Guía de Soluciones: Seguridad

Esta guía de soluciones sobre seguridad ha sido desarrollada por Comstor. Si necesitas una copia contacta con tu comercial de Comstor en el teléfono 902 00 60 60 o escribe un correo a cisco@comstor.es. WESTCON, WESTCON GROUP y COMSTOR son marcas registradas y marcas de Westcon Group, Inc. Copyright © 2008 Westcon Group, Inc. Todos los derechos reservados.

¿Por qué Comstor?.................................................................... Pág. 2 ¿Por qué OneDefense?.............................................................Pág. 3 ¿Por qué Cisco?........................................................................Pág. 4 Valor de la seguridad para tu negocio….................................… Pág. 5 Posicionamiento: Self Defending Network de Cisco..................Pág. 6 Guía de ventas: Cisco Security……….…..........................…….Pág. 25 Guía de ventas: eiQnetworks………................….................…. Pág. 30 Guía de ventas: PowerDsine……………............…….…….…… Pág. 33 Guía de ventas: Sony…………….……….........…………….…… Pág. 37 Guía de ventas: TrendMicro....................................................... Pág. 40 Información IronPort................................................................... Pág. 43 Promociones de desarrollo al canal………………………..….... Pág. 44 Glosario de Términos................................................................ Pág. 47 Guía de Referencia Cisco……………………….....……………..Pág. 57

1

Por qué Comstor?
Comstor España, división del Grupo Westcon, mayorista líder en soluciones de tecnologías avanzadas de Cisco en España, hemos sido distinguidos por Cisco como Mayorista del año en España durante el 2006 y 2007, en Europa durante el 2007. Comstor te proporciona los servicios, programas de apoyo, formación y herramientas que harán tu empresa sea más rentable y competitiva. Comstor, como uno de los mayoristas en networking de mayor exito y dinámico, te proporciona su conocimiento del producto Cisco en redes que se completa con los fabricantes más rentables del mercado, para brindar unas soluciones inmejorables. La experiencia técnica de Comstor contribuye al desarrollo y conocimiento de los distribuidores en cada una de las fases del proceso de ventas, desde la planificación hasta la implementación desde proyectos aislados a multinacionales.

En el apartado dedicado a la formación, Comstor ofrece un medio de capacitación que contribuye en tu formación y desarrollo hacia las especializaciones y certificaciones Cisco. Si tus clientes demandan soluciones en convergencia, seguridad o movilidad, y aún no cuentas con el conocimiento o con recursos de apoyo necesarios, Comstor te puede ayudar. El valor añadido de Comstor que está siempre a mano para proporcionarte servicios centrados en Cisco y sus fabricantes afines. Hemos creado unos programas de soluciones especiales que te proporcionan todas las herramientas, asistencia y guía que necesitas para el éxito en cada una de las fases del Ciclo de Ventas en 6 fases:

2

¿Por qué OneDefense?
La solución OneDefense de Comstor es una oferta integral que permite a los partners de canal ampliar su identidad de simple proveedor y convertirse en un asesor comercial de confianza para sus clientes. Los servicios de voz se están fusionando rápidamente con los de seguridad haciendo inevitable la migración hacia la seguridad. OneDefense ofrece una cartera de excelentes productos y servicios de seguridad diseñados para interactuar y complementar las soluciones de voz Cisco. Comstor, Mayorista líder en distribución de tecnologías avanzadas de Cisco, ha reunido un potente equipo de fabricantes afines (Affinity vendor) entre los que se incluye Sony, PowerDsine o eiQnetworks OneDefense permite a los distribuidores explorar con éxito los mercados empresariales pequeños y medianos estableciendo soluciones y servicios para cada mercado vertical.

¡Pero eso no es todo! OneDefense ofrece al canal: - Identificación más rápida de oportunidades de negocio en mercados en gran crecimiento. - Mejor comprensión del mercado. - Profundo conocimiento tecnológico. - Acceso a herramientas de gestión y de generación de leads. - Herramientas de ventas multimedia. - Formación en de ventas. - Análisis e informes de mercados. Ventajas competitivas: - Obtener márgenes más elevados. - Aumentar el conocimiento del mercado. - Mayor felidad de sus clientes. - Capitalizar las oportunidades lucrativas - Especialización y diferenciación. - Aumento de su oferta comercial.

3

¿Por qué Cisco?
En la red, cualquier persona puede marcar la diferencia. Hoy día, las personas y las tecnologías revolucionarias que les conectan, están mejorando nuestras experiencias cotidianas de forma que nunca antes habíamos imaginado. Cuando las personas se conectan y colaboran, las ideas y las oportunidades pueden crecer rápidamente. La red erradica las limitaciones y las distancias, además de expandir el alcance de nuestros esfuerzos. Cisco provee una plataforma para la oportunidad y el progreso. Nuestro enfoque único, equilibrando innovación con compromiso y el éxito del cliente con la responsabilidad social, proporciona un entorno proclive a que ese progreso florezca.

En Cisco, tenemos el convencimiento de que cuando se conecta a personas, se cambian las cosas a mejor. Ya sea e-learning, ó la transmisión de la Biblioteca Nacional completamente a través de la red, la tecnología de redes ha revolucionado la manera en que la gente se comunica y vive. Las personas están más informadas, son más eficientes, y están más involucradas. Cisco diseña la tecnología de la red que hace que todo ello ocurra segura y rápidamente. Pero el valor que Cisco implementa es el cambio de la manera que trabajamos, vivimos, jugamos y aprendemos. Una conexión humana permanente.

4

aunque ignoran qué necesitan para asegurar y proteger sus redes. Sea un usuario doméstico. y las costosas consecuencias de una falla de seguridad en la red. tanto para las personas como para las empresas. con herramientas de ataque de uso sencillo y fáciles de conseguir. enviando los detalles de su tarjeta de crédito a través de la web. La mayoría de empresas comprende lo necesario de una seguridad de redes robusta. La historia reciente ha destapado fallos críticos. Necesidad de Seguridad: La seguridad de las redes representa probablemente la mayor preocupación concreta. A medida que internet se ha ido haciendo más popular y abierto. La tendencia creciente hacia el cumplimiento de las normas legales. ¿Cómo podemos ayudarte? Con nuestros conocimientos técnicos y comerciales propios en Cisco y en otras marcas de seguridad líder presentes en nuestro catálogo. o un director de empresa responsable de cientos de empleados. el almacenamiento y la transmisión segura de información secreta. ayudamos a nuestros partners con servicios de: pre-venta. con ellos. tanto en internet como en la mayoría de sistemas operativos. significan que los ejecutivos de las empresas se ven cada vez más implicados en las decisiones concernientes a la seguridad de sus redes. los chiquiscripts y los hackers se multiplicaron y. formación. el nivel máximo de seguridad ha venido siendo el firewall perimetral. los ataques e interrupciones del servicio. 5 .Valor de la seguridad para tu negocio En la mayoría de las redes. consultoría y servicios profesionales in situ.

NAC (Network Admission Control). Se puede dar un reconocimiento recíproco entre los servicios de seguridad y la inteligencia de red. previniendo y adaptándose a las amenazas de fuentes tanto internas como externas. ataques de virus y mal uso de aplicaciones procedentes de amenazas conocidas o desconocidas. ■ Mejora la gestión y eficacia de los recursos TIC. Con esta protección. Los routers. ampliando la capacidad de detección de amenazas y atajando las amenazas en múltiples capas de la red. necesaria para negocio. dispositivos y puntos finales incorporan funciones de seguridad como función firewalls. Este reconocimiento recíproco reduce los riesgos de seguridad eficazmente. claramente. este estándar incluye tecnologías propias del funcionamiento de dispositivos de red tales como control de políticas de seguridad y gestión de memoria y procesador. elementos de red y seguimiento de normas. ya sea hackers tratando de burlar las defensas de red externas. ataques de virus y uso indebido de aplicaciones. trabajando para proporcionar un sistema seguro y adaptativo. proporcionando además una oportunidad de evolucionar hacia niveles de alto rendimiento y resultados.Guía de Posicionamiento: Self Defending Network de Cisco Las redes de información son esenciales en el seguimiento de cambios del negocio. capacidades de asignación de fiabilidad e identificación. reforzada por dispositivos de red tales como routers y switches. y dando una respuesta más proactiva frente a nuevos tipos de amenazas. La Self Defending Network de Cisco: La Defending Network de Cisco. 6 . Con el auge en sustracciones de información. Estándar de colaboración: Diversos componentes de la red trabajan juntos para proporcionar nuevos medios de protección. Tres características estándar de la Self Defending Network de Cisco 1. aumentando así la eficacia de la seguridad. Ya sea empleados o personas de confianza robando información. para la detección de nuevos tipos de amenazas en el momento de su aparición. convirtiéndose la seguridad en un sistema de cooperación entre puntos extremos. protege a la organización detectando. Integración Estándar: Todos los elementos en la red funcionan como punto de defensa. 2. las empresas son más capaces de aprovechar sus recursos de red. switches. las organizaciones deben protegerse contra robos de información. es un ejemplo de este principio en que los extremos son admitidos en la red basándose en su nivel de adhesión a las normas de seguridad. de fuentes internas o externas. Además. Beneficios de ofrecer la Self Defending Network de Cisco ■ Flexibilidad y sencillez de protecciones de red. mejorando así los procesos de negocio y reduciendo costes. 3. VPN. La seguridad de red es. Estándar Adaptativo: La seguridad adaptativa permite el despliegue automático de métodos de comportamiento innovadores. resulta vital para las organizaciones asegurar sus redes y proteger sus recursos de valor. e IPS (Intrusion Prevention System).

■ Conectividad segura con VPNs IPSec (IP Security). ■ Protección de activos y reputación de la empresa. ■ Necesidad de políticas seguridad fuertes y adaptativas. ■ No hay un dispositivo aislado que responda a todas tus necesidades en seguridad. Cisco Systems ofrece un amplio espectro de soluciones de seguridad integrada. es importante comprender las necesidades de redes y seguridad de tu cliente. ■La seguridad implica a todas las formas de comunicación empresarial actuales. ■ Las tecnologías y productos. ■ Protección desde el primer día. 7 . en tiempo real. ■ Las políticas de seguridad no deben ser estáticas. Esto te permite gestionar sus expectativas a la vez que identifica las oportunidades. VPN. ■ Protección del negocio del uso inadecuado de Internet. asociados con la red Cisco Self Defending. sino orgánicas y acordes a la importancia y el momento en que se detecta una nueva amenaza. ■ Protección contra usuarios con dispositivos inseguros o infectados. ■ Dispositivo de seguridad adaptativa con firewall residente.■ Habilita la detección de actividades extrañas y amenazas. protegiendo los activos empresariales y mejorando el valor de la infraestructura de red de las organizaciones. ofreciendo una respuesta coordinada a los ataques. Consideraciones: ■ Los directivos deben responsabilizarse de las normas de seguridad de la compañía. para la protección de organizaciones de cualquier tamaño. Como ocurre con las ventas de redes. IPS (Intrusion Protection System) y antivirus. al responder a amenazas conocidas y desconocidas. ■ Mayor tiempo en funcionamiento de la red. Ofrecer la solución La integridad de nuestras redes nunca ha sufrido tanta presión y son ahora uno de los objetivos más frecuentes de hackers y ataques externos. ■ Solución de gestión CiscoWorks. Self Defending Network de Cisco integra la inteligencia en seguridad. En consecuencia. ■ Legislación sobre la protección de la propiedad intelectual y seguridad de nuestras redes. ■ Cumplimiento efectivo de las normas de seguridad en toda la compañía. la oportunidad de ventas nunca ha sido mayor. ■ Todos los empleados deben ser entrenados en políticas de seguridad. ■ Control de accesos con NAC. con Security Agent.

Cualquiera que tenga acceso a internet o esté conectado a una red necesitará asegurar sus datos. la reputación de la empresa y el normal funcionamiento del negocio. ■ Diferenciación: La experiencia en seguridad te distingue de tu competencia. a medida del presupuesto de una PYME. a menudo presentan una o más de las siguientes características: ■ Conexión a Internet. Como una solución empresarial. ¿cómo puede una PYME establecer la seguridad en su red? Estudia la seguridad adecuadamente y actúa convenientemente: ■ Respondiendo a las necesidades de seguridad. Soluciones para la PYME: Las compañías de cualquier tamaño afrontan los mismos riesgos en seguridad: riesgos para la propiedad intelectual. ■ Posibilidad de ofrecer a los clientes distintos niveles de acceso y autorizaciones. detección de intrusiones. se enfrentan al desafío de tener que responder a esos riesgos con menos recursos propios. En ausencia de una legión de expertos y un presupuesto ilimitado. pruebas y monitorizado de dispositivos y políticas de seguridad. ■ Eligiendo cuidadosamente los fabricantes de seguridad. ■ Minimizar los tiempos de inoperatividad de la red previniendo los ataques de gusanos y/o virus desencadenantes de costosos daños. ■ Soluciones de varios fabricantes entre firewalls. además. El desafío consiste en mantener los costes bajos al tiempo que se asegura una solución potente e integrada que se pueda adaptar al siempre creciente conjunto de amenazas. ■ Manteniendo la estrategia de seguridad firmemente unida a la estrategia del negocio. a informaciones y servicios. Cisco ofrece un amplio conjunto de herramientas gestoras de seguridad para ayudar a simplificar configuración. existen varios beneficios al ofrecer seguridad: ■ Control de Cuentas: Trabajando con tu cliente en el tiempo para crear una red segura. Beneficios de ofrecer seguridad: Además de la oportunidad de incrementar tu negocio.Perfil de cliente objetivo: Los usuarios finales potenciales de empresas y PYMEs. te haces un asesor fiable. ■ Mayores ingresos: Del 3% al 8% del presupuesto en TIC se gasta actualmente en seguridad. Las PYMEs. 8 . con el Cisco Security Agent. VPN y autentificación. ■ Recién afectados por un ataque DDos (Distrusted Denial of Service). ■ Designando al menos una persona que se dedique a la seguridad. ■ Ofrecen seguridad y autorizaciones mayores a usuarios móviles y usuarios remotos. Los analistas anticipan que esta tendencia continuará aumentando año tras año. introduciendo oportunidades de incremento de negocio ■ Mayores márgenes: Especialistas con conocimiento y experiencia se identifican con el aumento de los ingresos. ■ Los firewalls han venido siendo la única herramienta de seguridad para la red. implicando a la ejecutiva en la planificación de la seguridad.

continuidad de la actividad empresarial. firewalls. Esas El principal desafío al que se enfrentan las amenazas pueden originarse desde fuera de instituciones educativas es gestionar y asegurar la empresa o desde empleados que puedan una red relativamente abierta a un número comprometer la seguridad. pueden dejar de ser un problema: Utilizando tecnologías como VPNs (Virtual Private Networks). 9 . intelectual. riesgos en la seguridad de sus redes que van desde el vandalismo en sitios web. las organizaciones pueden asegurar la privacidad ■ La seguridad de la red debe considerarse parte de sus estudiantes. ■ Tomar en serio la posibilidad de ataques DDoS Actualmente. intencionadamente o elevado de usuarios autorizados. incluso en presencia de una amenaza. NAC (Network Access ■ Todos los empleados deben mantenerse al día Control) permite a las redes detectar los sistemas y comprender sus responsabilidades. El asegurándose de que la actividad continúe aún crecimiento de la tecnología wireless añade un en presencia de una amenaza de seguridad. desde Una solución efectiva en networking genera en firewalls de nivel de entrada hasta routers ISR las instituciones nuevos desafíos en la seguridad (Integrated Services Routers). puedes maximizar el control de accesos Cisco: a todos tus recursos de red. prevenir el vandalismo y robo ■ La junta directiva debe controlar e implementar electrónico. para simplificar que cumplan con las políticas corporativas la configuración. Soluciones para el sector público: troyanos. ■ Con el control NAC (Network Access Control) Cómo ofrecer soluciones en seguridad de Cisco. vulnerables y fijar controles eficaces de acceso a ■ Hay todo un catálogo Cisco de herramientas de la red. admitiendo solamente dispositivos fiables gestión de seguridad disponible. además de gestionar la seguridad la política de seguridad. ataques DoS (Denial of Service) hasta la destrucción y sustracción de datos. proteger su propiedad de todas las decisiones de negocio. sin embargo. sistemas de detección de intrusiones y calidad del servicio (QoS).Soluciones empresariales: Las grandes empresas son cada vez más objeto de ataques. del campus a nivel físico. El objetivo de las empresas. Asegurando los pasos adecuados. sistemas operativos para su acceso a la red. los dispositivos y bases de datos de la red. virus. conjunto característico propio de desafíos en seguridad y accesibilidad. gira en se restringen los usos ilícitos y se protegen torno a la continuidad de la actividad del negocio. Cisco ofrece el mejor y más amplio catálogo de productos y soluciones de seguridad. asegurando la de sus redes y bases de datos. prueba y monitorización de los vigentes en cuanto a antivirus y parches de dispositivos y políticas de seguridad. ■ Integración de la red y de la seguridad física. al tiempo que sin saberlo. las empresas se enfrentan a (Distributed Denial of Service).

■ ¿Utilizas una protección de contraseñas sólida para ingresos remotos y locales? ■ ¿Cómo proteges los datos en tus portátiles. Las soluciones de Seguridad Cisco son escalables. Con el NAC (Network Access Control) de Cisco puedes maximizar el control de todos los accesos a tus recursos de red. Un conjunto completo de herramientas de gestión de seguridad Cisco está disponible para ayudarte con la configuración. IPS (Intrusion Protection System) y VPN en una sola solución (ASA)? Cosas que saber: 1. Las redes deben testearse periódicamente para detectar vulnerabilidades. pruebas y monitorizado de Preguntas que formular: ■ ¿Dispones de firewalls? ¿Hace cuanto? ■ ¿Tienes oficinas conectadas en remoto? ■ ¿Utilizas conexiones inalámbricas? ■ ¿Utilizas algún producto para encriptado? ■ ¿Estás utilizando algún producto para proteger tus equipos de sobremesa o servidores? ■ ¿Cómo se gestionan tus dispositivos de seguridad? ■ ¿Cómo tratas los informes emitidos por esos dispositivos de seguridad? ■ ¿Cómo haces cumplir las políticas de contraseñas? dispositivos de seguridad. cuando éstos no están conectados a la red? ■ ¿Preferirías un firewall.Todos los productos Cisco ofrecen seguridad y servicios escalables para todo tipo de negocio. 5. 2. 3. Los routers ISR (Integrated Services Routers) de Cisco ofrecen una solución de pasarela empresarial segura en un solo dispositivo. un antivirus de red. 10 . 4.

Dispositivo de seguridad multifunción: La serie ASA 5500. Adaptive Security Appliance de Cisco. ■ Financieros. para entornos que van desde la pequeña oficina o despacho doméstico hasta la gran empresa. es una plataforma modular que adelanta la próxima generación en servicios de seguridad y VPN. La serie ASA 5500 de Cisco permite. ■ Escalable: Una solución de seguridad que se puede aumentar en la medida que el negocio se expande. Mercados objetivo Todos los mercados presentan vulnerabilidades siendo. ■ Distribuidores al por menor.Ventajas de ofrecer seguridad: ■ Seguridad: Tranquilidad de que tu red y datos están seguros. Su diseño modular único proporciona una importante protección de inversiones y unos costes operativos más bajos. La serie ASA 5500 de Cisco ofrece a las empresas un portafolio completo de servicios personalizables a través de ediciones a medida de las necesidades en cuanto a firewall. prevención de intrusiones IPS. con apoyo de los contratos de mantenimiento SMARTnet y nuestra asistencia Smart Care. por tanto. ■ Fiabilidad: La legendaria fiabilidad Cisco. ■ Instituciones educativas (grandes campus abiertos). sin interrupciones del servicio ni disminución en disponibilidad de red. ■ Gobierno local y autonómico. ■ Disponibilidad: Asegurando la continuidad del negocio. ■ Integración: Los dispositivos y el software se integrarán sin sobresaltos con cualquier solución Cisco y con la mayoría de soluciones de otros fabricantes. mientras que la plataforma de hardware unitaria reduce los costes distribuidos. anti-X y VPN. ■ Rendimiento: Todas las ventajas de una red segura. mercados primarios: ■ Cualquier negocio en web. ■ Movilidad con acceso seguro (Secure Access): Infórmate de quiénes son tus usuarios. central o local. ■ Capacidad de gestión: Gestión y monitorizado. Cada edición atiende a las necesidades de entornos empresariales específicos: ■ Edición Firewall: Permite a las empresas la instalación segura y fiable de aplicaciones y redes críticas. pasando por la PYME. la estructura de seguridad de la red resultará mucho más efectiva. reduciendo el coste total operativo en seguridad. Estas ediciones permiten una protección máxima proveyendo los servicios idóneos a las localizaciones convenientes. Cubriendo las necesidades en seguridad de cada localización. 11 . además la estandarización en una plataforma unitaria. ■ Entornos de redes wireless. móviles y remotos. Un entorno común de configuración simplifica la gestión y reduce los gastos en formación para los empleados. Cada edición combina un conjunto de servicios ASA de Cisco para suplir las necesidades de entornos específicos dentro de la red empresarial.

■ Edición Anti-X: Protege a los usuarios en sitios pequeños o remotos con un equipo completo de servicios de seguridad. Security Agent. ■ Prevención y Protección frente a tipos complejos de ataque. sin necesidad de actualizaciones ni de parches de emergencia. facilitando el tráfico de datos críticos cuando la red se encuentra sobrecargada.■ Edición IPS: Protege a los servidores y a las infraestructuras vitales para la actividad empresarial contra gusanos. firewall y VPN. Clean Access y su integración con QoS de fiabilidad proporcionan la mejor colaboración con la red para mejorar la funcionalidad de los dispositivos y la seguridad Cisco. Los servicios anti-X de TrendMicro. Las tecnologías NAC (Network Access Control). 12 . con soporte de VPN por bloques para las instalaciones empresariales de grandes dimensiones. líderes en su sector. Las tecnologías VPN de acceso remoto SSL (Secure Sockets Layer) e IPSec (IP Security) se complementan con tecnologías de control de amenazas tales como Secure Desktop de Cisco. Modera las nuevas amenazas en su etapa inicial sin necesidad de reconfiguraciones ni de actualizaciones con parches de emergencia. El software Agente de Seguridad de Cisco integra los servidores y ordenadores sobremesa en la Self Defending Network de Cisco. ■ Edición VPN: Habilita el acceso remoto a usuarios de sistemas y servicios de red interna de forma segura. hackers y otras amenazas mediante la combinación de firewall. tales como prevención de intrusiones IPS (Intrusion Protection System). protegen el sistema del cliente frente a sitios web maliciosos y contenidos de riesgo como virus. de seguridad de aplicaciones y de servicios de prevención de intrusiones. Proteccion para equipos de servicios y sobremesa: El software Security Agent de Cisco protege los sistemas de servidores y sobremesa detectando las amenazas y defendiendo contra las actividades maliciosas. conocidos o por conocer. Además del dispositivo de seguridad multifunción. ■ Prevención de ataques. reduciéndose así los costes operativos. lo que simplifica la seguridad. hay disponibles características de seguridad en el catálogo de productos IOS de Cisco. spyware y phishing. proporcionando una protección robusta con costes operativos bajos. Los servicios de firewall y VPN de nivel empresarial proporcionan una conectividad segura. y con firewall y servicios de prevención de intrusiones para asegurar que el tráfico VPN no introduzca amenazas en la empresa. El Security Agent de Cisco numerosas ventajas como: proporciona ■ Unión y Extensión de las funciones de seguridad en extremos múltiples dentro de un sólo agente.

Accesos remotos: Los concentradores de la serie ASA 5500 de Cisco proporcionan a tu empresa un ahorro en costes operativos sin precedentes. ■ Auditorias de seguridad o información de gastos de cuentas. ■ Agrupa con los dispositivos VPN de Cisco. ofreciendo conectividad VPN con IPSec y SSL en una sola plataforma. Gestión de identidades con ACS de Cisco: El Servidor de Control de Accesos seguros (ACS) de Cisco para Windows es una solución centralizada de identidades de red. SSL (Secure Sockets Layer) Protocolo de Capa de Conexión Segura. permitiendo a los administradores de red el control de: ■ Quienes acceden a la red. con gestión remota y desatención de extremos de red: La gestión integrada. ■ Acceso y controles habilitados para cada administrador de configuraciones por separado. ■ Proporciona una arquitectura escalable a nivel empresarial: hasta 100. ■ Privilegios de usuarios en la red. acceso a la infraestructura y controles de validación y normas de red. basada en web propia de los concentradores serie ASA 5500 de Cisco.■ Proporciona una flexibilidad que te permite definir y hacer cumplir las normas de seguridad de acuerdo con las políticas de la empresa. protección de la integridad en datos. Una experiencia de gestión de usuarios simplificada para todos los dispositivos y aplicaciones de gestión de seguridad. proporcionando una seguridad entre puntos de red para instalaciones VPN con IPSec y SSL. ACS asegura el cumplimiento de políticas. La serie ASA 5500 de Cisco ofrece soluciones para las instalaciones de accesos remotos más diversos. fiable y de alto rendimiento. Las ventajas de la serie Cisco ASA 5500 incluyen: ■ Dispositivos Avanzados de Seguridad: Secure Desktop de Cisco ofrece auditoría sobre el cumplimiento de seguridad en preconexión y realiza búsquedas para minimizar los datos de zaga al finalizar una sesión VPN SSL. descargado de modo dinámico y permitiendo conectividad en capas de red virtualmente cualquier aplicación. IPsec también incluye protocolos para el establecimiento de claves de cifrado.000 agentes por manager. proporciona una interfaz sencilla y de fácil gestión para configurar y monitorizar a todos los usuarios con acceso remoto. rinde acceso a aplicaciones de seguridad de red líder en su sector. 13 . mediante soluciones de acceso remoto flexible. Las características en el software de VPN de Cisco. son protocolos criptográficos que proporcionan conexiones seguros por una red. ■ Facilidad de instalación. ■ Integración con Clean Access de Cisco. IPSec (Internet Protocol security) es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el Protocolo de Internet (IP) autentificando y/o cifrando cada paquete IP en un flujo de datos. para control de accesos de red. ■ Amplio soporte de aplicaciones para VPN SSL: La plataforma ASA 5500 de Cisco ofrece un extenso soporte de aplicaciones a través de su cliente VPN SSL para WebVPN.

Las soluciones de gestión de seguridad de Cisco proporcionan los siguientes valores y beneficios: ■ Mayor retorno de inversión a través de una seguridad mejorada. ■ IPS (Intrusion Prevention System). puede ser un complemento de un router Cisco instalado con anterioridad. gracias a las facilidades de la aplicación de políticas de seguridad a través de multitud de dispositivos.Uso del IOS de Cisco para asegurar WANs: El bundle Secure WAN es una imagen de seguridad IOS de Cisco que puedes adquirir en conjunto con los routers. ■ VPN punto a punto (Dynamic Multipoint VPN). (VSEC) Secure Voice para combinar seguridad y comunicaciones IP.Security Manager de Cisco. También. ambos de Cisco. y el ajuste de esas políticas a los métodos de trabajo administrativos. 14 . Existen cuatro bundles Secure WAN de Cisco para routers ISRs (Integrated Services Router) de Cisco: . Cisco Systems proporciona un conjunto de herramientas diseñadas para la escalabilidad en administración y cumplimiento de políticas. . ■ Menores costes de mantenimiento.(SEC) Basic Security para seguridad básica. . Estas herramientas proporcionan el marco de configuración.Secure Wireless para integración de seguridad y de accesos WLAN Suite de Gestión de Seguridad Cisco: Basado en una arquitectura de valor añadido que permite la integración. ■ Acceso remoto VPN (IPSEC. SSL). ■ SDM (Security Device Manager). ■ Enrutado WAN y dinámico.Security Monitoring de Cisco. ■ ASDM.(HSEC) High Performance para mayor rendimiento y crecimiento. ■ Filtrado de URLs. ■ Generic Routing Encapsulation simple. . Los productos que forman esta suite son: . ■ NAC (Network Admission Control). basada en herramientas inteligentes que habilitan rápida y sencillamente la detección. localización y control de los ataques. El bundle Secure WAN de Cisco incluye: ■ Firewall completo. monitorizado y análisis para el control de amenazas.

fortaleciendo su seguridad de red. ■ Mejor control de gastos. Pero. Defensa ante amenazas: ■ Antes de clasificar la seguridad de la red como algo digno de atención por parte del departamento El Sistema de Defensa frente a amenazas (Threat TIC. los hackers están volviendo sus miradas malintencionadas. marketing. tanto tan importante como la planificación de ventas y internas como externas a tu organización.■ Mayor productividad en TIC. actualizaciones de firmware en bloque y gestión ininterrumpida de firewalls remotos. crear vulnerabilidades de seguridad. de seguridad. ventas y transacciones con partners. incluyendo ■ Trabaja con los demás dentro de tu empresa comunicaciones internas. o los empleados descontentos y los antiguos empleados pueden Atendiendo a la seguridad de la red: Lista de ocasionar daños importantes. protegido adecuadamente sus redes. menores interrupciones como resultado de los menores errores de los usuarios. sin saberlo. en lugar La PYME basa en sus redes todos los aspectos que con una estrategia unitaria y unificada. basada en la automatización de configuraciones masivas en políticas de seguridad. como muchas grandes empresas están 15 . centrándoos en tecnologías. basado en una Interfaz Gráfica de Usuario (GUI) basada en web de sencillo uso. ■ Uso de sistemas integrados de toda la empresa. se puede dar el caso que sea ■ Para muchas. inventariado. comprobación. el poderla utilizar. que permiten una mejor gestión simultánea de miles de dispositivos de seguridad. Planificación general de seguridad: Las siguientes recomendaciones deberían ayudarte a desarrollar y mejorar tu plan de seguridad de red: ■ Céntrate más en el retorno de valor que en el retorno de inversiones. de sus actividades operativas. ■ No caigas en confrontar las preocupaciones sobre seguridad de forma fragmentaria. networking inteligentes que detectan y controlan haciendo que la planificación de seguridad sea amenazas conocidas o por conocer. la seguridad de la red parece un más difícil. También los empleados pueden. externas. asunto demasiado complejo. Aun así. ■ Sistemas con diseños más sencillos y elegantes. por una ■ Encuentra el equilibrio adecuado entre serie de razones: seguridad y manejabilidad. muchas de esas PYMEs no han formación. ■ Nunca des por sentado que los ataques a la red vendrán solo desde fuera. seguridad física del sitio y demás. que permite a los empleados trabajar eficientemente con una amplia variedad de dispositivos. ■ Algunos creen que las compañías pequeñas son objetivos menos vulnerables a ataques. cada vez más. para desarrollar e implementar las estrategias facturación. Las redes se han hecho entre soluciones de seguridad y tecnologías de parte intrínseca de la conducción del negocio. Cuanto más segura se hace tu red. y con una demanda excesiva de recursos. debería ser considerado fundamental para la Defense System) de Cisco es una cooperación continuidad del negocio. hacia las PYMEs.

