Sunday, December 25, 2011

Cisco 3845 Router Review


As a popular Cisco router, required by medium-sized to large businesses and enterprise branch offices, Cisco3845 offers a variety of features, including security features like on-board encryption, and support of up to 2500 VPN tunnels with the AIM-HPII-PLUS Module. To help more potential Cisco 3845 users know this Cisco item well, we listed two representative people who shared their experience of using Cisco 3845 series…

1. Cisco 3845Router Product Review from Cisco-network
Overview
The first impression of Cisco 3845 router on me was that I felt it is too heavy. So, do not try to install it to rack alone. It has two internal power supplies (one by default). Don’t forget to order the redundant one, if you plan to run it for critical business.

The LAN connection is also redundant with two build-in Gigabit Ethernet interfaces. The good thing the GE 0/0 interface has SFP option. You can reach the far LAN Edge points on a Campus LAN. Another alternative is to use it for Metro Ethernet.

High capacity memory is another powerful feature of this router when compared with 2700 series routers. This router comes with 256 MB memory and you can upgrade it up to 1 GB. This really costs too much if you use original Cisco memory, but OEM alternatives exists in the market.
There is one integrated Virtual Private Network (VPN) Module. This module is added for the performance of encryption and not mandatory for VPN, but as Cisco says, it increases the speed 10 times. I did not use VPN on this router, but it looks capable of handling higher loads.

There are 4 HWIC slots and 4 NM slots. It has almost every kind of modules (Ether switch, wireless controller, ATM, T1/E1, NAM !!! ,FXS,FXO etc.)

My Experience
I use one of these routers for the Internet access with Advanced Enterprise IOS. BGP running on it with full table, cef enabled, Reflexive IP access list exist on the router. I also use it as a router firewall (Security guys call it as choke point). The CPU utilization is just about %2 – 3. I have to accept that this router was a bit oversized for my needs. I could have saved $3,500 (from list prices) if I use Cisco 3825 router.

You have to ask below mentioned questions before decide to buy a Cisco 3845 Integrated Services Router.
- Do I need more than 256 MB memory?
- Do I have several voice clients?
- How much concurrent VPN connection is expected?
- Do I need speeds like E3/T3?
- Do I need different kind of functionalities on one router (e.g. Wireless, ATM, Etherswitch ports)?
It is waste to invest money unless your answers for more than two questions are in affirmative.

2. Cisco 3845Router Review from Dave Mitchell
For IP telephony, the 3845 supports up to 240 IP phones and can accept a huge range of optional modules with over 90 currently available. Four small slots arranged along the top of the rear panel accept Cisco's single-wide and double-wide HWICs (high-speed WAN interface cards), and there are plenty to choose from. For example, you have ISDN, E1 and T1 with four- and nine-port WAN modules.

There are also ADSL modules available, the latest of which is a single-wide module with ADSL2/2+ support and ISDN dial-up backup. Wireless is also supported, with the router able to act as a central administrative point for multiple Cisco AiroNet access points.

Underneath these slots are four larger ones for Cisco's network modules with 16 and 36-port 10/100BaseTX modules available and PoE with the optional power supply upgrade fitted.

Using the EVM (extension voice module) slot, you can fit a module that'll provide standard analogue and digital voice and fax services, and there are expansion cards that add IP telephony with support for both H.323 and SIP protocols. The latter can bring into play a wide range of Cisco IP phones, all managed using the Unified CallManager Express tools.

Wizard stuff
You don't need to access the IOS for initial installation. You just point a web browser at the router's default IP address, where you're greeted by Cisco's new SDM (security device manager) Express. This offers wizards to help set up basic LAN, WAN and firewall configuration after which you can install the full SDM utility on a PC and firmware using the router's CompactFlash memory card.

The main SDR interface kicks off with an overview of the router showing the status of flash memory, LAN and WAN interfaces, firewall policies and so on. The Configure tab provides access to all features and you can start by setting up the various interfaces.

The firewall is turned off by default, but the basic setup wizard will have it running in seconds as you select the internal and external interfaces and choose from three predefined settings. The highest of these employs standard SPI firewalling but augments it with application inspection allowing you to block traffic such as IM and P2P. The firewall can be customised with your own rules using an advanced wizard and this includes options for DMZs using specific interfaces.

