Help with a choice a router.

mishapolitaev · ‎12-14-2016

Hello experts!

We are a small office with ~100 employees and our current router are so old and we want to replace it by new one and reliable, like Cisco ;)

What we need from new one? It:

Dual WAN. So 3 Ethernet adapters should have at least. We have a two uplink to internet providers for fail over.
One provider use PPPoE. So PPPoE must support. I don't know, maybe it granted by default, just say for make sure that we are do not miss that.
As plus will be if he will act as vpnc client, openvpn client, and IPSec client.

Also we need 48 port switch. He should work just as switch and can split network on VLANs, not routed options should have like 3xxx line. I think 2960 catalyst should pass but it is only my thoughts, what you think?

Thank for answer.

Reza Sharifi · ‎12-14-2016

Hi,

For router you can use a Cisco 2921 ISR router. It comes with 3 WAN/LAN interfaces. They are all 10/100/1000. With the right IOS (security image) you can use it to do IPSec VPN and/or VPN client.

As for the switch, you can use a 2960x but I would get the new 3650 if you have the budget, as it is a much better switch.

Data sheets:

http://www.cisco.com/c/en/us/products/collateral/routers/2900-series-integrated-services-routers-isr/data_sheet_c78_553896.html

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-switches/datasheet-c78-729449.html

HTH

mishapolitaev · ‎12-14-2016

Thank you Reza,

I see ISR 2911 also has 3 WAN/LAN interfaces, will it fit for us as well?

One more question. I found some models:

C2911-CME-SRST/K9
C2911R-AX/K9
C2911R-CME-SRST/K9
C2911R-VSEC/K9
C2911-SRE-700/K9
C2911-UCSE/K9
C2911-VSEC/K9
C2911-VSEC-CUBE/K9
C2911-VSEC-PSRE/K9
C2911-VSEC-SRE/K9
C2911-WAAS-SEC/K9
C2911-WAASX/K9
C2911-WAASX-SEC/K9
CISCO2911/K9
CISCO2911-DC/K9
CISCO2911R-V/K9
CISCO2911-SEC/K9
CISCO2911-V/K9

but how to understand what the difference between models? what mean CME, AX, VSEC, SRE, UCSE in their names? Where these names explained? Prices between models depends on names is significant.

Reza Sharifi · ‎12-14-2016

Hi,

Yes, 2911 will work as well if you only need copper ports. The 2921 comes with one fiber port, but if you don't need it than the 2911 is fine.

As for all these names, I don't think they are being explained anywhere. Some of it related to VoIP, some security, some for WAAS, etc.. To get a better idea talk to your sales guy and tell them what features you need and they will tell you what license to use. For example, for most cases you want this image

CISCO2911-SEC/K9

This means the device supports SSH, NAT, IPsec, etc..but to be sure talk to your sales guy.

Also, see figure-3 in this link. It will tell you what license support what features.

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/software-activation-on-integrated-services-routers-isr/white_paper_c11_556985.html

HTH

Karsten Iwen · ‎12-14-2016

In addition to the suggested 2921 I also would consider to use a dedicated Firewall like the ASA 5508-X instead of a router. On a perimeter device like this one you probably want to run a firewall anyway.

There you have eight interfaces that can be used in a flexible way.
PPPoE is supported, ideally the ISP with PPPoE would be the primary ISP.
Remote-Access-VPN is even more flexible with AnyConnect.

mishapolitaev · ‎12-15-2016

Thank for answer Karsten.

But the ISR 2911 is also have bundled firewall? And support PPPoE connect to ISP?

Karsten Iwen · ‎12-15-2016

For sure there is. As Reza mentioned, for Firewall you need the security-license.

And the router has more flexibility for PPPoE and also site-to-site VPNs. But the ASA will give you more throughput per $ and the easier to configure firewall.

Both should work for you.