Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #networking tag

Cisco ASA FirePOWER Management Options

May 26 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #IT, #Technology, #Data Center, #Cisco & Cisco Network, #Cisco Switches - Cisco Firewall

In the book Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP (it was written by Omar Santos), the author shared more contents about the Design of Cisco ASA with FirePOWER Services.

Now in the following part we selected some chapters that were shared with you: Cisco ASA FirePOWER Management Options

There are several options available for network security administrators to manage the Cisco ASA FirePOWER module. The Cisco ASA FirePOWER module provides a basic command-line interface (CLI) for initial configuration and troubleshooting only. Network security administrators can configure security policies on the Cisco ASA FirePOWER module using either of these methods:

  • Administrators can configure the Cisco Firepower Management Center hosted on a separate appliance or deployed as a virtual machine (VM).
  • Administrators can configure the Cisco ASA FirePOWER module deployed on Cisco ASA 5506-X, 5508-X, and 5516-X using Cisco’s Adaptive Security Device Manager (ASDM).

Figure 1 shows a Cisco ASA with FirePOWER Services being managed by a Cisco Firepower Management Center (FMC) in a VM.

Cisco ASA with FirePOWER Services Managed by a Cisco Firepower Management Center

 

In Figure 1 the Cisco Firepower Management Center manages the Cisco ASA FirePOWER module via its management interface. The following section provides important information about configuring and accessing the Cisco ASA FirePOWER module management interface.

Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances

In the Cisco ASA 5585-X, the Cisco ASA FirePOWER module includes a separate management interface. All management traffic to and from the Cisco ASA FirePOWER module must enter and exit this management interface, and the management interface cannot be used as a data interface.

The Cisco ASA FirePOWER module needs Internet access to perform several operations, such as automated system software updates and threat intelligence updates. If the module is managed by the Firepower Management Center, the FMC is the one that needs to have Internet access to perform those tasks.

Figure 2 shows an example of how you can physically connect the Cisco ASA FirePOWER module management interface to be able to reach the Internet via the Cisco ASA interface.

Cisco ASA 5585-X FirePOWER Module Management Interface

 

In Figure 2, the Cisco ASA 5585-X has two modules:

  • A module running Cisco ASA software
  • A module running FirePOWER Services

The Cisco ASA is managed via the interface named management 0/0 in this example. This interface is configured with the IP address 192.168.1.1. The Cisco ASA FirePOWER module is managed via the interface named management 1/0, configured with the IP address 192.168.1.2. The Cisco ASA FirePOWER module is being managed by a virtual Cisco Firepower Management Center. Both interfaces are connected to a Layer 2 switch in this example.

NOTE: You can use other cabling options with the Cisco ASA FirePOWER module management interface to be able to reach the Internet, depending on how you want to connect your network. However, the example illustrated in Figure 4 is one of the most common scenarios.

In order for the Cisco ASA FirePOWER module management interface to have an Internet connection, the default gateway of the Cisco ASA FirePOWER module is set to the Cisco ASA management interface IP address (192.168.1.1 in this example). Figure 3 illustrates the logical connection between the Cisco ASA FirePOWER module management interface and the Cisco ASA management interface.

Cisco ASA FirePOWER Module Management Interface

 

Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances

In the rest of the Cisco 5500-X appliances, the management interface is shared by the Cisco ASA FirePOWER module and the classic Cisco ASA software. These appliances include the Cisco ASA 5506-X, 5506W-X, 5506H-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, and 5555-X appliances.

Figure 4 shows a Cisco ASA 5516-X running Cisco ASA FirePOWER Services.

Cisco ASA 5500-X FirePOWER Module Management Interface

 

In Figure 4, the management interface is used by the Cisco ASA FirePOWER module. The management interface is configured with the IP address 10.1.2.2. You cannot configure an IP address for this interface in the Cisco ASA configuration. For the ASA 5506-X, 5508-X, and 5516-X, the default configuration enables the preceding network deployment; the only change you need to make is to set the module IP address to be on the same network as the ASA inside interface and to configure the module gateway IP address. For other models, you must remove the ASA-configured name and IP address for management 0/0 or 1/1 and then configure the other interfaces as shown in Figure 5.

NOTE: The management interface is considered completely separate from the Cisco ASA, and routing must be configured accordingly.

The Cisco ASA FirePOWER module default gateway is configured to be the inside interface of the Cisco ASA (10.1.2.1), as illustrated in Figure 5.

Cisco ASA 5500-X FirePOWER Module Default Gateway

 

If you must configure the management interface separately from the inside interface, you can deploy a router or a Layer 3 switch between both interfaces, as shown in Figure 8. This option is less common, as you still need to manage the ASA via the inside interface.

Cisco ASA 5500-X FirePOWER Module Management Interface Connected to a Router

 

In Figure 6, the Cisco ASA FirePOWER module default gateway is the router labeled R1, with the IP address 10.1.2.1. The Cisco ASA’s inside interface is configured with the IP address 10.1.1.1. The Cisco ASA FirePOWER module must have a way to reach the inside interface of the ASA to allow for on-box ASDM management. On the other hand, if you are using FMC, the Cisco ASA FirePOWER module needs to have a way to reach the FMC.

Reference from http://www.ciscopress.com/articles/article.asp?p=2730336&seqNum=3

More Related

How to Deploy the Cisco ASA FirePOWER Services in the Internet Edge, VPN Scenarios and Data Center?

The Most Common NGFW Deployment Scenarios

Cisco ASA with FirePOWER Services

How to Start a Cisco ASA 5585-X Series?

Read more

Using Your Wireless IP Phone 8821

May 19 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco IP Phones, #Networking

The Cisco IP Phone 8800 Series is a big family that has 11 models.

Models in this Series

  1. IP Phone 8800 Key Expansion Module
  2. IP Phone 8811
  3. IP Phone 8841
  4. IP Phone 8845
  5. IP Phone 8851
  6. IP Phone 8861
  7. IP Phone 8865
  8. IP Phone 8865NR
  9. Unified IP Conference Phone 8831
  10. Wireless IP Phone 8821
  11. Wireless IP Phone 8821-EX

The Cisco Wireless IP Phone 8821 is a new member of 8800 Series. It is the a ruggedized, resilient, and secure 802.11 wireless LAN handset that delivers cost-effective, on-premises, comprehensive voice over wireless LAN (VoWLAN) communications for the highly mobile in-campus worker.

There is another 8821-EX. The EX model is also compliant with nonsparking standards, even when temporarily exposed to hazardous atmospheric environments. (ATEX Zone 1/Class 2 and CSA Zone 1/Division II compliant.)