■ Solución multi-fabricante ■ Ampliación de las tecnologías y estándares existentes. 16 . se hace más difícil asegurar manualmente que las medidas de seguridad adecuadas estén bien situadas para proteger tu red. como: ■ Seguridad perimetral: Generalmente instalado como producto puntual. seguridad y facilidad de gestión típicas de la red privada. SAFE de Cisco: La arquitectura Cisco SAFE para E-Business es una programación completa y flexible para arquitecturas seguras. ■ Conectividad segura: Las VPNs (Virtual Private Networks) representan un medio viable de comunicación entre partes fiables a lo largo de una red asegurada. ■ Mayor alcance de las inversiones actuales en redes y antivirus. y un acceso de red restringido es concedido mientras no son parcheados y asegurados. ■ Sistemas de prevención de intrusiones: El Secure IPS de Cisco ofrece una prevención de intrusiones de categoría empresarial basada en análisis de tráfico en tiempo real. modular y asequible. basada en un sistema diferenciado. además de escalabilidad y asequibilidad. Symantec y TrendMicro. ■ Identificación y autorización de usuarios: El servidor de control de accesos seguros ACS (Access Control Server) de Cisco es una solución altamente escalable y de gran rendimiento que ofrece el sistema AAA (Autentificaciones. Sin duda un excelente primer paso. Autorizaciones y Cuentas). Componentes de SAFE: Una buena solución en seguridad que ofrece modularidad y sencillez en la instalación. Al permitir solamente dispositivos de red confiables que cumplan con las políticas corporativas vigentes relativas a anti-virus y parches de sistema operativo. y nunca debiera ser considerado como la única solución en seguridad. Cisco Systems se ha unido con marcas líder en seguridad como son: Network Associates. NAC permite que las redes detecten los sistemas vulnerables y que cumplan unos controles de admisión de red efectivos. La solución SAFE de Cisco está dividida en sets tecnológicos. con los mejores productos y servicios.NAC (Network Admission Control): A medida que los ataques de red tales como virus y gusanos aumentan en sofisticación. el firewall es con mucho la medida de seguridad más frecuente. detectando actividades no autorizadas en la red e informando de tales actividades a una consola de gestión centralizada. NAC ofrece los siguientes beneficios: ■ Control de todos los métodos de acceso. para acceso a la red. para crear el NAC (Network Admission Control). con toda la velocidad. Los hosts vulnerables que no cumplen con aquéllas especificaciones se aíslan. Para interceptar y prevenir daños e interrupciones debido a amenazas de seguridad incipientes como ataques Day-Zero.

17 . debemos adaptarnos. Los firewalls siguen siendo clave en todas las soluciones de seguridad.■ Políticas de seguridad: Habiendo explorado los componentes de hardware presentes en la planificación SAFE de Cisco. debe hacerse hincapié en que no existe el estado 100% seguro. modificar y responder con unas políticas de seguridad en constante evolución. de seguridad: Como puerta de acceso. El dispositivo ASA de Cisco contribuye a la estrategia Cisco de utilización de seguridad integrada para construir una red Cisco Self Defending. el set IOS con características firewalls basado en router. Con las amenazas creciendo y diversificándose cada vez más. Soluciones Firewalls. y el módulo de servicio de firewalls Catalyst 6500. Cisco tiene tres ofertas en la suite de firewalls: el dispositivo ASA (Adaptive Security Appliance). que internamente protegen un servicio o dispositivo. los firewalls protegen contra los accesos a red no autorizados.

incluso. En una red Cisco Self Defending existen. En los peores casos. y para mejorar significativamente la seguridad pero sin afectar a la red. ■ Los esclavos o zombies DDoS pueden propagarse y dispersarse por sí mismos. detalladas en la tabla: 18 . no solo estarás protegiendo al servidor y al firewall frente a los ataques DDos. se ralentizará o. y la memoria de los firewalls se colapsará. un ataque a un solo servidor puede echar abajo una red al completo.Mejora de Firewalls: Los firewall ofrecen buenos niveles de seguridad. Situando un dispositivo pantalla (webscreen) entre el router de frontera y el firewalls . El sistema Secure IPS de Cisco se puede instalar estratégicamente en las interfaces de red o puntos de ingreso. Sistemas de Prevención de Intrusiones (IPS): Los IPSs monitorizarán el tráfico de tu red detectando virus y gusanos conocidos. una alta demanda de IDS e IPS para monitorización de cualquier ingreso a la red. Cisco cuenta con tres ofertas. y exigen el uso de recursos críticos para su reparación. ■ Los ataques DDoS evolucionan constantemente. pero deberían complementarse con tecnologías de seguridad adicionales Incluso los mejores firewall tienen problemas con los ataques DDoS. Los ataques DDoS suponen un ataque a la integridad de la red. Estos ataques son costosos en dinero y clientes. y son peligrosos porque: ■ Utilizan la infraestructura de internet para atacar en masa. sino a toda la red. para monitorizar las fuentes de tráfico. dejará de ser operativa. Si un servidor protegido por firewall resulta atacado. internas o externas. ■ Las herramientas de ataque DDoS pueden pasar desapercibidos y disfrazar su identidad real. ■ Las herramientas de ataque DDoS pueden utilizar un número indeterminado de tácticas para atravesar los firewalls. el ancho de banda en uso aumentará rápidamente.

Sistema de Protección de Intrusiones en VPNs (Redes Privadas Virtuales): Hosts: Las VPNs proporcionan seguridad cuando líneas El uso del software Security Agent de Cisco virtuales seguras a través de la red pública. los ordenadores resultaban infectados habitualmente a través de discos flexibles con software pirata. capacidades de firewalls distribuidas. ■ SecurityAgent de Cisco agrupa y amplía múltiples funciones de seguridad de red. autentifica a todos los usuarios que se conectan a la red o a los servicios. Los gusanos aprovechan los agujeros y vulnerabilidades en nuestro firewalls y defensas. mientras los fabricantes de antivirus publican el parche. ayudando en la reducción de costes operativos. pero no así contra la mayoría de virus y gusanos Day Zero desconocidos. Servidor de Control de Accesos Seguros (ACS) de Cisco: El servidor ACS de Cisco. no fiándose de los antivirus y softwares instalados para proporcionar una protección robusta con unos costes operativos reducidos. ■ Security Agent de Cisco te protegerá de esto y dará tiempo. Un software antivirus puede defender contra ataques. la principal vía de contagio es el correo electrónico. afianzamiento de la integridad del sistema operativo y unificación de informe en un solo producto. protección contra códigos móviles malintencionados. ■ Security Agent de Cisco proporciona protección frente a amenazas para servidores y sistemas sobremesa. Hace algún tiempo. hoy en día. 19 . proporciona un Sistema de Protección de Intrusiones en Hosts (HIPS). El Security Agent de Cisco protegerá tus servidores y equipos sobremesa frente a virus. eliminando así los riesgos de seguridad conocidos y Day Zero o desconocidos. ■ Security Agent de Cisco analiza los comportamientos. detectando e interceptando comportamientos maliciosos. gusanos y ataques Day Zero. proporcionando prevención de intrusión en hosts.

1x. El servidor Secure ACS de Cisco asegura el cumplimiento de las políticas designadas. ■ Access Points con broadcast APAGADO. dependerá de las políticas de seguridad del cliente y deberá adherirse a aquéllas al estudiar una solución WLAN. Su delgado diseño. Sin embargo.Routing Virtual y Reenvío). Para asegurar una WLAN se necesita tomar en consideración las siguientes características: Seguridad básica: ■ Asignación claves WEP estáticas de 128 bits. ■ Privilegios de cada usuario en la red. ■ Asignación de todas las características WPA (Wi-Fi Protected Access). 20 . esto no tiene por qué ser siempre cierto: se puede instalar un sistema de seguridad para la protección de usuarios y dispositivos de red tan seguro como una LAN cableada. Seguridad mejorada: ■ Utilización de asignación y gestión de claves de WEP dinámicas. ■ SSIDs preajustados y modificados.Virtualizacion y Descurimiento VFR (Virtual Routing and Fowarding . La maquinaria de la solución Secure ACS de Cisco es una plataforma con seguridad reforzada y dedicada que ofrece una solución altamente gestionable de control de accesos. Seguridad en WLANs: Las redes locales inalámbricas (WLANs) han sido con frecuencia tildadas de menos seguras que las análogas cableadas (LANs). habilitados para cada administrador de configuraciones. ■ Utilización del protocolo EAP a través del 802. Módulo de Servicio WebVPN Ofrece una integración con la infraestructura de red. Cliente VPN Permite a las organizaciones establecer túneles encriptados punto a punto para una conectividad segura para empleados móviles y teleoperadores. ■ Controles de acceso y gestión.ACS para Windows proporciona una solución de networking de identidades centralizada. a través del manejo y gestión del Secure ACS de Cisco de forma simple y con alta disponibilidad. A menudo. la implementación de la Seguridad IP (IPSec) es compatible con todos los productos de la red virtual privada Cisco.Seguridad Avanzada de Punto Extremo. además de incrementar la protección evita los aumentos en el coste total de mantenimiento. La solución Secure ACS de Cisco habilita instalaciones rápidas PnP (Plug-and-Play) y una solución muy fiable en autentificaciones. autorizaciones y cuentas AAA. Escalabilidad y Fácil despliegue. para todos los dispositivos y aplicaciones de gestión de seguridad Cisco. una experiencia en gestión de usuarios simplificada. con unos tiempos de instalación y de resolución de fallos muy bajos. ■ Autorización y autentificación utilizando el Secure ACS de Cisco. ■ Auditorias de seguridad o información de fondos de cuentas previamente registradas. permitiendo a los administradores de la red controlar: ■ Quiénes pueden ingresar a la red.

Al funcionar sobre una arquitectura de red IP. creando muchas oportunidades de negocio. Sony ha sido líder de confianza en el desarrollo de tecnologías superiores en cámaras IP. estas tecnologías de seguridad se están basando cada vez más en IP. audio y control son todas transportadas a través de una conexión de red Ethernet estándar. La instalación también se ha hecho más sencilla.Seguridad Física: La seguridad tradicional ha dado un muy buen servicio a la industria con tecnologías asentadas como CCTV (Circuito Cerrado TV). reconocimiento facial o base de datos central para verificar si la persona tiene en efecto acceso autorizado. incluso en condiciones de baja iluminación. visionado en tiempo real. sistemas antirrobo y antiincendios. tales como cámaras de red que toman imágenes solo cuando alguien pasa una tarjeta magnética. captura en video digital. Algunos modelos incluyen capacidad PoE (Power over Ethernet) para reducir requisitos en cableado. pero Sony lo facilita con su solución completa de seguimiento y vigilancia. el sistema se puede integrar a la red actual. videocámaras de red. Hoy. evitando el envío de personal de seguridad. ahorrando así tiempo y dinero. Su instalación y puesta en marcha es rápida y sencilla. los cuales resultaban caros de instalar y difíciles de integrar a otras tecnologías de seguridad. Sony hace uso de toda esta tecnología para ofrecer una solución en videoseguridad clave para el mercado y diseñada a medida de las necesidades específicas de tu cliente. servidores. Las señales de video. Pero estos sistemas de seguridad clásicos tendían a constar principalmente de sistemas autónomos similares independientes. 21 . independientemente del entorno y arquitectura. además de grabación con archivo / recuperación. El buen estado de las alarmas se puede comprobar mediante el uso de cámaras de red. Durante años. sistemas de accesos. pantallas. Cámaras de red: Las cámaras de red Sony ofrecen imágenes claras y nítidas para la cobertura eficaz de cualquier escenario. como ocurre con la telefonía. biométrica para accesos a áreas restringidas. o de seguimiento de bienes. almacenamiento y software. Elegir el sistema de videoseguridad adecuado puede parecer una tarea desesperante. La reputación de Sony como el líder tecnológico ha producido que los competidores utilicen tecnologías Sony en sus productos. Videomonitorizado de red Sony: El video se ha convertido en la base de todo esfuerzo en seguridad. monitorizado y gestión remotas. Sentirse seguro tiene que ver con una cosa: confianza.

VPNs e IPSs de Cisco. 22 . gestionar y contestar a las amenazas de seguridad. Esta solución se muestra efectiva en la gestión. mitigar y elaborar informes sobre amenazas prioritarias. ■ Monitoriza sistemas. montajes con un PC o grandes instalaciones multi-cámara a través de varios sitios de forma sencilla. Componente clave del Ciclo de Vida de gestión de seguridad Cisco. Disponibles en versiones a un canal y a cuatro canales. Security Manager de Cisco es una solución potente de uso muy simple para la provisión centralizada de todos los aspectos relativos a configuraciones de dispositivos y de políticas de seguridad para firewalls. permite a los administradores centralizar. RealShot Manager: RealShot Manager es una plataforma de gestión potente y de fácil uso que proporciona un control completo sobre toda la red o sobre los dispositivos habilitados IP. Con RSM (RealShot Manager). Analysis y Response Cisco Security Manager: System (MARS): El sistema (MARS) de Cisco es una solución basada en dispositivos todo-en-uno que proporciona un control sin precedentes de tu instalación de seguridad. MARS responde a los problemas enfrentados por parte de los administradores: ■ Integra: La inteligencia de red para modernizar la relación de las anomalías de red con los sucesos de seguridad.Servidores de video en red: Los servidores de video en red facilitan integrar el inventario existente de cámaras CCTV clásicas a una solución basada en IP. ■ Visualiza: Incidentes validados y automatiza las investigaciones. Sopesa tus inversiones actuales en redes y seguridad para identificar. aislar y sugerir eliminaciones precisas de elementos superfluos. ■ Entrega un dispositivo escalable de sencilla instalación y uso con un coste total de mantenimiento mínimo. detectar. Esta familia de dispositivos de prevención de amenazas de sencilla utilización. Security Monitoring. convirtiendo las imágenes a formato digital de hasta 25 fps. con miles de dispositivos. escalando también la gestión eficaz de redes a gran escala. ■ Disminuye los ataques: Sopesando red y la infraestructura de seguridad en su conjunto. MARS transforma los datos de red y seguridad en inteligencia útil por la traducción de incidentes de seguridad y en el mantenimiento de políticas. Gestión de redes: La suite CiscoWorks 2000 ofrece un completo set de herramientas de gestión. los servidores de video Video Servers aceptan señales de entrada de video analógicas de cualquier cámara o dispositivo. redes y operaciones de seguridad: ayuda al cumplimiento de normas. MARS capacita a tus organizaciones de seguridad y red para la identificación. incluso de redes pequeñas con menos de diez dispositivos. gestionar una cámara. sopesando los dispositivos de red y de seguridad ya desplegados en tu infraestructura.

■ Su GUI (Interfaz Gráfica de Usuario): Proporciona una gran facilidad de uso. para hallar anomalías en la base de normas. ■ Múltiples visiones. Puntos destacados del producto: ■ Mayor rapidez de respuesta ante amenazas: Define y asigna nuevas políticas de seguridad a miles de dispositivos.Esta escalabilidad se logra a través de técnicas de gestión basadas en diversas políticas que simplifican la administración. los cuales se pueden adquirir por separado. la cual proporciona total administración y seguimiento de políticas para la red Cisco Self Defending. para un monitorizado y una prevención Cisco mundialmente reconocidos. Proporcionan métodos flexibles para gestión de dispositivos y políticas. ambas de Cisco. ■ Posibilidad de crear una sola tabla de normas de firewalls para todas las plataformas Cisco: con análisis inteligentes de políticas de firewalls. en unos sencillos pasos. con una coordinación efectiva. ■ Posibilidad de asignar tareas concretas a cada administrador durante el despliegue de una política. incluyendo la posibilidad de gestionar la red de seguridad visualmente ■ Amplias ayudas: El nuevo usuario reduce el tiempo de aprendizaje. con control y seguimiento de cambios formales: Permite al personal de seguridad y de operaciones de red el trabajar conjuntamente como un solo equipo. La suite incluye también MARS. ■ Integración con MARS de Cisco. El Security Manager forma parte de la Suite Security Management. 23 .

Información Fabricantes y Guías de Ventas 24 .

. .Cisco Integrated Router/Switch Security. Como resultado.Cisco VPN Clients. las amenazas de seguridad han aumentado exponencialmente. Gama de productos: . Las soluciones de seguridad de Cisco Systems ofrecen una gran variedad de funciones y se integran con las tecnologías de red existentes. .Guía de ventas: Cisco Security Descripción de la solución: Las redes se han desarrollado desde sistemas cerrados hasta sistemas sofisticados.Cisco Intrusion Prevention System (IPS). . . . Cisco ha respondido con Self Defending Network (SDN).Cisco Secure ACS & Authentication Agents . una gama completa de soluciones . . adaptables y auto regenerativas. . Esto permite que las redes sean resistentes.Cisco IOS Security.Cisco Smart Care 25 .Cisco MARS. Cisco ofrece un amplio abanico de productos y soluciones de seguridad de la máxima calidad. .Cisco Security Manager. .Network Admission Control. .Cisco VPN/Security Management Solutions.Cisco Adaptive Security Appliance (ASA). desde VPN de entrada o soluciones de firewall hasta infraestructuras de seguridad de empresa completas para asegurar su continuidad en caso de ataques contra la seguridad de tipo externo o interno.Cisco Security Agent.Cisco SMARTnet.

padres y alumnos. para ayudar a que las redes se defiendan por sí mismas y sean resistentes. comunicaciones. como la comunicación inalámbrica. adaptables y auto regenerativas. Una solución completa de seguridad. comunicaciones de voz. Los datos y recursos administrativos. se integran en las tecnologías de red existentes. trabajadores y red. Mercados objetivo: ■ Empresa: Las soluciones de Cisco. como los historiales de los alumnos. internas y externas y prevenirlas antes de que se expandan. y proporcionan una detección de anomalías total. ■ ¿Cuál es la ventaja para las empresas? Las funciones de seguridad integradas de Cisco protegen a la red contra el ataque desde dentro hacia afuera. ■ Fiabilidad: La legendaria fiabilidad de Cisco está respaldada por los conjuntos de mantenimiento SMARTNet y SMARTCare. Los routers de servicios integrados (Integrated Services Routers) ofrecen una solución “todo en uno” de seguridad. con su gran variedad de funciones. deben protegerse ante personas que tengan la intención de modificar o destruir datos. y su adaptación para afrontarlas. La seguridad física de los campus es también fundamental para asegurar la protección de alumnos y profesores. detectar amenazas. con 26 . ■ Educación: La seguridad se ha convertido en un aspecto clave para las escuelas. así como herramientas de respuesta. ■ Escalabilidad: Las soluciones de seguridad Cisco se adaptan tanto a un único usuario como a las redes de grandes empresas. ■ Disponibilidad: El personal de la empresa puede acceder a aplicaciones de negocio y de comunicación.Preguntas importantes: ■ ¿Tienes firewalls para proteger tu red? ■ ¿Cómo defiendes de las intrusiones? ■ ¿Dispones de oficinas remotas? ■ ¿Utilizas productos de encriptación? ■ ¿Cómo protege tus equipos? ■ ¿Gestionas tus eventos de seguridad? ■ ¿Cómo gestionas los informes? ■ ¿Aplicas políticas de seguridad? Beneficios: ■ Seguridad: Las soluciones de seguridad Cisco permiten la integración de tecnologías avanzadas en la empresa. ■ Ventajas para el negocio: Las soluciones Cisco aportan flexibilidad y resistencia a todas las aplicaciones. además de proporcionar a las organizaciones de todos los tamaños la confianza y agilidad empresarial para aprovechar las nuevas oportunidades de negocio. Cosas que deben saberse: ■ ¿Cuál es la ventaja de Cisco? Self Defending Network de Cisco es una estrategia a largo plazo para proteger los procesos de red de las empresas mediante la detección y la prevención de amenazas procedentes de fuentes internas y externas. ■ Pequeña y mediana empresa: Una red Cisco que se protege a sí misma puede ayudar a pequeñas y medianas empresas a proteger sus recursos y la información de sus clientes. así como adaptarse a la evolución y aparición de nuevas amenazas. gestión y seguridad. ■ Integración: Los dispositivos y el software se integran perfectamente con cualquier solución Cisco u otro fabricante. prueba y monitorización de los dispositivos. ■ Capacidad de gestión: Está disponible una completa gama de herramientas de gestión de seguridad cisco para ayudar a la configuración.

■ Gobierno: Unas infraestructuras seguras y fiables permiten que los organismos públicos respondan de forma rápida y efectiva. Cisco Security Agent: Protección contra amenazas para servidores y sistemas de ordenadores personales. Cisco VPN Clients: El cliente de VPN permite a las empresas establecer túneles VPN encriptados punto a punto. Cisco IOS Security: El software IOS de Cisco proporciona un sofisticado conjunto de funciones de seguridad para proporcionar una seguridad completa y estructurada en su infraestructura de red. Cisco Integrated Router/Switch Security: Router de servicios integrados con paquetes SEC y HSEC que proporcionan firewalls. seguridad multifunción con firewalls integrado. IPS. IDS/ IPS y servicios VPN. incluyendo la protección de sus empleados. activos y la privacidad de sus clientes contra amenazas de seguridad. proporcionando la información correcta a las personas adecuadas en el instante preciso.firewalls y sistemas de detección de intrusiones protege los recursos de información. Ayuda a reducir los costes de operación identificando. interrupciones y degradación del servicio.PowerDsine – Alimentación sobre Ethernet Descripción general de los productos: Cisco Adaptive Security Appliance (ASA): Un dispositivo de seguridad adaptativo con un gran rendimiento.eIQ – Información de seguridad y gestión de eventos . previniendo y eliminando amenazas de seguridad conocidas y desconocidas. Productos complementarios: . mientras que un sistema de video para el campus puede facilitar la seguridad física. antivirus de red y servicios de red privada virtual (VPN) en una solución de bajo coste y fácilmente gestionable. para ofrecer una conectividad segura a empleados viajantes y teletrabajadores. ■ Fabricación: La seguridad en varias capas y etapas armoniza a las personas. los procedimientos y las tecnologías con los objetivos de la empresa. ■ Legal: Los despachos deben ser un lugar de trabajo fiable. 27 . y reduce así las averías y violaciones de la seguridad.

Análisis y Respuesta de Cisco es una solución integral basada en dispositivo que permite a los administradores de red y seguridad monitorizar. servidores de acceso a red. El agente remoto ACS de Cisco para Windows Cisco Security Manager: y el agente remoto seguro ACS de Cisco para Solaris son aplicaciones que soportan Es una solución potente. IDS/IPS. Monitorización. autorización y Herramienta de gestión para firewalls.Cisco Intrusion Prevention System (IPS): Módulo IDS/IPS está adaptado para monitorizar tráfico de datos desde 80 mbps hasta 600 mbps bajo múltiples subredes. Network Admission Control: Routers y módulos de switching. Cisco Secure ACS & Authentication Agents for ACS: El servidor de control de acceso seguro de Cisco para Windows (ACS Windows) y el Motor de la solución de servidor de control de acceso seguro Cisco VPN/Security Management Solutions: de Cisco (ACS Solution Engine) proporcionan servicios de autenticación. flexible y fácil de utilizar dispositivos seguros ACS de Cisco para acceso para configurar firewalls. contabilidad (AAA) a dispositivos de red como VPN y Agentes de seguridad Cisco. sistemas de prevención contra la intrusión (IPS) en dispositivos de seguridad Cisco. y restringir dicho acceso al resto de dispositivos. Cisco PIX y routers. Los clientes que utilicen NAC pueden permitir el acceso a la red sólo a dispositivos que cumplan las especificaciones y que sean fiables. 28 . Previene virtualmente que todos loc códigos maliciosos conocidos accedan a tu red y evita su propagación. Es un módulo de servicio incluido para las aplicaciones de la serie Cisco ASA 5500. CSC-SSM Content Security Control y Security identificar. Cisco Security MARS: El sistema de Seguridad. firewalls. aislar y contrarrestar las amenazas Services Module de seguridad. Se trata de un conjunto de tecnologías y soluciones diseñado por iniciativa de Cisco Systems que utiliza la infraestructura de red para asegurar el cumplimiento de las normas de seguridad en todos los dispositivos que intentan acceder a los recursos de procesamiento de la red. VPN y normas de remoto a la red.

La tecnología del dispositivo NAC. basada en la línea de productos de Cisco Clean Access. El servicio le proporciona todo lo necesario para brindar la información de la red y el mantenimiento tradicional. 2. la red proactiva satisface las necesidades de los clientes de las pequeñas y medianas empresas y permite que su empresa se destaque en el mercado comercial. A través de la tecnología NAC Framework. que integra una infraestructura de red inteligente con soluciones de más de 60 fabricantes de antivirus conocidos y otras soluciones de software de gestión y seguridad. mediante el programa de control de admisión a la red Cisco. las herramientas técnicas y la infraestructura de servicio de redes de Cisco. 29 . que mejora el potencial de la empresa y maximiza la satisfacción del cliente. SMARTnet complementa a los servicios autogestionados y proporciona una valiosa fuente de consejos sobre productos y configuración durante toda la vida útil del producto. Cisco SMARTnet: Una solución de ayuda.El Control de admisión se realiza a través de: 1. las metodologías. Como recurso técnico. guía y soporte técnico completo. Cisco Smart Care Cisco Smart Care Service es una plataforma única de servicios colaborativos con la que los socios certificados de Cisco podrán crear nuevos servicios para sus clientes a partir del conocimiento.

monitorización. informes extensos y análisis forenses. HIPAA.Enterprise Security Analyzer (NSA) Preguntas importantes: ■ ¿Necesitas inteligencia de seguridad en tiempo real para detectar y comprender el comportamiento de virus y piratas informáticos? 30 . monitorización en tiempo real y análisis de correlación. servidores y aplicaciones analíticas y gestión de soluciones que aportan recopilación. Descripción de la solución: eIQnetworks es un proveedor multinacional de las soluciones más completas y económicas de la industria en lo referente a Información de seguridad y gestión de eventos (SIEM). eIQ ayuda a los profesionales de seguridad que trabajan con plataformas Cisco a profundizar en los conocimientos de seguridad en tiempo real. GLBA y FISMA. normalización. Gama de productos: . alertas y reportes del sistema a tiempo real y sucesos de seguridad a través de toda la infraestructura corporativa de TI. Las soluciones eIQnetworks incluyen todos los componentes esenciales para la gestión durante el tiempo de vida útil de auditorias de conformidad. y proporciona gestión de entradas centralizada.Network Security Analyzer (NSA) . para cumplir los requisitos de seguridad de SOX.Guía de ventas: eIQnetwork eIQnetworks aporta una guía de seguridad de red para las empresas.

■ ¿Necesitas correlacionar tus eventos de seguridad entre distintos dispositivos y hosts para detectar posibles ataques y eventos sospechosos dentro de la red? ■ ¿Deseas una solución que proporcione información útil y relevante extraída de archivos log e información procedente de distintos dispositivos de red? ■ ¿Necesitas comprender los patrones de ataque a la red de los piratas e intrusos en la red. ■ Soporte de firewalls de múltiples fabricantes: Soporta los firewall y productos VPN más utilizados como los de Cisco. incluyendo routers. firewalls. ■ ¿Cuál es la ventaja para la empresa? Las soluciones eIQ proporcionan a los administradores de red y profesionales de seguridad una visión importante de las estadísticas de seguridad y sus tendencias. ■ Escalabilidad: Las soluciones son escalables hasta niveles de millones de eventos de seguridad diarios en cientos de dispositivos. Mercados objetivo: Las soluciones de eIQnetworks son ideales para cualquier compañía. cache o streaming? Beneficios: ■ Operaciones de seguridad mejoradas: Detecta rápidamente las violaciones potenciales de seguridad y los virus antes de que ataquen la infraestructura IT. minimiza falsos positivos y proporciona pistas de auditoria para cumplir las especificaciones de seguridad. servidores de proxy. ■ Informes completos y valiosos: Genera informes para analizar y monitorizar la actividad crítica en ataques a firewall. switches. switches. uso de ancho de banda. actividad de los usuarios y mucho más. FTP. Cosas que deben saberse: ■ ¿Cuál es la ventaja de eIQnetworks? Como proveedor líder de soluciones SIEM. ■ Plataforma unificada: Monitorización de eventos centralizada. de los virus y otros a lo largo de toda la red para reducir el tiempo de respuesta ante incidentes? ■ ¿Necesitas ayuda para la resolución de problemas en cuanto aparezcan? ■ ¿Quieres una solución que sirva para múltiples cortafuegos y dispositivos VPN? ■ ¿Deseas poder analizar archivos log desde servicios web como HTTP. soporte multiplataforma: Independientemente de la plataforma se instala fácilmente en entornos que funcionan con Microsoft Windows. ■ Fácil configuración. VPN. organización o instalación que necesite mejorar la gestión de su infraestructura de TI. incluyendo firewall Cisco PIX. concentradores Cisco VPN y Cisco IDS/IPS. para integrarse con infraestructuras de empresas heterogéneas y complejas. ■ Acceso remoto: Acceso y gestión en cualquier momento y en cualquier lugar. informes y gestión de entradas en la red para todo tipo de activos de seguridad. routers Cisco IOS. compatible con Cisco. que afectan al marco de la seguridad de la organización. Los mercados clave abarcan: ■ Gestión de la seguridad de red de la empresa: Proporciona información de seguridad avanzada y gestión de eventos (SIEM) en todos los dispositivos de red. IDS/IPS y sistemas de seguridad web de múltiples proveedores. lo que facilita la protección de las aplicaciones esenciales. Proxy. 31 . eIQnetworks ofrece un firewall basado en un navegador. visitas a páginas web. y un análisis de seguridad para usuarios con múltiples plataformas Cisco.

