Cisco 2821 ISR & CallManager Express review
Networking giant Cisco started its first serious assault on the SMB territory in 2005 with its Catalyst Express products, and we brought you an exclusive review of the 500-24PC. Its latest ISR (Integrated Services Router) portfolio shows the company isn’t letting up on the pressure. In another exclusive, we take a look at the 2821 ISR model.
The ISR products aim to provide a solution that amalgamates data services, security, voice, wireless, video and internet access into a single, easy-to-manage package. All the new 1800, 2800 and 3800 ISR platforms run the same code – you just decide which one provides the right hardware and expansion capabilities. The 2821 is aimed at the SMB and enterprise branch offices, and supports up to 96 IP phones. The base unit is a 2U rack-mount chassis, which comes with a pair of fixed copper gigabit ports and a selection of expansion slots that accept more than 90 modules.
The four smaller slots at the top support Cisco’s high-speed WAN interface cards. There’s ADSL, ISDN, E1, T1 and so on, and the latest to join the club is a module with ADSL2/2+ support and integral ISDN backup. Below is a single slot for standard, enhanced and extended network modules, and the 2821 supports EtherSwitch modules offering Layer 2 switching and Layer 3 routing. A power supply upgrade allows you to use the EtherSwitch versions that deliver PoE on all ports. The EVM (extension voice module) brings in standard analogue and digital voice and fax services, and there are expansion cards that add IP telephony with support for both H.323 and SIP (session initiation protocol). This brings into play a wide range of Cisco IP phones, all managed using the UCE (Unified CallManager Express) tools.
As with the Express switches, you don’t need Cisco’s IOS software for installation and configuration. First contact is via a web browser, where you’re taken to Cisco’s SDM (security device manager) Express interface. This provides a wizard for initial LAN and WAN configuration, plus basic access to settings such as the firewall, NAT and routing. For full access, you install Cisco’s SDM utility on a PC, and the routine will also load the SDR firmware on the ISR’s CompactFlash card. It’s clear that Cisco has done a lot of work to make the ISR family as user-friendly as possible. The firewall is set up by selecting the basic configuration option with pre-defined rules. Three security settings are provided, with the highest blocking all unsolicited inbound traffic and even application-specific traffic such as IM and P2P in both directions. Advanced settings allow you to apply custom rules and create DMZs using specific interfaces.
VPNs get the same treatment, with wizards for site-to-site tunnels between two Cisco routers, dynamic multipoint VPNs and Cisco’s WebVPN gateways for remote users with the WebVPN and Secure Desktop software installed. Using signature files, IPS guards against hackers and QoS can be applied to specific WAN traffic with ease.
Anti-virus capabilities aren’t actually embedded on the 2821, as it integrates with Cisco’s NAC (network admission control) technology. The idea behind NAC is that each endpoint such as a PC, notebook or PDA is queried as to its security condition on the network, and it will be allowed access based on the applications it’s running – in this case, anti-virus software. The router must have a connection via RADIUS to a Cisco Secure access control server, which maintains NAC policies and combines with a Cisco Trust Agent running on each host.