  1. The 8821 is specifically designed for workers whose roles are in more rigorous, industrial settings. Examples of ideal use cases include nurses and doctors in healthcare, operations and engineering staff in manufacturing, customer service representatives in retail, service staff such as maids in hospitality, and workers on rigs in the oil and chemical industries.
  2. While the 8821 is sleek and lightweight, the design is hardened for users. It is Ingress Protection standard (IP67) rated and is sealed for protection against dust, splash and water. The device is also MIL-STD-810G tested, with a dozen drops onto concrete from heights of up to 6 feet (1.8 m), to help ensure shock resistance and avoid breakage if dropped.
  3. The 8821 enhances security and simplifies configuration management. Stronger encryption is supported for certificate management and policy enablement with the support of Secure Hash Algorithm 2 (SHA-2). Simple Certificate Enrollment Protocol (SCEP) eases IT administration by enabling automatic certificate management on the device.
  4. End users will enjoy a larger, higher-resolution color display and a user experience that is common with Cisco IP Phone 8800 Series desk phones. In addition, roaming between access points within the campus will support more seamless voice communications with the 8821’s support of Fast Transition (802.11r). This protocol was specifically designed for mobile voice over IP (VoIP) communications devices within Wi-Fi networks. Bluetooth is supported for the user’s choice of third-party wireless headsets and adds freedom by untethering the user from the handset.
  5. The 8821 supports Cisco and/or third-party XML applications such as push-to-talk.

A full suite of accessories, including desktop chargers, cases, holsters, and multicharger, are available from Cisco to support deployments.

Cisco Wireless IP Phone 8821Features

The Cisco Wireless IP Phone 8821 is designed for users in rigorous workspaces as well as general office environments. It supports a wide range of features for enhanced voice communications, quality of service (QoS), and security. Some of the main benefits and highlights are listed here:

● IEEE 802.11a/b/g/n/ac radio for VoWLAN communications support

● The large 2.4-inch (6 cm) color (240 x 320 pixels) display makes viewing easy

● IP67 rated for protection against dust, splash, and water

● MIL-STD-810G standard for shock resistance

● The phone offers exceptional voice quality with high-definition (HD) voice

● A built-in full-duplex speakerphone offers high-quality hands-free communications

● The phone supports third-party Bluetooth 3.0 headsets and a 3.5-mm headphone jack for added freedom

● The Applications key provides direct access to XML applications such as push-to-talk and Lone Worker

● Battery life delivers a minimum of 13 hours of talk time

● Enhanced encryption support for SHA-1 and SHA-2 signatures

● Fast, secure roaming using 802.11r and Cisco Centralized Key Management roaming

● Automatic certificate renewal –SCEP support

Specifications of Cisco Wireless IP Phone 8821 at a Glance

Attribute

Specification

Display

2.4-in (6 cm) color graphical TFT

Speakerphone

Yes; full duplex

Bluetooth

4.0

WLAN networking protocols

802.11a,b,g, n, ac

Battery rechargeable / talk time

Yes; talk time: 13 hours; standby: 240 hours

Applications support

Extensible Markup Language (XML)

Accessories

Desktop and multi-chargers, belt clips, handset cases, lanyards, holsters

The Main Cisco IP Phone 8800 Models-Major Features

Features

8811

8841

8845

8851

8851NR

8861

8865

8865NR

Screen

Grayscale

Color

Color

Color

Color

Color

Color

Color

USB Ports

0

0

0

1

1

2

2

2

Built-in Camera

No

No

Yes

No

No

No

Yes

Yes

Wi-Fi

No

No

No

No

No

Yes

Yes

No

Bluetooth

No

No

Yes

Yes

No

Yes

Yes

No

Cisco Intelligent Proximity

No

No

Yes

Yes

No

Yes

Yes

No

To use the phone, the phone needs to be connected to a network and configured to connect to a call control system. The phones support many functions and features, depending on the call control system. Your phone might not have all functions available, based on the way your administrator has set up the phone.

More Related

The New Cisco Wireless IP Phone 8821-EX

IP Phone 8800 Series, Next-Generation Voice Communications for Today’s Workforce

What’s New on Cisco IP Phone 8800 Series

IP Phone 8861 vs. IP Phone 8851 vs. IP Phone 8841

 

Read more

Cisco Industrial Router Portfolio

May 18 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers, #Networking, #IT

The Cisco industrial router portfolio includes a range of compact, ruggedized modular products to build a highly secure, reliable, and scalable loT infrastructure. These products are certified to meet harsh environmental standards. They support a variety of communications interfaces, such as Ethernet, serial, fiber, cellular, Wi-Fi, Wi-SUN RF mesh, and others.

The Cisco Industrial Router Portfolio

The complete line of industrial routers includes:

Cisco 1000 Series Connected Grid Routers: Rugged routers designed for harsh environments, like those found in the utilities industry. Ideal for integrating multiple applications, such as advanced metering infrastructure (AMI), distribution automation, distributed energy resources (DER), street lighting, and remote workforce automation within a multi-service network.

Cisco 2000 Series Connected Grid Routers: Highly secure, reliable routers for the energy and utilities industries ideal for SCADA monitoring of transmission and distribution systems.

Cisco ASR 903 Aggregation Services Routers: Full-featured, modular, small-footprint, and fully redundant aggregation routers. They offer service flexibility and deliver Layer 2, IP, and Multiprotocol Label Switching (MPLS) transport for advanced Layer 2 VPN, Layer 3 VPN, and multicast services.

Cisco 500 Series WPAN Industrial Routers: Wi-SUN RF Mesh ruggedized routers provide unlicensed 915-MHz, ISM-band wireless personal-area network (WPAN) communications that enables IoT applications, including smart metering, distribution automation, street lighting, and remote supervisory control and data acquisition (SCADA) monitoring.

Cisco 809 Industrial Integrated Services Routers: Very compact cellular (3G and 4G/LTE) industrial routers for remote deployment in various industries. They enable reliable and secure cellular connectivity for remote asset monitoring and machine-to-machine (M2M) applications such as distribution automation, pipeline monitoring, and roadside infrastructure monitoring.

Cisco 819 Integrated Services Routers: Compact, hardened form factor, cellular (3G, WLAN, or 4G options) routers that allow businesses to deploy secure 3G WWAN loT applications, like ATMs, wireless kiosks, digital signage, and more.

Cisco 829 Industrial Integrated Services Routers: Highly ruggedized compact cellular (3G and 4G LTE with GPS and dual SIM) and WLAN (2.4/5GHz) industrial routers supporting for scalable, reliable, and secure management of IoT applications requiring mobile connectivity such as fleet vehicles and mass transit.

The Cisco IR 829 dual LTE offers multipath LTE and/or WAN backhaul for mission-critical IoT initiatives requiring highly secure data delivery, edge application execution and redundant connectivity.

Cisco 910 Industrial Router: Highly adaptable routers that you can easily integrate with third-party solutions to deliver smart city applications, such as environmental monitoring, smart parking, smart metering, and more.

 

Capabilities for Rugged, Industrial Settings

We designed the Cisco industrial routers to withstand harsh operating environments and to offer high-performance, secure connectivity of scale. Key features include:

• Design for industrial applications, including extended environmental, shock, vibration, and surge ratings; a complete set of power input options; convection cooling; and DIN rail, 19-inch rack or wall mounting.

• Advanced security such as Dynamic Multipoint VPN, stateful firewall, and access control lists to provide multi-layered security architecture.

• Diverse modular interfaces (Ethernet, T1/E1, 3G and 4G LTE cellular, asynch/synch, serial, and others) for diverse infrastructure needs.