Sarbanes-Oxley. alertas correlacionadas. informes y análisis forense de seguridad para una gran cantidad de herramientas de monitorización de dispositivos de red. GLBA y FISMA. ■ Servicios Web: Obtén una visión más completa del contenido consultado por los visitantes. 32 . gestión de entradas centralizada. Network Security Analyzer (NSA): NSA proporciona un SIEM avanzado a lo largo de todos los dispositivos de red que afectan al marco de seguridad de la organización. alertas correlacionadas. Todo en una única solución. NSA incluye gestión de entradas centralizada. informe y alerta para HIPAA. El analizador de seguridad de red puede ir desde un único dispositivo de firewall hasta una infraestructura de seguridad distribuida por toda la empresa.PowerDsine – Alimentación sobre Ethernet Descripción general de los productos: Enterprise Security Analyzer (ESA): ESA incorpora una tecnología sin agentes y es la primera solución SIEM (Información de seguridad y gestión de eventos) que proporciona visualización de amenazas. monitorización continua y en tiempo real. Productos complementarios: . informes y análisis forenses. monitorización continua y en tiempo real. y así cumplir los estrictos requisitos de regulación gubernamentales. ■ Gobierno: Las soluciones eIQ proporcionan las funciones y la escalabilidad necesarias para cumplir las necesidades de monitorización e informe de seguridad de los organismos públicos en diversos lugares conectados por redes públicas y privadas.■ Conformidad: Cumple las demandas de monitorización.Cisco – Soluciones de Seguridad y Switching . con un proceso de auditoria de seguridad efectivo. basada en los parámetros utilizados durante la interacción del visitante con sitios web locales y remotos.

Familia 7001G . . puntos de acceso y otros aparatos como cámaras IP. Gama de productos: . configuración o pérdida de tiempo.Familia 6500. .Separadores (Splitters). . . .Familia 8000 .Familia 6000G.Familia 7000G.Familia 3000 Midspams. Descripción de la solución: Las soluciones de alimentación por Ethernet de PowerDsine eliminan la necesidad de alimentación adicional y el coste adicional de recurrir a electricistas para su instalación. Como dispositivo “plug and play”. .Familia 6000.Guía de ventas: PowerDsine Integración de datos. voz y fuerza en Ehternet permite una instalación más económica de teléfonos IP. la instalación del Midspan PoE de PowerDsine no requiere ajustes.Familia 3500. 33 .

La tecnología PowerDsine ya ha sido adoptada por la mayoría de los proveedores de dispositivos LAN y gigantes de las comunicaciones como Cisco. dispositivos de control de acceso. ■ Vigilancia: Permite la instalación de cámaras de red donde sean más efectivas. 34 . Dicha capacidad aumenta la fiabilidad del servicio de telefonía IP. configuración. para que las empresas distribuyan la alimentación de reserva sobre teléfonos VoIP.Preguntas importantes: ■ ¿Necesitas una solución altamente escalable para ayudar a tu empresa en el crecimiento y despliegue de soluciones VoIP y WLAN convergentes y económicas? ■ ¿Deseas una solución que pueda detectar todos los terminales con alimentación por LAN Ethernet y proporcione alimentación inmediatamente. ■ Simplifica la instalación: Sólo se necesita un conjunto de cables para cada terminación de alimentación PoE. lo que reduce el número de cámaras y los costes de la vigilancia. sensores de humos y alarmas y monitorización remota de imagen y sonido se beneficiarán de la tecnología de alimentación por Ethernet. Cosas que deben saberse: ■ ¿Cuál es la ventaja de PowerDsine? PowerDsine es pionero dentro del creciente mercado de alimentación por Ethernet (PoE). Mercados objetivo: Prácticamente cualquier organización con un soporte de red Ethernet o que instale una solución de telefonía IP.3af para la facilitación de alimentación por cables Ethernet estándar. que permite alimentar dispositivos sobre el mismo cable sobre el que se transmiten los datos de red. y domina el mercado proporcionando sus propias soluciones incorporadas de alimentación por Ethernet. cámaras de seguridad en red y dispositivos de control de acceso. ordenadores portátiles. monitorización y control de forma sencilla? Beneficios: ■ Soluciones escalables: PowerDsine proporciona soluciones óptimas para aplicaciones de tipo WLAN. ahorra espacio y mejora la seguridad. como cámaras de red. Esta empresa impulsó el estándar IEEE 802. cuando las aplicaciones del terminal estén listas para admitir alimentación? ■ ¿Necesitas una solución PoE que esté disponible para la alimentación de entradas? ■ ¿Deseas funciones de gestión de los dispositivos de alimentación por Ethernet que permitan supervisión. ■ Capacidad de gestión avanzada: La infraestructura de gestión de red SNMP se puede utilizar para monitorizar y controlar los terminales PoE así como para la transmisión de datos desde y hacia los terminales alimentados por PoE. y no donde lo permitan las conexiones y enchufes de alimentación AC. lo que simplifica la instalación. los Midspans PoE de PowerDsine PoE proporcionan una solución de coste ajustado. ■ Reducción de costes Las soluciones PowerDsine PoE ahorran más de 1. VoIP. PDA. ■ ¿Cuál es la ventaja para las empresas? Muchas otras aplicaciones LAN. y más específicamente: ■ VoIP corporativo: Mediante el despliegue de UPS centralizadas.000 Euros en una instalación típica inalámbrica LAN eliminando los costes de mano de obra para instalar conexiones de alimentación AC.

así como otro tipo de instalaciones PoE de baja densidad de puertos. puntos de acceso WLAN y cámaras de vídeo de red IP.Soluciones de seguridad y VPN de Cisco. segura.3af. configuración o pérdida de tiempo. económica y fiable para pequeñas y medianas empresas. y proporcionan capacidades de gestión de alimentación remota avanzada. Serie PowerDsine 3012/3006/3001: La serie PowerDsine PoE 3000 Midspan ofrece una solución totalmente compatible con IEEE 802. La familia PowerDsine Midspan 6000G es el primera Midspan en proporcionar alimentación para dispositivos Gigabit Ethernet como teléfonos IP. .■ Accesos para clientes de hoteles: El acceso a Internet y las redes inalámbricas proporcionan a los hoteles una ventaja competitiva considerable. Hoy en día. de la misma manera que se espera encontrar un teléfono. 35 . proporcionan alimentación segura vía la infraestructura de cableado Ethernet para dispositivos alimentados. Proporciona alimentación y datos sobre un cableado Ethernet estándar a 24.3af. 12 y 24 puertos. . Dichos Midspan ofrecen una protección de la inversión a largo plazo.Soluciones IP de Routing y de Switching de Cisco (Cisco IP Routing and Switching Solutions). 12 o 6 terminales remotos de forma simultánea. que cumplen el estándar IEE 802. teléfonos VoIP. la mayoría de empresarios que hacen uso de hoteles esperan encontrar puntos de acceso a Internet en su habitación. Descripción general de los productos: Los Midspans PoE de PowerDsine. como puntos de acceso WLAN. compacta y de coste ajustado.Soluciones IPELA de vigilancia y monitorización por IP de Sony (Sony IPELA IP Surveillance and Monitoring Solutions). la instalación del PowerDsine PoE Midspan no requiere ajustes. Serie PowerDsine 6024G/6012G/6006G: La familia PowerDsine Midspan Gigabit proporciona alimentación segura sobre el cableado estándar Ethernet para dispositivos ya existentes 10/100/1000BASE-T y para nuevos dispositivos Gigabit. para la alimentación remota de puntos de acceso de LAN inalámbrica (WLAN). como navegación Web y soporte de Base de Información de Gestión (MIB) para Protocolo de Gestión de Red Simple (SNMP). Los inyectores de la serie Midspan 6000 se pueden montar en rack de 19 pulgadas.La línea de productos completa incluye unidades de 6. Productos complementarios: . Serie PowerDsine 6024/6012/6006: La serie PoE 6000 Midspan es el buque insignia de PowerDsine y está en conformidad con el estándar IEEE 802. Como dispositivo “Plug and play”. dando soporte a dispositivos existentes 10/100BASE-T y asegurando al mismo tiempo el soporte a futuros dispositivos 1000BASE-T. La familia 3000 proporciona una solución de alimentación compacta.3af PoE. La tecnología PoE permite que la alimentación eléctrica se pueda transportar al mismo tiempo que los datos sobre cables Ethernet estándar y elimina la necesidad de colocar enchufes de alimentación AC cerca de los concentradores inalámbricos. y cámaras de vigilancia IP.

cámaras web. vídeo telefonía IP y Wireless Access Points. La familia 8000 High-Power Midspan elimina la necesidad de alimentación externa y su cableado AC/DC. de una unidad. PowerDsine Splitters: Los separadores de PowerDsine de alimentación por Ethernet permiten una fácil integración de la tecnología de alimentación por Ethernet para equipos previamente existentes. Mediante la conexión de dispositivos como puntos de acceso de LAN inalámbrica. o conjuntos de teléfonos IP. los clientes pueden proporcionar alimentación remota a su infraestructura existente sin realizar ningún tipo de modificaciones en los puntos terminales. a la vez que proporciona un medio seguro y fiable de alimentación para dispositivos Ethernet de alto consumo como cámaras de red Pan-Tilt-Zoom y puntos de acceso WLAN multicanal. Serie 7000 de PowerDsine: Destacada por proveer soluciones de High Power 32W para Cámaras Pan-Tilt-Zoom (PTZ) WLAN 802. transmisores WiMAX. Serie PowerDsine 8012/8006/8001: La serie PowerDsine 8000 High-Power Midspan proporciona hasta 39W de potencia sobre cableado estándar Ethernet en terminales de alto consumo. y ofrece un sistema revolucionario que proporciona una doble densidad de puertos en un rack de 19 pulgadas. El PowerDsine Midspan 6548 es la solución óptima para alimentar teléfonos IP en grandes instalaciones.3.11. sin reemplazar los switches Ethernet existentes. puntos de ventas. así como para dispositivos de estándar 802.Serie PowerDsine 6548: El PowerDsine PoE Midspan 6548 de 48 puertos proporciona alimentación segura sobre cableado Ethernet estándar a 48 terminales de forma simultánea. 36 . equipos dependientes.

Sistemas basados en IP presentan un caso atractivo de negocio como una alternativa a las soluciones tradicionales CCTV. comunicaciones y tecnología de la información para el cliente final y mercados profesionales. Sony es el fabricante líder de productos de audio. Descripción de la solución: Como muchos de los negocios e instituciones ya cuentan con una red IP de alta velocidad. 37 . ofreciendo un almacenaje escalable. menores costes de instalación y control basados en cámaras IP desde cualquier lugar. añadiendo el sistema de video vigilancia IP simplemente palanca la misma infraestructura para incluir la videofuncionalidad.Guía de ventas: Sony Sony ofrece la solución completa para Videovigilancia en red. video. Incluyendo una extensa gama de cámaras IP y software de gestión.

Un servidor ■ ¿Deseas un sistema que cuyas características con una aplicación de software puede operar un puedan ser actualizadas para reflejar nuevos sistema completo. rápida y por menos dinero. locaciones. de forma simple y con un coste Ethernet para ahorrar tiempo y dinero.Rango de productos: . .. condiciones de luz delicadas? ■ Menor coste total de propiedad: Las imágenes ■ ¿Deseas un sistema de vigilancia y monitoreo son almacenadas en los discos duros de los que es intrínsicamente más confiable que una ordenadores. cajeros automáticos.Video Grabadoras. regional o local para desarrollo de un sistema de video monitorizado lugares potenciales de problemas como. parques. ■ Gobierno: Con el uso del video monitorizado IP.Aplicaciones de Gestion de Vigilancia.Camaras IP. generando una solución más grabación de video análoga? económica y nítida que un VCR u otras opciones más obsoletas. y vigilancia IP? ■ Gestión de controles centralizada y distribuida ■ ¿Deseas una solución IP de vigilancia que para que los usuarios puedan configurar el pueda encontrar cualquier requerimiento? sistema de la manera en que deseen. manipulación permita que las imágenes sean de calidad de alarmas. Combinar su pueden fácilmente gestionar múltiples experiencia y calidad demostrada en servidores. los estudiantes. entre otras para la resolución de pequeños detalles bajo características. Cosas a conocer: Mercados objetivos: ¿Qué es el Sony Advantage? Sony cuenta con una larga historia como líder en la industria en ■ Financieros: Las instituciones financieras ofrecer sistemas de audio y video. por IP sin comparación. Beneficios: ■ Infraestructura IP: Todas las cámaras se conectan a la red mediante una infraestructura IP existente. los organismos públicos pueden manejar múltiples zonas de forma fácil como la ciudad. incrementa la seguridad de optima. sellado de tiempo. detección ■ ¿Deseas una solución de vigilancia que te de movimiento en tiempo real. desarrollos a un coste incremental en lugar de ■ Características de vigilancia avanzada: Las requerir un reemplazo de hardware? cámaras incluyen Pan/Tilt/Zoom. 38 . . mediante la administración y almacenaje y tecnologías de software. te lleva al monitorizado central. Preguntas a realizar: ■ Acceso en tiempo real: Los clientes pueden acceder al video en tiempo real desde cualquier ■ ¿Deseas desplegar y una solución de monitoreo ordenador vía LAN o Internet. ¿Cuál es la ventaja de Negocio? El sistema de monitorizado IP de Sony ofrece una solución ■ Educación: El video monitorizado IP ayuda en de seguridad “todo en uno” que le permite a al reducción de daño de la propiedad escolar y. cortes o intersecciones de tráficos. ejemplo. las organizaciones estar funcionando de forma lo más importante.

Provee una presentación interactiva del sistema completo de vigilancia y monitoreo. estaciones de trenes. Productos complementarios: . paradas de autobuses y paradas de taxi. . que incluyen cámaras. funcionando en redes IP. gestión y monitoreo remoto y grabación. Software de gestión de la red de video: La gestión de software ofrece la perfecta solución para pequeños y medianos negocios y utilizar monitorizado de clase de IP. 39 .■ Industria: El video monitorizado IP ha sido utilizado para enfocar puntos críticos de la línea de producción. las cuales generan imágenes de alta calidad que pueden ser acercadas.Soluciones Cisco Wireless.APC – Power Protection.Soluciones Cisco de Seguridad y VPN. grabadoras de videos de red. ahorrando tiempo y dinero. . servidores. ■ Retail: El video monitorizado IP aumenta la seguridad para ayudar a reducir daños y robos por medio de la captura de incidentes en el lugar de trabajo.Soluciones Cisco IP Routing y Switching. almacenaje. . El software de clientes opcionales permite monitorizar un número ilimitado de sites y cámaras. que toman el monitorizado remoto y las aplicaciones generales de IT a otro nivel. grabadas e impresas desde cualquier parte del mundo. evitar problemas. aumentar la productividad. actividades o fraudes. captura digital de video. visibilidad en tiempo real. mientras el cliente RSM Web permite monitorizar desde cualquier PC en la red. ■ Transporte: Monitorea el tráfico de manera efectiva en aeropuertos. . el sistema puede ser integrado de manera simple en una red existente. identificar puntos problemáticos o potencialmente problemáticos antes de que ocurra algún incidente. El video monitorizado Sony IP utiliza cámaras construidas con servidores web y puertos Ethernet. Resumen de producto: Sony lo ha hecho más fácil al desplegar una solución IP que provee monitorizado y vigilancia. ect.PowerDsine – PoE. Funcionando sobre una infraestructura IP. Sony es el líder en el desarrollo de tecnologías avanzadas. Camaras IP: Sony provee de cámaras de seguridad de redes de alta calidad.

Rangos de Productos: . spams y otros códigos maliciosos? ¿Buscas un antivirus que te permita la búsqueda precisa en tus servidores al igual que su detección y eliminación de virus de archivos antes de que alcance al usuario final? ¿Deseas integrar un antivirus inteligente Trend Micro. servicios y capas de redes. Preguntas a realizar: ¿Estas buscando una solución que proteja las redes de tu empresa de virus. gusanos. troyanos.Cisco Solutions (ASA5500).Guía de ventas: Trend Micro Trend Micro es el fabricante líder en seguridad. que gestione el contenido de seguridad de internet y mejore el despliegue de seguridad de tu Cisco ASA 5500? 40 . Desde la prevención de vulnerabilidades hasta la prevención de códigos maliciosos y su eliminación. gestión y prevención proactiva de contenidos maliciosos en software. hackers y virus de redes? ¿Estas buscando una solución para tu empresa que proteja a tus clientes y sus servidores con un potente sistema de detección de spyware soportado por una verdadera empresa de seguridad? ¿Deseas centralizar la gestión de brotes maliciosos? ¿Deseas una solución que entregue suites totalmente integradas y que brinde una defensa contra virus.

■ Seguridad Plug & Play: Las aplicaciones de seguridad de Trend Micro están optimizadas para un rápido despliegue menor complejidad para reducir el coste total de las operaciones. ■ ¿Cuál es la ventaja de negocio de Trend Micro? El acercamiento innovador de Trend Micro ofrece una protección contra virus. software o servicios. ■ Protección inteligente del servidor: Ofrece una protección inteligente en tiempo real a la empresa. incluyendo portales y cajeros automáticos. servidores de archivos y previene del incremento de malware en las salidas internas o externas. bloquea los correos inapropiados al igual que sus datos adjuntos y protege contra ataques de virus. contenido inapropiado. incluso en ambientes con presupuesto limitado. actuando de forma centralizada y enfocado a proactivamente gestionar brotes. ■ Gestión centralizada: Facilita la administración y despliegue. spam u otros códigos malignos. troyanos. Mercados Objetivos: ■ Salud: TrendMicro Enterprise Protection Strategy monitorea de manera precisa la información los sistemas y redes de salud detectando amenazas en tiempo real en cada uno de los extremos evitando la interrupción de sistemas y la infracción en la política de seguridad. spam. ■ Suites de seguridad escalables: Suites integradas que proveen una defensa en diferentes capas contra virus. mientras que una consola basada en gestión web. portátiles y servidores de red. ■ Pasarelas de seguridad (Security Gateways): Provee la opción a los clientes de elegir entre diferentes opciones de hardware. ■ Servicios financieros: TrendMicro Enterprise Protection es una plataforma altamente integrada y gestionada centralmente desde una plataforma que permite la inter-colaboración de productos para proteger cada extremo de red. ■ Seguridad móvil: Protege los dispositivos móviles contra amenazas de virus y mensajes spam vía SMS. 41 . a sus servidores de red. Estas soluciones están integradas en productos de forma central para proteger cada punto de acceso de la empresa. hace más fácil coordinar la política de seguridad y desplegar actualizaciones automáticas en cada cliente y cada servidor. ■ Gobierno: Las soluciones TrendMicro proporcionan las funciones y la escalabilidad necesarias para cumplir las necesidades de monitorización e informe de seguridad de los organismos públicos en diversos lugares conectados por redes públicas y privadas. etc. ■ Seguridad en tiempo real: Protege la propiedad intelectual e información confidencial. gusanos. El resultado es un sistema que protege la red de la empresa mientras provee un fuerte retorno de la inversión. ■ Soluciones integradas: Protege equipos de sobremesa.Beneficios: ■ Estrategia de protección de empresa: Provee soluciones integradas. Cosas a conocer: ■ ¿Cuál es la ventaja de TrendMicro? TrendMicro está enfocado en la prevención de invasiones maliciosas proveyendo continuamente a los clientes nuevos acercamientos para gestionar y asegurar la red contra el ciclo de vida de los códigos maliciosos y el impacto de los gusanos y virus que amenazan la productividad y la información. gestionadas centralmente e innovadoras que supervisan las redes de clientes y detecta de manera precisa amenazas desconocidas en tiempo real permitiendo la colaboración para proteger cada salida .

previniendo que estas amenazas accedan a tu red. basada en la estrategia de TrendMicro™ Enterprise Protection supervisa los sistemas de información y redes de forma adecuada detectando amenazas conocidas o desconocidas en tiempo real. 42 . bloqueo y filtro de las URLs y servicio de filtro de contenidos TrendMicro. bloqueo de archivos. antiphising.■ Proveedores de servicios: Trend Micro combina múltiples capas de productos y servicios para una protección inteligente contra amenazas desconocidas. antispam. La serie Cisco ASA 5500 envía datos a través de CSC-SSM y cualquier contenido sospechoso o no autorizado es removido de manera periódica. Descripción de producto: Soluciones de Cisco: CSC-SSM combina las mejores características y rendimientos en el mercado de la seguridad y VPN para la PyME o aplicaciones Enterprise. El CSC-SSM recibe en tiempo real inteligencia antiamenazas para ayudar a asegurar que los clientes se mantienen protegidos de contenido malicioso. antiphishing. antispyware. bloqueo y filtrado de URL basado en la tecnología desarrollada por Trend Micro. Provee una prevención universal contra amenzas y control de contenido en la red. antispam. Esta disponibilidad de seguridad. El modulo provee a los clientes de Cisco ASA la flexibilidad de defenderse contra amenazas impredecibles y complejas gestionado por una sola aplicación. ofreciendo antispyware. Incrementa la protección y el control de los contenidos mediante aplicaciones inteligente que te provendrán de antivirus.

Rápida instalación (15 minutos) . Este rastreo proactivo de amenazas 24X7 es combinado con ordenadores de algoritmos mas avanzados en cuanto a antispam para una protección máxima. El IronPort Blocker es automático y se autogestiona. El éxito de IronPort se debe a su enfoque en tecnologías únicas. . El IronPort Blocker es la única herramienta para la PYME que incluye actualizaciones en tiempo real enviadas de manera directa y automática en tus aplicaciones desde especialistas entrenados en seguridad desde el Centro de Operaciones de Amenazas IronPort. 43 . IronPort “Blocker” es construido con la misma tecnología anti-spam y que protege a las redes más exigentes en grandes corporaciones.Bloqueo de Spam con un 98% de precisión. IPS y agencias gubernamentales a nivel mundial. La instalación inicial toma menos de 15 minutos. previene que spam y accedan tu bandeja de entrada. Para complementar estas tecnologías.No requiere administración para realizar actualizaciones automáticas de spam Interface web permite fácil configuración para personalizar políticas. Esta combinación de tecnología propia y la sociedad con los mejores en la industria permite a IronPort ofrecer la visión de seguridad total en mensajería lo más rápido y eficiente posible. es una edición especial. IronPort ha desarrollado fuertes coaliciones en la industria. . . para aplicaciones de seguridad de emails. Fácil de Utilizar – Instálalo y Olvídate La innovación y tecnología de IronPort provee la manera más fácil de implementar la más poderosa tecnología en seguridad. El IronPort Blocker escanea el trafico de correos electrónicos que acceden a tu organización.IronPort Las grandes compañías frecuentemente se definen no por lo que hacen.Mas bajo falsos positivos de spam en la industria 1 en 1 millón El IronPort Spam y Blocker. Características del Producto. sino por lo que no hacen.

Promociones ¿Cómo funciona? Programa Incentivo de Oportunidades de Los partners registrados ‘Registered’ o ‘Certified’ pueden visualizar clientes potenciales y Cisco (OIP) oportunidades de ventas que hayan desarrollado El ‘OIP’. El programa ‘SIP’ de Cisco se basa en la premisa de que los clientes adquieren soluciones que les ayuden a solucionar sus desafíos de negocio. con tecnologías Cisco. Objetivos del Programa: En un plazo de 90 días a partir de la aprobación. de Cisco. ■ Incrementar la cuota de mercado de Cisco en de similares ventajas. Programa de incentivo de soluciones (SIP) Cuentas seleccionables: ■ Cuentas comerciales son nombradas. Esto puede facilitar una vía de ingresos a los desarrolladores de aplicaciones. ■ Proteger al partner que ha invertido en ganado el acuerdo según los criterios OIP. Programa Incentivo de Oportunidades y en que hayan invertido recursos pre-ventas. mercados emergentes. ■ OIP está disponible para todas las categorías de Partner. premia a los partners de canal con Un proceso de aprobación confirmará si la descuentos de hasta un 6% para que detecten. inscripción de un nuevo cliente de Cisco es desarrollen y ganen nuevas oportunidades de correcta. Promoción Si la solicitud de inscripción es aprobada. ■ Aumentar la rentabilidad del partner de canal. o de terceros. en el canal de Cisco. para desarrollar una práctica de soluciones que sea cualificada para el programa. siempre que el partner haya con nuevos clientes. negocio en cuentas comerciales. entonces el partner será autorizado con un válida hasta el 31 de diciembre 2008. ■ Generar nuevos incrementos de negocio Cisco el partner puede reclamar su descuento en la herramienta OIP. de negocios con su cliente. 44 . alcanzando el estatus de ‘precalificado para SIP’ (‘pre-qualified for SIP’). entonces el partner ■ Apoyar el modelo de valor del partner de puede registrar estas oportunidades de forma continuada (hasta un máximo de 2) y disfrutar canal. ■ Acuerdos no pronosticados de las cuentas comerciales nombradas. descuento hasta el 6% sobre la GPL de Cisco. SIP premia a los partners que invierten en el desarrollo y venta de soluciones que integran aplicaciones y servicios propietarios. ■ OIP se puede combinar con la mayoría de programas y promociones. Los desarrolladores de aplicaciones empresariales también se pueden beneficiar del programa. En caso de que el partner detecte más oportunidades desarrollo pre-ventas.

Los objetivos del programa son: ■ Aumentar ingresos. incrementando la rentabilidad de los partners con mayor valor añadido. ■ Material de Marketing. ■ Acceso a áreas restringidas de la Web mediante password. Beneficios: Obtén un 5% de descuento en PowerDsine: Al registrar tus operaciones en la herramienta PowerDsine Design Registration durante el mes de diciembre obtendrás un 5% de descuento. ■ Permite a los partners distinguir su valor de otros partners. ■ Apoyar el modelo de valor del partner. Subes a la herramienta las operaciones que tengas con alguno de los siguientes Midspan: ■ Ventaja financiera para partners que inviertan en soluciones que incluyan productos Cisco. para distribuidores que integren las soluciones de Cisco en su proceso de negociación. SIP premia especialmente a los partners que inviertan en el desarrollo de aplicaciones completas que integren tecnologías Cisco. 45 . ■ Animar la comunicación temprana con el personal de campo de Cisco. ■ Inclusión de casos prácticos de PoweDsine. ■ Formación Técnica y comercial. Este programa a su vez ofrece soportes e incentivos como: ■ Descuentos Adicionales. ■ Aumentar la relevancia empresarial de la red. ■ Protege las inversiones en soluciones y el valor entregado a los clientes.Objetivos del programa: SIP completa el catálogo Cisco de incentivos diseñado para ofrecer una respuesta a los objetivos estratégicos del canal. ■ Proporcionar protección de acuerdos y oportunidades para la rentabilidad del partner. ■ Incrementar la rentabilidad del partner. ■ Acceso a programas de leads. ■ Aumentar los ingresos del partner con oportunidades en servicios de valor añadido.

■ Retomar antiguas relaciones y clientes. implantando soluciones de seguridad.Cisco Fast Track: Existen actualmente más de 130 promociones activas para Fast Track. Vigentes a fecha de impresión. sino que también. Cisco “Migration PIX to ASA”: Hasta el 24 de enero del 2009. * Estas promociones incluidas a modo de ejemplo. Así que. 46 . Contacta con tu comercial Comstor paras informarte sobre las promociones en seguridad vigentes. Esta promoción te permitirá: ■ Reducir tus inversiones en el desarrollo de la seguridad de tus clientes. no sólo puedes encontrar productos Fundation. Security (incluyendo los nuevos ASA) y Unified Communications (Bundles con el CallManager Express). ¡atento a las últimas actualizaciones disponibles! Estas promociones te dan acceso a un amplio abanico de posibilidades perfectamente accesible para la pequeña y mediana empresa. ■ Posicionarte como un partner de valor. y Cisco está incorporando otras nuevas o cambiando los descuentos por otros de mayor interés para tu futuro. Además. puedes encontrar: Wireless (Series Aironet). podrás benefíciate de la promoción “Migration PIX to ASA” con hasta un 15% de descuento al cabiar los antiguos dispositivos PIX por los dipositivos de seguridad Cisco ASA.

Glosario de Términos 47 .

conexión y logging a sistemas de usuarios.Autoridad Certificada Una entidad de confianza para asignar certificados digitales. Asignación de Cuentas: Proceso por el cual alguien establece quien y que puede desempeñar una acción. Authorisation and Accounting) . Attack Signature – Firma Ataque AAA (Athentication. procesos y otros sistemas en la red.Access Control – Control de Acceso Limitando el flujo de datos desde recursos de un sistema para sólo autorizar personas. como rastreo de datos de usuarios. un servidor. AES cuenta con una clave de longitud variable. sistemas o programas. Autorización: El significado de permitir acceso a los derechos de red a un usuario o grupo de usuarios. Un mensaje firmado digitalmente con una clave privada de una tercera parte segura (ver autoridad certificada). El algoritmo puede especificar una clave de 128 bits. de esta manera avala la identidad de otros usuarios autorizados. switch o router. Buffer Overrun Condición que resulta de agregar mas información de la que puede soportar un buffer. Certificate Authority . declarando que una clave especifica publica pertenece a alguien o algo con un nombre especifico y atributos establecidos. 192 bits o una clave de 256 bits. Anti-Virus Un mecanismo que provee la detección y eliminación de virus en un disco local o en archivos mientras se transfiere a las redes. 48 . Certificar Sistema que marca actividades malignas en la red. examinándola cuidadosamente para verificar si cuenta con patrones de logaritmos similares. Advance Ecryption Standard (AES) Ha sido desarrollado para reemplazar el estándar de encriptado de datos. programas. Autenticación: Acto de validar la identidad de un usuario final o un dispositivo como un host.

