interface and to configure the module gateway IP address. For other models, you must remove the ASA-configured name and IP address for management 0/0 or 1/1 and then configure the other interfaces as shown in Figure 5.
NOTE: The management interface is considered completely separate from the Cisco ASA, and routing must be configured accordingly.
The Cisco ASA FirePOWER module default gateway is configured to be the inside interface of the Cisco ASA (10.1.2.1), as illustrated in Figure 5.
Cisco ASA 5500-X FirePOWER Module Default Gateway
If you must configure the management interface separately from the inside interface, you can deploy a router or a Layer 3 switch between both interfaces, as shown in Figure 8. This option is less common, as you still need to manage the ASA via the inside interface.
Cisco ASA 5500-X FirePOWER Module Management Interface Connected to a Router
In Figure 6, the Cisco ASA FirePOWER module default gateway is the router labeled R1, with the IP address 10.1.2.1. The Cisco ASA’s inside interface is configured with the IP address 10.1.1.1. The Cisco ASA FirePOWER module must have a way to reach the inside interface of the ASA to allow for on-box ASDM management. On the other hand, if you are using FMC, the Cisco ASA FirePOWER module needs to have a way to reach the FMC.
The Cisco IP Phone 8800 Series is a big family that has 11 models.
Models in this Series
- IP Phone 8800 Key Expansion Module
- IP Phone 8811
- IP Phone 8841
- IP Phone 8845
- IP Phone 8851
- IP Phone 8861
- IP Phone 8865
- IP Phone 8865NR
- Unified IP Conference Phone 8831
- Wireless IP Phone 8821
- Wireless IP Phone 8821-EX
The Cisco Wireless IP Phone 8821 is a new member of 8800 Series. It is the a ruggedized, resilient, and secure 802.11 wireless LAN handset that delivers cost-effective, on-premises, comprehensive voice over wireless LAN (VoWLAN) communications for the highly mobile in-campus worker.
There is another 8821-EX. The EX model is also compliant with nonsparking standards, even when temporarily exposed to hazardous atmospheric environments. (ATEX Zone 1/Class 2 and CSA Zone 1/Division II compliant.)
- The 8821 is specifically designed for workers whose roles are in more rigorous, industrial settings. Examples of ideal use cases include nurses and doctors in healthcare, operations and engineering staff in manufacturing, customer service representatives in retail, service staff such as maids in hospitality, and workers on rigs in the oil and chemical industries.
- While the 8821 is sleek and lightweight, the design is hardened for users. It is Ingress Protection standard (IP67) rated and is sealed for protection against dust, splash and water. The device is also MIL-STD-810G tested, with a dozen drops onto concrete from heights of up to 6 feet (1.8 m), to help ensure shock resistance and avoid breakage if dropped.
- The 8821 enhances security and simplifies configuration management. Stronger encryption is supported for certificate management and policy enablement with the support of Secure Hash Algorithm 2 (SHA-2). Simple Certificate Enrollment Protocol (SCEP) eases IT administration by enabling automatic certificate management on the device.
- End users will enjoy a larger, higher-resolution color display and a user experience that is common with Cisco IP Phone 8800 Series desk phones. In addition, roaming between access points within the campus will support more seamless voice communications with the 8821’s support of Fast Transition (802.11r). This protocol was specifically designed for mobile voice over IP (VoIP) communications devices within Wi-Fi networks. Bluetooth is supported for the user’s choice of third-party wireless headsets and adds freedom by untethering the user from the handset.
- The 8821 supports Cisco and/or third-party XML applications such as push-to-talk.
A full suite of accessories, including desktop chargers, cases, holsters, and multicharger, are available from Cisco to support deployments.
Cisco Wireless IP Phone 8821Features
The Cisco Wireless IP Phone 8821 is designed for users in rigorous workspaces as well as general office environments. It supports a wide range of features for enhanced voice communications, quality of service (QoS), and security. Some of the main benefits and highlights are listed here:
● IEEE 802.11a/b/g/n/ac radio for VoWLAN communications support
● The large 2.4-inch (6 cm) color (240 x 320 pixels) display makes viewing easy
● IP67 rated for protection against dust, splash, and water
● MIL-STD-810G standard for shock resistance
● The phone offers exceptional voice quality with high-definition (HD) voice
● A built-in full-duplex speakerphone offers high-quality hands-free communications
● The phone supports third-party Bluetooth 3.0 headsets and a 3.5-mm headphone jack for added freedom
● The Applications key provides direct access to XML applications such as push-to-talk and Lone Worker
● Battery life delivers a minimum of 13 hours of talk time
● Enhanced encryption support for SHA-1 and SHA-2 signatures
● Fast, secure roaming using 802.11r and Cisco Centralized Key Management roaming
● Automatic certificate renewal –SCEP support
Specifications of Cisco Wireless IP Phone 8821 at a Glance
2.4-in (6 cm) color graphical TFT
Yes; full duplex
WLAN networking protocols
802.11a,b,g, n, ac
Battery rechargeable / talk time
Yes; talk time: 13 hours; standby: 240 hours
Extensible Markup Language (XML)
Desktop and multi-chargers, belt clips, handset cases, lanyards, holsters
The Main Cisco IP Phone 8800 Models-Major Features
Cisco Intelligent Proximity
To use the phone, the phone needs to be connected to a network and configured to connect to a call control system. The phones support many functions and features, depending on the call control system. Your phone might not have all functions available, based on the way your administrator has set up the phone.