• Advanced quality-of-service (QoS) capabilities to support mission-critical communications, such as command and control.

• Cisco IOx, an open, extensible environment for executing IoT applications at the network edge.

• Simple management and operation using network management tools such as IoT Field Network Director and Industrial Operations Kit.

 

Info from https://www.cisco.com/c/dam/en/us/products/collateral/routers/809-industrial-router/at-a-glance-c45-735008.pdf

 

More Related

Cisco 809 Industrial ISR vs. 829 Industrial ISR

The New Cisco RV Series VPN Routers-RV340, RV345

Try the Cisco Solution for LoRaWAN

Read more

Cisco Application Experience/AX Overview

April 27 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Routers, #Cisco Technology - IT News, #IT, #Technology

Extend the role of the router to an application delivery platform with Cisco Integrated Services Router Generation 2 and Cisco ASR 1000 Series Aggregation Services Routers with Application Experience (AX).

This integrated solution includes Cisco Application Visibility and Control and Cisco Wide Area Application Services.

AX provides application services that:

  • Deliver business applications faster
  • Reduce bandwidth costs and latency by more than 50 percent
  • Simplify IT management

In addition, Cisco AX:

  • Delivers exceptional user experiences by meeting application-specific requirements
  • Helps securely connect users to applications deployed anywhere at scale
  • Provides application-level visibility and control of all passing traffic without probes
  • Validates application response time and network readiness

Cisco AX offers a powerful suite of application services at up to 30 percent lower cost than standalone WAN optimization appliances. It also provides more capabilities, such as:

  • Networkwide visibility to over 1000 applications
  • Granular control on application prioritization and path control
  • Enterprise-class optimization that increases application performance up to 70 percent
  • Industry-leading security services, including VPN and threat defense

With the option to add Cisco UCS E-Series server blades and Cisco Cloud Connectors to Cisco ISR-AX, you can build a complete virtualized application platform in one branch router.

 Cisco ISR-AX is available on Cisco 4451-X, 3900, 2900, and 1900 Series Integrated Services Routers

And Cisco ISR-AX includes:

  • Cisco Application Visibility and Control (AVC), with NBAR2, QoS, and PfR
  • WAN optimization - Cisco Wide Area Application Services (WAAS)
  • Security, including firewall, IP Security (IPsec) and SSL VPN
  • Cisco Services-Ready Engine (SRE) Modules or Max RAM (optional: UCS E-Series)

 The Cisco ASR1000-AX is available on the ASR 1000 Series and includes:

  • Cisco Application Visibility and Control (AVC), with NBAR2, QoS, and PfR
  • WAN optimization - Cisco Virtual Wide Area Application Services (vWAAS) and Cisco AppNav
  • Security, including firewall, IP Security (IPsec) and SSL VPN
  • 5 Gbps Performance

Reference from

http://www.cisco.com/c/en/us/solutions/enterprise-networks/application-experience/index.html#~overview

More related

The “Always On” Cisco ISR 4000 Will Replace the Popular Cisco 1900, 2900, and 3900 Series

Model Comparison: ISR 4321 vs. 4331 vs. 4351 vs. 4431 vs. 4451 Router

Cisco 4451-X vs. Cisco 3945E vs. 3925E vs. Cisco 3945 vs. 3925 Router

Cisco ISR 4451-X, Prepared for Future Branch Network Needs

Read more

Embrace Efficiency and Lower Costs with Cisco Digital Building Series

April 26 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Switches - Cisco Firewall, #IT

Designed for smart buildings and optimized for low-voltage PoE, the new Catalyst Digital Building plenum-rated UPOE fan-less switches combine lighting, air conditioning, security systems, and more on one IP network with seamless security and easy installation and management.

Cisco Catalyst Digital Building Series Switch Highlights

● 8 fast Ethernet ports and 2 gigabit copper uplink ports, with line-rate forwarding performance

● Universal Power over Ethernet (Cisco UPOE) and Power over Ethernet Plus (PoE+) support with up to 480W of power budget.

● Support for Layer 2 features, optimized for robust connectivity to lighting and other building IoT devices.

● Silent operation due to fanless design, which enhances reliability

● Enhanced Limited Lifetime Warranty (E-LLW)

Cisco Catalyst Digital Building Series Switch Models and Default Software

The Cisco Catalyst Digital Building Switches are available in two switch models. They vary by the output power/port supported by the model. One model supports Power over Ethernet Plus (PoE+), which guarantees 30W/port of power. The other model supports Universal Power over Ethernet (UPOE), which guarantees double the power, 60W/port.

Model

Ethernet Ports

PoE
Output Ports

Available
PoE Power

Uplinks

Default Software

CDB-8U

8 x 10/100 Fast Ethernet UPOE

8

480W

2 x 10/100/1000

LAN Lite

CDB-8P

8 x 10/100 Fast Ethernet PoE+

8

240W

2 x 10/100/1000

LAN Lite

 

Embrace Efficiency and Lower Costs with Cisco Digital Building Series

The Cisco Catalyst Digital Building Series Switches are industry’s first ever purpose-built switch designed for low-voltage LED lighting and digital building systems. The switch can be used to power devices and applications with Cisco’s perpetual and fast Universal Power over Ethernet (UPOE) technologies, delivering up to 60W/port.

The Cisco Catalyst Digital Building Series Switch offers several benefits that no other competitive switch in the market does:

• Flexible deployment with semiruggedized, plenum-rated, UL-certified fanless features, multiple powering options, and support for mobile apps for easy deployment

• <0.5W power consumption on standby, Uninterrupted power during reboots and rapid power restoration under 5 seconds after power resumption

• High security and reliability with long-lasting 10+ year system life and threat sensing and mitigation when used with Catalyst 3850 upstream switches.

• Functional interoperability with CoAP proxy support, a lightweight protocol for constrained devices: lights, VAV systems, digital signage, sensors, and so on.

 

More Related

Cisco’s New ‘Light Switch’-The Catalyst Digital Building Series

Read more

EoS and EoL Announcement for the Cisco Small Business 300 Series Managed Switches (Select Models)

March 29 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Networking, #Cisco News

Cisco announced the end-of-sale Cisco Small Business 300 Series Managed Switches (Select Models). The last day to order the affected product(s) is May 31, 2017. Customers will continue to receive phone support from the Cisco Small Business Support Center (SBSC) as shown in Table1 of the EoL bulletin.

  • Table1 describes the end-of-life milestones, definitions, and dates for the affected product(s).
  • Table2 lists the product part numbers affected by this announcement. For customers with active product warranties, support will be available as stated in the product warranty terms and conditions.

Table1. End-of-Life Milestones and Dates for the Cisco Small Business 300 Series Managed Switches (Select Models)

Milestone

Definition

Date

End-of-Life Announcement Date

The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public.

March 1, 2017

End-of-Sale Date:
HW

The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.

May 31, 2017

End of Phone Support:
HW

The last date to receive phone support as part of the product warranty. After this date, all phone support services for the product are available with additional charges or support fees. In some cases, support may not be available.