Encriptar Conversión de datos en un código secreto de transmisión sobre una red insegura. Denial of Service Attack – Ataque de Negación de Servicios (DoS) Ataque a la red con el propósito de aplastar el objetivo con información errónea para prevenir que intentos de conexión legítimos tengan éxito. Context – Based Access Control (CBAC) Demilitarised Zone – Zona Desmilitarizada (DMZ) Una red localizada fuera de la red de seguridad confiable pero protegida de redes inseguras. Sistema de gestión pública basado en claves. Crackers Estos acceden o violan el sistema integral de las maquinas remotas con intentos maliciosos. como Internet por medio de pasarelas de firewalls. (Ver Hackers) Cryptographic Key – Clave Criptográfica Código digital que puede ser utilizado para encriptar. Digital Signature – Firma Digital Hilo de bits adjuntos a un mensaje electrónico (hash encriptado) que provee autorización e integridad de datos.Challenge Handshake Authentication Protocol (CHAP) Protocolo de autenticación que previene el acceso no autorizado. Diffie Hellman Esta característica construida dentro del software Cisco IOS permite un paquete de sesión avanzado de filtro de todo trafico enrutable. Computer Emergency Response Team (CERT) Una organización formal de de administración de sistemas cuyos miembros proveen servicios que se enfocan a incidencias relacionadas a la seguridad de la red y los ordenadores. Tribal Flood Network y Pin de la Muerte. Ejemplo de ataques DoS son SYN Flood. que permite a dos usuarios o dispositivos de red intercambiar claves públicas sobre un medio inseguro. Data Encryption Standard (DES) Algoritmo de encriptado es un block cifrado de 64 bits que se utiliza por su velocidad. CHAP autentiza e identifica el punto remoto. 49 . desencriptar y firmar información. Criptografía Ciencia de escribir y leer mensajes codificados.

seguridad. tales como transporte. independientemente que el router principal este disponible. Host Dispositivo final conectado a la red. Es una institución formada básicamente por técnicos en Internet e informática cuya misión es velar porque la arquitectura de la red y los protocolos técnicos que unen a millones de usuarios de todo el mundo funcionen correctamente. Hackers Intensamente interesados en las complejidades de tus servidores. encaminamiento. como dirección de recursos y dirección de destinos o protocolos. Fue creada en EE. actuando en diversas áreas. o de Script Kiddies que usan herramientas automáticas. Generalmente con objetivos malintencionados. en 1986. Internet Security Association and Key Management Protocol (ISAKMP) Protocolo utilizado en el marco de IPsec para autenticar entidades. Internet Protocol – Protocolo de Internet Es un protocolo no orientado a conexión usado tanto por el origen como por el destino para la comunicación de datos a través de una red de paquetes conmutados. Generic Router Encapsulation (GRE) Protocolo de tunelado desarrollado por Cisco que puede encapsular una amplia variedad de tipos de protocolos dentro de túneles IP. UU. Programa usado para detectar accesos desautorizados a un computador o a una red. Estos accesos pueden ser ataques de habilidosos hackers. Host Standby Router Protocol (HSRP) Ofrece una forma para que las estaciones de trabajo se mantengan comunicando en la red. Intrusion Detection System . creando un link virtual punto a punto con los routers Cisco en un punto remoto sobre la red. Determinación y reenvío o descarga de tráfico basado en el criterio establecido. 50 .Filtering – Filtrado Proceso de seleccionar el tráfico de red para ciertas características. Es la organización que se considera con más autoridad para establecer modificaciones de los parámetros técnicos bajo los que funciona la red. Internet Engineering Task Force (IETF) Grupo de Trabajo en Ingeniería de Internet Tiene como objetivos el contribuir a la ingeniería de Internet.Sistema de detección de intrusos (IDS). redes y las de tus clientes. así como para establecer y gestionar asociaciones de seguridad Intrusion Detection y Prevention (IDP) Es una combinación de detección de intrusos y prevención de intrusos.

como ataques negación de servicios (DoS). 51 . Network Admision Control (NAC) Diseñado por Cisco para establecer túneles de tráfico desde usuarios remotos hasta sus sedes corporativas. existen extensiones del protocolo para poder utilizar criptografía de clave asimétrica. al permitir que un servidor de red de la empresa gestione las direcciones IP asignadas a sus usuarios remotos. Message Digest 5 (MD5) Es un algoritmo de reducción criptográfico de 128 bits ampliamente usado. Además. Esta metodología descuida la protección de las credenciales durante la fase de autenticación del usuario con el servidor. Sus diseñadores se concentraron primeramente en un modelo de cliente-servidor. IPSec Conjunto de protocolos cuya función es asegurar las comunicaciones sobre el Protocolo de Internet (IP) autenticando y/o cifrando cada paquete IP en un flujo de datos. las conexiones L2TP ofrecen un acceso seguro a su sistema o red cuando las utilice conjuntamente con IPSec (IP Security). Mediante el programa Network Admision Control (NAC). también denominadas líneas virtuales. Keberos Kerberos es un protocolo de autenticación de redes de ordenador que permite a dos computadores en una red insegura demostrar su identidad mutuamente de manera segura. Además. Una vez que el IDS detecta un ataque. un IPS toma acción para cesar el ataque actual y prevenir futuros ataques. y brinda autenticación mutua: tanto cliente como servidor verifican la identidad uno del otro. IPsec también incluye protocolos para el establecimiento de claves de cifrado. es capaz de trabajar directamente con otros medios. ofrecen acceso a los usuarios remotos a bajo precio.Intrusion Prevention System (IPS) – Sistema de prevención de intrusos Aplicación diseñada para detectar ataques basados en red. Los túneles de L2F no dependen de IP (Internet Protocol). LEAP Protocolo del tipo EAP patentado por Cisco basado en nombre de usuario y contraseña que se envía sin protección. la infraestructura de red refuerza la conformidad de las políticas de seguridad en todos los accesos a recursos de red. como Frame Relay o ATM. Layer 2 Forwarding Protocol (L2F) Layer 2 Tunnelling Protocol (L2TP) Las conexiones L2TP (Layer 2 Tunneling Protocol). Layer 2 Tunnelling Protocol over IPSec (L2TP/IPSec) Los protocolos de Windows 2000 VPN combinados con un acceso remoto (L2TP) y seguridad (IPSec). Los mensajes de autenticación están protegidos para evitar eavesdropping y ataques de Replay.

PAP se usa como último recurso cuando el servidor de acceso remoto no soporta un protocolo de autenticación más fuerte. PEAP La capacidad de desempeñar inspección paquete por paquete para todos los tráficos routables Password – Contraseña Pequeño hilo de caracteres utilizados para obtener acceso a recursos seguros. Packet Filtering Password Authentication Protocol (PAP) Protocolo simple de autenticación para autenticar un usuario contra un servidor de acceso remoto o contra un ISP. Novelle Directory Services (NDS) Un sistema global de nombramiento para ambientes Norvell con información sobre la red incluyendo los objetos en esa red. PAP transmite contraseñas o password en ASCII sin cifrar. y que se comete mediante el uso de un tipo de ingeniería social caracterizado por intentar adquirir información confidencial de forma fraudulenta. PAP es un sub-protocolo usado por la autenticación del protocolo PPP (Point to Point Protocol). que pueden operar a través del canal cifrado de TLS que proporciona PEAP. por lo común un correo electrónico. PEAP no especifica un método de autenticación. El Protocolo de autenticación extensible protegido (PEAP) es un nuevo miembro de la familia de protocolos de Protocolo de autenticación extensible (EAP). Consiste en convertir en tiempo real las direcciones utilizadas en los paquetes transportados. validando a un usuario que accede a ciertos recursos. sino que proporciona seguridad adicional para otros protocolos de autenticación de EAP. por lo que se considera inseguro. pero no se admite en clientes de red privada virtual (VPN) u otros clientes de acceso remoto. o algún sistema de mensajería instantánea o incluso utilizando también llamadas telefónicas. Una contraseña es utilizada para responder un reto de autenticación. y un autenticador PEAP. se hace pasar por una persona o empresa de confianza en una aparente comunicación oficial electrónica. como un equipo inalámbrico. como un Servicio de autenticación de Internet (IAS) o un servidor del Servicio de usuario de acceso telefónico de autenticación remota (RADIUS). como EAP-MSCHAPv2. conocido como phisher. PEAP utiliza Seguridad de nivel de transporte (TLS) para crear un canal cifrado entre un cliente de autenticación PEAP.Network Address Translation (NAT) Mecanismo utilizado por routers IP para intercambiar paquetes entre dos redes que se asignan mutuamente direcciones incompatibles.11. 52 . El estafador. PEAP se utiliza como método de autenticación para los equipos cliente inalámbricos 802. Phishing Es un término informático que denomina un tipo de delito encuadrado dentro del ámbito de las estafas.

Proxy Hace referencia a un programa o dispositivo que realiza una acción en representación de otro.535 bytes) con el fin de colapsar el sistema atacado. Point-to-Point Protocol (PPP) – Protocolo punto a punto Es un protocolo de nivel de enlace estandarizado en el documento RFC 1661. Public Key Infrastructure (PKI) Infraestructura de clave pública Es una combinación de hardware y software. políticas y procedimientos de seguridad que permiten la ejecución con garantías de operaciones criptográficas como el cifrado. Quality of Service (QoS) – Calidad de Servicio Son las tecnologías que garantizan la transmisión de cierta cantidad de datos en un tiempo dado (throughput). que sirve para permitir el acceso a Internet a todos los equipos de una organización cuando sólo se puede disponer de un único equipo conectado. Su finalidad más habitual es la de servidor proxy. esto es. clave criptográfica de un usuario sólo conocida por el mismo. empleando para ello tanto líneas telefónicas conmutadas como Internet. Public Key – Clave Pública Código digital utilizado para desencriptar datos y verificar firmas digital. 53 . se trata de un protocolo asociado a la pila TCP/IP de uso en Internet. Es útil para diagnosticar los errores en redes o enrutadores IP.Ping Se trata de una utilidad que comprueba el estado de la conexión con uno o varios equipos remotos por medio de los paquetes de solicitud de eco y de respuesta de eco (ambos definidos en el protocolo de red ICMP) para determinar si un sistema IP específico es accesible en una red. Point-to-Point Tunnelling Protocol (PPTP) PPTP es un protocolo de red creado por Microsoft que permite la realización de transferencias seguras desde clientes remotos a servidores emplazados en redes privadas. obtenido mediante autoridad certificada. Ping of Death – Pin de la Muerte Es un tipo de ataque enviado a un ordenador que consiste en mandar numerosos paquetes ICMP muy pesados (mayores a 65. una única dirección IP. Private Key – Clave Privada En un sistema criptográfico asimétrico. la firma digital o el no repudio de transacciones electrónicas. Por tanto. Calidad de servicio es la capacidad de dar un buen servicio.

0. Service Level Agreement (SLA) .Remote Access Dial-In User Service (RADIUS) Protocolo de red desarrollado por las empresas Livingston. se aplica a ambos protocolos a menos que el contexto indique lo contrario.0 y TLS 1. Security Perimeter – Perímetro de Seguridad Frontera de seguridad donde los controles de seguridad son colocados para proteger los activos de red.Protocolo de Capa de Conexión Segura Transport Layer Security -Seguridad de la Capa de Transporte. simplifica asuntos complicados. Un SLA identifica y define las necesidades del cliente a la vez que controla sus expectativas de servicio en relación a la capacidad del proveedor. Stateful Inspection Accesa y analiza todos los datos derivados de todas las comunicaciones en capas. determinando su impacto e identificando las áreas que puedan requerir protección. son protocolos criptográficos que proporcionan comunicaciones seguras por una red. la cual se distribuye (en forma autenticada preferentemente). Existen pequeñas diferencias entre SSL 3. 54 . y otra privada. Security Policy . proporciona un marco de entendimiento. Estos datos en su estado y contexto son guardados y actualizados dinámicamente. Secure Socket Layer (SSL) .Politica de Seguridad Grupo de altos directivos que controlan el despliegue de los servicios de red al igual que el mantenimiento constante y auditorias de estas políticas. es su sucesor. RSA Algoritmo asimétrico cifrador de bloques. que utiliza una clave pública.(TLS). reduce las áreas de conflicto y favorece el diálogo ante la disputa. Básicamente define la relación entre ambas partes: proveedor y cliente. Risk Analysis – Análisis de Riesgos Proceso de identificar los riesgos de seguridad. la cual es guardada en secreto por su propietario. El término “SSL” según se usa aquí. comúnmente Internet. pero el protocolo permanece sustancialmente igual. Secure Hash Algorithm (SHA) Es un sistema de funciones hash criptográficas relacionadas de la Agencia de Seguridad Nacional de los Estados Unidos. es un protocolo de autentificación. autorización y accounting para aplicaciones de acceso a la red o movilidad IP. proveyendo sesiones virtuales de información para rastreo de protocolos sin conexión.Acuerdo de Nivel de Servicio Es un contrato escrito entre un proveedor de servicio y su cliente con objeto de fijar el nivel acordado para la calidad del servicio.

55 . proveyendo un alto nivel de encriptado. TCP Reset Respuesta potencial a ataques de hackers mediante el Sensor Cisco Secure IDS o Router Cisco IOS Firewall con el cual el dispositivo emite un comando para terminar la conexión que esta actuando como un conducto al ataque. Se replica en el sistema incorporándose en otros programas que son compartidos en el sistema del ordenador. TKIP (Temporal Key Integrity Protocol) Es también llamado hashing de clave WEP WPA. muestra las contraseñas almacenadas en el sistema o destruye archivos guardadas en el disco duro. Por ejemplo. con la intención de que estos paquetes sean magnificados y enviadas a falsas direcciones. WPA tiene TKIP. como por ejemplo Internet. incluye mecanismos del estándar emergente 802. TTLS Tunnelled Transportation Layer Securtity. que utiliza el mismo algoritmo que WEP.11i para mejorar el cifrado de datos inalámbricos. Terminal Access Controller Access Control System Plus (TACACS+) Protocolo propietario de Cisco utilizado para los servicios AAA. ahora es un borrador estándar de IETF Virtual Private Network (VPN) Es una tecnología de red que permite una extensión de la red local sobre una red pública o no controlada. que ha sido desarrollado por Funk Software y Certicom. pero construye claves en una forma diferente. sin el permiso o el conocimiento del usuario. Virus Un virus informático es un malware que tiene por objeto alterar el normal funcionamiento del ordenador. forzando al atacante a re-establecer la conexión.Ataque SMURFF Ataques maliciosos donde el hacker envía un gran numero de paquetes con falsos pings enviados a distintas direcciones. Trojan (Trojan Horse) Un programa que se muestra como legítimo pero realiza actividades ilícitas cuando se ejecuta. Triple DES (3DES) Algoritmo de encriptado de 168 bits que encripta cada pieza de datos con tres claves diferentes DES en sucesión. Spoofing En términos de seguridad de redes hace referencia al uso de técnicas de suplantación de identidad generalmente con usos maliciosos o de investigación.

estableciendo una conexión punto a punto o previniendo el acceso por ese puerto si la autenticación falla. WEP Es el sistema de cifrado incluido en el estándar IEEE 802. sino que reside en la memoria y se duplica a sí mismo. Esta lista permite localizar rápidamente a otro ordenador de la red.1X La IEEE 802. El aumento de fiabilidad se consigue mediante el anuncio de un router virtual como una puerta de enlace por defecto en lugar de un router físico. A diferencia de un virus. mediante un rango de tipos de medias y densidades de puertos.1X y la WEP 56 . 802. mientras que los virus siempre infectan o corrompen los archivos de la computadora que atacan. Los gusanos utilizan las partes automáticas de un sistema operativo que generalmente son invisibles al usuario. 802. Windows Internet Naming Services (WINS) Es un servidor de nombres que mantiene una tabla con la correspondencia entre direcciones IP y nombres NetBIOS de ordenadores. Los gusanos siempre dañan la red (aunque sea simplemente consumiendo ancho de banda). Permite la autenticación de dispositivos conectados a un puerto LAN. Worm – Gusano Es un Malware que tiene la propiedad de duplicarse a sí mismo.VPN-Enabled Router Un router para las premisas del cliente que incorpora las funcionalidades de VPN y sintonizado para un desempeño VPN optimo.1X es una norma del IEEE para el control de admisión de red basada en puertos.11i Grupo IEEE estándar que realizan esfuerzos que incluyen “arreglos” al percibir debilidades en 802. Virtual Router Redundancy Protocol (VRRP) Diseñado para aumentar la disponibilidad de la puerta de enlace por defecto dando servicio a máquinas en la misma subred. un gusano no precisa alterar los archivos de programas.11 como protocolo para redes Wireless que permite cifrar la información que se transmite. Zombie Ordenadores infectadas con un Trojano y controlada por un Zombie Master listo para ser desplegada en el tiempo de su selección.

troyanos. gestión y prevención proactiva de contenidos maliciosos en software. Estas soluciones están integradas en productos de forma central para proteger cada punto de acceso de la empresa. ■ Suites de seguridad escalables: Suites integradas que proveen una defensa en diferentes capas contra virus. Producto: . gusanos. ■ Servicios financieros: TrendMicro Enterprise Protection es una plataforma altamente integrada y gestionada centralmente desde una plataforma que permite la intercolaboración de productos para proteger cada extremo de red. spam. ■ Soluciones integradas: Protege equipos de sobremesa. que gestione el contenido de seguridad de internet y mejore el despliegue de seguridad de tu Cisco ASA 5500? Beneficios: ■ Estrategia de protección de empresa: Provee soluciones integradas. Desde la prevención de vulnerabilidades hasta la prevención de códigos maliciosos y su eliminación. contenido inapropiado. El resultado es un sistema que protege la red de la empresa mientras provee un fuerte retorno de la inversión.Cisco Solutions (ASA5500). troyanos. ■ Seguridad móvil: Protege los dispositivos móviles contra amenazas de virus y mensajes spam vía SMS. Cosas a conocer: ■ ¿Cuál es la ventaja de TrendMicro? TrendMicro está enfocado en la prevención de invasiones maliciosas proveyendo continuamente a los clientes nuevos acercamientos para gestionar y asegurar la red contra el ciclo de vida de los códigos maliciosos y el impacto de los gusanos y virus que amenazan la productividad y la información. portátiles y servidores de red. spam u otros códigos malignos. hace más fácil coordinar la política de seguridad y desplegar actualizaciones automáticas en cada cliente y cada servidor. ■ Seguridad en tiempo real: Protege la propiedad intelectual e información confidencial. etc. gusanos. spams y otros códigos maliciosos? ¿Buscas un antivirus que te permita la búsqueda precisa en tus servidores al igual que su detección y eliminación de virus de archivos antes de que alcance al usuario final? ¿Deseas integrar un antivirus inteligente Trend Micro.Guía rápida de ventas: Trend Micro Trend Micro es el fabricante líder en seguridad. software o servicios. ■ Pasarelas de seguridad (Security Gateways): Provee la opción a los clientes de elegir entre diferentes opciones de hardware. ■ Gobierno: Las soluciones TrendMicro proporcionan las . gestionadas centralmente e innovadoras que supervisan las redes de clientes y detecta de manera precisa amenazas desconocidas en tiempo real permitiendo la colaboración para proteger cada salida de la red. a sus servidores de red. bloquea los correos inapropiados al igual que sus datos adjuntos y protege contra ataques de virus. incluso en ambientes con presupuesto de IT limitado. ■ Seguridad Plug & Play: Las aplicaciones de seguridad de Trend Micro están optimizadas para un rápido despliegue menor complejidad para reducir el coste total de las operaciones. ■ Protección inteligente del servidor: Ofrece una protección inteligente en tiempo real a la empresa. mientras que una consola basada en gestión web. ■ ¿Cuál es la ventaja de negocio de Trend Micro? El acercamiento innovador de Trend Micro ofrece una protección contra virus. actuando de forma centralizada y enfocado a proactivamente gestionar brotes. hackers y virus de redes? ¿Estas buscando una solución para tu empresa que proteja a tus clientes y sus servidores con un potente sistema de detección de spyware soportado por una verdadera empresa de seguridad? ¿Deseas centralizar la gestión de brotes maliciosos? ¿Deseas una solución que entregue suites totalmente integradas y que brinde una defensa contra virus. ■ Gestión centralizada: Facilita la administración y despliegue. servicios y capas de redes. incluyendo portales y cajeros automáticos. Preguntas a realizar: ¿Estas buscando una solución que proteja las redes de tu empresa de virus. servidores de archivos y previene del incremento de malware en las salidas internas o externas. Mercados Objetivos: ■ Salud: TrendMicro Enterprise Protection Strategy monitorea de manera precisa la información los sistemas y redes de salud detectando amenazas en tiempo real en cada uno de los extremos evitando la interrupción de sistemas y la infracción en la política de seguridad.

These routers offer the following benefits: • Fixed-configuration models offer 10/100 Ethernet. Routing at a Glance 1-1 .Chapter 1: Routing C H A PTE R 1 Ro ut ing Routing at a Glance Product Features Page INTEGRATED SERVICES ROUTERS Cisco 800 Series Integrated services routers allow small offices to operate secure concurrent services. • Wireless support is through integrated IEEE 802. and 1812 models) or analog modem (Cisco 1811) backup interfaces. serial.SHDSL WAN interfaces with integrated ISDN Basic Rate Interface (BRI) (Cisco 1801. 1803. • The Cisco 3200 Series enclosure systems support wired interfaces. • Wireless support—Optional IEEE 802. and mobility features using Cisco IOS Software. Network interfaces on the Cisco 1841 are Integrated Services Routers field-upgradable for flexibility and to accommodate future technologies. or G. in both modular and fixed architectures. Services Routers • Industrial-grade components allow for extended operating temperature ranges from -40°F to 165°F (–40 to 74°C) (for configurations w/out fiber interfaces) • Rugged enclosures provide passive conduction cooling. • Wireless LAN controller modules are a component of the Cisco Unified Wireless Network. • Advanced security features include Stateful Firewall. and Advanced Encryption Standard (AES).11 a/b/g standalone access-point high-speed WAN interface cards (HWICs) provide wireless support. wire-speed Integrated Services delivery of concurrent data. (Cisco 870 Series) • Demilitarized zone (DMZ). and quality of service (QoS) for voice over IP (VoIP). 1–6 Router including firewall. voice.11 b/g on Cisco 850 and 870 Series • Enhanced security features including Stateful Inspection Firewall and hardware-assisted encryption • Advanced features with threat defense capabilities. alleviating the need for fans. and universal serial bus (USB) (Cisco 3270 only). and video services for small and medium-sized business Routers (SMB) and enterprise branch routing. ADSL over basic telephone service.9-GHz licensed support for use in publicsafety applications. fiber (select 3270 models). The routers offer (optional) integrated 4. and data applications over Rugged Integrated Ethernet. high-performance integrated services routers are designed for use in mobile and outdoor fixed environments to support voice. intrusion prevention system (IPS). 1–21 Cisco 3200 Series These rugged. including RJ-45. synchronous serial (Cisco 3270 only). dial backup. asymmetric DSL (ADSL) over ISDN. Intrusion Prevention System (IPS). with multiple services enabled for 1 to 6 T1/E1 links. and Cisco Network Admission Control (NAC). 1802. VPNs. Triple DES (3DES). • The routers support enhanced security. quality of service (QoS). & multiple types of wireless interfaces. • Unified Communications available with Cisco 1861 model Cisco 2800 Series 1–15 Cisco 2800 Series Integrated Services Routers are optimized for the secure. • Wireless LAN (WLAN) access using IEEE 802. • Integrated IEEE 802. asynchronous serial.11a/b/g wireless bridge and access-point modes. • The Cisco 3200 Series supports IP telephony services using Cisco Unified Communications Manager Express (UCME). & out-of-band management (Cisco 870 Series) • Cisco Router and Security Device Manager (SDM) GUI tool for simple and advanced configuration Cisco 1800 Series Cisco 1800 Series Integrated Services Routers.11 a/b/g is available for all models of the Cisco 1800 Series. They offer the following benefits: • These routers offer superior performance. VPN. • The routers are designed to industry-standard PC/104+ design for embedding routing applications in custom enclosure designs. • Built-in encryption uses Digital Encryption Standard (DES). video. 1–7 offer a wide variety of LAN and WAN options. and wireless LANs at broadband speeds.

They offer the following benefits: • Backplane bandwidth scales from 32 to 720 Gbps. firewall. MAN. ISDN. AGGREGATION ROUTERS Cisco ASR 1000 Series • Cisco ASR 1002. and triple-play (data. • Modular.Cisco 3800 Series Integrated Services Routers offer very high performance and densities with the ability to run concurrent data. Cisco 3800 Series Integrated Services Routers SERVICE AGGREGATION ROUTERS Cisco 10700 Series Service provider-class metropolitan (metro) edge services router Routers • Offers optimized building block for the next-generation metro Ethernet and IP access networks • Equipped with either twenty-four 10/100 or four Gigabit Ethernet and eight Fast Ethernet ports for customer access and OC-48c/STM-16c Dynamic Packet Transport/Resilient Packet Ring (DPT/RPR) technology or Packet over SONET (PoS) for metro optical connectivity • Supports IEEE 802. ASR 1004. security. Cisco 7600 Series Cisco 7600 Series Integrated Services Routers consolidate WAN. serial. and ASR 1006 chasses that support various shared-portAggregated Services adapter (SPA) densities and modular route processors (Cisco ASR 1000 Series Route Processor 1 [RP1]) and forwarding processors (Cisco ASR 1000 Series Embedded Router Services Processor 5 (ESP5) and Cisco ASR 1000 Series ESP10) • Up to 15 Mpps forwarding performance plus the ability to add services by purchasing feature licenses (Cisco IOS Software redundancy. and LAN in a single platform. • A wide range of WAN and MAN interfaces are available. • These routers are ideal for service provider edge. Packet over SONET/SDH (PoS). Fast Ethernet. ATM. and scalability in a 1-rack unit (1RU) form factor. and T3 to OC192 with line-rate services. • The routers offer high-volume aggregation of service-enabled Ethernet. 4-. • Integrated IEEE 802. and IP Security [IPSec]) • Support for a wide variety of enterprise and service provider features and deployments Cisco 7200 Series This optimized OC-3/Gigabit Ethernet WAN-edge router provides intelligent services. voice. Cisco 7300 Series • Cisco 7304—This network edge router delivers high-performance IP services at optical Routers speeds for service providers and enterprise networks. and performance from 30 to more than 400 Mpps with new Cisco Catalyst 6500 Series Supervisor Engine 720 or RSP720 engine and distributed forwarding line cards. from N x DS-0. voice. firewall services modules (FWSMs). such as IP Security (IPSec) shared port adapter (SPA). T1. ATM. High-Speed Serial Interface (HSSI). Support technologies include serial. • High-speed HWICs free network-module slots for other services. Channelized. distributed denial of service (DDoS). including Ethernet. 1-rack unit (1RU) or 3RU chassis • 1-. • Cisco 7301—This broadband and WAN edge router provides intelligent services. high Routers modularity. high-speed serial. portadapter modularity.and 6-slot models) • Choice of system processors (network processing engines [NPEs]) for up to 2-Mpps performance (Cisco 7201 comes with built-in NPE) • Built-in Gigabit Ethernet connectivity—Copper or fiber (three ports on Cisco uBR7200 Series NPE-G2 Network Processing Engine or four ports on the Cisco 7201) The router offers a wide variety of LAN and Cisco Product Quick Reference Guide WAN options. and Ethernet. • Expanded default and maximum memory capacity with Error Correction Code (ECC) double data rate (DDR) synchronous dynamic RAM (SDRAM) memory detects and corrects SDRAM errors without user intervention. • The routers support a broad range of advanced services modules. • Wireless LAN controller modules are a component of the Cisco Unified Wireless Network. or 6-slot models for port and service adapters • 1 I/O slot (for 4. metropolitan-area Routers network (MAN). as well as voice support including IP-to-IP gateway (session border controller) and quality of service (QoS). investment protection. redundant system and inline power options are available.11 a/b/g standalone access-point HWICs provide wireless support. and advanced services at wire speeds up to T3/E3. Gigabit Ethernet. and Packet over SONET. high performance. and video) deployments and high-end enterprise solutions. Network-Based Application Recognition (NBAR) and Cisco IOS Flexible Packet Matching (FPM). Token Ring. • These routers offer high availability and resiliency with online insertion and removal (OIR). high performance. session border controller (SBC).17 standard-compliant RPR technology 1–24 1–29 1–33 1–36 1–38 1–43 1-2 Routing at a Glance . and scalability in a small form factor. investment protection. • These routers support Cisco Catalyst 6500 Series line cards and Cisco 7500 and Cisco 7200 port adapters. broadband aggregation. and application control engines (ACEs) (server load balancing). • The routers provide enhanced security.

Cisco XR 12000 and 12000 Series Routers Services to Protect.com. For more information about all services. visit http://www. visit: http://www. Offerings range from traditional maintenance to proactive and predictive services. and quality of service [QoS]) that help ensure traffic differentiation while meeting the strictest customer service-level agreements. and full deployment.cisco. operational maturity. For more information about Cisco Advanced Services.com/go/ts. creating network architectures that optimize IT services and enhance your business.” Some parts have restricted access or are not available through distribution channels.com/en/US/ordering/index. Maintain. Enter a product description or SKU or search by product series family. Cisco and our partners accelerate business transformation. and channelized physical interfaces. with new power supply and blower enhancements supporting a portfolio of shared port adapters (SPAs) and SPA interface processors (SIPs). This chapter provides only a small subset of all parts available via the URL listed under “For More Information. go to http:// www. and Optimize Cisco Products Cisco and our global community of partners offer a portfolio of technical services that help you maintain the health and performance of every Cisco product. Ethernet. • Up to nine chassis options are available.shtml. and agility through consultative planning.Chapter 1 The Cisco XR 12000 and 12000 Series Routers are service provider-class multiservice1–44 edge routers that help customers transition toward a converged IP network infrastructure. Dynamic Packet Transport/Resilient Packet Ring (DPT/RPR) and copper. “Services”. • The extensive portfolio of line cards and SPAs support Packet over SONET/SDH (PoS). solution development.cisco. These routers offer the following benefits: • The routers support edge-optimized line cards.cisco.com/go/techservices. • The routers offer service-related enhancements (Layer 3 VPN [L3VPN]. Cisco Routers Port Matrix 7200/7301 Series ASR 1000Series 10700 Series Fixed Ports Only Fixed & Modular Ports Modular Ports Only LAN Ports 10-Mbps Ethernet 10-Mbps Ethernet (fiber) 100-Mbps Ethernet 100-Mbps Ethernet (fiber) 10/100-Mbps Ethernet 10/100 Mbps Switch Port Cable DOCSIS 2. For more information about Cisco Technical Services. L2VPN. see Chapter 10.cisco-servicefinder. To find the right technical service for any Cisco product. maximizing the value of line-rate edge applications with 10-G uplinks while sustaining line-rate performance. use the Service Finder tool at http://www.0 Token Ring ATM Gigabit Ethernet 10 Gigabit Ethernet Wireless LAN Integrated Standalone Access Point Wireless LAN Controller Module 3G Wireless LAN HWIC WAN Ports Sync Serial X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X3 X X1 X X X X X X X X X X X X X X X X X X1 X2 X X X X X X X X X X X X X 4 X X X X X1 X X X X X Cisco Routers Port Matrix 12000 Series X X 1800 Series 2800 Series 3200 Series 3800 Series 7304 Series 7600 Series 800 Series 1-3 . Product Ordering Website To place an order. In addition. ATM.