Rules can also be created using the router's application inspection abilities, so you can inspect email, block or allow P2P and IM traffic, filter URLs locally or add details of external filtering servers. You can also request alerts to be sent when traffic such as multimedia or FTP is detected.
Intrusion prevention uses regularly downloaded signature files, while QoS can be applied on the WAN interfaces. Again, a wizard takes you through this process and allows you to select real-time traffic such as VoIP or business-critical traffic including database and network management traffic. The 3845 offers extensive IPSec VPN features too, including 3DES and AES hardware encryption.

Monday, December 19, 2011

Steps to Reset a Cisco 3900 Series

Cisco 3900 Series Integrated Services Routers (ISR), designed to power the next phase of branch-office evolution, offers unparalleled total cost of ownership savings and network agility through the intelligent integration of security, wireless, and application services.

As a popular Cisco router item, Cisco 3900series offers an upgradable motherboard which allows owners to update hardware as more powerful options become available without having to purchase a new router. Cisco also appeals to environmentally conscious consumers with their EngeryWise dual power supplies, which lower electricity costs and support essential redundancy requirements. It is occasionally necessary to reset this powerful networking device, restoring it to factory default settings.

To reset a Cisco 3900 router, e.g. Cisco3925, Cisco 3945, some Cisco 3900 users have discussed it like that:
About “3945 router password recovery”
Question:
“Hi There,
I understand that the password has to be changed the first time we login to Cisco 3945 router but i failed to do that and it’s not allowing me to connect using default username/password.
Can someone help me in getting this addressed??”      ---From vnirmal112

Answers from others
“You can but you don't have to change the password the first time you login to the 3900.  Are you trying to connect using the console port or telnet?”

“Logged onto router via console...was about to configure a new router...I got a clear message saying that i cannot login next time if i don’t change password, which i saw after logging off only :-(...”

“I am running 12.4.24. If you have another flash card, you can put a different IOS on it and boot it with that and see if you can get in. The other thing you can do is to try the password recovery and see if you can get in that way. Did you ever assign any passwords to it?”

Also frustrated with this Cisco 3900 resetting? Instructions help you reset Cisco 3900 series in detail
Method One
1. Enter "config-register 0x2102" from the router's command prompt window. This gives you access to global configuration mode.
       
2. Enter "show version." The response should read:
router# configure terminal
router (config) #config-register 0x2102
router (config) #end
router#
Repeat the "show version" command.
The response should now read "will be 0x2102 at next reload."
       
3. Enter the command "write erase." This will erase the current start-up configuration.
       
4. Reload the software by entering the "reload" command. Do not save when prompted.
The system display should read:
router#reload
System configuration has been modified. Save? (yes/no): n
Proceed with reload? (confirm)
Confirm that you want the reload to proceed.
       
5. Wait for the reload. The dialog box will read:---System Configuration Dialog---
Would you like to enter the initial configuration dialog? (yes/no)
The router has been reset.
   
Method Two
1.       Enter the command "config-register 0x2142."
The response should read:
Router (config)#config-register 0x2142
Repeat the "show version command."
The response should now read "will be 0x2142 at next reload."
       
2. Reload the software by entering the "reload" command. Do not save when prompted. The system should read:
router#reload
System configuration has been modified. Save? (Yes/no): n
Proceed with reload? (Confirm)
Confirm that you want the reload to proceed.
       
3. Wait for the reload. The dialog box will read:
---System Configuration Dialog---
Would you like to enter the initial configuration dialog? (Yes/no) Enter "no."
     
4. Change the configuration register setting to 0x2102. Enter "config-register 0x2102." Enter "write memory." This will overwrite the running configuration.
       
5. Enter the "reload" command. The system configuration dialog will appear again. The router is reset.

Tuesday, December 6, 2011

Cisco 2811 Router, Super Star in Network Routers


When you’ve been around the IT reviewers’ block a few times, there are certain words that, if we’re being honest here, you don’t associate with Cisco.

For example, “interesting”, “innovative” or “value for money” spring to mind from recent years. Then, suddenly here’s a product that meets all of those criteria. From Cisco, the 2800 series of ISRs or Integrated Services Routers is in the middle of a triple-layer range of totally revised branch office routers. The Cisco2811 we’re looking at here ships with built-in virtual private network (VPN) hardware encryption and acceleration, firewall, IDS/IPS, NAT, QoS support and IP telephony functionality. This comes courtesy of Cisco’s Call Manager Express and Cisco Unity IP telephony suites and consists of an IP telephony, voice mail and auto attendant solution, which can effectively replace a PBX in the small/medium/branch office. Management wise, in addition to the classic Cisco CLI, Cisco’s Router and Security Device Manager (SDM) GUI (in release 2.0 format) is also packaged.