May 31, 2018

Last Ship Date:
HW

The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.

August 29, 2017

End of SW Maintenance Releases Date:
HW

The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.

May 31, 2018

Last Date of Support:
HW

The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete**. Warranty duration is based on product ship dates; refer to warranty terms and conditions for details.

May 31, 2022

HW=Hardware OS SW=Operating System Software App. SW=Application Software

Table2. Product Part Numbers Affected by This Announcement

End-of-Sale Product Part Number

Product Description

Replacement Product Part Number

Replacement Product Description

Additional Information

SF300-24MP-K9-AU

SF300-24MP 24-port 10/100 Max PoE Managed Switch

SG300-28MP-K9-AU

SG300-28MP 28-port Gigabit Max-PoE Managed Switch

-

SF300-24MP-K9-CN

SF300-24MP 24-port 10/100 Max PoE Managed Switch

SG300-28MP-K9-CN

SG300-28MP 28-port Gigabit Max-PoE Managed Switch

-

SF302-08MPP-K9-AU

SF302-08MPP 8-port 10/100 Max PoE+ Managed Switch

SG300-10MPP-K9-AU

SG300-10MPP 10-port Gigabit Max PoE+ Managed Switch

-

SG300-28SFP-K9-CN

SG300-28SFP 28-port Gigabit SFP Managed Switch

SG550XG-24F-K9-CN

Cisco SG550XG-24F 24-Port 10G SFP+ Stackable Managed Switch

-

SRW208-K9-AU

SF 300-08 8-port 10/100 Managed Switch

SRW2008-K9-AU

SG300-10 10-port Gigabit Managed Switch

-

SRW208G-K9-JP

SF 302-08 8-port 10/100 Managed Switch with Gigabit Uplinks

SRW2008-K9-JP

SG 300-10 10-port Gigabit Managed Switch

-

SRW248G4-K9-AU

SF 300-48 48-port 10/100 Managed Switch with Gigabit Uplinks

SF350-48-K9-AU

Cisco SF350-48 48-port 10/100 Managed Switch

-

Product Migration Options: Service prices for Cisco products are subject to change after the product End-of-Sale date. The Cisco Takeback and Recycle program helps businesses properly dispose of surplus products that have reached their end of useful life. The program is open to all business users of Cisco equipment and its associated brands and subsidiaries. For more information, go to: http://www.cisco.com/web/about/ac227/ac228/ac231/about_cisco_takeback_recycling.html.

 

For More Information

For more information about the Cisco End-of-Life Policy, go to:

http://www.cisco.com/en/US/products/products_end-of-life_policy.html.

**For more information about the Cisco Product Warranties, go to:

http://www.cisco.com/en/US/products/prod_warranties_listing.html.

To subscribe to receive end-of-life/end-of-sale information, go to:

http://www.cisco.com/cisco/support/notifications.html.

EoL and EoS News from

http://www.cisco.com/c/en/us/products/collateral/switches/small-business-300-series-managed-switches/eos-eol-notice-c51-738667.html

More Cisco EoL and EoS News you can read here:

http://blog.router-switch.com/category/news/eol-eos/

Read more

Cisco ASR 1000 Series Use Cases

March 21 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Routers, #Technology, #Cisco Technology - IT News

When your enterprises or organization are going to choose the Cisco ASR 1000 Series, you should know these Cisco ASR 1000 Series Enterprise and Service Provider Applications.

Cisco ASR 1000 Series routers sit at the edge of your enterprise data center or large office connecting to the WAN, as well as in service provider points of presence (POPs). The Cisco ASR 1000 Series will benefit the following types of customers:

  • Enterprises experiencing explosive network traffic as mobility, cloud networking, and video and collaboration usage increase: Cisco ASRs consolidate these various traffic streams and apply traffic management and redundancy properties to them to maintain consistent performance among enterprise sites and cloud locations.
  • Network service providers needing to deliver high-performance services, such as DCI and branch-office server aggregation, to business customers: Service providers can also use the multiservice routers to deploy hosted and managed services to business and multimedia services to residential customers.
  • Existing Cisco 7200 Series Router (end-of-sale) customers looking for simple migration to a new multiservice platform that delivers greater performance with the same design.

Tables2 and Table3 describe enterprise and service provider application examples, respectively.

Table2. Cisco ASR 1000 Series Enterprise Applications

Deployment Scenario

Description

System Characteristics

WAN edge: Guarantee high-priority applications by creating a virtual “glass ceiling” for lower-priority applications. Improve user experiences.

● Applies Modular QoS CLI (MQC) policies on VLANs or tunnels

● Limits an arbitrary collection of low‑priority traffic to a certain bandwidth

● Classifies based on differentiated services code point (DSCP), Network-Based Application Recognition (NBAR), and Cisco IOS Cisco IOS FPM (FPM) into numerous hierarchies, one for high priority and one for low priority

● Implements flexible hierarchies

● Supports 464,000 queues

● Allows all queues to have a minimum, maximum, and excess bandwidth with priority propagation

Multiservice, scalable, and secure headend:

IP Security (IPsec) VPN aggregation scales to meet the new bandwidth demands of service provider IP VPNs.

● Reduces capital expenditures (CapEx) and operating expenses (OpEx) by migrating and consolidating to fewer Cisco ASR 1000 Series Routers

● Protects investment through easy transition to much higher encryption support, offering encryption support of up to 78 Gbps with the 200-Gbps Cisco ASR 1000 Series ESP (ASR1000-ESP200)

● Offers easier management through embedded security services in the Cisco Flow Processor, with no additional service modules or blades required

● Optimized for QoS and IP Multicast applications

● Supports thousands of sites

● Supports 8,000 IPsec tunnels

● Offers up to 78-Gbps encryption performance and up to 200-Gbps noncryptographic throughput support with the Cisco ASR 1000 Series 200-Gbps Embedded Services Processor
(ASR1000-ESP200) engine

Embedded high-speed firewall:

With the Zone-Based Policy Firewall, the Cisco ASR 1000 Series acts as an implicit and complete barrier between any interfaces not members of the same zone. An explicit zone-pair policy must be specified (using Cisco Policy Language; that is, MQC) in each direction between each zone pair. The policy establishes within the router the kind of stateful inspection (Layer 4, Layer 7, or application) and session parameters to apply to each zone pairing.

Example: An explicit policy allowing HTTP and Domain Name System (DNS) to traverse the Internet-demilitarized zone (DMZ) zone boundary would be required.

● The firewall is embedded in the Cisco Flow Processor; no additional service blades or modules are required.

● Multiple gigabits of bandwidth are routed while at the same time the router performs Zone‑Based Policy Firewall and other baseline features such as QoS, IPv4, IPv6, NetFlow, and others.

● The Cisco ASR 1000 Series provides logging of all firewall session states off to network management applications capable of accepting relatively huge amounts of flow data. Third-party applications can handle the session data.

● Provides firewall performance of 2.5 to 200 Gbps, depending on the ESP used

● Offers high-speed logging of 40,000 sessions per second with NetFlow Version 9

Managed CPE: This implementation of branch-office architecture offers powerful investment protection with services and scale.