Cisco 3271 Router only 2.T1/E1 POS OC-x/STM-x DPT/RPR OC-12/STM-4 DPT/RPR OC-48/STM-16 DPT/RPR OC-192/STM-64 ADSL.SHDSL IDSL DPT Voice Over IP (VoIP) Analog Voice Interfaces Digital Voice Interfaces ISDN BRI Digital Voice Interfaces Integrated Switching Integrated 4-port Switch Integrated 8-port Switch Integrated 4-port Switch HWIC Integrated 9-port Switch HWIC Integrated 16-port Switching Integrated 24-port Switching Integrated 36-port Switching X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X5 X5 X5 X X X X X X X X X X6 X4 X X X 7 8 X X1 X X X X X X X X X X9 X X X X Integrated 48-port Switching Power over Ethernet (PoE) X Application Acceleration (WAAS) Wide Area Application Acceleration Modules Security VPN IPS X IPS Advanced Integration Module IPS Network Module Network Admission Control Network Module Encryption Advanced X Integration Modules Encryption Service Adapter Application eXtension Platform (AxP) Advanced Integration Module Network Module 1. G. Supported on the Cisco 2691 only X X4 X X X X X X X X X X X X X X X X X X X4 X X X X 1-4 Cisco Routers Port Matrix . ADSL 2+. Cisco 7301 Router only 3.Sync Serial w/ CSU ISDN BRI (S/T) ISDN BRI (U) ISDN PRI/Ch T1 ISDN PRI w/ CSU Async Analog/POTS Integrated Modems Integrated Modem WICs HSSI DS3 ATM OC-3 ATM OC-12 ATM ATM .SHDSL ADSL over ISDN G.

Chapter 1 4. 5. 7. Slot 1 = Empty Slot 0 = 256MB. 876. 9. and 2851 only Cisco 2821 and 2851 only Supported on Cisco 2851 only Memory Information for Routers Router 815 851. plus one slot Slot 0 = 128 MB. 6. 877. Slot 1 = Empty Single 64 MB Compact Flash default Single 64 MB Compact Flash default Single 64 MB Compact Flash default Single 64 MB Compact Flash default Single 64 MB Compact Flash default Slot 0 = 256MB. 857 871.DRAM 150 7301 Series 7304 NPEG100 Memory Information for Routers 1-5 . Slot 1 = Empty 1 2 1 1 2 2 2 1 1 1 1 1 1 1 1 64 MB 256 MB 128 MB 256 MB 256 MB 1 GB 1 GB 64 MB 256 MB 256 MB 512 MB 256 MB 1 GB 2 GB 256 MB 256 MB 512 MB 512 MB 1 GB 2 GB 2 GB 512 MB 1 GB 256 MB 512 MB 256 MB 1 GB 2 GB Flash (CFM) DRAM Flash (CFM) DRAM Flash (CFM) 7304 NSE. 8. Slot 1 = Empty Slot 0 = 256MB. 878 Memory Type Flash DRAM Flash DRAM Flash DRAM Slots 1 1 1 1 1 1 Default Memory 32 MB 20 MB 64 MB 24 MB or 28 MB1 128 MB 32 MB 128 MB 128 MB 256 MB 256 MB 256 MB 64 MB 64 MB 64 MB 64 MB 32 MB 32 MB 64 MB 128 MB 128 MB 256 MB 64 MB 256 MB 4 GB 2 GB 1 GB 2 GB 8 GB 256 MB 64 MB Max Memory Default Configuration (Notes) 64 MB 128 MB 20 MB 64 MB 52 MB 256 MB 1800 Series 2800 Series 3200 Series 3800 Series ASR 1000 Series 7200 Series Flash DRAM DRAM (2801) DRAM (2811) DRAM (2821) DRAM (2851) Compact Flash (2801) Compact Flash (2811) Compact Flash (2821) Compact Flash (2851) Flash (3230) Flash (3250) Flash (3270) DRAM (3230) DRAM (3250) DRAM (3270) Flash (External Compact Flash) DDR SDRAM (ECC) ASR1002 DRAM RP1 DRAM ESP5 DRAM ESP10 DRAM ASR1002 eUSB Flash for 7201 Flash (PCMCIA) (for IO controller card. Slot 1 = Empty Slot 0 = 256MB. Cisco 1841 only Cisco 1861 only Except Cisco 1841 Cisco 2811. 2821. IO controller card required for NPE-400) Flash for NPE-G1 (Compact Flash) Flash for NPE-G2 (Compact Flash) DRAM (NPE-400) DRAM (NPE-G1) DRAM (NPE-G2) DRAM for 7201 1 1 1 2 128 MB 384 MB 384 MB 768 MB 1 GB 1 GB 128 MB 256 MB 256 MB 256 MB 32 MB 32 MB 64 MB 128 MB 128 MB 256 MB 256 MB 1 GB 4 GB 2 GB 1 GB 2 GB 8 GB 256 MB 128 MB 20 MB On board 64 MB On board 20MB On board + 4MB or 8MB* Mini Flash 128 MB On board + 128MB DIMM module * Advanced IP Services image includes 28MB flash External compact flash 128 MB on motherboard.

or with an Ethernet WAN port connected to an external broadband modem. including: ISDN Basic Rate Interface (BRI). G. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).0. Ideal for Companies that Need These Features • Ethernet LAN ports and a variety of WAN connectivity. and generic routing encapsulation (GRE) tunneling • Enhanced security with Stateful Inspection Firewall. the Cisco 870 Series also includes security features such as intrusion prevention systems (IPSs).SHDSL • Advanced security and wireless LAN Key Features • Fixed-configuration support for several types of WAN connections • Optional standalone IEEE 802. ADSL. optional external power injector for Power over Ethernet (PoE) on Cisco 870 Routers • Integrated 4-port 10/100 Ethernet switch on Cisco 850 and 870 Series • Bandwidth-optimization features such as compression.SHDSL. Advanced IP Services image includes 28MB flash Cisco 800 Series Routers The Cisco 800 Series Router provides enhanced network security. Microsoft CHAP (MS-CHAP). It connects users to the Internet or to a corporate LAN through asymmetric DSL (ADSL2+). and X.1x.25 over D-channel support on the Cisco 876 • DMZ interface on all Cisco 870 Routers.25 over D channel (Cisco 876) Specifications Feature Fixed LAN Port Connections 851 857 871 876 877 878 4-port 10/100 4-port 10/100 4-port 10/100 4-port 10/100 4-port 10/100 4-port 10/100 Ethernet switch Ethernet switch Ethernet switch Ethernet switch Ethernet switch Ethernet switch 1-6 Cisco 800 Series Routers . dial-on-demand routing (DDR). and proven reliability through Cisco IOS Software for small offices and telecommuters. and G. Cable DOCSIS 2. ADSL over ISDN. Always-On Dynamic ISDN (AODI). Port Address Translation (PAT) and Network Address Translation (NAT). IP Security (IPSec) encryption (Triple Digital Encryption Standard [3DES]) and Advanced Encryption Standard (AES) encryption on Cisco 850 and 870 Series. 802. Easy VPN.7600 Series Flash (PCMCIA) DRAM (Sup 2) DRAM (MSFC2) DRAM (PFC2) DRAM (Sup720-3B) DRAM (Sup720-3BXL) 10700 Flash (Internal) Series SDRAM RP Packet Buffer XR 12000/ Flash (PCMCIA) 12000 SDRAM (PRP-1) Series SDRAM (PRP-2) DRAM (Line Cards) 1 1 1 1 1 1 1 1 1 2 1 1 1/2 16 MB 128 MB 128 MB 128 MB 512 MB 1 GB 64 MB 512 MB 64 MB 48 MB 512 MB 2 GB 128-256 MB 512 MB 512 MB 512 MB 256 MB 512 MB 1 GB 64 MB 512 MB 64 MB 4 MB 1 GB 4 GB 256 MB2 GB Maximum memory is configured with No Option Route Memory Route Memory 1. This router is ideal for companies with Cisco IOS Software-based networks that want to add telecommuters or very small branch offices. It is also ideal for service providers that offer value-added services to small offices and for value-added resellers (VARs) that are familiar with Cisco IOS Software and want to profitably service small-office customers. wireless LAN. Lock and Key. bandwidth on demand. Dynamic Multipoint VPN (DMVPN). and URL filtering • Out-of-band management and dial backup with an external modem through the auxiliary or console port on the Cisco 870 Series Routers • Dial backup through the integrated ISDN port on the Cisco 876 • X.11 b/g wireless LAN access point for Cisco 850 and 870 Series • Standard security with access control lists (ACLs).

with Security Cisco 851 Ethernet to Ethernet Router Cisco 851 Ethernet to Ethernet Wireless Router. Americas Cisco 851 Ethernet to Ethernet Wireless Router. U. ADSL 2/2+ 1-port 10/100 Ethernet 1-port G.11 b/g IEEE 802. Europe Cisco 871 Ethernet to Ethernet Wireless Router. and Americas Cisco 857 ADSL Wireless Router. Europe Cisco 851 Ethernet to Ethernet Wireless Router.S. Cisco 1800 Series Integrated Services Routers Cisco 1800 Series offers three classes of routers to meet the diverse needs of small enterprise branch offices and small and medium-sized businesses (SMBs). data.Chapter 1 Fixed WAN Port Connections 1-port ADSLover-ISDN. AC Power Supply Spare Cisco 800 Series SMARTnet Maintenance (8x5xNBD) For More Information For more information about the Cisco 800 Series.11 b/g (“W” model) (“W” model) (“W” model) (“W” model) Wireless Antenna Single fixed Single fixed Dual removable Dual removable antenna antenna antennas antennas Maximum VPN Tunnels 5 5 10 10 NAC No No Yes Yes URL Filtering No No Yes Yes Stateful Firewall Yes Yes Yes Yes Inline IPS No No Yes Yes 1-port 10/100 Ethernet 1-port ADSL.SHDSL Wireless Router.11 b/g IEEE 802.com/go/800.SHDSL 1-port ADSL over POTS (ADSL.S.S.SHDSL Router Cisco 878 G. Europe Cisco 871 Ethernet to Ethernet Router Cisco 871 Ethernet to Ethernet Wireless Router./Americas Cisco 871 Ethernet to Ethernet Wireless Router. visit: http://www. Japan Cisco 876 ADSL over ISDN Router Cisco 876 ADSL over ISDN Wireless Router Cisco 877 ADSL Router Cisco 877 ADSL Wireless Router: U. Europe Cisco 870 Series 4 MB Flash spare Cisco 870 Series 8 MB Flash spare Cisco 870 Series 16 MB Flash spare Cisco 870 Series 32 MB Flash spare Cisco 870 Series 64 MB SDRAM spare Cisco 870 Series 128 MB SDRAM spare 4 port 802. U. Automated-Attendant. Cisco 1800 Series Integrated Services Routers 1-7 ./Americas Cisco 877 ADSL Wireless Router. ADSL 2/ 2+) IEEE 802.3af capable Inline power module for 800 Routers Cisco 850/870 Series./Americas Cisco 878 G. The Cisco 1861 Integrated Services Router is a unified communications solution that provides voice.11 b/g IEEE 802.11 b/g (“W” model) Dual removable antennas 10 Yes Yes Yes Yes Selected Part Numbers and Ordering Information Cisco 800 Series Routers CISCO815-VPN/K9 CISCO851-K9 CISCO851W-G-A-K9 CISCO851W-G-E-K9 CISCO851W-G-J-K9 CISCO857-K9 CISCO857W-G-A-K9 CISCO857W-G-E-K9 CISCO871-K9 CISCO871W-G-A-K9 CISCO871W-G-E-K9 CISCO871W-G-J-K9 CISCO876-K9 CISCO876W-G-E-K9 CISCO877-K9 CISCO877W-G-A-K9 CISCO877W-G-E-K9 CISCO878-K9 CISCO878W-G-A-K9 CISCO878W-G-E-K9 Cisco 800 Series Memory Options MEM870-4F= MEM870-8F= MEM870-16F= MEM870-32F= MEM870-64D= MEM870-128D= Cisco 800 Series Accessories 800-ILPM-4 PWR-850-870-WW1= Cisco 800 Series Basic Maintenance CON-SNT-PKG1 Cisco 815 ISR.SHDSL Wireless Router. NA DOSCIS Compliant. video.S. ADSL 2/ 2+) Wireless LAN IEEE 802. Japan Cisco 857 ADSL Router Cisco 857 ADSL Wireless Router. voicemail. U.cisco.11 b/g (“W” model) Dual removable antennas 10 Yes Yes Yes Yes IEEE 802. 1port ISDN S/T (ADSL. Europe Cisco 878 G.

E1. • A high-performance processor supports concurrent deployment of high-performance. leased-line. and firewall functions. Specifications Feature Form factor Target Applications Cisco 1861 Series Desktop. • The modular Cisco 1841 provides flexibility with an internal advanced-integration-module (AIM) slot designated for higher-speed VPNs and future applications. Built-in hardware encryption enabled through optional security image. Integrated IEEE 802. ADSL over ISDN (Cisco 1802). An optional 4-port switch HWIC is available for the Cisco 1841. Cisco 1841 offers flexible WAN connectivity options where Cisco 1801. • An integrated standard power supply offers easier router platform installation and management. Integrated 8-port managed 10/100 Ethernet switch. ADSL 2/2+ capability on Cisco 1801 and 1802 Routers. • These routers support the latest Cisco IOS Software-based quality-of-service (QoS) bandwidth management features. Cisco Network Admission Control (NAC). and 1812 offer secure data connectivity in a small. • These routers allow LAN segmentation using VLANs. fixed form factor. and wireless LANs.92 analog modem (Cisco 1811) or ISDN BRI (Cisco 1812). The routers feature secure. and for a high-speed WAN interface card access point (HWIC-AP) for the Cisco 1841. Modularity for flexibility in WAN configurations. and customer relationship management (CRM) programs. Ability to use 10/100 Ethernet as a WAN access connecting to external DSL or cable modem. 1802.75-cm high with rubber feet) Secure data with broadband access and backup WAN Metal Yes Chassis Wall-mountable Rack-mountable Yes (optional 19-in rackmount kit Yes (optional 19-in. or G. Support for a range of HWICs.and security capabilities while integrating with existing desktop applications such as calendar. Ideal for Companies that Need These Features • Cisco 1801. • Integrated hardware-based encryption acceleration offers a cryptography accelerator as standard integrated hardware that can be enabled with optional Cisco IOS Software for Triple Digital Encryption Standard (3DES) and Advanced Encryption Standard (AES) encryption support.5 rack unit (RU) Small Office Unified Communications.11 a/b/g wireless LAN (“W” models) • Cisco 1841 Integrated Services Router—Secure data access solution for customer environments up to T1. • The fixed-configuration Cisco 1801 through 1812 models have an integrated 8-port 10/100 Ethernet switch with Power over Ethernet (PoE). 1802. 1. Primary WAN access through asymmetric DSL (ADSL) over basic telephone service (Cisco 1801). 1-rack-unit (1-RU) high (4. Integrated LAN switching with Power over Ethernet (PoE) expandable through Cisco Catalyst Switches. e-mail. concurrent services. secure data services with headroom for future applications. Cisco Unity Express for voice messaging and automated attendant. Both the Cisco 1800 Fixed and Modular Routers are designed for secure data connectivity through Frame Relay. Integrated 8-port managed 10/100 Ethernet switch.SHDSL (Cisco 1803). Several slot types are available to add future connectivity and services on an “integrate-as-you-grow” basis.11 a/b/g wireless LAN (“W” models) • Cisco 1811 and 1812 Integrated Services Routers—Secure data access at broadband rates. • The routers offer advanced device management using Cisco Router and Security Device Manager (SDM). 1803. Support for a broad array of WAN services. 1811.75 cm high with rubber feet) Secure data with frame relay or leased line access (T1/E1) Metal Yes Cisco 1800 Series Fixed-Configuration Routers Desktop. • A security performance-enhanced feature set offers an intrusion prevention system (IPS). 1-rack-unit (1RU) height (4. and 1803 Integrated Services Routers—Secure data access through broadband DSL. Backup WAN interface using ISDN Basic Rate Interface (BRI) . Comprehensive security features • Cisco 1861 Integrated Services Routers—Integrated Cisco Unified Communications Manager Express or Cisco Unified Survivable Remote Site Telephony for call processing. and high-quality delivery of multiple. fast. or broadband access.11 a/b/g standalone wireless access point for “W” models of Cisco 1801 through Cisco 1812 models. rack-mount is required) kit required) 1-8 Cisco 1800 Series Integrated Services Routers . Comprehensive security features Key Features • Cisco 1800 Series Integrated Services Routers are available with an IEEE 802. or xDSL WAN rates with services turned on. Integrated IEEE 802. Data and Security Metal Yes Yes (optional rackmount kit is required) Cisco 1841 Series Desktop. Ability to use backup WAN interface with V.

Height without rubber feet: 1. PBX.8 kg). and 1803.DMT. Onboard voice ports integrated into the system by default include interfaces for PSTN.45 cm).and 24-port line cards). U-R2. ECI HiFocus SAM 2401 (16-port Metalink-based line cards). (4.1 lb. and key system connections. Height with rubber feet: 1. (2. ECI HiFocus (16.75 in. (34. transcoding.39 cm). and BRI. Height without rubber feet: 1.75 cm) Maximum: 6.0 and XpressLink 2.and 4-wire support via WAN Interface Card 1803 supports either 2-wire via WAN Interface Card mode or 4-wire mode. FXO.991. The WIC-1SHDSL-V3 in 4-wire mode is interoperable with the following DSLAMs: Alcatel ASAM 7300 (12.992.87 in.413 DMT Issue 2. Lucent Stinger (24and 72-port line cards).73 in.SHDSL 2. Minimum: 6.and 48-port line cards). Alcatel (ASAM 1000 and 7300). The Cisco 1803 supports the same standards as the Cisco G. CopperEdge 200 DSLAM (24-port line cards) • Cisco 1800 Series Fixed-Configuration Routers: The Cisco 1803 in 2-wire mode is interoperable with the following DSLAMs: Cisco 6000 Series IP DSL switches. ECI HiFocus SAM 2401 (16-port Metalink-based line cards). Two Two None None None: The Cisco 1841 does not None: The Cisco 1800 Series support voice does not support voice Voice-over-IP (VoIP) passthrough only Same as 1841 • Cisco 1861/1841: ADSL over POTS.89 in.07 cm) 13. • (6. Maximum: 384 MB MB Flash memory • Cisco IOS Software: 128 MB External removable compact External removable Compact Flash • Voice messaging: 1 GB. ADSL over ISDN via WAN Interface Card • Cisco 1800 Series Fixed-Configuration Routers: One ADSL over POTS port on Cisco 1801.0 lb.05 in. This feature is not upgradable. Maximum: 384 Default: 128 MB.992. The Cisco 1803 in 4-wire mode is interoperable with the following DSLAMs: Alcatel ASAM 7300 (12.and 32-port line cards) G. The Cisco 1802 is interoperable with the following DSLAMs: Cisco 6260.7 in. CopperEdge 200 DSLAM (24-port line cards) Two 10/100 10/100BASE-T ports for WAN Onboard Ethernet ports • 1 10/100 Fast Ethernet connection supporting DSL and • 8 10-/100-Mbps LAN cable modems and Ethernet • 1 10/100 Ethernet expansion access services.80 cm) Maximum: 6. Height with rubber feet: 1. The Cisco 1801 is interoperable with the following DSLAMs: Cisco 6130 and Cisco 6260 IP DSL switches.SHDSL port on Cisco G. ECI HiFocus (16. Lucent Stinger FS (32. (One port is port available on Cisco 1801. (2.SHDSL WIC and is based on ITU Recommendation G. Lucent Stinger (48-port line cards). including FXS.7 kg) (no interface cards and modules) Synchronous dual in-line memory module (DIMM) DRAM 12.625 x 10. One ADSL over ISDN on Cisco 1802. Two ports are available on Cisco 1811 and ADSL Port Cisco 1800 Series Integrated Services Routers 1-9 . conferencing.1). CopperEdge 200 DSLAM (24-port line cards). with interface cards and modules.67 x 26. Lucent Stinger FS (32.67 x 28. (4.36 x 24. Maximum: 128 MB MB Modular slots . (4.63 kg) Synchronous dual in-line memory module (DIMM) SDRAM (1 DIMM slot) DRAM capacity Default: 128 MB.DMT and ANSI T1. and G.and 24-port line cards).1 G.4 cm). no modules Onboard support analog and digital voice.8 kg) Weight 8 lb (3.and 24-port line cards).74 x 9. Alcatel (ASAM 1000 and 7300).Chapter 1 Dimensions (W x D) • 2. (2. Maximum: 128 Default: 32 MB.SHDSL DSLAM • Cisco 1841 Series: The WIC-1SHDSL-V3 in 2-wire mode is interoperable with the following DSLAMs Interoperability • Cisco 6000 Series IP DSL switches.and 4-wire support One G. CopperEdge 200 DSLAM (24-port line cards). G.total Two None One (HWIC) DRAM • Cisco IOS Software: 256 MB • Voice messaging: 512 MB Modular slots (WAN) Modular slots (HWICs) Modular slots (voice) VoIP support One (HWIC) One (HWIC) Supports voice but as integrated feature. (4.3 x 27.SHDSL Port G. Alcatel ASAM 7300 (12.and 24-port line cards). Compact Flash Flash Flash memory capacity Default: 32 MB. The Cisco 1801 supports ADSL over POTS standards G.2 lb.8 in.5 x 11. The Cisco 1802 supports ADSL over ISDN standards ETSI 101-388.and 32-port line cards).SHDSL 2.5 x 10. Alcatel ASAM 7300 (12.2 (accepted worldwide).1 G. (32.64 cm). 1802. and secure RealTime Transport Protocol (RTP) applications.and 48-port line cards). Siemens (XpressLink 2.

12.2 dBi 802. and 256 cryptology by by default using an optional security image Cisco IOS Firewall Performance Wireless LAN Hardware None Wireless LAN features None 100 with on-board encryption. 3DES.11a/b/g. Quality of Service (QoS) for WLANs Data Rates Supported N/A Range None Wireless LAN Software None Features 1-10 Cisco 1800 Series Integrated Services Routers . 18. 36. 1802.11a: 6.2 kbps One: up to 115.11g: 1. 24.11a: 6. The Cisco 1801. AES 192. Integrated H/W-based encryption on motherboard IPSec Tunnels Yes None: The Cisco 1841 does not None: The Cisco 1800 Series support voice does not support voice Yes Yes IPSec VPN Performance Encryption support in IPsec DES. 11. 11.2 dBi 802. 802. 802. 48. software and hardware 192.Integrated Ethernet Switch Ports • 1 10/100 Fast Ethernet • 8 10-/100-Mbps LAN • 1 10/100 Ethernet expansion port None Optional via 4-port Ethernet switch HWIC. 18. Antenna diversity. External antenna. 36. 48.1) ISDN S/T BRI Port V. Field-replaceable antennae. Automatic rate selection for 802. Field-replaceable antennae. and 54 Mbps. Automatic rate selection for 802. and 1812 Optional via WAN Interface Card One analog modem port on (1 or 2 ports) Cisco 1811 One: up to 115. up to 15 VLANs Eight 10/100BASE-T fully managed switch ports with 802. and 54 Mbps Range—Indoor 1 Mbps at 320 ft.11 a/b/g or IEEE 802. 12. AES 128. Default antenna gain—2. 48.92 Analog Modem Port Console port Auxiliary port Onboard AIM slots Two ports on the BRI SKUs None One: up to 115. External antenna. 5. 3DES. 12. motherboard conferencing. and secure Real-Time Transport Protocol (RTP) applications. AES 192. 1803.3af PoE support. and 1803 do not offer USB support.11a/11b/11g. This feature is not upgradable. Up to 8 VLANs Onboard USB ports One (1. AES 128. and AES 128. 9. 12. AES 256 50 40 Mbps 3DES @ 1400 byte packets DES.11a/b/g. 1802.11g: 1.1Q VLAN and 802.5. 2.2 kbps Virtual AUX port None Two (USB 2.2 kbps One (internal) One—up to 115.11a/11b/11g. Support for Wi-Fi Multimedia (WMM).11 a/b/g on wireless models IEEE 802. 18.11 b/g via HWIC IEEE 802. 18. Default antenna gain—2. Optional via WAN Interface Card One ISDN S/T BRI port on Cisco 1801. 2. and 54 Mbps.5. 9. 48. 3DES.2 kbps One—up to 115. 5. AES 256 100 Mbps @ 1400 byte packets 100 Mbps @ 1400 byte packets Optional IEEE 802. 800 with VPN AIM 40 Mbps 3DES @ 1400 byte packets DES.2 kbps None Packet-voice-DSPNo slots: Onboard support module (PVDM) slots on analog and digital voice. 36. 9. transcoding. and 54 Mbps IEEE 802. Wi-Fi Certified for WPA-Personal and WPAEnterprise. Software-configurable transmit power. 24. 6. 6. 24. Maximize throughput or maximize range option. 24.0) on Cisco 1811 and 1812 only. Antenna diversity. 36. 9. Wi-Fi Certified for WPA-Personal and WPAEnterprise.

Additional security features: IEEE 802. OSPF. RIPv1. Class-Based WFQ (CBWFQ). Weighted Random Early Detection (WRED). CiscoView and Router. Committed Access Rate (CAR). EIGRP. and Security Device Management (SDM) GUI-based network management for wireless interface is provided 12. WPA Temporal Key Integrity Protocol (TKIP) with support for per-packet key hashing. Network-Based Application Recognition Yes None No No 100 to 240 VAC 50 to 60 Hz 1. OSPF.3af. Static and dynamic wired equivalent privacy (WEP) keys of 40 bits and 128 bits. IPv6 unicast only (Internetwork Packet Exchange [IPX]. Static and dynamic wired equivalent privacy (WEP) keys of 40 bits and 128 bits. Cisco 1800 Series Integrated Services Routers 1-11 . QoS Protocols Internal system power supply Power over Ethernet (PoE) power supply Redundant power supply DC power support AC input voltage Frequency AC input current Output power PoE Support PoE Standards External PoE Power Supply System Power Dissipation Supported Internally None None 153 BTU/hr. IBM SNA.1X local authentication. Class-Based WFQ (CBWFQ). AppleTalk supported with optional Advanced Enterprise Services Feature Set) Weighted Fair Queuing (WFQ). MAC authentication/filter encryption. and Security Device Management (SDM) GUI-based network management for wireless interface is provided IP BASE -12. OSPF. Additional security features: IEEE 802. message integrity check. Cisco Prestandard PoE 80W external power supply 153 BTU/hr. Preshared Key (PSK) Authentication. Configurable limit for the number of wireless clients. RIPv1. Configurable RADIUS accounting for wireless clients 8 8 None None Supported by CiscoWorks 2000. Configurable RADIUS accounting for wireless clients • Cisco 1800 Series Fixed-Configuration Routers: IEEE 802. Configurable limit for the number of wireless clients. IBM SNA.3(8)YI SSIDs Wireless LAN Management Features GUI-based network management Cisco IOS Software 12. Network-Based Application Recognition Yes None No No 100 to 240 VAC 50 to 60 Hz 1. Weighted Random Early Detection (WRED). IBM SNA. message integrity check. Class-Based WFQ (CBWFQ). Weighted Random Early Detection (WRED). CiscoView and Router. Resource Reservation Protocol (RSVP). EIGRP.1X per-user.5A maximum 50W (maximum) Supported on 10/100 Ethernet switch ports with optional PoE kit IEEE 802.4(1) Supported by CiscoWorks 2000.Chapter 1 Wireless LAN Security Features • Cisco 1861 Series: None • Cisco 1841 Series: IEEE 802. and EAP-Transport Layer Security (EAP-TLS). Protected Extensible Authentication Protocol (PEAP).5A maximum 50W (maximum) Not supported IPv4. and EAP-Transport Layer Security (EAP-TLS). Resource Reservation Protocol (RSVP). per-session mutual authentication with a variety of extensible authentication protocol (EAP) types including Cisco LEAP. RIPv1.4(11)XW or Higher Releases SP Services K9 Cisco IOS Software default image Cisco IOS Software default Image User Support Routing Protocols Routed Protocols Up to 8 UC users BGP. RIPv2 IPv4. Preshared Key (PSK) Authentication. Committed Access Rate (CAR). IPv6 unicast only (Internetwork Packet Exchange [IPX]. RIPv2 BGP. Committed Access Rate (CAR). Resource Reservation Protocol (RSVP). per-session mutual authentication with a variety of extensible authentication protocol (EAP) types including Cisco LEAP.1X per-user. RIPv2 IPv4. AppleTalk supported with optional Advanced Enterprise Services Feature Set) Weighted Fair Queuing (WFQ).1X local authentication. MAC authentication/filter encryption. Protected Extensible Authentication Protocol (PEAP). IPv6 unicast only (Internetwork Packet Exchange [IPX]. Network-Based Application Recognition Yes Internal No No 100 to 240 VAC 50 to 60 Hz 4 to 2A (100 to 240V) 80W Supported IP Base (security and Advanced IP services (without broadband bundles have image voice services) except Cisco upgrades) 1801 which comes with Cisco IOS IP Broadband Up to 50 users (recommended) Up to 50 users (recommended) BGP. WPA Temporal Key Integrity Protocol (TKIP) with support for per-packet key hashing. EIGRP. AppleTalk supported with optional Advanced Enterprise Services Feature Set) Weighted Fair Queuing (WFQ).

