Cisco Systems C897VAK9, C897VAWAK9 User Manual

Data Sheet

Cisco 890 Series Integrated Services Routers

Cisco® 890 Series Integrated Services Routers combine Internet access, comprehensive security, and wireless services in a single, secure device that is easy to deploy and manage (Figure 1). The best-in-class Cisco 890 Series architecture is specifically designed to deliver high performance with concurrent services, business continuity, and investment protection for enterprise small branch offices and service provider-managed services applications.

Figure 1. Cisco 890 Series Integrated Services Router with Integrated 802.11n Access Point

Product Overview

Cisco 890 Series Integrated Services Routers are fixed-configuration routers that provide collaborative business solutions for secure voice and data communications to enterprise small branch offices (Figure 2). They are designed to deliver secure broadband, Metro Ethernet, wireless LAN (WLAN) connectivity, and business continuity. The routers also come with powerful management tools, such as the web-based Cisco Configuration Professional configuration management tool, which simplifies setup and deployment. Centralized management capabilities give network managers visibility and control of the network configurations at the remote site.

Cisco 890 Series Integrated Services Routers offer:

●

High performance for secure broadband and Metro Ethernet access with concurrent services for enterprise small branch offices

●

Business continuity and WAN diversity with redundant WAN links: Fast Ethernet (FE), V.92, ISDN Basic Rate Interface (BRI), Gigabit Ethernet (GE), ADSL2+/VDSL (Annex A/B/M), Multimode G.SHDSL, and Small Form-Factor Pluggable (SFP)

●

Integrated secure 802.11a/g/n access point (optional) based on the draft 802.11n standard; dual-band radios for mobility and support for autonomous or Cisco Unified WLAN architectures

●

Enhanced security including:

◦

Firewall with advance application and control for email, instant messaging (IM), and HTTP traffic Site-to-site remote-access and dynamic VPN services: IP Security (IPsec) VPNs (Triple Data Encryption

◦

Standard [3DES] or Advanced Encryption Standard [AES], Dynamic Multipoint VPN [DMVPN], Group Encrypted Transport VPN with onboard acceleration, and Secure Sockets Layer [SSL] VPN)

◦

Intrusion prevention system (IPS): An inline, deep-packet-inspection feature that mitigates a wide range

of network attacks

●

Web Security with Cisco ScanSafe deployment: An 8-port 10/100 Fast Ethernet managed switch with VLAN support and 4-port support for Power over Ethernet (PoE) (optional for certain models) to power IP phones or external access points; the Cisco 892FSP, 896VA, 897VA, and 898EA have an 8-port 10/100/1000 Gigabit Ethernet managed switch with VLAN support; no PoE support is available for the Cisco 892FSP

●

Metro Ethernet features including:

◦

One 1000BASE-T Gigabit Ethernet WAN port One 10/100BASE-T Fast Ethernet WAN port on the Cisco 891 and 892 or 1-port Gigabit Ethernet WAN

◦

porton the Cisco 892FSP, 896VA, 897VA, and 898EA

◦

One 1-port Gigabit Ethernet SFP socket for WAN connectivity on the Cisco 892F, 892FSP, 896VA,

897VA, and 898EA (Note: Only the 1000BASE-T Gigabit Ethernet WAN or the SFP is operational at a given time.)

Intelligent hierarchical quality of service (HQoS): Support for hierarchical queuing and shaping

◦

Connectivity Fault Management (CFM), based on 802.1ag

◦

802.3ah standards-based link operations, administration, and maintenance (OA&M) Ethernet Local Management Interface (E-LMI) for the customer edge

◦

CFM Interworking and backward compatibility Performance management based on IP service-level agreement (SLA) for Ethernet

◦

●

Dedicated console and auxiliary ports for configuration and management

●

Two USB 2.0 ports for security eToken credentials, booting, and loading configuration from USB available on the Cisco 891, 892, and 892F

●

Easy setup and deployment, and centralized and remote-management capabilities through web-based tools and Cisco IOS® Software

Table 1 summarizes the Cisco 890 Series models.

Table 1. Cisco 890 Series Models

Models WAN Interface LAN Interfaces 802.11a/g/n Option Integrated USB

Cisco 891 1-port GE

1-port Fast Ethernet (FE)

Cisco 892 1-port GE

1-port FE

Cisco 892F 1-port GE or 1-port SFP

1-port FE

Cisco 892FSP 1-port GE or 1-port SFP

1-port GE

Cisco 896VA 1-port GE or 1-port SFP

VDSL/ADSL2+ Annex B

Cisco 897VA 1-port GE or 1-port SFP

VDSL/ADSL2+ Annex A/M

Cisco 898EA 1-port GE or 1-port SFP

4 pair EFM

8-port 10-/100-Mbps managed switch

8-port 10-/100-/1000Mbps managed switch

Yes Yes/Yes/Yes V.92 analog modem

Yes Yes/Yes/Yes ISDN BRI

No Yes/Yes/Yes No

No Yes/Yes/Yes ISDN

Yes CleanAir® technology

No Yes/Yes/Yes No

2.0/AUX/Console

Yes/Yes/Yes ISDN (only on Cisco

Figure 2. Typical Enterprise Small Branch-Office Deployment

Integrated Dial Backup

897VA-K9)