Significant architectural changes – amounting to more than just popping a faster processor and more memory in place – and including the addition of ASICs to create a switch fabric type architecture, have resulted in this new range having several times more performance capacity than Cisco’s previous generation products. So much so that the company is claiming full wire-speed performance across the box.

In this case, “wire speed” is directly related to the particular network interface in question – namely, this is not a device that does everything all 100Mbit/s (or 200Mbit/s full-duplex) just because some of the interfaces are Fast Ethernet. For example, wire speed” over an E1 connection is 2Mbit/s. Now, here’s a clue to the nature of the ISR. It is a totally modular product. What you get is a base chassis and a whole host of features, in addition to which you have an enormously wide range of module options, depending on what exactly you want to use the product for, and across what type of connections.

The Cisco2811 router comes with four module slots – ours were filled with a couple of E1/G703 WAN cards, a four-port “voice” connection –for directly connecting analogue phones or other telephony equipment to and a four-port Ethernet (10/100) switch, PoE enabled. Other module options are far too numerous to mention but, for example, on the WAN interface side alone this could include various flavors of ISDN and DSL. Two Fast Ethernet ports are included as standard – one for the internal network, one for the external. Higher up the 2800 range, these are 10/100/1000 copper ports. A console port, management Ethernet port and two USB ports (not currently used, but are there to support storage options and security tokens) complete the base configuration.

On the voice side, significant advances in voice trunk and station densities and digital signal processing (DSP) have enabled Cisco to embed the voice technology within the router, without it taking up any module slots. The DSPs handle all secure voice, voice gateway, conferencing, and transcoding capabilities, combined with call processing integrated within Cisco IOS software, along with optional voice mail and automated attendant in advanced integration modules (AIMs) – yet more Cisco-ese. This sounds promising for the ability to run the router pretty well flat-out while maintaining all the voice services, something we obviously put to the test (see later).

The array of security features form part of what Cisco calls its “Self-Defending Network security strategy”. By this it means that you can configure the Cisco 2811 to be the first line of defense – or the only line of defense – against an attack on your network and let it just get on with the job. Given that this device is intended for branch offices, it is not surprising to see that – courtesy of the SDM GUI – it comes with a number of wizards for setting up features such as VPNs (numerous options here), Firewall and IPS. In all cases there are default setups you can opt for, or custom alternatives. As part of the configuration it is also possible to define QoS parameters for real time and “business critical” traffic, in terms of what percentage of bandwidth is reserved for each, what the priority level is, and what protocols are supported by each traffic “type”.

Whereas, in truth, Cisco’s “GUI” management alternative is usually a minimalist attempt whose primary function is to ensure that you use the CLI, with SDM 2.0 it is both an attractive and truly functional interface. The only problem is that it is slow. So, come on Cisco, you’ve speeded the rest of the ISR up, now do the GUI too.

For the test, we created a simulated Internet connection, using Spirent WebAvalanche and WebReflector test devices to create web traffic and servers. We configured the 2811 with one internal and one external network, plus a voice network, on separate VLANs. In order to test the IP telephony functionality we attached some Cisco 7960 IP Phones. These are configured separately to the ISR’s data functions, either via CLI or a browser-based manager. With compression enabled, each voice channel took around 20Kbit/s of bandwidth. We ran a whole series of functionality tests covering everything from messaging to hunt group calls without problems.

We then created a series of tests, generating simulated Internet users. In line with Cisco’s tentative recommendation of up to 500 users for the 2811, the test increased users in steps up to this limit. We repeated the test several times, on each occasion enabling another feature, then another, then another – such as Firewall, then VPN, then IPS – and compared performance, across tests, plus the 2811’s CPU and memory utilization each time. We found a gradual degradation in performance as each feature was enabled, but only saw lots of failed connections towards the end of each test run, when the number of virtual users was more than 400. What we did see was that the 2811 CPU utilization quickly went up to 100 percent with multiple features enabled, though memory usage was relatively low.

Despite this, we tested the IP telephony features during each test, and even at 100 percent utilization, had no problems at all, which shows that the architecture works. We also set QoS for real time traffic to 70 percent reserved bandwidth, including support for RTSP (streaming video) traffic and set up a streaming video test as part of the simulated traffic. We achieved 66 percent (looking for 70 percent) which is pretty good.

In all, Cisco 2811 was up and running non-stop in our labs for over two weeks and survived quite a hammering without any enforced reboots. With the ISR, Cisco describes routing as being “just another service” and, for once, this isn’t mere marketing talk but does sum up the product – routing is indeed just one of many services it offers.