NET 001/92 1990. For specific information. 5 to 95% non condensing. European Union: RTTE Directive 5/99. Class A. Argentina: CTR 21. EN55024(CISPR24). Interfaces comply with FCC Part 68. 8-User SRST license. 225-100-717 Edition 3. AS/NZS 3548. European Directive 99/5/EC. >104ºF (40ºC): 42 dBA Safety UL60950-1.S. For specific country information. IR/PRI-01/02 Issue 1 1998. EN 300-386. class CISPR22 Class A. CS-03. S/INT-2W/02 MAY 2001. approval accepted. EN A. HKTA 2011 Issue 2. Hong Kong: HKTA 2033. Australia: AS/ACIF S002. JATE Technical Requirements.1. VCCI Class A. 4 Analog ports (FXS). South Africa: U. CFR47. EN 61000-6-2. 8 PoE ports. ITU-G. EN 55024. Mexico: U. refer to the data sheet for the specific interface card.992. 1 HWIC slot for WAN Cisco 1861. HKTA 2017 Issue 3 2003. IDA TS ADSL 2. HKTA 2013 Issue 1. China: ITU-G. S/INT-2W/02 MAY 2001. Brazil: 225-540-788. EN41000-4-4.S. Current Emission (only for EN61000-3-3 equipment >75W but <16A). 1997. Israel: U. 1997 Electromagnetic compatibility Generic immunity standard. IEC 61000-43:1995 Immunity to Radio Frequency Electromagnetic Fields. Singapore: IDA TS ADSL1 Issue 1. >80ºF <78º F/25. non operating -4º to 149ºF (-25 to 65ºC) 10.000 ft. IEC 60950-1. refer to the online approvals database. 1997 Telecommunications network equipment EMC requirements.5°C) per 1. AS 3260. CTR 3. 003 Class A. CAN/CSA C22.8°F (31°C) at 6. HKTA 2011 Issue 1. EN61000-3-2 Harmonic 300386. approval accepted.Operating temp Operating humidity 32 to 104°F (0 to 40°C) 10 to 85% noncondensing operating. and 1812 ISDN BRI S/T: TIA-968-A.1.S. 3043. S031. 5 to 95 noncondensing. ITU I. IDA TS PSTN 1 Issue 4. class A. 4 PSTN trunks (FXO). ICESEN 55022. EN61000-3-2. Part 15. 2 BRI trunks (BRI).S. ITU-T K. Canada: CS-03. IEC 61000-4-4:1995 Immunity to Electrical Fast Transients.000 ft (1800m) • 77°F (25°C) at 10. Japan: Technical condition (DoC acceptance in process). IC CS-03 Part VI. non operating -4 to 149ºF (-25 to 65ºC) 10. EN41000-4-5. CTR3. Taiwan: U. IEC 61000-411:1995 Immunity to Voltage Dips. approval accepted. 1 HWIC slot for WAN 1-12 Cisco 1800 Series Integrated Services Routers . IDA TS ISDN 1 Issue 1 1999. Limits and methods of measurement. Subpart B. and relevant Technical Basis for Regulation (TBRs). TBR3.6°C) through <104°F (40°C): 37 dBA • ->104°F (40°C): 42 dBA • IEC 60950-1 • AS/NZS 60950.991. Korea: U. EN55022 Class A. AS/NZS 60950 EMI Immunity • • • Network homologation • • CFR 47 Part 15. ITU-G.000 ft (3000m) • Note: De-rate 34. EN 50082-1. HKTA 2014. 1997 ITE-Immunity characteristics. EN61000-4-2. 1802. EN41000-4-11. S016. EN50082-1.6°C): 34 dBA • ->78°F (25. nonoperating 4 to 149°F (-20 to 65°C) • 104°F (40°C) at sea level • 87. EN50082-1. 60950.TRQ. EN60950-1 UL 60950. EN61000-6-2. IEC 61000-4-6:1996 Immunity to Radio Frequency Induced Conducted Disturbances. S031 Selected Part Numbers and Ordering Information Cisco 1861 C1861-SRST-F/K9 C1861-SRST-B/K9 Cisco 1861. PTC 200.1998 ITE-Immunity characteristics. 5 to 95 percent non condensing. Cisco 1801.2. Limits and methods of measurement.000 feet (3000 meters) @ 77ºF (25ºC) 32º to 104ºF (0º to 40ºC) 10 to 85 percent non condensing operating. 1995. IEC 61000-4-5:1995 Immunity to Power Line Transients (Surges).21 Cisco 1841 Series: USA: TIA-968-A. EN61000-3-3 Voltage Fluctuation and Flicker (only for equipment £16A) Cisco 1861 Series: EN 55024. T1. 104ºF/40ºC 36 dBA. EN61000-4-3. ACA 016 Revision 4 1997.7°F (1. EN41000-4-6.2 No. (3000m) at 77ºF (25ºC) Non operating Temp Operating altitude Noise level Normal operating temperature: <80ºF (27ºC): 34 dBA. IDA TS ISDN 3 Issue 1 1999. S003. CAN/CSA 60950-1. 1998. approval accepted Cisco 1800 Series Fixed-Configuration Routers: Telecom compliance standards depend upon country and interface type.S.431 1993. HKTA 2033.992.6ºC through.1 • CAN/CSA-C22. IDA TS HDSL. approval accepted. 8-User /SRST license. The requirements are covered by the following standards: IEC 61000-4-2:1995 Immunity to Electrostatic Discharges. lass A. CISPR22. 60950-1 • EN 60950-1 • UL 60950-1 32 to 104×F (0 to 40×C) 10 to 85% non condensing operating. class A. EN41000-4-8. IDA TS PSTN 1 Issue 4.6ºC: 34 dBA. Homologation requirements vary by country and interface type. IDA TS PSTN 1 Issue 4. New Zealand: PTC 270/272. and Short Voltage Interruptions Cisco 1800 Series Fixed-Configuration Routers: EN300386.000 ft Normal operating temperature: <78°F (25.2 No. EN 60950-1. JATE Technical Conditions. CTR3. Voltage Variations.6-2001. 1803. India: I_DCA_18_02_Jun_99-199. S/ISN-01/02 Issue 1999 S/ISN-02 1 1998. Part 1 EN 300 386. >78ºF/ (27ºC) through <104ºF (40ºC): 25. 4 Analog ports (FXS). EN 55024 (CISPR 24) Cisco 1841 Series: CISPR24. 8 PoE ports.

2 BRI trunks (BRI). 8-user CME. 1 HWIC slot for WAN Cisco 1861 HWICs Supported in the HWIC Slot T1/E1 WAN Interface Card HWIC-1T1/E1 1-Port T1/E1 with Integrated CSU/DSU HWIC for only 1861 Serial WAN Interface Cards HWIC-1SER 1-Port Serial HWIC for only 1861 HWIC-2SER 2-Port Serial HWIC for only 1861 Wireless WAN Interface Cards HWIC-3G-CDMA-S 3G WWAN HWIC-EVDO Rev A/Rel 0/1xRTT-800/1900MHz HWIC-3G-CDMA-V 3G WWAN HWIC-EVDO Rev A/Rel 0/1xRTT-800/1900MHz HWIC-3G-GSM 3GWWAN HWIC-HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz DSL WAN Interface Cards HWIC-2SHDSL G.Adv.Adv. IP Broadband.Security. 4 Analog ports (FXS).SHDSL Router with 802. Annex B HWIC-ADSL-B/ST Dual-port HWIC with ADSL over POTS and ISDN BRI ports (Supported from Q3CY08) HWIC-ADSLI-B/ST Dual-port HWIC with ADSL over ISDN and ISDN BRI ports (Supported from Q3CY08) Cable WAN Interface Cards HWIC-CABLE-D-2 1-Port DOCSIS 2.11a+g China Compliant and ISDN S/T CISCO1812W-AG-E/K9 Security Router with 802.11a+g Australia/NZ Compliant and Analog B/U CISCO1812W-AG-C/K9 Security Router with 802.shdsl 4-wire Bundle. 1 HWIC slot for WAN C1861-UC-2BRI-K9 Cisco 1861. 1 HWIC slot for WAN C1861-SRST-C-B/K9 Cisco 1861.92 Modem Backup CISCO1812/K9 Dual Ethernet Security Router with ISDN S/T Backup Cisco 1800 Series (Fixed Wireless) Integrated Services Router CISCO1801W-AG-C/K9 ADSL/POTS Router with 802.. HWIC-1ADSL. 8 PoE ports.SHDSL Router with Firewall/IPS and IPSEC CISCO1811/K9 Dual Ethernet Security Router with V. 4 Analog ports (FXS). 4 PSTN trunks (FXO). CUE.shdsl HWIC with IMA support HWIC-1ADSL 1-port ADSLoPOTS HWIC.11a+g FCC Compliant and Security CISCO1803W-AG-E/K9 G. 8-user CME. 32 FL/128 DR CISCO1841-T1 1841 bundle w/WIC-1DSU-T1-V2. 32 MB flash/128 MB DRAM CISCO1841-ADSL2 1841 bundle. 8-User SRST & CUE license. 8 PoE ports. IP Broadband. Annex A HWIC-1ADSLI 1-port ADSLoISDN HWIC. CUE. 32F/128D CISCO1841-ADSL2-B 1841 bundle. Adv. 8 PoE ports.256DR Cisco 1800 Series (modular) Broadband bundles CISCO1841-ADSL 1841 ADSLoPOTS Bdle.32FL/128DR CISCO1841-ADSL-DG 1841 ADSLoPOTS w/dying gasp Bundle.shdsl HWIC with Annex F & G support HWIC-4SHDSL G.IP Svcs. Phone Licenses. Phone Licenses.0 Cable HWIC HWIC-CABLE-E/J-2 1-Port Euro/J-DOCSIS 2.64FL/256DR CISCO1841-T1SEC/K9 1841 Security Bundle w/ WIC-1DSU-T1-V2. 4 Analog ports (FXS).IP Broadband. 8 PoE ports.11a+g Australia/NZ Compliant and Security CISCO1802W-AG-E/K9 ADSL/ISDN Router with 802. IP BB.0 Cable HWIC Cisco 1800 Series (Modular) Integrated Services Routers CISCO1841 Modular Router w/2xFE. includes WIC-1SHDSL-V3. 1 HWIC slot for WAN C1861-UC-4FXO-K9 Cisco 1861. 4 PSTN trunks (FXO).SHDSL Router with 802. IP Broadband.11a+g ETSI Compliant and ISDN S/T Cisco 1800 Series (modular) Security bundles CISCO1841-SEC/K9 1841 Security Bundle. 2 BRI trunks (BRI).IP BB. 4 Analog ports (FXS).11a+g ETSI Compliant and Security CISCO1803W-AG-A/K9 G. 32FL/128DR Cisco 1800 Series (Fixed) Integrated Services Routers CISCO1801 ADSL/POTS router w/IOS IP Broadband CISCO1801/K9 ADSL/POTS Router with Firewall/IPS and IPSEC 3DES CISCO1801-M ADSL over POTS Annex M Router CISCO1801-M/K9 ADSL over POTS Annex M Router CISCO1802 ADSL/POTS router w/IOS IP Broadband CISCO1802/K9 ADSL/ISDN Router with Firewall/IPS and IPSEC 3DES CISCO1803/K9 G.Sec. HWIC-ADSL-B/ST.32F/128D Cisco 1841 WAN Interface Cards WIC-1T 1-Port Serial WAN Interface Card C1861-SRST-C-F/K9 Cisco 1800 Series Integrated Services Routers 1-13 .11a+g China Compliant and Security CISCO1801W-AG-E/K9 ADSL/POTS Router with 802. IP Base. 8-User SRST & CUE license.64FL/256DR CISCO1841-HSEC/K9 1841 Security bundle w/AIM-VPN.64FL.11a+g China Compliant and Analog B/U CISCO1811W-AG-N/K9 Security Router with 802.Chapter 1 Cisco 1861. 2 WAN slots. 32FL/128DR CISCO1841-SHDSL-V3 1841 G.11a+g ETSI Compliant and Security CISCO1801W-AG-N/K9 ADSL/POTS Router with 802.11a+g FCC Compliant and Analog B/U CISCO1811W-AG-C/K9 Security Router with 802. 32FL/128DR CISCO1841-ADSLI 1841 ADSLoISDN Bundle.11a+g ETSI Compliant and Security CISCO1811W-AG-A/K9 Security Router with 802.

2 dBi Cisco 2.WIC-2T 2-Port Serial WAN Interface Card WIC-2A/S 2-Port Async/Sync Serial WAN Interface Card WIC-1AM One-port Analog Modem WAN Interface Card WIC-2AM Two-port Analog Modem WAN Interface Card WIC-1DSU-56K4 1-port 4-WIRE 56/64 KBPS WAN Interface Card WIC-1ADSL 1-port ADSL WAN Interface Card WIC-1ADSL-DG 1-port ADSLoPOTS WIC with Dying Gasp WIC-1ADSL-I-DG 1-port ADSLoISDN Wan Interface Card WIC-1SHDSL-V3 1-Port G. Card .11 A/B/G Access Point High Speed Wan Interface Card for the Americas (FCC config) HWIC-AP-AG-E Cisco 802.2 dBi Cisco Aironet 2.4 GHz Omni-directional ceiling mount AIR-ANTM2050D-R (2.4 Ghz and 6.11 A/B/G Access Point High Speed Wan Interface Card for Europe (ETSI config) HWIC-AP-AG-J Cisco 802.4 Ghz and 5.703 VWIC2-1MFT-T1/E1 1-Port 2nd Gen Multiflex Trunk Voice/WAN Int.703 Cisco 1841 Advanced Integration Modules AIM-VPN/BPII-PLUS DES/3DES/AES VPN Encryption/Compression Cisco 1800 Series Flash Memory Options MEM1800-32CF= 32MB Cisco 1800 Compact Flash spare MEM1800-64CF= 64MB Cisco 1800 Compact Flash Memory spare MEM1800-128CF= 128MB Cisco 1800 Compact Flash Memory spare MEM1800-32U64CF 32 to 64MB Cisco 1800 Compact Flash factory upgrade MEM1800-64U128CF 64 to 128 MB Cisco 1800 Compact Flash factory upgrade MEM1800-32U128CF 32 to 128 MB Cisco 1800 Compact Flash factory upgrade Cisco 1800 Series USB Memory Options MEMUSB-64FT= 64MB USB Flash Token for Cisco 1800/2800/3800 series spare MEMUSB-128FT= 128MB USB Flash Token for Cisco 1800/2800/3800 series spare MEMUSB-256FT= 256MB USB Flash Token for Cisco 1800/2800/3800 series spare 1-14 Cisco 1800 Series Integrated Services Routers .4 GHz Swivel mount dipole AIR-ANT5959 2 dBi Cisco Aironet 2.E1 VWIC-2MFT-E1-DI 2-Port RJ-48 Multiflex Trunk . (46m) ultra-low-loss cable with RP-TNC connector Cisco 1841 Multiflex Voice/WAN Interface Cards VWIC-1MFT-E1 1-Port RJ-48 Multiflex Trunk .T1/E1 VWIC2-1MFT-G703 1-Port 2nd Gen Multiflex Trunk Voice/WAN Int.G.11 B/G Access Point High Speed Wan Interface Card for the Americas (FCC config) HWIC-AP-G-E Cisco 802.E1 VWIC-2MFT-E1 2-Port RJ-48 Multiflex Trunk .G. EIA-232 HWIC-8A 8-Port Async HWIC Cisco 1841 Wireless HWICs and Accessories HWIC-AP-G-A Cisco 802. (6m) low-loss cable with RP-TNC connectors AIR-CAB050LL-R 50-ft. Card .T1 VWIC-2MFT-T1-DI 2-Port RJ-48 Multiflex Trunk .T1 VWIC-2MFT-T1 2-Port RJ-48 Multiflex Trunk .SHDSL WIC with 2.G.0 dBi 5 GHz) Dual band Diversity Ceiling-mount omnidirectional antenna AIR-CAB020LL-R 20-ft.11 A/B/G Access Point High Speed Wan Interface Card for Japan (TELEC config) AIR-ANT4941 2.11 B/G Access Point High Speed Wan Interface Card for Europe (ETSI config) HWIC-AP-G-J Cisco 802. Card .703 VWIC-2MFT-G703 2-Port RJ-48 Multiflex Trunk .G.0 dBi 5 GHz) Dual band Wall-mount patch antenna AIR-ANTM4050V-R (4. Card .and 4-wire support WIC-1B-S/T-V3 1-Port ISDN WAN Interface Card (dial and leased line) WIC-1B-U-V2 1-Port ISDN BRI NT-1 WIC WIC-BLANK-PANEL= Blank WAN Interface Card Panel WIC-1DSU-T1-V2 Updated 1-Port T1/Fractional T1 DSU/CSU WAN Interface Card Cisco 1841 High Speed WAN Interface Cards HWIC-1ADSL 1-port ADSLoPOTS HWIC HWIC-1ADSLI 1-port ADSLoISDN HWIC HWIC-ADSL-B/ST 2-port HWIC w/ 1-port ADSLoPOTS and 1-port ISDN BRI-S/T HWIC-ADSLI-B/ST 2-port HWIC w/ 1-port ADSLoISDN and 1-port ISDN BRI-S/T HWIC-4ESW 4-port 10/100 Ethernet switch interface card HWIC-4A/S 4-Port Async/Sync Serial HWIC HWIC-8A/S-232 8-Port Async/Sync Serial HWIC.11 B/G Access Point High Speed Wan Interface Card for Japan (TELEC config) HWIC-AP-AG-A Cisco 802.T1/E1 VWIC2-2MFT-T1/E1 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int.703 VWIC2-2MFT-G703 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int.2dBi Cisco Aironet 2.E1 With Drop and Insert VWIC-1MFT-T1 1-Port RJ-48 Multiflex Trunk .0 dBi 5 GHz) Dual band Swivel mount dipole antenna AIR-ANTM5560P-R (5.4 Ghz and 5. (15m) low-loss cable with RP-TNC connectors AIR-CAB100ULL-R 100 ft.T1 With Drop and Insert VWIC-1MFT-G703 1-Port RJ-48 Multiflex Trunk .5 dBi Cisco 2.4 GHz Diversity omni-directional ceiling mount patch AIR-ANT1728 5. (30m) ultra-low-loss cable with RP-TNC connectors AIR-CAB150ULL-R 150-ft.0 dBi Cisco 2.

E1.2dBi/2.Chapter 1 Cisco 1800 Series DRAM Memory Options MEM1841-64D= 64MB SODIMM DRAM for Cisco 1841 spare MEM1841-128D= 128MB SODIMM DRAM for the Cisco 1841 spare MEM1841-256D= 256MB SODIMM DRAM for the Cisco 1841 spare MEM1841-128U192D 128 to 192MB SODIMM DRAM factory upgrade for the Cisco 1841 MEM1841-128U256D 128 to 256MB SODIMM DRAM factory upgrade for the Cisco 1841 MEM1841-128U384D 128 to 384MB SODIMM DRAM factory upgrade for the Cisco 1841 MEM1841-256U384D 256 to 384MB SODIMM DRAM factory upgrade for the Cisco 1841 Cisco 1800 Series Spares and Accessories PWR-184X-AC= Cisco 184X AC standard power supply spare ACS-184X= Accessory Kit for Cisco 184X spare ACS-1841-RM-19= Rackmount kit for 1841 spare SW-CONFIG-1800-001 Configuration of software via CCO for 1800 series CX-CUSTOM-BUILD Please complete this P.0dBi/5GHz DualBand Dipole Antenna spare AIR-ANTM4050V-R= 4.0 dBi/5GHz Dual Band Wall Mount Antenna spare For More Information For more information about the Cisco 1800 Series Integrated Services Routers. the Cisco 2800 Series features the ability to deliver multiple.11 a/g Antennae Options-Spares AIR-ANTM2050D-R= 2.5. increased security and voice performance. and xDSL connections. via CX Tool Cisco 1800 Series (modular) Software CD Feature Packs CD18-AISK9= CISCO 1841 ADVANCED IP SERVICES Feature Pack spare CD18-ASK9= CISCO 1841 ADVANCED SECURITY Feature Pack spare CD18-AESK9= CISCO 1841 ADVANCED ENTERPRISE SERVICES Feature Pack spare CD18-BB= CISCO 1841 IP Broadband Feature Pack spare CD18-EB= CISCO 1841 ENTERPRISE BASE Feature Pack spare CD18-ESK9= CISCO 1841 ENTERPRISE SERVICES Feature Pack spare CD18-IPB= CISCO 1841 IP BASE Feature Pack spare CD18-SPSK9= CISCO 1841 SP SERVICES Feature Pack spare 184-SW-SPARECD Cisco 184X Series Software Spare CD Cisco 1800 Series IOS Upgrade Licenses FL18-AISK9-AESK9= Cisco 1841 Adv IP Ser to Adv Ent Ser Upgrade SW feature lic spare FL18-ASK9-AISK9= Cisco 1841 Adv Sec to Adv IP Ser Upgrade SW feature lic spare FL18-EB-ESK9= Cisco 1841 Ent Base to Ent Ser Upgrade SW feature lic spare FL18-ESK9-AESK9= Cisco 1841 Ent Ser to Adv Ent Ser Upgrade SW feature lic spare FL18-SPSK9-AISK9= Cisco 1841 SP Ser to Adv IP Ser Upgrade SW feature lic spare FL18-SPSK9-ESK9= Cisco 1841 SP Ser to Ent Ser Upgrade SW feature lic spare FL18-IPB-ASK9= Cisco 1800 IP BASE to Adv Sec Upgrade SW feature lic spare FL18-IPB-EB= Cisco 1800 IP BASE to Ent Base Upgrade SW feature lic spare FL18-CB= Corvil Bandwidth Feature License for 1800 Series spare Cisco 1800 (Fixed) Series DRAM Memory Options MEM180X-128U256D 128 to 256MB SODIMM DRAM factory upgrade for the Cisco 180X MEM181X-128U256D 128 to 256MB SODIMM DRAM factory upgrade for the Cisco 181X MEM180X-128D= 128MB SODIMM DRAM for the Cisco 1841 spare MEM181X-128D= 128MB SODIMM DRAM for the Cisco 181X spare Cisco 1800 (Fixed) Series PoE Options POE-180X= 802. and Cisco 2851 Integrated Services Routers). Cisco 2800 Series Integrated Services Routers The Cisco 2800 Series Integrated Services Routers offer performance improvements.com/go/ISR. 80W Power Supply and Cable spare Cisco 1800 (Fixed) Series Rack Mount Kit ACS-1800-RM-19= 19 inch Rack Mount Kit for Cisco 180X / 181X spare Cisco 1800 (fixed & mod)-802.5 dBi/2.6. simultaneous services at wire speed at up to multiple T1.5. highquality.O. Cisco 2821.4Ghz.cisco.0dBi/2. and increased slot performance and density. visit: http://www. Cisco 2800 Series Integrated Services Routers 1-15 .4Ghz.0 dBi/5GHz Dual Band Ceiling Mount Antenna spare AIR-ANTM5560P-R= 5. 80W Power Supply and Cable spare POE-181X= 802. Cisco 2811. Comprising four platforms (the Cisco 2801.3af PoE Module. These routers maintain support for most existing interface cards and modules available for the Cisco 1700 and 2600 Series Routers.4Ghz.3af PoE Module. wireless support new embedded service options.

and adapt to threats by allowing network access only to compliant and trusted endpoint devices.11 a/b/g standalone access-point high-speed WAN interface cards (HWICs) • Wireless LAN controller modules (components of the Cisco Unified Wireless Network) • Integrated Layer 2 switching capability in densities from 4 to 48 ports and the ability to use Cisco StackWise connectivity Key Features • Cisco 2800 Integrated Services Routers offer a modular architecture. security. • IP telephony solutions facilitate an all-in-one voice-over-IP (VoIP) solution with Cisco Unified Communications Manager Express. NME 1 slot. 2 slots support HWIC. Specifications Feature Fixed USB 1. threat defense. or robust digital-signal-processor (DSP) support. NME. or VWIC type modules 4 slots. • Digital-signal-processor (DSP) modules deliver support for analog and digital voice. a wide variety of LAN and WAN options are available. Several types of slots are available to add connectivity and services in the future on an “integrate-as-you-grow” basis. secure connectivity.1 ports Onboard LAN ports Onboard AIM (internal) slot Interface card slots Cisco 2801 1 2 . VIC. dual advanced-integration-module (AIM) slots. including local conferencing and transcoding • Wireless support through integrated IEEE 802. • The routers provide real-time clock support. • The routers support an optional dedicated security AIM. Triple DES (3DES). telephony interfaces. WIC. flexible telephony interfaces.10/100/1000 Same As Cisco 2801 Cisco 2851 Same As Cisco 2811 Same As Cisco 2821 Same As Cisco 2801 4 slots. seeks to dramatically improve the ability of networks to identify. or VWIC type modules 1 slot supports WIC. and endpoint protection and control • Secure integrated call processing. or VWIC type modules 1 slot supports VIC or VWIC type modules Network-module slot No 1 slot.10/100 2 Cisco 2811 2 Same As Cisco 2811 Same As Cisco 2801 Cisco 2821 Same As Cisco 2811 2 . WIC. • The routers offer an optional integrated power supply for distribution of Power over Ethernet (PoE). VIC. each slot can support HWIC. which when combined with an optional Cisco IOS Software upgrade facilitate WAN link security and VPN services.Yes Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 based encryption 1-16 Cisco 2800 Series Integrated Services Routers . • Cisco Network Admission Control (NAC). a Cisco Self-Defending Network initiative. and advanced services up to multiple T1. voice. and Cisco Unity Express for voicemail and Automated-Attendant functions.Ideal for Companies that Need These Features • Performance and densities for concurrent data. including wireless LAN (WLAN) access points. and Advanced Encryption Standard (AES) and onboard slots for PVDMs all include high-speed Ethernet interfaces. redundancy for centralized call processing. VIC. • Onboard hardware-based encryption for Digital Encryption Standard (DES). • Easy VPN eases administration and management of point-to-point VPNs by pushing new security policies from a single headend to remote sites. transcoding. and secure Real-Time Transport Protocol (RTP) applications. E1. Network interfaces can be upgraded in the field to accommodate future technologies. supports NM and 1 slot. and packet-voice-DSP-module (PVDM) slots on the motherboard. prevent. and xDSL connections • VPN connections (or plan to migrate to them over time) • Integrated security services that enable network device protection. • The routers offer high-speed WAN interface card (HWIC) slots with enhanced functions. supports NM. supports NM. • Integrated dual Fast Ethernet or Gigabit Ethernet ports provide two 10/100 Ethernet ports on the Cisco 2801 and 2811 models and two 10/100/1000 Ethernet ports on the Cisco 2821 and 2851 models. • The routers provide embedded hardware cryptography accelerators. NME-X. and NME-XD NME type modules and NME-X type type modules modules Extension Voice 0 Same As Cisco 2801 1 Same As Cisco 2821 Module Slot PVDM (DSP) slots on 2 Same As Cisco 2801 3 Same As Cisco 2821 motherboard Integrated hardware. conferencing. voicemail.

2A (230V) Same As Cisco 2801 240W 8A (110V). Selected Part Numbers and Ordering Information Cisco 2800 Series Router CISCO2801 Integrated services router with AC power. EN55024/CISPR24. AS/NZS 3548 Class A. (0 to 40ºC) Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Operating humidity 10 to 85% non 5 to 95%.) DC input current Power dissipation— AC without PoE support Power dissipation— AC with PoE-IP phones Power dissipation— DC Redundant Power Support (RPS) 150W (511 BTU/hr.5 x 17.25 x 16.5 dBA (@ maximum 57 dBA (@ maximum fan speed) fan speed) Safety UL 60950.6 mm.2 x 416. (11.72 x 17.) Same As Cisco 2821 Same As Cisco 2821 180W (612 BTU/hr.4 kg) Same As Cisco 2821 47 dBA for normal 44 dBA for normal operating temperature (<90ûF/ Noise level (min/max) 39 dBA for normal operating temperature operating temperature 32. options No Yes 100 to 240 VAC Same As Cisco 2801 47-63 Hz Same As Cisco 2801 2A (110V).7 x 445 x 419 mm. connector Same As Cisco 2811 Same As Cisco 2811 for RPS provided by default Recommended RPS No RPS option Cisco RPS-675 Same As Cisco 2811 Same As Cisco 2811 unit Redundant Power System Operating temp 32 to 104ºF.2 kg) 14 lb. See the datasheet for the specific interface card.) (88.7 lb.4 in. IEC 60950. 1.5 x 16. autorunning positive or negative 8A (24V) 3A (60V) Startup current 5A<10 ms 170W (580 BTU/hr. European Directive 99/5/EC and relevant TBRs. Interfaces comply with FCC Part 68. JATE Technical Conditions. 1A (230V) Same As Cisco 2801 50A maximum. one cycle (–48V power included) No DC Power Option available No DC Power Option available Same As Cisco 2801 Same As Cisco 2801 24 to 60 VDC. VCCI Class A EN 300386.2 x 416.5 in.) 160W (546 BTU/hr.5 x 438.6 mm. 3. 19-inch Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2811 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 3A (110V). CAN/CSA C22. and Cisco IOS IP Base Software Cisco 2800 Series Integrated Services Routers 1-17 . requires AC-IP system power supply 1 1 12.2ûC) 53 dBA (@ maximum fan speed) 53.2ûC) (<90ûF/32.) 300W (1024 BTU/hr. EN 60950-1. (6.2 kbps) Minimum Cisco IOS Software release Rack mounting Wall mounting AC input voltage AC input frequency AC input current AC input surge current AC-IP max in-line power distribution AC-IP input current AC-IP input surge current DC input voltage Yes. EN50082-1. 19. Same As Cisco 2821 (H x W x D) (43. 2 PVDM slots. AS/NZS 60950 Immunity EN300386. (6.2ûC) (<90ûF/32. 2FE.) 12A (24V) 5A (60V) Startup current 50A<10 ms 280W (955 BTU/hr. CISPR22 Class A.25 x 16. EN61000-3-3.) (44.75 x 17.) 240W (819 BTU/hr.Chapter 1 Optional PoE Console port (up to 115.9 x 438. 2 AIMs. ICES-003 Class A.2 kbps) Auxiliary port (up to 115. one cycle Same As Cisco 2801 (-48V power included) 120W 160W 4A (110V). EN55022 Class A.3(8)T4 Yes.2 No. 4A (230V) Same As Cisco 2801 Same As Cisco 2811 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2811 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2801 Same As Cisco 2821 Same As Cisco 2801 360W Same As Cisco 2821 Same As Cisco 2801 Same As Cisco 2811 Yes.) Rack height 1 rack unit (1RU) 1 rack unit (1RU) 2RU Same As Cisco 2821 Weight (configured) 13.) Same As Cisco 2821 External only. CS-03. 2A (230V) 50A maximum. EN61000-6-2 EMC FCC Part 15. 4 Interface Card Slots. 60950. EN61000-3-2 TELCOM Telecom compliance standards depend upon country and interface type.and 23-in.4 in.4 kg) 25 lb.) Same As Cisco 2821 Not applicable No 180W (614 BTU/hr. non Same As Cisco 2811 Same As Cisco 2811 condensing condensing Non operating temp N/A –4 to 149ûF (–20 to Same As Cisco 2811 Same As Cisco 2811 65ûC) Dimensions 1.