● Managed customer premises equipment (CPE) helps branch offices route correctly over various types of Ethernet to comply with service-level agreements (SLAs).

● This application encrypts multiple gigabits of bandwidth without any additional service blades or modules.

● Managed CPE optimizes the WAN to route around brownouts in the service provider network to further guarantee mission-critical applications.

● This application offers small form factors (1 rack unit [1RU] for the Cisco ASR 1001-X and ASR 1001-HX and 2RUs for the Cisco ASR 1002-HX and ASR 1002-X Routers), including software modularity and ISSU.

Note: ISSU is not supported on Cisco ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1002-X, or ASR 1004. Managed CPE offers accessibility even when the Cisco IOS Software is down.

● Offers first-in-industry software redundancy support, without any additional hardware module, on Cisco ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1002-X, and ASR 1004; hardware redundancy and ISSU are supported on the Cisco ASR 1006 and ASR 1013.

● Offers powerful firewall and NAT performance of 2.5 to 200 Gbps and 1.8- to 78-Gbps encryption support in addition to WAN optimization and voice features

 

Table3. Cisco ASR 1000 Series Service Provider Applications

Deployment Scenario

Description

System Characteristics

Broadband L2TP Access Concentrator (LAC) or L2TP Network Server (LNS):

The solution offers Layer 2 Tunneling Protocol (L2TP) endpoint-to-tunnel
Point-to-Point Protocol (PPPoX) or IP sessions with bandwidth demands in the STM-1 ATM, Fast Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet range.

● The application is ideal for triple-play (data, voice, and video) wholesale deployments.

● It offers integral service delivery.

● Per-user firewall, session border controller (SBC), etc. are supported.

● Provides very high scalability of up to 64,000 subscribers and up to 16,000 tunnels

Service provider edge: Layer 3 VPN (L3VPN) provider edge:

Example: You can deploy the solution at the distributed provider edge or provider edge in global VPN networks for bandwidth demands such as asymmetric DSL (ADSL), T1/E1, STM-1, STM-4, Fast Ethernet, Gigabit Ethernet, etc.

● The application provides integral services in the Cisco Flow Processor.

● It provides encryption, FPM, NBAR, SBC, IP Multicast, etc.

● Offers excellent multicast performance

● Scales to 8,000 Virtual Route Forwarding (VRF) instances, 1 million Label Distribution Protocol (LDP) labels, and 4,000 access control lists (ACLs)

● Supports up to 4 million IPv4 routes

● Supports up to 4 million IPv6 routes

Service provider edge: High-end route reflector:

You can use the solution as a route reflector for bandwidth support of 40 Gbps.

● The application provides high scalability.

● It offers a modular design of the route processor and ESP with hardware and software redundancy.

● Scales up to 29 million IPv4 routes

● Supports 64,000 Layer 3 adjacencies

Next-generation voice and multimedia example: Cisco Unified Border Element Enterprise Edition (ENT Edition):

The SBC application (named Cisco Unified Border Element [ENT Edition]) performs the voice and video gateway functions simultaneously with regular IP data services. No appliance or additional service blade is required. The control protocols and media protocols work transparently within a complex voice architecture. For more information, refer to the CUBE data sheet at http://www.cisco.com/go/cube.

● Secure and authenticated Session Initiation Protocol (SIP) trunk connections enable service providers to offer real-time voice and video services.

● The WAN edge is simpler to manage because there is only one egress and one ingress point for access to Internet or service provider services.

● The control plane is separated from the data-forwarding plane, so the signaling and control processes are separate from media processing.

● The CUBE SBC application can be used for SIP trunk video and/or audio services provided by service providers or for Internet-accessible SIP line-side services to Cisco Unified Communications Manager.

● Facilitates SBC with security, QoS, IPv4, and IPv6 (IP Unicast and IP Multicast simultaneously)

● Supports 16,000 simultaneous voice calls and multimedia data of up to 200 Gbps with accounting, firewall, and call quality enabled

● Integrated with inbox high-availability infrastructure and Dynamic Host Configuration Protocol (DHCP) Relay

Reference from

http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731632.html

More Related…

The New Cisco ASR 1009-X & Cisco ASR 1006-X Router

The New Cisco ASR 1001-X Router

Cisco ASR 1000 Series Can Help Solve…

Read more

EoS and EoL Announcement for the Cisco FirePOWER 8200 Series Appliances—3-Year Subscriptions

March 17 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco News, #IT, #Cisco Switches - Cisco Firewall

Cisco announced the end-of-sale and end-of-life dates for the Cisco FirePOWER 8200 Series Appliances–3-Year Subscriptions. The last day to order the affected product(s) is October 3, 2015. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table1 of the EoL bulletin.

  1. Table1 describes the end-of-life milestones, definitions, and dates for the affected product(s).
  2. Table2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

Table1. End-of-Life Milestones and Dates for the Cisco FirePOWER 8200 Series Appliances—3-Year Subscriptions

Milestone

Definition

Date

End-of-Life Announcement Date

The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public.

April 4, 2015

End-of-Sale Date

The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.

October 3, 2015

Last Ship Date:
License

The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.

January 1, 2016

End of Signature Release Date

The date after which there will be no more signature update releases for Firepower 8200 Series Appliances.

October 3, 2018

Table2.  Product Part Numbers Affected by This Announcement

End-of-Sale Product
Part Number

Product Description

Replacement Product Part Number

Replacement Product Description

Additional Information

FP8250-AMP-3Y

Cisco AMP for FirePOWER 8250 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TA-3Y

Cisco FirePOWER 8250 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TAC-3Y

Cisco FirePOWER 8250 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TAM-3Y

Cisco FirePOWER 8250 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TAMC-3Y

Cisco FirePOWER 8250 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-URL-3Y

Cisco FirePOWER 8250 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-AMP-3Y

Cisco AMP for FirePOWER 8260 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TA-3Y

Cisco FirePOWER 8260 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TAC-3Y

Cisco FirePOWER 8260 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TAM-3Y

Cisco FirePOWER 8260 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TAMC-3Y

Cisco FirePOWER 8260 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-URL-3Y

Cisco FirePOWER 8260 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-AMP-3Y

Cisco AMP for FirePOWER 8270 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TA-3Y

Cisco FirePOWER 8270 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TAC-3Y

Cisco FirePOWER 8270 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TAM-3Y

Cisco FirePOWER 8270 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TAMC-3Y

Cisco FirePOWER 8270 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-URL-3Y

Cisco FirePOWER 8270 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-AMP-3Y

Cisco AMP for FirePOWER 8290 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TA-3Y

Cisco FirePOWER 8290 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TAC-3Y

Cisco FirePOWER 8290 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TAM-3Y

Cisco FirePOWER 8290 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TAMC-3Y

Cisco FirePOWER 8290 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-URL-3Y

Cisco FirePOWER 8290 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

Customers are encouraged to migrate to the Cisco FirePOWER 8300 Series Appliances and appropriate subscriptions for new purchases. One-year subscriptions will remain available for renewals for existing 8200 Series deployments beyond the appliance end-of-sale period.