Architecture Features and Benefits

Secure Network Connectivity

Cisco 890 Series Routers deliver high performance with integrated security and threat defense. Network security has become a fundamental building block of any network, and Cisco routers play an important role in embedding security at the customer’s access edge. Cisco recognizes this requirement, so Cisco 890 Series Routers are equipped with security hardware acceleration and Cisco IOS Software (by default, a universal image with Advanced IP Services feature license). This Cisco IOS Software feature set facilitates hardware-based IPsec encryption on the motherboard and provides a robust array of security capabilities such as Cisco IOS Firewall, Cisco ScanSafe Connector, IPS support, IPsec VPNs (DES, 3DES, and AES), SSLVPN, tunnel-less Group Encrypted Transport VPN, DMVPN, Easy VPN server and client support, Secure Shell (SSH) Protocol Version 2.0, and Simple Network Management Protocol (SNMP) in one solution set.

Cisco 890 Series Routers come with a comprehensive security solution that protects organizations’ networks from known and new Internet vulnerabilities and attacks while improving employee productivity. Security suite also includes the following:

●

FlexVPN: Large customers deploying IPsec VPN over IP networks are faced with high complexity and high cost of deploying multiple types of VPN to meet different types of connectivity requirements. Customers often have to learn different type of VPNs to manage and operate different types of networks. And when a technology is selected for a deployment, migrating or adding functions to enhance the VPN is often avoided. FlexVPN was created to simplify the deployment of VPN, to address the complexity of multiple solutions, and as a unified ecosystem to cover all types of VPNs: remote access, teleworker, site-to-site, mobility, managed security services, and others.

●

NGE: Traditional encryption standards (Internet Key Exchange Version 1 [IKEv1], Secure Hash Algorithm1 [SHA-1], etc.) were developed more than a decade ago. They are no longer considered as secure as before. Next-Generation Encryption is meant to refresh the existing security protocols to the next level based on the standard Suite-B algorithms, such as, SHA-2, AES-Galois Counter Mode(AES-GCM), Elliptic Curve Diffie-Hellman(ECDH), Elliptic Curve Digital Signature Algorithm(ECDSA), IKEv2, etc. NGE will offer customers secure network communications systems that will be reliable for the next decade.

●

Cisco ScanSafe Web Security: Cloud Web Security is a cloud-based service designed to prevent zero-day malware from reaching corporate networks, including roaming or mobile users. The Cisco ScanSafe Cloud Web Security solution requires no hardware, initial capital costs, or maintenance and provides unparalleled real-time threat protection (Figure 3). This solution is scalable and easy to maintain, and is ideally suited for small businesses and enterprise small branch offices.

Figure 3. Typical Cisco Integrated Services Router Web Security with Cisco ScanSafe Deployment

Metro Ethernet Connectivity

Cisco 890 Series Routers are ideal for service provider deployments as Metro Ethernet customer premises equipment (CPE). The routers also provide failover protection and load balancing. The 8-port managed switch provides enough LAN ports for connecting multiple devices, and the optional PoE capability can supply power to IP phones or other devices. The Cisco 890 Series provides significant value to customers by simplifying deployment of Ethernet WAN services with end-to-end OA&M, service-level agreement (SLA) monitoring and

verification, and configuration management, resulting in increased operational efficiency and reduced operating expenses (OpEx).

The following Metro Ethernet features are supported for the Cisco 890 Series:

●

E-LMI: Basic configuration for detection and isolation of connectivity in the Metro Ethernet network

●

E-LMI: Automated configuration of customer edge based on profiles configured:

◦

Layer 2 connectivity management Ethernet LMI for the customer edge

◦

●

Metro Ethernet OA&M:

Debugging hierarchy of Ethernet networks

◦

Layer 2 service performance monitoring

●

802.1agCFM:

Standard that uses domains to contain OA&M flows and bound OA&M responsibilities

◦

●

802.3ah: Ethernet in the First Mile (EFM)

Three types of packets: Continuity Check, Layer 2 Ping, and Layer 2 Traceroute

◦

●

IP SLA for Ethernet

Figure 4 shows a typical small branch-office Metro Ethernet deployment.

Figure 4. Typical Metro Ethernet Deployment

High Availability

Cisco 890 Series Routers enable customers to deliver high-performance, high-availability, mission-critical business applications (Figure 5). The Cisco IOS Software universal image with Advanced IP Services feature license (default) offers basic and advanced routing capabilities to deliver failover protection and load balancing. These capabilities include Virtual Router Redundancy Protocol (VRRP) (RFC 2338), Hot Standby Router Protocol (HSRP), MultigroupHSRP (MHSRP), and dial backup with external modem through a virtual auxiliary port. Cisco 890 Series Routers are integrated with ISDN BRI (892, 896, and 897 models), a V.92 analog modem (891 model), or a GigabitEthernet port for a secondary WAN backup connection. If the primary Ethernet-access WAN is disconnected, the router detects this failure and fails over to the secondary backup WAN.