FL-CCME-48. 3 PVDM slots. 1 EVM. and Cisco IOS IP Base Software CISCO2851 Dual Gigabit Ethernet integrated services router with AC power.64F/256D CISCO2821-V3PN/K9 2821 V3PN bdle w/AIM-VPN.64F/256D CISCO2851-CCME/K9 2851 Voice Bundle w/ PVDM2-48. and Cisco IOS IP Base Software Cisco 2800 Series Security Bundles CISCO2801-SEC/K9 2801 Security Bundle.AdvIPServ.PVDM2-32.FL-SRST-36. 1 NME-X. 1 NMEXD.64F/256D CISCO2821-SEC/K9 2821 Security Bundle.FL-CCME-48.64F/256D CISCO2821-SRST/K9 2821 Voice Bundle w/ PVDM2-32.FL-CCME-24. 2GE.Adv Security. 2 PVDM slots.PVDM2-8.SP Serv.SP Serv.SP Serv. 1 EVM.Adv.64F/256D C2821-BIAB-24/K9 CISCO2821-AC-IP. and Cisco IOS IP Base Software CISCO2811 Integrated services router with AC power. 1 EVM.Adv IP Serv.FL-SRST-48.64F/256D C2801-VSEC-SRST/K9 2801 VSEC Bundle w/PVDM2-8. 1 NME-X.64F/256D CISCO2851-HSEC/K9 2851 Bundle w/AIM-VPN/SSL-2. 2FE. 1 NME-XD.Adv IP Serv. and Cisco IOS IP Base Software CISCO2821 Integrated services router with AC power.64F/256D Cisco 2800 Series Secure Voice Bundles C2801-VSEC-CCME/K9 2801 VSEC Bundle w/PVDM2-8. 2 AIMs.24-port switch.Adv IP Serv. 2 PVDM slots. 4 HWICs.64F/256D CISCO2821-HSEC/K9 2821 Bundle w/AIM-VPN/SSL-2. 2FE.PVDM2-48.64F/256D CISCO2811-HSEC/K9 2811 Bundle w/AIM-VPN/SSL-2.Adv IP Serv.Adv.Adv IP Serv. 2 AIMs.PVDM2-32. 4 HWICs.64F/256D CISCO2851-V3PN/K9 2851 V3PN bdle w/AIM-VPN. 3 PVDM slots.Adv IPServ. 3 PVDM slots.64F/256D C2851-VSEC-SRST/K9 2851 VSEC Bundle w/PVDM2-48.Adv Security.64F/256D CISCO2811-SRST/K9 2811 Voice Bundle w/ PVDM2-16. 2 AIMs. and Cisco IOS IP Base Software CISCO2821-AC-IP Integrated services router with AC power including inline power distribution capability.64F/256D CISCO2851-SRST/K9 2851 Voice Bundle w/ PVDM2-48.Adv IP Serv. 3 PVDM slots.SP Serv.Integrated services router with AC power including Inline power distribution capability. 4 HWICs. 2GE.64F/256D C2821-VSEC-CCME/K9 2821 VSEC Bundle w/PVDM2-32. 2 AIMs.PVDM2-8.FL-CCME-24.64F/256D CISCO2821-CCME/K9 2821 Voice Bundle w/ PVDM2-32.FL-SRST-24. 2 PVDM slots. 2 PVDM slots.FL-SRST-24. and Cisco IOS IP Base Software CISCO2811-DC Integrated services router with DC power.AdvIPServ. 1 NME-X. 2 AIMs.PVDM2-32. 2 AIMs.64F/256D C2811-VSEC-CCME/K9 2811 VSEC Bundle w/PVDM2-16. 1 EVM.Adv Security.64F/256D CISCO2801-HSEC/K9 2801 Bundle w/AIM-VPN/SSL-2. 2 AIMs.Adv.FL-SRST-96. 1 NME.SP Serv.Adv IP Serv.AdvIPServ.64F/256D CISCO2811-V3PN/K9 2811 V3PN bdle w/AIM-VPN.64F/256D C2851-VSEC/K9 2851 Voice Security Bundle.64F/256D CISCO2811-SEC/K9 2811 Security Bundle.FL-CCME-36. SP Serv.PVDM2-16.PVDM2-16. 2 AIMs.10 SSL lic.PVDM2-48.Adv IP Serv.64F/256D Cisco 2800 Series Voice Bundles CISCO2801-V/K9 2801 Voice Bundle.Adv.64F/256D C2851-VSEC-CCME/K9 2851 VSEC Bundle w/PVDM2-48. 1 NME. 4 HWICs. and Cisco IOS IP Base Software CISCO2821-DC Integrated services router with DC power. IP Serv.Adv IP Serv.CCME-72. 4 HWICs. 2GE. 2FE.SP Serv.FL-SRST-96.64F/256D C2811-VSEC-SRST/K9 2811 VSEC Bundle w/PVDM2-16. 1 NME-XD.10 SSL lic.Adv IP Serv.SP Serv. 4 HWICs. IP Serv.AIM-VPN. and Cisco IOS IP Base Software CISCO2851-AC-IP Integrated services router with AC power including inline power distribution capability.SP Serv. 2GE. IP Serv. 4 HWICs.SP Serv.FL-SRST-36.Adv IP Serv. 4 HWICs.PVDM2-16. 4 Interface Card Slots. 2FE.10 SSL lic.64F/256D C2821-VSEC/K9 2821 Voice Security Bundle. 2 AIMs.64F/256D C2821-VSEC-SRST/K9 2821 VSEC Bundle w/PVDM2-32.64F/256D C2811-VSEC/K9 2811 Voice Security Bundle.PVDM2-8.SP Serv.64F/256D CISCO2811-CCME/K9 2811 Voice Bundle w/ PVDM2-16.10 SSL lic.AISK9 Cisco 28512800 WAN Optimization Bundles CISCO2821-AA/K9 Cisco 2821 Basic Wan Optimization Bundle CISCO2821-SAA/K9 Cisco 2821 Secure Wan Optimization Bundle CISCO2851-AA/K9 Cisco 2851 Basic Wan Optimization Bundle CISCO2851-SAA/K9 Cisco 2851 Secure Wan Optimization Bundle Ethernet Switching Network Modules CISCO2801-AC-IP 1-18 Cisco 2800 Series Integrated Services Routers . 1 EVM.64F/256D CISCO2801-SRST/K9 2801 Voice Bundle w/ PVDM2-8.AIM-CUE. and Cisco IOS IP Base Software CISCO2811-AC-IP Integrated services router with AC power including Inline power distribution capability. 2 PVDM slots. IP Serv.FL-SRST-48. and Cisco IOS IP Base Software CISCO2851-DC Integrated services router with DC power.64F/256D CISCO2851-SEC/K9 2851 Security Bundle. 2GE.64F/256D CISCO2851-V/K9 2851 Voice Bundle.64F/256D C2801-VSEC/K9 2801 Voice Security Bundle.Adv Security.FL-CCME-96.64F/256D CISCO2811-V/K9 2811 Voice Bundle.Adv IP Serv.CCME-48.CCME-36. 3 PVDM slots.64F/256D CISCO2801-V3PN/K9 2801 V3PN bdl.FL-CCME-24.64F/256D CISCO2801-CCME/K9 2801 Voice Bundle w/ PVDM2-8. 1 NME.PVDM2-32. 2 AIMs. 4 HWICs.SP Serv.64F/256D CISCO2821-V/K9 2821 Voice Bundle.FL-CCME-96. 1 EVM. 2GE.PVDM2-48.FL-CCME-36.

basic performance.IP Base NME-16ES-1G-P EtherSwitch Service Mod 16 10/100T POE + 1 GE.92 Voice Network Modules and Accessories NM-HD-1V 1-slot IP Communications voice and fax network module NM-HD-2V 2-slot IP Communications voice and fax network module NM-HD-2VE 2-slot IP Communications enhanced voice and fax network module NM-HDA-4FXS High-density analog voice and fax network module with 4 FXS slots NM-HDV2 IP Communications high-density voice and fax network module NM-HDV2-1T1/E1 1-port T1/E1 IP Communications high-density voice and fax network module NM-HDV2-2T1/E1 2-port T1/E1 IP Communications high-density voice and fax network module NM-HDV= High-density voice and fax network module (single VIC slot) NM-HDV-1T1-12 1-port 12-channel T1 voice and fax network module NM-HDV-1T1-24 1-port 24-channel T1 voice and fax network module NM-HDV-1T1-24E Single-port 24-enhanced-channel T1 voice and fax network module NM-HDV-2T1-48 2-port 48-channel T1 voice and fax network module NM-HDV-1E1-12 1-port 12-channel E1 voice and fax network module NM-HDV-1E1-30 1-port 30-channel E1 voice and fax network module NM-HDV-1E1-30E 1-port 30-enhanced-channel E1 voice and fax network module NM-HDV-2E1-60 2-port 60-channel E1 voice and fax network module NM-HDV-1J1-30 1-port 30-channel J1 high-density voice network module NM-HDV-1J1-30E 1-port 30-enhanced-channel J1 high-density voice network module NM-HDV-FARM-C36 36-port transcoding and conferencing DSP farm NM-HDV-FARM-C54 54-port transcoding and conferencing DSP farm NM-HDV-FARM-C90 90-port transcoding and conferencing DSP farm Application Network Modules NM-CE-BP-40G-K9 Cisco Content Engine Network Module. basic performance. 40-GB IDE hard disk NM-CE-BP-80G-K9 Cisco Content Engine Network Module. price includes 12-mailbox license NM-NAM Cisco Series Network Analysis Module Network Module NM-AON-K9 Cisco 2600/2800/3700/3800 Series AON Network Module Cisco 2800 Series Integrated Services Routers 1-19 . 80-GB IDE hard disk NM-CIDS-K9 Cisco IDS Network Module NM-CUE Cisco Unity Express Voice-Mail Network Module.IP Base NME-X-23ES-1G EtherSwitch Service Mod 23 10/100T + 1 GE POE. price includes 12-mailbox license NM-CUE-EC Cisco Unity Express Network Module Enhanced Capacity. IP Base NME-X-23ES-1G-P EtherSwitch Service Mod 23 10/100T POE + 1 GE POE.Chapter 1 NME-16ES-1G EtherSwitch Service Mod 16 10/100T + 1 GE. IP Base NM-16ESW 16-port 10/100 Cisco EtherSwitchÆ Network Module NM-16ESW-1GIG 16-port 10/100 Cisco EtherSwitch Network Module with 1 Gigabit Ethernet (1000BASE-T) port NM-16ESW-PWR 16-port 10/100 Cisco EtherSwitch Network Module with in-line power support NM-16ESW-PWR-1GIG 16-port 10/100 Cisco EtherSwitch Network Module with in-line power and Gigabit Ethernet NMD-36ESW 36-port 10/100 Cisco EtherSwitch High-Density Services Module (HDSM) NMD-36ESW-2GIG 36-port 10/100 Cisco EtherSwitch HDSM with 1 Gigabit Ethernet (1000BASE-T) port NMD-36ESW-PWR 36-port 10/100 Cisco EtherSwitch HDSM with in-line power support NMD-36ESW-PWR-2G 36-port 10/100 Cisco EtherSwitch HDSM with in-line power and Gigabit Ethernet NME-XD-24ES-1S-P 24 10/100 w/ POE + 1 SFP + Cisco StackWise interfaces NME-XD-48ES-2S-P 48 10/100 w/ POE + 2 SFP Serial Connectivity Network Modules NM-1T3/E3 1-port clear-channel T3/E3 network module NM-1HSSI 1-port High-Speed Serial Interface (HSSI) network module NM-4A/S 4-port asynchronous/synchronous serial network module NM-8A/S 8-port asynchronous/synchronous serial network module NM-16A/S 16-port asynchronous/synchronous serial network nodule NM-16A 16-port asynchronous serial network module NM-32A 32-port asynchronous serial network module Channelized T1/E1 and ISDN Network Modules NM-1CE1T1-PRI 1-port Channelized E1/T1/ISDN PRI network module NM-2CE1T1-PRI 2-port Channelized E1/T1/ISDN PRI network module NM-4B-S/T 4-port ISDN BRI network module (S/T interface) NM-4B-U 4-port ISDN BRI network module with integrated Network Termination 1 (NT1) (U interface) NM-8B-S/T 8-port ISDN BRI network module (S/T interface) NM-8B-U 8-port ISDN BRI network module with integrated NT1 (U interface) ATM Network Modules NM-1A-T3 1-port DS-3 ATM network module NM-1A-E3 1-port E3 ATM network module Analog Dialup and Remote Access Network Modules NM-8AM-V2 8-port analog modem network module with v.92 NM-16AM-V2 16-port analog modem network module with v.

PoE capable Gigabit Ethernet HWICs HWIC-1GE-SFP GigE High Speed WIC With One SFP Slot Wireless HWICs and Accessories HWIC-AP-G-A Cisco 802.0 dBi 5 GHz) Dual band Diversity Ceiling-mount omnidirectional antenna AIR-CAB020LL-R 20-ft. (30m) ultra-low-loss cable with RP-TNC connectors AIR-CAB150ULL-R 150-ft.4 Ghz and 6.2 dBi Cisco Aironet 2.4 Ghz and 5.4 GHz Omni-directional ceiling mount AIR-ANTM2050D-R (2.11 B/G Access Point High Speed Wan Interface Card for the Americas (FCC config) HWIC-AP-G-E Cisco 802.shdsl WIC (two or four wire) HWIC-CABLE-D-2 1-Port DOCSIS 2.0 dBi 5 GHz) Dual band Wall-mount patch antenna AIR-ANTM4050V-R (4.8 FXS or DID Ethernet Switching HWICs HWIC-4ESW 4-port single-wide 10/100BASE-T Ethernet switch HWIC HWIC-D-9ESW 9-port double-wide 10/100BASE-T Ethernet switch HWIC HWIC-4ESW-POE 4-port Ethernet switch HWIC.11 B/G Access Point High Speed Wan Interface Card for Europe (ETSI config) HWIC-AP-G-J Cisco 802.11 A/B/G Access Point High Speed Wan Interface Card for Europe (ETSI config) HWIC-AP-AG-J Cisco 802. (6m) low-loss cable with RP-TNC connectors AIR-CAB050LL-R 50-ft.2dBi Cisco Aironet 2.11 A/B/G Access Point High Speed Wan Interface Card for the Americas (FCC config) HWIC-AP-AG-E Cisco 802.11 B/G Access Point High Speed Wan Interface Card for Japan (TELEC config) HWIC-AP-AG-A Cisco 802.4 GHz Swivel mount dipole AIR-ANT5959 2 dBi Cisco Aironet 2. (15m) low-loss cable with RP-TNC connectors AIR-CAB100ULL-R 100 ft. PoE capable HWIC-D-9-ESW-POE 9-port Ethernet switch HWIC.2 dBi Cisco 2.4 Ghz and 5.11 A/B/G Access Point High Speed Wan Interface Card for Japan (TELEC config) AIR-ANT4941 2. EIA-232 HWIC-8A 8-Port Async HWIC HWIC-16A 16-Port Async HWIC WIC-1T 1-port high-speed serial WIC WIC-2T 2-port high-speed serial WIC WIC-2A/S 2-port asynchronous/synchronous serial WIC CSU/DSU WICs WIC-1DSU-T1-V2 1-port T1/Fractional-T1 DSU/CSU WIC WIC-1DSU-56K4 1-port 4-wire 56-/64-kbps CSU/DSU WIC ISDN BRI WICs and HWICs WIC-1B-U-V2 1-port ISDN BRI with integrated NT1 (U interface) WIC-1B-S/T-V3 1-port ISDN BRI with S/T interface HWIC-ADSL-B/ST HWIC w/ADSLoPOTS and ISDN BRI ports HWIC-ADSLI-B/ST HWIC w/ADSLoISDN and ISDN BRI ports DSL WICs and HWICs WIC-1ADSL 1-port asymmetric DSL (ADSL) over basic-telephone-service WIC WIC-1ADSL-DG 1-port ADSL over basic telephone service with dying-gasp WIC WIC-1ADSL-I-DG 1-port ADSL over ISDN with dying-gasp WIC HWIC-1ADSL 1-port ADSLoPOTS HWIC HWIC-1ADSLI 1-port ADSLoISDN HWIC HWIC-ADSL-B/ST HWIC w/ADSLoPOTS and ISDN BRI ports HWIC-ADSLI-B/ST HWIC w/ADSLoISDN and ISDN BRI ports WIC-1SHDSL-V3 1-port G.Wireless LAN Controller Modules NM-AIR-WLC6-K9 WLAN Controller Module for up to 6 lightweight access points 28/38xx ISR NME-AIR-WLC8-K9 WLAN Controller Module for up to 8 lightweight access points 28/38xx ISR NME-AIR-WLC12-K9 WLAN Controller Module for up to 12 lightweight access points 28/38xx ISR Circuit Emulation Service over IP (CESoIP) Network Modules NM-CEM-4SER 4-port serial CESoIP network module NM-CEM-4T1E1 4-port T1/E1 CESoIP network module Extension Voice Modules EVM-HD-8FXS/DID High-density voice and fax extension module .4 GHz Diversity omni-directional ceiling mount patch AIR-ANT1728 5.0 dBi 5 GHz) Dual band Swivel mount dipole antenna AIR-ANTM5560P-R (5.0 Cable HWIC Analog Modem WICs WIC-1AM 1-port analog modem WIC WIC-2AM 2-port analog modem WIC WIC-1AM-V2 1-port analog modem WIC WIC-2AM-V2 2-port analog modem WIC 1-20 Cisco 2800 Series Integrated Services Routers .0 dBi Cisco 2. (46m) ultra-low-loss cable with RP-TNC connector Serial WICs and HWICs HWIC-4T 4-Port Serial HWIC HWIC-4A/S 4-Port Async/Sync Serial HWIC HWIC-8A/S-232 8-Port Async/Sync Serial HWIC.5 dBi Cisco 2.

G.T1 with drop and insert VWIC-1MFT-E1 1-port RJ-48 multiflex trunk .703 Multiflex Trunk Voice Cards and WICs VWIC2-1MFT-T1/E1= 1-Port 2nd Gen Multiflex Trunk Voice/WAN Int. The components can also be placed in customized enclosures or existing outdoor infrastructure to connect proprietary network devices with an IP network.T1/E1 spare VWIC2-2MFT-T1/E1= 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int. visit: http://www.com/go/2800.T1/E1 spare VWIC2-1MFT-G703= 1-Port 2nd Gen Multiflex Trunk Voice/WAN Int.E1 with drop and insert VWIC-2MFT-G703 2-port RJ-48 multiflex trunk .ATM with 2 VWIC-2MFT-E1 AIM-COMPR2-V2 Data-compression AIM AIM-CUE Cisco Unity Express Voice-Mail AIM AIM-VPN/EPII-PLUS Enhanced-performance DES. The Cisco 3200 Rugged Router has a flexible.Chapter 1 T1. standards-based Mobile IP delivers transparent roaming across multiple wireless networks capable of covering wide geographic areas.703 spare EC-MFT-32= 32-Channel Multiflex Trunk Dedicated ECAN Module spare EC-MFT-64= 64-Channel Multiflex Trunk Dedicated ECAN Module spare VWIC-1MFT-T1 1-port RJ-48 multiflex trunk . E1.703 spare VWIC2-2MFT-G703= 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int. compact form factor that is ruggedized to withstand harsh environments.BRI (NT and TE) AIMs AIM-ATM High-performance ATM SAR AIM AIM-ATM-1T1= High Performance ATM AIM/T1 Bundle AIM-ATM spare AIM-ATM-1E1= High Performance ATM AIM/E1 Bundle AIM-ATM spare AIM-ATM-4T1= AIM-ATM with 2 VWIC-2MFT-T1 spare AIM-ATM-4E1 AIM. and G.FXO (universal) VIC2-4FXO 4-port VIC .E1 VWIC-2MFT-E1-DI 2-port RJ-48 multiflex trunk . mobility.703 VWIC-2MFT-E1 2-port RJ-48 multiflex trunk .FXS VIC2-2FXO 2-port VIC . and interoperability across multiple wired and wireless networks.E1 VWIC-1MFT-G703 1-port RJ-48 multiflex trunk .T1 VWIC-2MFT-T1 2-port RJ-48 multiflex trunk .E&M VIC2-2BRI-NT/TE 2-port VIC card .G. and video communications in mobile and outdoor embedded networks.G. Card . AES. Card . 3DES. Cisco 3200 Series Rugged Integrated Services Routers The Cisco 3200 Rugged ISR is a rugged router that uses Cisco IOS Software to provide access.703 VICs VIC-2DID 2-port DID voice and fax interface card VIC-1J1 1-port digital VIC (J1) for Japan VIC-4FXS/DID 4-port FXS or DID VIC VIC2-2FXS 2-port VIC .cisco. Card . and compression VPN encryption AIM AIM-VPN/SSL-1 DES/3DES/AES/SSL VPN Encryption/Compression AIM-VPN/SSL-2 DES/3DES/AES/SSL VPN Encryption/Compression AIM-VPN/SSL-3 DES/3DES/AES/SSL VPN Encryption/Compression PVDM Support on Motherboard Slots PVDM2-8 8-channel fax and voice DSP module PVDM2-16 16-channel fax and voice DSP module PVDM2-32 32-channel fax and voice DSP module PVDM2-48 48-channel fax and voice DSP module PVDM2-64 64-channel fax and voice DSP module PVDM2-12DM 12 Port Digital Modem Module PVDM2-24DM 24 Port Digital Modem Module PVDM2-36DM 36 Port Digital Modem Module For More Information For more information about the Cisco 2800 Series Integrated Services Routers.FXO (universal) VIC2-2E/M 2-port VIC . Cisco 3200 Series Rugged Integrated Services Routers 1-21 . It offers highly secure data. For mobile applications. voice.T1 VWIC-2MFT-T1-DI 2-port RJ-48 multiflex trunk . Card .G.

3(11)T No Yes 9-32VDC No AC Power Option available -40ºF to 165ºF. • The router design allows for added functions by stacking Cisco interface or third-party component cards into a hardware configuration.) Depth: 41. • Extended temperature ranges of -40ºF to +185ºF (–40 to +85ºC) are possible. (Temperature ranges for completed solutions depend on hardware configuration variables. heat dissipation.) (for Cisco 3270 fiberoptic model) 1-22 Cisco 3200 Series Rugged Integrated Services Routers . and cellular connectivity.82 in.9.32 cm (7. (-40ºC to 74ºC) (-40ºC to +65º with Fiber option version) 95 percent (± 4 percent) relative humidity -40ºF to 185ºF.) Cisco 3270 2 2 – 10/100 2 – 10/100/1000 on C3271MARC-TP 1 – 10/100/1000 on C3271MARC-FO-TP 1 – C3271MARC-FO-TP LX – Single Mode 1000 SX – Multi-mode 1000 14 Yes 1–RJ45 1 12.99 cm (5. • Multiple LAN and WAN devices can be connected to standard 10/100 Ethernet or serial interfaces. • Intrusion detection monitors potential malicious activity within the network. • IOS Firewall protection provides perimeter security when using public networks.4. • Cisco Unified Communications Manager Express supports up to 24 phones (Cisco 3230 and 3250 models) and 48 phones (Cisco 3270) for IP telephony services. • Triple Digital Encryption Standard (3DES) and Advanced Encryption Standard (AES) encryption provide for highly secure VPNs when transmitting and receiving data over public networks.) Width: 17.4 in.) • The Cisco 3200 Rugged Router meets MIL-STD-810F and Society of Automotive Engineers (SAE) standards. global positioning system (GPS). • Integrated 2. • IEEE 802.10/100 N/A N/A N/A 7 N/A 1–DB9 1 12.89 in.0 ports Onboard Fast Ethernet (FE) ports Onboard Copper Gigabit Ethernet Ports Onboard Fiber Optic ports SFP Enclosure Slots Integrated hardware-based encryption Console port Auxiliary port Minimum Cisco IOS Software release Rack mounting Wall mounting DC input current AC input current Operating temp (Enclosure systems) Operating humidity Non operating temp Dimensions (H x W x D) Cisco 3230 0 1 .) Depth: 20. and low power consumption are critical factors. 4.27 cm (6. shock and vibration.66 cm (16. and moist or dusty environments • Embedded routers for use with third-party custom enclosures • Mobile applications where customers need transparent connectivity across multiple wireless networks Key Features • The hardware architecture of the Cisco 3200 Rugged Router can be embedded in different system designs. • PC/104-Plus architecture allows for the use of off-the-shelf third-party components for use with the Cisco 3230 Rugged Router. establishing a transparent Internet connection regardless of location or movement.27 cm (6. (-40ºC to 74ºC) 95 percent (± 4 percent) relative humidity -40ºF to 185ºF. (-40ºC to 85ºC) Height: 14.89 in. • Mobile IP offers transparent roaming for mobile networks.11a/b/g access points or bridge modes can be integrated with the rugged router. and 5-GHz wireless are configured as a bridge for WAN connectivity or as access points for wireless LAN connectivity. • Third-party cards can give added use to provide various LAN or WAN functions.Ideal for Companies that Need These Features • Rugged routers for outdoors or inside vehicles where deployments require extra ruggedness to withstand high temperature ranges.) Width: 17. including security. Specifications Feature Fixed USB 2. including enclosures and third-party components. • The routers provide flexibility for deployment in many different environments where space. computing.99 cm (5.82 in. (-40ºC to 85ºC) Height: 14.80 in.4(6)XE No Yes 9-32VDC No AC Power Option available -40ºF to 165ºF. • The Cisco 3200 Rugged Router allows for designs in unique environments for mobile or fixed outdoor networks.

S. 2GE & 1WMIC C3270ENC-2W-K9 Cisco 3270 bundle w/enclosure. CISPR22: 1993 [Inc amd 1 & 2].11b/g Wireless Mobile Interface Card for North America C3201WMIC-E-K9= 802. FESMIC. EN50082-1: 1992. Fiber & 2WMIC C3270ENC-3W-FO-K9 Cisco 3270 bundle w/enclosure.S. CISCO3201FESMIC. MRPC.9GHz WMICs for U.11b/g Wireless Mobile Interface Card for Japan C3201WMIC-J10-K9= 802.9GHz WMICs for U. 18. CISCO3201FESMIC C3231TP-1WMIC-K9 Contains C3231MARC-TP. EN61000-3-2: 2000. EN50082-1: 1992.4GHz WMICs (10mW) for Japan C3231-1WMIC-K9 Contains C3231MARC. (1) C3201WMIC-TPxK9 (WMIC is selectable option) C3231TP-2WMIC-K9 Contains C3231MARC-TP. EN61000-3-2: 2000.4GHz WMICs for most of Europe C3230-2WMICJ-K9 3230 bundle with (2) 2. EN61000-3-3: 1995. EN50082-1: 1997.S.4GHz WMICs for Japan C3230ENC-2WJ10-K9 3230 bundle w/ rugged enclosure fully assembled with (2) 2.4GHz WMICs for most of Europe C3230ENC-3WMICE-K9 3230 bundle w/ rugged enclosure fully assembled with (3) 2.Chapter 1 Weight (configured) 14.S.11b/g Wireless Mobile Interface Card for Most of Europe C3201WMIC-J-K9= 802.4GHz WMICs for N. America (WMICs are selectable options) C3230-3WMIC-K9 3230 bundle with (3) WMICs (WMIC are selectable options) C3230-1W-49-K9 3230 bundle with (1) 4.9GHz WMIC for U. 2GE C3270ENC-1W-K9 Cisco 3270 bundle w/enclosure. SMIC.4GHz WMICs & (1) 4. plus C3201WMIC-x-K9 selectable option C3230-K9 3230 bundle with MARC. Resolution 237: 2000 CISPR24: 1997 [+ amd 1: 2001]. Fiber & 1WMIC C3270ENC-2W-FO-K9 Cisco 3270 bundle w/enclosure. America & (1) 4. CISPR22: 1997.11b/g Wireless Mobile Interface Card for Japan (10mW) Cisco 3200 Series Rugged Integrated Services Routers 1-23 . EN55022: 1994 [Inc amd 1 & 2]. C3230-2WMICE-K9 3230 bundle with (2) 2. CISCO3201TFESMIC C3220-1-WMIC-K9 Contains CISCO3220MARC. (2) C3201WMIC-TPxK9 (WMIC is selectable option) Cisco 3200 Spare Cards CISCO3251MARC Cisco 3250 Mobile Access Router Card (used with all C3230 bundles) C3271MARC-TP= Cisco 3270 2GE router w/thermal plates C3271MARC-FO-TP= Cisco 3270 Fiber router w/thermal plates CISCO3201SMIC= Serial Mobile Interface Card CISCO3201FESMIC= Fast Ethernet Switching Mobile Interface Card C3201WMIC-A-K9= 802.9GHz WMIC for US C3230ENC-3W-49-K9 3230 bundle w/ rugged enclosure fully assembled with (3) 4. C3230-3W-49-K9 3230 bundle with (3) 4. Mobile Router card. EN301 489-17: 2000. SMIC. 4-port SMIC. C3201WMIC-E-K9 C3231-K9 Contains C3231MARC. Fiber C3270ENC-1W-FO-K9 Cisco 3270 bundle w/enclosure. C3230ENC-2WMICE-K9 3230 bundle w/ rugged enclosure fully assembled with (2) 2.9GHz WMIC for U. 2GE & 2WMIC C3270ENC-3W-K9 Cisco 3270 bundle w/enclosure.S.6 kg) (enclosure with Cisco 3270 router MARC. EN50082-1: 1997. C3230-2W24-49-K9 3230 bundle with (2) 2. EN300386: 2001.4GHz WMICs for Japan (10mW) C3270ENC-FO-K9 Cisco 3270 bundle w/enclosure.4GHz WMIC for N. EN61000-3-3: 1995. EN300386: 2001. C3230ENC-2W24-49K9 3230 bundle w/ rugged enclosure fully assembled w/ (2) 2. America & (1) 4. EN301 489-1: 2000.4GHz WMICs for most of Europe C3230ENC-2WJ-K9 3230 bundle w/ rugged enclosure fully assembled with (2) 2. Resolution 237: 2000 EMC Immunity Selected Part Numbers and Ordering Information Cisco 3200 Rugged Enclosure Bundles C3230ENC-K9 3230 bundle w/ rugged enclosure fully assembled with no WMICs C3230ENC-1WMIC-K9 3230 bundle w/ rugged enclosure fully assembled with (1) WMIC (WMIC is selectable option) C3230ENC-2WMIC-K9 3230 bundle w/ rugged enclosure fully assembled with (2) WMICs (WMICs are selectable options) C3230ENC-3WMIC-K9 3230 bundle w/ rugged enclosure fully assembled with (3) WMICs (WMICs are selectable options) C3230ENC-1W-49-K9 3230 bundle w/ rugged enclosure fully assembled with (1) 4. and 2 WMICs) 47 CFR Part 15: 2002.441 kg) (includes enclosure.9GHz WMIC for U. C3201MRPC-TP.4GHz WMICs for Japan C3230-2WMICJ10-K9 3230 bundle with (2) 2.5 lbs (6. CISCO3201TFESMIC. C3201FESMIC-TP.9 lb (8. 2GE & 3WMIC Cisco 3200 Card Bundles CISCO3220 Contains CISCO3220MARC. & 4-port FESMIC (no WMICs) C3230-1WMIC-K9 3230 bundle with (1) WMIC (WMIC is selectable option) C3230-2WMIC-K9 3230 bundle with (2) WMICs for N. FESMIC.9GHz WMIC for u. C3230ENC-24-49-K9 3230 bundle w/ rugged enclosure fully assembled with (1) 2.4GHz WMICs for most of Europe C3230-3WMICE-K9 3230 bundle with (3) 2. EN55024: 1998 [+ amd 1: 2001]. and 3 WMICs) Power Card [MRPC]. CISCO3201TSMIC.S. C3201FESMIC-TP.9GHz WMIC for U.4GHz & (1) 4. EN61000-6-1: 2001. EN55022: 1998.S. CISCO3201TSMIC. C3201MRPC-TP. Fiber & 3WMIC C3270ENC-K9 Cisco 3270 bundle w/enclosure. C3230-24-49-K9 3230 bundle with (1) 2.