Information about the Cisco FirePOWER 8000 Series can be found at: http://www.cisco.com/c/en/us/products/security/firepower-8000-series-appliances/literature.html.

Reference from http://www.cisco.com/c/en/us/products/collateral/security/firepower-8000-series-appliances/eos-eol-notice-c51-734291.html

More Cisco EoL & EoS News

EoS and EoL Announcement for the Cisco ASA 5585-X Next-Generation Firewall

Cisco’s High-end Next Generation Firewalls-Firepower 4100 and 9300 Series

How to Start a Cisco ASA 5585-X Series

Cisco ASA 5500-X Series Migration Options

Read more

Cisco ASA 5500-X Series Migration Options-ASA 5555-X, ASA 5525-X & ASA 5515-X

March 8 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #IT, #Cisco Switches - Cisco Firewall

Product Migration Options-ASA 5550 to ASA 5555-X, ASA 5520 to ASA 5525-X, ASA 5510 to ASA 5515-X

Most of Cisco ASA 5500 Models have been announced end-of-life and end-of-sale, such as the ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550. Cisco ASA users and customers are encouraged to migrate to the newer Cisco ASA 5500-X Series of next-generation firewalls (NGFW), which includes the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X and so forth.

 

In the following tables we will share the main Product Comparisons of ASA 5500 Models and the new ASA 5500-X models, which include the ASA 5550 and ASA 5555-X, ASA 5520 and ASA 5525-X, ASA 5510 and ASA 5515-X

ASA 5550 vs. ASA 5555-X

Feature

Cisco ASA 5550 Adaptive Security Appliance

Cisco ASA 5555-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

No

Yes (Does not require separate hardware module)

Content Security Service

No

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

1.2 Gbps

4 Gbps

IPS Throughput (Max)

Not Applicable

1.3 Gbps

VPN Throughput (Max)

425 Mbps

700 Mbps

Connections (Max)

600,000

1,000,000

Connections Per Second

33,000

50,000

Integrated I/O

8 GE Copper and 1 FE

8 GE Copper + Dedicated GE Copper Management Port

Expansion I/O

Not Available

6-port GE Copper, or 6-port GE SFP

CPU

Single Core

Multiple Cores

Memory

4 GB

16 GB

Dual Power Supplies

No

Yes

IPS Accelerator hardware

No

In-built hardware accelerator for both default and custom signatures

Hardware support for 2048-bit certificates

No

Yes

 

ASA 5540 to Cisco ASA 5545-X

Feature

Cisco ASA 5540 Adaptive Security Appliances

Cisco ASA 5545-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

Yes (Requires separate Hardware module)

Yes (Does not require separate hardware module)

Content Security Card Module

Available

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

650 Mbps

3 Gbps

IPS Throughput (Max)

650 Mbps

900 Mbps

VPN Throughput (Max)

325 Mbps

400 Mbps

Connections (Max)

400,000

750,000

Connections Per Second

25,000

30,000

Dual Power Supplies

No

Yes

Integrated I/O

4GE Cu + 1FE

6GE Cu

Expansion I/O

4-port GE Cu or 4-port GE SFP

6-port GE Cu or 6-port GE SFP

CPU

Single-core

Multiple cores

Memory

2GB

12GB

Hardware support for 2048-bit certificates

No

Yes

 

Migration Options-ASA 5520 to ASA 5525-X

The Cisco ASA 5525-X offers increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Additionally, the ASA 5525-X includes a hardware chip to speed up IPS signature execution (for both default and custom signatures).

Refer to the table below for a detailed comparison between the ASA 5520 and ASA 5525-X. Customers can also upgrade to the Cisco ASA 5545-X, which provides the option of dual power supplies in addition to better performance and scaling.

Product Comparisons-ASA 5520 vs. ASA 5525-X

Feature

Cisco ASA 5520 Adaptive Security Appliance

Cisco ASA 5525-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

Yes (Requires separate Hardware module)

Yes (Does not require separate hardware module)

Content Security Card Module

Yes

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

450 Mbps

2 Gbps

IPS Throughput (Max)

450 Mbps

600 Mbps

VPN Throughput (Max)

225 Mbps

300 Mbps

Connections (Max)

280,000

500,000

Connections Per Second

12,000

20,000

Integrated I/O

4 GE Copper + 1 FE

8 GE Copper

Expansion I/O

4-port GE Cu or 4-port GE SFP

6-port GE Copper or 6-port GE SFP

CPU

Single Core

Multiple Cores

Memory

2 GB

8 GB

IPS Accelerator hardware

No. All signatures run on IPS Security Module CPU.

In-built hardware accelerator for both default and custom signatures

Hardware support for 2048-bit certificates

No

Yes

 

Migration Options-ASA 5510 to ASA 5515-X

The Cisco ASA 5512-X and ASA 5515-X offer increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Customers can choose the ASA 5512-X if they do not want high availability, which comes as a default option on the ASA 5515-X.

Note that there is a license on the ASA 5512-X that enables high availability, should that be required later.

Product Comparisons: ASA 5510 vs. ASA 5515-X

Feature

Cisco ASA 5510 Adaptive Security Appliance

Cisco ASA 5515-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

Yes (Requires separate Hardware module)

Yes (Does not require separate hardware module)

Content Security Service

Yes (Requires separate Hardware module)

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

300 Mbps

1.2 Gbps

IPS Throughput (Max)

300 Mbps

400 Mbps

VPN Throughput (Max)

170 Mbps

250 Mbps

Connections (Max)

100,000

250,000

Connections Per Second

9,000

15,000

Integrated I/O

2GE Copper and 3FE

6 GE Copper

Expansion I/O

4-port GE Copper, or 4-port GE SFP

6-port GE Copper 6-port GE SFP

CPU

Single core

Multiple cores

Memory

1 GB

8 GB

Hardware support for 2048-bit certificates

No

Yes

USB thumb drive support

No

Yes (can be used to store logs and configuration files)

 

More Related…

Migration to Cisco NGFW

Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?

EoS and EoL Announcement for the Cisco ASA 5512-X and ASA 5515-X

Read more

How to Order Cisco ASR 1000 Series Aggregation Services Routers?

March 6 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Routers

The Cisco ASR 1000 Series (Cisco ASR 1000 Series Aggregation Services Routers) consists of nine platforms:

  • Cisco ASR 1001-X Router
  • Cisco ASR 1001-HX Router
  • Cisco ASR 1002-HX Router
  • Cisco ASR 1002-X Router
  • Cisco ASR 1004 Router
  • Cisco ASR 1006 Router
  • Cisco ASR 1006-X Router
  • Cisco ASR 1009-X Router
  • Cisco ASR 1013 Router

All models use the innovative and powerful Cisco Flow Processor and support the same feature set based on the Cisco IOS XE Operating System.