The Cisco industrial router portfolio includes a range of compact, ruggedized modular products to build a highly secure, reliable, and scalable loT infrastructure. These products are certified to meet harsh environmental standards. They support a variety of communications interfaces, such as Ethernet, serial, fiber, cellular, Wi-Fi, Wi-SUN RF mesh, and others.
The Cisco Industrial Router Portfolio
The complete line of industrial routers includes:
Cisco 1000 Series Connected Grid Routers: Rugged routers designed for harsh environments, like those found in the utilities industry. Ideal for integrating multiple applications, such as advanced metering infrastructure (AMI), distribution automation, distributed energy resources (DER), street lighting, and remote workforce automation within a multi-service network.
Cisco 2000 Series Connected Grid Routers: Highly secure, reliable routers for the energy and utilities industries ideal for SCADA monitoring of transmission and distribution systems.
Cisco ASR 903 Aggregation Services Routers: Full-featured, modular, small-footprint, and fully redundant aggregation routers. They offer service flexibility and deliver Layer 2, IP, and Multiprotocol Label Switching (MPLS) transport for advanced Layer 2 VPN, Layer 3 VPN, and multicast services.
Cisco 500 Series WPAN Industrial Routers: Wi-SUN RF Mesh ruggedized routers provide unlicensed 915-MHz, ISM-band wireless personal-area network (WPAN) communications that enables IoT applications, including smart metering, distribution automation, street lighting, and remote supervisory control and data acquisition (SCADA) monitoring.
Cisco 809 Industrial Integrated Services Routers: Very compact cellular (3G and 4G/LTE) industrial routers for remote deployment in various industries. They enable reliable and secure cellular connectivity for remote asset monitoring and machine-to-machine (M2M) applications such as distribution automation, pipeline monitoring, and roadside infrastructure monitoring.
Cisco 819 Integrated Services Routers: Compact, hardened form factor, cellular (3G, WLAN, or 4G options) routers that allow businesses to deploy secure 3G WWAN loT applications, like ATMs, wireless kiosks, digital signage, and more.
Cisco 829 Industrial Integrated Services Routers: Highly ruggedized compact cellular (3G and 4G LTE with GPS and dual SIM) and WLAN (2.4/5GHz) industrial routers supporting for scalable, reliable, and secure management of IoT applications requiring mobile connectivity such as fleet vehicles and mass transit.
The Cisco IR 829 dual LTE offers multipath LTE and/or WAN backhaul for mission-critical IoT initiatives requiring highly secure data delivery, edge application execution and redundant connectivity.
Cisco 910 Industrial Router: Highly adaptable routers that you can easily integrate with third-party solutions to deliver smart city applications, such as environmental monitoring, smart parking, smart metering, and more.
Capabilities for Rugged, Industrial Settings
We designed the Cisco industrial routers to withstand harsh operating environments and to offer high-performance, secure connectivity of scale. Key features include:
• Design for industrial applications, including extended environmental, shock, vibration, and surge ratings; a complete set of power input options; convection cooling; and DIN rail, 19-inch rack or wall mounting.
• Advanced security such as Dynamic Multipoint VPN, stateful firewall, and access control lists to provide multi-layered security architecture.
• Diverse modular interfaces (Ethernet, T1/E1, 3G and 4G LTE cellular, asynch/synch, serial, and others) for diverse infrastructure needs.
• Advanced quality-of-service (QoS) capabilities to support mission-critical communications, such as command and control.
• Cisco IOx, an open, extensible environment for executing IoT applications at the network edge.
• Simple management and operation using network management tools such as IoT Field Network Director and Industrial Operations Kit.
Extend the role of the router to an application delivery platform with Cisco Integrated Services Router Generation 2 and Cisco ASR 1000 Series Aggregation Services Routers with Application Experience (AX).
This integrated solution includes Cisco Application Visibility and Control and Cisco Wide Area Application Services.
AX provides application services that:
- Deliver business applications faster
- Reduce bandwidth costs and latency by more than 50 percent
- Simplify IT management
In addition, Cisco AX:
- Delivers exceptional user experiences by meeting application-specific requirements
- Helps securely connect users to applications deployed anywhere at scale
- Provides application-level visibility and control of all passing traffic without probes
- Validates application response time and network readiness
Cisco AX offers a powerful suite of application services at up to 30 percent lower cost than standalone WAN optimization appliances. It also provides more capabilities, such as:
- Networkwide visibility to over 1000 applications
- Granular control on application prioritization and path control
- Enterprise-class optimization that increases application performance up to 70 percent
- Industry-leading security services, including VPN and threat defense
With the option to add Cisco UCS E-Series server blades and Cisco Cloud Connectors to Cisco ISR-AX, you can build a complete virtualized application platform in one branch router.
And Cisco ISR-AX includes:
- Cisco Application Visibility and Control (AVC), with NBAR2, QoS, and PfR
- WAN optimization - Cisco Wide Area Application Services (WAAS)
- Security, including firewall, IP Security (IPsec) and SSL VPN
- Cisco Services-Ready Engine (SRE) Modules or Max RAM (optional: UCS E-Series)
The Cisco ASR1000-AX is available on the ASR 1000 Series and includes:
- Cisco Application Visibility and Control (AVC), with NBAR2, QoS, and PfR
- WAN optimization - Cisco Virtual Wide Area Application Services (vWAAS) and Cisco AppNav
- Security, including firewall, IP Security (IPsec) and SSL VPN
- 5 Gbps Performance