Cisco ASR 1000 Series Aggregation Services Routers

The latest additions to the Cisco ASR 1000 Series are the Cisco ASR 1002-HX Router and the Cisco ASR 1001-HX Router. Both new routers support up to 100 Gbps in a 2-rack-unit (2RU) and 60 Gbps in a 1-rack-unit (1RU) form factor, respectively. The ASR 1002-HX has 8 built-in 10 Gigabit Ethernet (GE) ports and 8 1 GE ports, with the Ethernet port adapter (EPA) slot for expansion. The ASR 1001-HX has 4 built-in 10 GE ports, 8 1 GE ports, and 4 configurable 10 GE or 1 GE ports.

The Cisco ASR 1000 Series Route Processor 3 is the newest addition to the modular control plane engines in the Cisco ASR 1000 Series. The Route Processor 3 adds more options for higher performance, memory, and storage to the ASR 1000 Series.

The Cisco ASR 1000 Series supports Cisco IOS XE Software, a modular operating system with modular packaging, feature velocity, and powerful resiliency.

The Cisco ASR 1000 Series Embedded Services Processors (ESPs), which are based on Cisco Flow Processor technology, accelerate many advanced features such as crypto-based access security; Network Address Translation (NAT), thread defense with Cisco Zone-Based Firewall (ZBFW), deep packet inspection (DPI), Cisco Unified Border Element (CUBE), and a diverse set of data-center-interconnect (DCI) features. These services are implemented in Cisco IOS XE Software without the need for additional hardware support.

Cisco ASR 1000 Series routers sit at the edge of your enterprise data center or large office connecting to the WAN, as well as in service provider points of presence (POPs).

The Cisco ASR 1000 Series will benefit the following types of customers:

● Enterprises experiencing explosive network traffic as mobility, cloud networking, and video and collaboration usage increase: Cisco ASRs consolidate these various traffic streams and apply traffic management and redundancy properties to them to maintain consistent performance among enterprise sites and cloud locations.

● Network service providers needing to deliver high-performance services, such as DCI and branch-office server aggregation, to business customers: Service providers can also use the multiservice routers to deploy hosted and managed services to business and multimedia services to residential customers.

● Existing Cisco 7200 Series Router (end-of-sale) customers looking for simple migration to a new multiservice platform that delivers greater performance with the same design.

The Cisco ASR 1000 Series Routers carry a modular yet integrated design, so network operators can increase their network capacity and services without a hardware upgrade. With flexibility in the number of connections, speed maximums, and price, you don’t have to under- or overprovision for any network location.

Alternatively, you also have the option to buy “-X” and “-HX” models, so you can increase throughput by simply purchasing upgrade licenses as you grow to increase your network speed dynamically.

Software Licensing

Software feature licenses are required to activate services on Cisco ASR 1000 Series Routers. Currently, two types of feature licenses are available. Certain services require only a right-to-use (RTU) license, whereas other services require both an RTU license and one or more number-of-sessions licenses. All the licenses on the Cisco ASR 1000 Series are honor-based, meaning that the licenses are not enforced through a product activation or license key.

For Cisco ASR 1000 Routers, one of the following five packages is required:

  • Cisco ASR 1000 IOS XE UNIVERSAL - NO PAYLOAD ENCRYPTION
  • Cisco ASR 1000 IOS XE UNIVERSAL
  • Cisco ASR 1000 IOS XE UNIVERSAL WITHOUT Lawful Intercept
  • Cisco ASR 1000 IOS XE UNIVERSAL - NO PAYLOAD ENCRYPTION WITHOUT Lawful Intercept

To enable a set of required features, one of the following three technology packages is required:

  1. ◦ Cisco ASR 1000 IP Base License
  2. ◦ Cisco ASR 1000 Advanced IP Services License
  3. ◦ Cisco ASR 1000 Advanced Services License

Ordering Information

To ensure that you order the correct Cisco ASR 1000, you must first know the answers to the following questions:

● Is this deployment for a service provider or an enterprise network?

● Do you have a form factor requirement? How many rack units (RUs) do you need?

● What total throughput do you need in the router?

● Do you need hardware or software redundancy?

● What types of interfaces do you need, and how many?

1. What services need to be enabled, and how many services do you need to be running concurrently?

Cisco ASR 1000 Series High-Level Overview and Part Numbers

This section gives a brief overview of the Cisco ASR 1000 Series Router components.

● Chassis

  1. ◦ The chassis houses all of the router components.

● Processor modules

  • ◦ Cisco ASR 1000 Series Route Processors: Route processors provide advanced routing features and also monitor and manage other resources on the router. They comprise the memory, hard disk, and USB flash memory token.
  • ◦ Cisco ASR 1000 Series Embedded Services Processor (ESP): Based on the Cisco QuantumFlow Processor, the ESP performs forwarding, network security, deep packet inspection, firewalling, data center interconnect, and many other advanced features.

● Interfaces and modules

  1. ◦ Cisco ASR 1000 Series Shared Port Adapters (SPAs): These media modules connect to a variety of service provider and enterprise media types. All SPAs connect to the Cisco ASR 1000 Series Routers through the SPA interface processor (SIP) modules.
  2. ◦ Cisco ASR 1000 Series SPA Interface Processors (SIPs): The SIPs house and interconnect up to 4 SPAs each, depending on the router model.
  3. ◦ Cisco ASR 1000 Series Ethernet Line Cards (ELCs): ELCs come in two different types: two 10G and twenty 1G, and six 10G. Both of these Ethernet line cards have built-in SIP.
  4. ◦ Cisco ASR 1000 Series Modular Interface Processor (MIP): 100-Gbps carrier card to house and interconnect up to 2 Ethernet port adapters
  5. ◦ Cisco ASR 1000 Series Ethernet Port Adapters (EPAs): EPAs connect to the Cisco ASR 1000 Series routers through the MIP modules.

● Cisco IOS XE Software images

  1. ◦ Software feature licenses are required to turn on services on Cisco ASR 1000 Series Routers. Currently, two types of feature licenses are available. Certain services require only a right-to-use (RTU) license, whereas other services require both a RTU license and one or more number-of-sessions licenses. All the licenses on the Cisco ASR 1000 Series are honor-based and are not enforced through a product activation key (PAK).
  2. ◦ For ASR 1000 Series routers, one of the following packages is required:
  3. ◦ Cisco ASR 1001 IOS XE UNIVERSAL - NO PAYLOAD ENCRYPTION
  4. ◦ Cisco ASR 1001 IOS XE UNIVERSAL
  5. ◦ Cisco ASR 1001 IOS XE UNIVERSAL without Lawful Intercept
  6. ◦ Cisco ASR 1001 IOS XE UNIVERSAL - NO PAYLOAD ENCRYPTION without Lawful Intercept

● To enable a set of required features, one of the following three technology packages is required:

  1. ◦ Cisco ASR 1000 IP BASE license
  2. ◦ Cisco ASR 1000 Advanced IP Services license
  3. ◦ Cisco ASR 1000 Advanced Services license

● Cisco IOS XE Software feature licenses

  1. ◦ Certain functions supported on the Cisco ASR 1000 Series require feature licenses.
  2. ◦ All Cisco ASR 1000 feature and performance upgrade licenses are honor-based; that is, they are not enforced through a Product Activation Key (PAK). Note: Prior to Cisco IOS XE Software Release 3.7S, performance upgrade licenses that are required to upgrade the Cisco ASR 1001 from 2.5 to 5 Gbps or the Cisco ASR 1002-X from 5 to 10 to 20 to 36 Gbps are enforced through a PAK. Similarly, prior to Cisco IOS XE Software Release 3.6S, technology package licenses are enforced through a PAK.

● Cisco ASR 1000 application part numbers

  • ◦ When ordering a Cisco ASR 1000 Series Router, please choose the application part number from Table 1 that most closely matches the type of deployment for the Cisco ASR 1000 Series Router. Note: Although you must make a selection, your choice of application part number has no effect on the Cisco ASR 1000 Series Routers. This part number is used only for Cisco internal tracking purposes in order to better understand the customer use cases for the platform.

To place an order, visit the Cisco Commerce Workspace.

To get started with the Cisco ASR 1000 Series, refer to the detailed product part numbers and descriptions in the following tables:

● Table 6: Chassis

● Table 7: Processor Modules

● Table 8: Interfaces and Modules

For software image, feature and upgrade license, and more details about the Cisco ASR 1000 Series bundles and how to order the Cisco ASR 1000 Series, refer to the Cisco ASR 1000 Ordering Guide.

Table6.  Ordering Information for Cisco ASR 1000 Series Chassis

Product Number

Product Description

Cisco ASR 1000 Series Chassis

ASR1001-X

Cisco ASR 1001-X System, Crypto, 6 built-in GE, Dual P/S

ASR1001-X=

Cisco ASR 1001-X System, Crypto, 6 built-in GE, Dual P/S, Spare

ASR 1001-HX

Cisco ASR1001-HX System, 8x10GE+8x1GE, 2xP/S, optional crypto

ASR 1001-HX=

Cisco ASR1001-HX System, 8x10GE+8x1GE, 2xP/S, optional crypto, spare

ASR1002-HX

Cisco ASR 1002-HX System, 4x10GE+4x1GE built-in, Dual P/S, optional crypto

ASR1002-HX=

Cisco ASR 1002-HX System, 4x10GE+4x1GE built-in, Dual P/S, optional crypto, spare

ASR1002-X

Cisco ASR 1002-X System, Crypto, 6 Built-In GE, Dual P/S

ASR1002-X=

Cisco ASR 1002-X System, Crypto, 6 Built-In GE, Dual P/S, Spare

ASR1004

Cisco ASR 1004 Chassis, Dual P/S

ASR1004=

Cisco ASR 1004 Chassis, Dual P/S, Spare

ASR1006

Cisco ASR 1006 Chassis, Dual P/S

ASR1006=

Cisco ASR 1006 Chassis, Dual P/S, Spare

ASR1006-X

Cisco ASR 1006-X Chassis

ASR1006-X=

Cisco ASR 1006-X Chassis, Spare

ASR1009-X

Cisco ASR 1009-X Chassis

ASR1009-X=

Cisco ASR 1009-X Chassis, Spare

ASR1013

Cisco ASR 1013 Chassis, Redundant P/S

ASR1013=

Cisco ASR 1013 Chassis, Redundant P/S, Spare

Cisco ASR 1000 Series USB Memory Options

MEMUSB-1024FT

1 GB USB Flash Token for Cisco ASR 1000 Series

MEMUSB-1024FT=

1 GB USB Flash Token for Cisco ASR 1000 Series, Spare

 

Table7.  Ordering Information for Processor Modules

Product Number

Product Description

Cisco ASR 1000 Series Embedded Services Processor

ASR1000-ESP20

Cisco ASR 1000 Embedded Services Processor, 20 Gb

ASR1000-ESP20=

Cisco ASR 1000 Embedded Services Processor, 20 Gb, Spare

ASR1000-ESP40

Cisco ASR 1000 Embedded Services Processor, 40 Gb

ASR1000-ESP40=

Cisco ASR 1000 Embedded Services Processor, 40 Gb Spare

ASR1000-ESP100

Cisco ASR 1000 Embedded Services Processor, 100 Gb

ASR1000-ESP100=

Cisco ASR 1000 Embedded Services Processor, 100 Gb Spare

ASR1000-ESP200

Cisco ASR 1000 Embedded Services Processor, 200 Gb

ASR1000-ESP200=

Cisco ASR 1000 Embedded Services Processor, 200 Gb Spare

Cisco ASR 1000 Series Route Processor

ASR1000-RP2

Cisco ASR 1000 Route Processor 2

ASR1000-RP2=

Cisco ASR 1000 Route Processor 2, Spare

ASR1000-RP3

Cisco ASR 1000 Route Processor 3

ASR1000-RP3=

Cisco ASR 1000 Route Processor 3, Spare

ASR1000-RP3-32G-2P

Cisco ASR1000 RP3 w/ 32 GB, 2 Pack

ASR1000-RP3-64G-2P

Cisco ASR1000 RP3 w/ 64 GB, 2 Pack

 

Table8. Ordering Information for Interfaces and Modules

Product Number

Product Description

Cisco ASR 1000 Series SPA Interface Processor and Ethernet Line Cards

ASR1000-SIP40

Cisco ASR 1000 SPA Interface Processor 40

ASR1000-SIP40=

Cisco ASR 1000 SPA Interface Processor 40, SPARE

ASR1000-6TGE

Cisco ASR 1000 Fixed Ethernet Line Card, 6X10GE

ASR1000-6TGE=

Cisco ASR 1000 Fixed Ethernet Line Card, 6X10GE, Spare

ASR1000-2T+20X1GE

Cisco ASR 1000 Fixed Ethernet Line Card, 2X10GE + 20X1GE

ASR1000-2T+20X1GE=

Cisco ASR 1000 Fixed Ethernet Line Card, 2X10GE + 20X1GE, Spare

ASR1000-MIP100

Cisco ASR 1000 Ethernet Line Card, 100 Gb Modular Interface Processor

ASR1000-MIP100=

Cisco ASR 1000 Ethernet Line Card, 100 Gb Modular Interface Processor, spare

EPA-1X100GE

Cisco ASR 1000 1x100GE Ethernet Port Adapter

EPA-1X100GE=

Cisco ASR 1000 1x100GE Ethernet Port Adapter, spare

EPA-CPAK-2X40GE

Cisco ASR 1000 2x40GE Ethernet Port Adapter (breakout cable)

EPA-CPAK-2X40GE=

Cisco ASR 1000 2x40GE Ethernet Port Adapter (breakout cable), spare

EPA-10X10GE

Cisco ASR 1000 10x10GE Ethernet Port Adapter

EPA-10X10GE=

Cisco ASR 1000 10x10GE Ethernet Port Adapter, spare

EPA-18X1GE

Cisco ASR 1000 18x1GE Ethernet Port Adapter

EPA-18X1GE=

Cisco ASR 1000 18x1GE Ethernet Port Adapter, spare

Reference from http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731632.html

More Related Topics

The New Cisco ASR 1009-X & Cisco ASR 1006-X Router

The New Cisco ASR 1001-X Router

Cisco ASR 1000 Series Can Help Solve…

Read more
1 2 3 4 5 6 > >>