including real-time applications such as voice over IP (VoIP).11b/g Wireless Mobile Interface Card for Most of Europe C3201WMIC-TPJK9= 802. They support embedded hardware-based VPN acceleration on the motherboard.9GHz Wireless Mobile Interface Card C3205WMIC-A-K9= 5GHz WMIC for N.000mbps Multi-Mode Rugged SFP For More Information For more information about the Cisco 3200 Series Rugged Integrated Services Routers. America C3201LAP-E-K9= 802. • Cisco 3845 Integrated Services Router—Same features as above plus Higher availability and resiliency (such as redundant system and inline power. Cisco 3845 Integrated Services Routers are ideal for medium. Key Features • Cisco IOS Firewall provides stateful.11b/g LWAPP Wireless Mobile Interface Card for N. voice. real-time alerts. Cisco 3825 Integrated Services Routers are ideal for medium.11b/g LWAPP Wireless Mobile Interface Card for N.C3201LAP-A-K9= 802.11b/g Wireless Mobile Interface Card for Japan (10mW) C3201LAP-TPA-K9= 802. America C3201MRPC-TP= Cisco 3200 Series Mobile Router Power Card C3230ASY-KIT= Cisco 3200 Series Rugged Enclosure for Cisco 3230 Series Bundle (requires assembly) GLC-LX-SM-RGD= 1. integrated 10/100 switching.11b/g LWAPP Wireless Mobile Interface Card for EMEA C3202WMIC-PTA49K9= 4. Integrated onboard security acceleration for IP Security (IPSec) for improved IPSec performance and an integral part of Cisco Self-Defending Network.000mbps Single Mode Rugged SFP GLC-SX-MM-RGD= 1.cisco. Architectural enhancements include embedded security processing. adaptive services. business video. and 256 cryptology support. including Data Encryption Standard (DES).to large-sized branch offices and businesses. wireless support. security. per-user authentication and authorization. security.11b/g Wireless Mobile Interface Card for Japan C3201WMIC-TPJ10K9= 802.com/go/3200. and advanced services at wire speed up to onehalf T3/E3 rates.11b/g Wireless Mobile Interface Card for North America C3201WMIC-TPEK9= 802. threat defense. significant platform performance and memory improvements. a transparent firewall. These new routers offer the performance and reliable packet delivery necessary to efficiently deliver mission-critical network capabilities. and secure enterprise communications. which facilitate network device protection. and new high-density interface types. and collaborative communications. providing very high performance and densities for concurrent data. secure connectivity. and (optional) higher- 1-24 Cisco 3800 Series Integrated Services Routers . application-based filtering (context-based access control). America C3201LAP-TPE-K9= 802. and endpoint protection and control. up to 360W Cisco Inline Power. and fieldreplaceable components such as the CPU motherboard and fan assembly). or Power over Ethernet (PoE).11b/g LWAPP Wireless Mobile Interface Card for EMEA C3202WMIC-A49K9= 4. America C3205WMIC-E-K9= 5GHz WMIC for Europe Cisco 3200 Mobile Interface Cards (with Thermal Plates C3251MARC-TP Mobile Access Router Card C3201SMIC-TP= Serial Mobile Interface Card C3201FESMIC-TP= Fast Ethernet Switching Mobile Interface Card C3201WMIC-TPAK9= 802. visit: http://www. and Advanced Encryption Standard (AES) 128. online-insertion-and-removable (OIR) components.to large-sized branch offices and businesses that can support concurrent data. Cisco 3800 Series Integrated Services Routers The Cisco 3800 Series Integrated Services Routers constitute the flagship platform in a portfolio of next-generation routers that integrate advanced technologies. 192. Ideal for Companies that Need These Features • Cisco 3825 Integrated Services Router—Low density (up to 88 ports).9GHz Wireless Mobile Interface Card C3205WMIC-TPEK9= 5GHz Wireless Mobile Interface Card for Europe C3205WMIC-TPEK9= 5GHz Wireless Mobile Interface Card for N. voice. and advanced services with the ability to run at wire speed up to T3/E3. Triple DES (3DES). • The Cisco 3845 Integrated Services Routers offer VPN services. and an IPv6 firewall.

AIM-VPN/EPII-PLUS Yes 64 MB (default) -256 MB (optional) 256 MB (default) .7 in. Standard 802. Onboard universal-serial-bus (USB) 1. AC +POE. Integrated IEEE 802. The motherboard has 4 packet-voice-DSPmodule (PVDM) slots. DC.5 x 17. and PoE Cisco 3800 Series Integrated Services Routers 1-25 . Cisco Survivable Remote Site Telephony (SRST) supports up to 720 phones. 4 HWIC. T1. The routers support up to 1800 tunnels with the VPN module. Selected Part Numbers and Ordering Information Cisco 3800 Series Integrated Services Routers CISCO3825 Cisco 3825 Integrated Services Router with 2 Gigabit Ethernet. The 3800 Series routers support Multiprotocol Label Switching (MPLS) VPNs. the routers support local conferencing and transcoding. Specific provider-edge capabilities include Virtual Route Forwarding (VRF) firewall and VRF IP Security (IPSec).1 x 14. HWIC and Network Modules Up to 14 T1/E1’s Yes. Cisco 3845 4 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 Up to T3 Yes.1024 MB (max) AC. 1 SFP.11 a/b/g standalone access-point high-speed WAN interface cards (HWICs) provide wireless support. with the ability to load and enable selected IPS signatures. Basic Rate Interface (BRI). external redundant AC 3. 1 SFP. internal redundant AC + POE 5. Cisco IOS IP Base software. and AC power CISCO3825-AC-IP Cisco 3825 Integrated Services Router with 2 Gigabit Ethernet. The routers have up to 120 mailboxes using a Cisco Unity Express network module. J1. The routers offer analog voice support for up to 88 foreign-exchange-station (FXS) and 56 foreign-exchangeoffice (FXO) ports and digital voice support for up to 720 calls. Direct Inward Dial (DID). 2 NME. Cisco Communications Manager Express software on these routers supports up to 240 phones. • • • • • • • • • • • • Specifications Feature Network Module Slots Advanced Integration Module (AIM) Slots High speed WAN Interface Card (HWIC) Slots 10/100/1000 GE Ports Small Form Pluggable (SFP) ports Onboard PVDM slots WAN Network Modules ATM AIM Modules Voice/Fax Network Modules WAN Interface Card (WIC) Modules Multiflex Voice/WAN Interface Cards Voice Interface Card (VIC) Modules Modem Modules EtherSwitch Modules Performance with Services VPN/Security Advanced Integration Modules (AIM) Content Engine Network Modules Flash Memory (External) DRAM Memory Power Supply Dimensions (H x W x D) Cisco 3825 2 2 4 2 1 4 Yes Yes Yes Yes Yes Yes Yes Yes. The routers support IP phones through an optional integrated power supply with inline power. More than 1000 IPS signatures are available with the optional high-performance intrusion-detection-system (IDS) network module. Q. Ear & Mouth (E&M). DC. Local URL filtering occurs in Cisco IOS Software based on the external server.3af support derives from 360W of inline power. AC Power. Centralized Automated Message Accounting (CAMA). Wireless LAN (WLAN) controller modules are a component of the Cisco Unified Wireless Network.1 port(s) offer future support for secure token and flash memory.25 x 17. Voice interfaces support FXS. E1.25 x 16 in. Cisco Router and Security Device Manager (SDM) comes standard on all Cisco 3800 Series Integrated Services Routers. Onboard URL filtering with an optional content-engine network module is provided. More than 700 intrusion-prevention-system (IPS) signatures are supported in Cisco IOS Software. and channel associated signaling (CAS). Finally. Primary Rate Interface (PRI). 4 HWIC. AIM-VPN/EPII-PLUS Same As Cisco 3825 Same As Cisco 3825 Same As Cisco 3825 AC.SIG. Cisco Easy VPN (remote and server). and Dynamic Multipoint VPN (DMVPN). 2 NME. Cisco IOS IP Base software. 2 AIM.Chapter 1 performance AIM-based security acceleration with Layer 3 compression. FXO. 2 AIM.

4 HWIC. 128MB Flash/512MB DRAM C3845-VSEC-SRST/K9 Cisco 3845 VSEC Bundle. 1 SFP. 64 MB Flash/256 MB DRAM Cisco 3800 Series WAAS Optimization Bundles CISCO3825-WAE/K9 Cisco 3825. 2 NME. PVDM2-64. NME-WAE-502/K9. FL-SRST (168 users). Cisco IOS IP Base software.IPBase. 4 HWIC. PVDM2-64.Adv IP Services. 2 AIM. PVDM2-64. Adv IP Services. PVDM2-64. 4 NME. and PoE CISCO3845-DC Cisco 3845 Integrated Services Router with 2 Gigabit Ethernet. PVDM2-64.128F/512D Ethernet Switching Network Modules NME-16ES-1G-P= EtherSwitch Service Mod 16 10/100T POE + 1 GE. PVDM2-64. FL-CCME-240. 64MB Flash/256 MB DRAM CISCO3845-HSEC/K9 Cisco 3845 Security Bundle with IOS Advanced IP Services. FL-CCME-168. FL-SRST-240. PVDM2-64. 128MB Flash/512MB DRAM C3825-VSEC-CCME/K9 Cisco 3825 VSEC Bundle. 128MB Flash/512MB DRAM C3825-VSEC/K9 Cisco 3825 Voice Security Bundle. 2 AIM. 4 NME. 1 SFP.Adv IP Services. NME-WAE-502/K9. Cisco IOS IP Base software. FLCCME (168 users). 64 MB Flash/256 MB DRAM CISCO3845-CCME/K9 Cisco 3845 Voice Bundle with IOS SP Services. 64 MB Flash/256 MB DRAM CISCO3825-SRST/K9 Cisco 3825 Voice Bundle with IOS SP Services.Cisco 3825 Integrated Services Router with 2 Gigabit Ethernet. PVDM2-64. PVDM2-64. IP Base NM-16ESW 16-port 10/100 Cisco EtherSwitch Network Module NM-16ESW-1GIG 16-port 10/100 Cisco EtherSwitch Network Module with 1 Gigabit Ethernet (1000BASE-T) port NM-16ESW-PWR 16-port 10/100 Cisco EtherSwitch Network Module with in-line power support NM-16ESW-PWR-1GIG 16-port 10/100 Cisco EtherSwitch Network Module with in-line power and Gigabit Ethernet NMD-36ESW 36-port 10/100 Cisco EtherSwitch High-Density Services Module (HDSM) NMD-36ESW-2GIG 36-port 10/100 Cisco EtherSwitch HDSM with 1 Gigabit Ethernet (1000BASE-T) port NMD-36ESW-PWR 36-port 10/100 Cisco EtherSwitch HDSM with in-line power support NMD-36ESW-PWR-2G 36-port 10/100 Cisco EtherSwitch HDSM with in-line power and Gigabit Ethernet NME-XD-24ES-1S-P 24 10/100 w/ POE + 1 SFP + Cisco StackWise interfaces NME-XD-48ES-2S-P 48 10/100 w/ POE + 2 SFP Serial Connectivity Network Modules NM-1T3/E3 1-port clear-channel T3/E3 network module NM-1HSSI 1-port High-Speed Serial Interface (HSSI) network module NM-4A/S 4-port asynchronous/synchronous serial network module NM-8A/S 8-port asynchronous/synchronous serial network module NM-16A/S 16-port asynchronous/synchronous serial network nodule NM-16A 16-port asynchronous serial network module NM-32A 32-port asynchronous serial network module NM-4T 4-Port Serial Network Module Channelized T1/E1 and ISDN Network Modules NM-1CE1T1-PRI 1-port Channelized E1/T1/ISDN PRI network module NM-2CE1T1-PRI 2-port Channelized E1/T1/ISDN PRI network module NM-8CE1T1-PRI 8 port channelized T1/E1 and PRI network module NM-4B-S/T 4-port ISDN BRI network module (S/T interface) CISCO3825-DC 1-26 Cisco 3800 Series Integrated Services Routers . PVDM2-64. AIM-VPN/HPII-PLUS.IP Base NME-X-23ES-1G-P= EtherSwitch Service Mod 23 10/100T POE + 1 GE POE. 64 MB Flash/ 256 MB DRAM CISCO3825-V/K9 Cisco 3825 Voice Bundle with IOS SP Services. PVDM2-64. 128 MB Flash/512 MB DRAM C3845-VSEC/K9 Cisco 3845 Voice Security Bundle. 128MB Flash/512MB DRAM Cisco 3800 Series Security Bundles CISCO3845-SEC/K9 Cisco 3845 Security Bundle with IOS Advanced Security. 64 MB Flash/256 MB DRAM CISCO3845-SRST/K9 Cisco 3845 Voice Bundle with IOS SP Services. 64 MB Flash/256 MB DRAM CISCO3825-CCME/K9 Cisco 3825 Voice Bundle with IOS SP Services. FL-SRST-168. and AC power CISCO3845-AC-IP Cisco 3845 Integrated Services Router with 2 Gigabit Ethernet. FL-CCME (240 users). 2 AIM. FLCCME (240 users). 2 AIM. 4 HWIC. Cisco IOS IP Base software.WAAS Trans. PVDM2-64. 2 NME. Adv IP Services. 4 HWIC. 64MB Flash/256MB DRAM CISCO3825-HSEC/K9 Cisco 3825 Security Bundle with IOS Advanced IP Services. PVDM2-64. Adv IP Services. 128MB Flash/512MB DRAM C3845-VSEC-CCME/K9 Cisco 3845 VSEC Bundle. 64 MB Flash/256 MB DRAM CISCO3825-V3PN/K9 Cisco 3825 V3PN Bundle with IOS Advanced IP Services.128F/512D CISCO3845-WAE/K9 Cisco 3845. AIM-VPN/EPII Plus. 128MB Flash/512 MB DRAM Cisco 3800 Series Voice Bundles CISCO3845-V/K9 Cisco 3845 Voice Bundle with IOS SP Services. AIM-VPN/EPII-PLUS. PVDM2-64.WAAS Trans. and DC power Cisco 3800 Series Secure Voice Bundles CISCO3845-V3PN/K9 Cisco 3845 V3PN Bundle with IOS Advanced IP Services.IPBase. AIM-VPN/HPII Plus. AC Power. FL-CCME (168 users). 1 SFP. Cisco IOS IP Base software. Adv IP Services. and DC power CISCO3845 Cisco 3845 Integrated Services Router with 2 Gigabit Ethernet. FL-SRST (240 users). 128MB Flash/512 MB DRAM CISCO3825-SEC/K9 Cisco 3825 Security Bundle with IOS Advanced Security.128MB Flash/512MB DRAM C3825-VSEC-SRST/K9 Cisco 3825 VSEC Bundle. 1 SFP.

2GB RAM. Intermediate Reach SFP-OC3-LR1 OC3/STM1 SFP. Long Reach (40km) Analog Dialup and Remote Access Network Modules NM-8AM-V2 8-port analog modem network module with v.92 Digital Modem and Remote Access Network Modules NM-6DM 6 Port Digital Modem Network Module NM-12DM 12 Port Digital Modem Network Module NM-18DM 18 Port Digital Modem Network Module NM-24DM 24 Port Digital Modem Network Module NM-30DM 30 Port Digital Modem Network Module MICA-6MOD= 6 Port Digital Modem Module.1GB RAM. basic performance.Chapter 1 NM-4B-U 4-port ISDN BRI network module with integrated Network Termination 1 (NT1) (U interface) NM-8B-S/T 8-port ISDN BRI network module (S/T interface) NM-8B-U 8-port ISDN BRI network module with integrated NT1 (U interface) ATM Network Modules and Transceiver Modules NM-1A-T3 1-port DS-3 ATM network module NM-1A-E3 1-port E3 ATM network module NM-1A-T3E3 1-Port DS3/E3 ATM Network Module NM-1A-OC3-POM ATM OC3 module with single POM (SFP) slot SFP-OC3-MM OC3/STM1 SFP. 120GB HDD NME-WAE-522/K9 WAAS Network Module For 3800 ISR . 2851 and 3800 NME-UMG Cisco Unified Messaging Gateway NME-VMSS-16 Cisco Video Management and Storage System HP NME16 Ports NME-VMSS-HP16 Cisco Video Management and Storage System NME16 Ports Cisco 3800 Series Integrated Services Routers 1-27 . 3800 ISR . Single-mode fiber. price includes 12-mailbox license NM-CUE-EC Cisco Unity Express Network Module Enhanced Capacity. 80GB HDD NME-WAE-502/K9 WAAS Network Module For 2800.92 NM-16AM-V2 16-port analog modem network module with v. 3800 ISR NME-VMSS-16 Cisco Video Management and Storage System NME16 Ports NME-IPS-K9 Cisco IPS NM for 2811. 2821. 512MB RAM. Single-mode fiber. 80-GB IDE hard disk NM-CIDS-K9 Cisco IDS Network Module NM-CUE Cisco Unity Express Voice-Mail Network Module. 160GB HDD NME-TPO Network Capacity Expansion NME for Cisco 3800 ISRs NM-CE-BP-40G-K9 Cisco Content Engine Network Module. Spare LAN/WAN Mixed Media Network Modules NM-1FE1R2W 1 10/100 Ethernet 1 4/16 Token-Ring 2 WAN Card Slot NM NM-1FE2W-V2 1 10/100 Ethernet with 2 WAN Card Slot Network Module NM-1FE2W-V2 2 10/100 Ethernet with 2 WAN Card Slot Network Module NM-1GE 1 Port Gigabit Ethernet Network Module Voice Network Modules and Accessories NM-HD-1V 1-slot IP Communications voice and fax network module NM-HD-2V 2-slot IP Communications voice and fax network module NM-HD-2VE 2-slot IP Communications enhanced voice and fax network module NM-HDA-4FXS High-density analog voice and fax network module with 4 FXS slots NM-HDV2 IP Communications high-density voice and fax network module NM-HDV2-1T1/E1 1-port T1/E1 IP Communications high-density voice and fax network module NM-HDV2-2T1/E1 2-port T1/E1 IP Communications high-density voice and fax network module NM-HDV= High-density voice and fax network module (single VIC slot) NM-HDV-1T1-12 1-port 12-channel T1 voice and fax network module NM-HDV-1T1-24 1-port 24-channel T1 voice and fax network module NM-HDV-1T1-24E Single-port 24-enhanced-channel T1 voice and fax network module NM-HDV-2T1-48 2-port 48-channel T1 voice and fax network module NM-HDV-1E1-12 1-port 12-channel E1 voice and fax network module NM-HDV-1E1-30 1-port 30-channel E1 voice and fax network module NM-HDV-1E1-30E 1-port 30-enhanced-channel E1 voice and fax network module NM-HDV-2E1-60 2-port 60-channel E1 voice and fax network module NM-HDV-1J1-30 1-port 30-channel J1 high-density voice network module NM-HDV-1J1-30E 1-port 30-enhanced-channel J1 high-density voice network module NM-HDV-FARM-C36 36-port transcoding and conferencing DSP farm NM-HDV-FARM-C54 54-port transcoding and conferencing DSP farm NM-HDV-FARM-C90 90-port transcoding and conferencing DSP farm Application Network Modules NME-WAE-302/K9 WAAS Network Module for ISR. 40-GB IDE hard disk NM-CE-BP-80G-K9 Cisco Content Engine Network Module. price includes 12-mailbox license NME-NAM-80S Cisco ISR Network Analysis Module Network Module NME-NAC-K9 Cisco NAC Network Module for 2800. Multi-mode fiber SFP-OC3-IR1 OC3/STM1 SFP. basic performance.

(15m) low-loss cable with RP-TNC connectors AIR-CAB100ULL-R 100 ft.4 GHz Swivel mount dipole AIR-ANT5959 2 dBi Cisco Aironet 2.11 A/B/G Access Point High Speed Wan Interface Card for Japan (TELEC config) AIR-ANT4941 2. (6m) low-loss cable with RP-TNC connectors AIR-CAB050LL-R 50-ft.11 A/B/G Access Point High Speed Wan Interface Card for Europe (ETSI config) HWIC-AP-AG-J Cisco 802.5 dBi Cisco 2.11 B/G Access Point High Speed Wan Interface Card for the Americas (FCC config) HWIC-AP-G-E Cisco 802.4 GHz Diversity omni-directional ceiling mount patch AIR-ANT1728 5.4 Ghz and 5.0 dBi 5 GHz) Dual band Wall-mount patch antenna AIR-ANTM4050V-R (4.0 dBi 5 GHz) Dual band Diversity Ceiling-mount omnidirectional antenna AIR-CAB020LL-R 20-ft.11 B/G Access Point High Speed Wan Interface Card for Europe (ETSI config) HWIC-AP-G-J Cisco 802.11 A/B/G Access Point High Speed Wan Interface Card for the Americas (FCC config) HWIC-AP-AG-E Cisco 802. (46m) ultra-low-loss cable with RP-TNC connector Circuit Emulation Service over IP (CESoIP) Network Modules NM-CEM-4SER 4-port serial CESoIP network module NM-CEM-4T1E1 4-port T1/E1 CESoIP network module Extension Voice Modules EVM-HD-8FXS/DID High-density voice and fax extension module . PoE capable Gigabit Ethernet HWICs HWIC-1GE-SFP GigE High Speed WIC With One SFP Slot Serial WICs and HWICs HWIC-4T 4-Port Serial HWIC HWIC-4T1/E1 4 port clear channel T1/E1 HWIC HWIC-1T1/E1 T1/E1 HWIC with integrated CSU/DSU HWIC-1CE1T1-PRI 1 port channelized T1/E1 and PRI HWIC HWIC-2CE1T1-PRI 1 port channelized T1/E1 and PRI HWIC HWIC-CABLE-D-2= 1-Port DOCSIS 2. PoE capable HWIC-D-9-ESW-POE 9-port Ethernet switch HWIC. (30m) ultra-low-loss cable with RP-TNC connectors AIR-CAB150ULL-R 150-ft.0 Cable Modem HWIC HWIC-CABLE-E/J-2 1-Port Euro/J-DOCSIS 2.0 Cable Modem HWIC HWIC-4A/S 4-Port Async/Sync Serial HWIC HWIC-8A/S-232 8-Port Async/Sync Serial HWIC.4 Ghz and 6.NME-VMSS-HP32 Cisco Video Management and Storage System HP NME32 Ports NM-AON-K9 Cisco 2600/2800/3700/3800 Series AON Network Module Wireless LAN Controller Modules NM-AIR-WLC6-K9 WLAN Controller Module for up to 6 lightweight access points 28/38xx ISR NME-AIR-WLC8-K9 WLAN Controller Module for up to 8 lightweight access points 28/38xx ISR NME-AIR-WLC12-K9 WLAN Controller Module for up to 12 lightweight access points 28/38xx ISR Wireless HWICs and Accessories HWIC-3G-CDMA-S 3G WWAN HWIC-EVDO Rev A/Rel 0/1xRTT-800/1900MHz HWIC-CDMA-CDMA-V 3G WWAN HWIC-EVDO Rev A/Rel 0/1xRTT-800/1900MHz HWIC-3G-GSM 3GWWAN HWIC-HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz HWIC-AP-G-A Cisco 802.2 dBi Cisco Aironet 2. EIA-232 HWIC-8A 8-Port Async HWIC HWIC-16A 16-Port Async HWIC WIC-1T 1-port high-speed serial WIC WIC-2T 2-port high-speed serial WIC WIC-2A/S 2-port asynchronous/synchronous serial WIC CSU/DSU WICs WIC-1DSU-T1-V2 1-port T1/Fractional-T1 DSU/CSU WIC WIC-1DSU-56K4 1-port 4-wire 56-/64-kbps CSU/DSU WIC ISDN BRI WICs WIC-1B-U-V2 1-port ISDN BRI with integrated NT1 (U interface) WIC-1B-S/T-V3 1-port ISDN BRI with S/T interface DSL WICs and HWICs WIC-1ADSL 1-port asymmetric DSL (ADSL) over basic-telephone-service WIC HWIC-ADSLI-B/ST 2-port HWIC w/ 1-port ADSLoISDN and 1-port ISDN BRI-S/T 1-28 Cisco 3800 Series Integrated Services Routers .2 dBi Cisco 2.8 FXS or DID Ethernet Switching and Routed Port HWICs HWIC-1FE 1-port 10/100 Routed port HWIC HWIC-2FE 2-port 10/100 Routed port HWIC HWIC-4ESW 4-port single-wide 10/100BASE-T Ethernet switch HWIC HWIC-D-9ESW 9-port double-wide 10/100BASE-T Ethernet switch HWIC HWIC-4ESW-POE 4-port Ethernet switch HWIC.4 GHz Omni-directional ceiling mount AIR-ANTM2050D-R (2.2dBi Cisco Aironet 2.0 dBi Cisco 2.11 B/G Access Point High Speed Wan Interface Card for Japan (TELEC config) HWIC-AP-AG-A Cisco 802.0 dBi 5 GHz) Dual band Swivel mount dipole antenna AIR-ANTM5560P-R (5.4 Ghz and 5.

BRI (NT and TE) AIMs AIM-ATM High-performance ATM SAR AIM AIM-ATM-1T1= High Performance ATM AIM/T1 Bundle AIM-ATM spare AIM-ATM-1E1= High Performance ATM AIM/E1 Bundle AIM-ATM spare AIM-ATM-4T1= AIM-ATM with 2 VWIC-2MFT-T1 spare AIM-ATM-4E1 AIM.FXO (universal) VIC2-4FXO 4-port VIC .shdsl WIC (two or four wire) Analog Modem WICs WIC-1AM 1-port analog modem WIC WIC-2AM 2-port analog modem WIC T1.T1/E1 spare VWIC2-2MFT-T1/E1= 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int. Cisco ASR 1000 Series Aggregated Services Router The Cisco ASR 1000 Series Aggregated Services Routers are the newest addition to the Cisco routing portfolio.Chapter 1 WIC-1ADSL-DG 1-port ADSL over basic telephone service with dying-gasp WIC WIC-1ADSL-I-DG 1-port ADSL over ISDN with dying-gasp WIC HWIC-1ADSL 1-port ADSLoPOTS HWIC HWIC-1ADSLI 1-port ADSLoISDN HWIC WIC-1SHDSL-V3 1-port G.E1 VWIC-2MFT-E1-DI 2-port RJ-48 multiflex trunk .FXS VIC2-2FXO 2-port VIC .T1 VWIC-2MFT-T1 2-port RJ-48 multiflex trunk . visit: http://www.703 VICs VIC-2DID 2-port DID voice and fax interface card VIC-1J1 1-port digital VIC (J1) for Japan VIC-4FXS/DID 4-port FXS or DID VIC VIC2-2FXS 2-port VIC .G.G. and compression VPN encryption AIM PVDM Support on Motherboard Slots PVDM2-8 8-channel fax and voice DSP module PVDM2-16 16-channel fax and voice DSP module PVDM2-32 32-channel fax and voice DSP module PVDM2-48 48-channel fax and voice DSP module PVDM2-64 64-channel fax and voice DSP module For More Information For more information about the Cisco 3800 Series Integrated Services Routers.E1 VWIC-1MFT-G703 1-port RJ-48 multiflex trunk .703 spare EC-MFT-32= 32-Channel Multiflex Trunk Dedicated ECAN Module spare EC-MFT-64= 64-Channel Multiflex Trunk Dedicated ECAN Module spare VWIC-1MFT-T1 1-port RJ-48 multiflex trunk .cisco.703 VWIC-2MFT-E1 2-port RJ-48 multiflex trunk .E1 with drop and insert VWIC-2MFT-G703 2-port RJ-48 multiflex trunk .T1/E1 spare VWIC2-1MFT-G703= 1-Port 2nd Gen Multiflex Trunk Voice/WAN Int.com/go/3800. 2800 and 3800 AIM-TPO-1 Network Capacity Expansion for Cisco 1800/2800/3800 ISRs AIM-TPO-2 Network Capacity Expansion for Cisco 1800/2800/3800 ISRs AIM-VPN/EPII-PLUS Enhanced-performance DES.T1 with drop and insert VWIC-1MFT-E1 1-port RJ-48 multiflex trunk . 3DES.G.703 Multiflex Trunk Voice Cards and WICs VWIC2-1MFT-T1/E1= 1-Port 2nd Gen Multiflex Trunk Voice/WAN Int. Card . Card .703 spare VWIC2-2MFT-G703= 2-Port 2nd Gen Multiflex Trunk Voice/WAN Int. and G. The product family consists of three different versions: the Cisco ASR 1002 Router. E1.ATM with 2 VWIC-2MFT-E1 AIM-COMPR4 Data-compression AIM AIM-CUE Cisco Unity Express Voice-Mail AIM AIM-IPS-K9 Cisco IPS AIM for 1841. Card . the Cisco ASR 1004 Router.FXO (universal) VIC2-2E/M 2-port VIC .E&M VIC2-2BRI-NT/TE 2-port VIC card .T1 VWIC-2MFT-T1-DI 2-port RJ-48 multiflex trunk . Card . AES.G. and the Cisco Cisco ASR 1000 Series Aggregated Services Router 1-29 .

• They offer up to forty-eight 10/100/1000 ports plus 4 Small Form-Factor Pluggable (SFP) ports.and medium-sized businesses (SMBs). and simplified operations in enterprise LAN access.and 48-port configurations with Fast Ethernet.44 Tbps and 840 Mpps when using Cisco Catalyst 6500 Virtual Switching System technology • Multigigabit service modules for integrated security.Chapter 2: LAN Switching CHA PTE R 2 L A N Sw itchi ng LAN Switching Products at a Glance Product MODULAR SWITCHING Cisco Catalyst 4500 Series Switches • Integrated intelligent Layer 2–4 services for secure unified communications. • These switches provide a Cisco TwinGig Converter Module for migrating uplinks from Gigabit Ethernet to 10 Gigabit Ethernet. • The switches offer wire-speed performance.4W IEEE 802. • They offer Fast Ethernet and Gigabit Ethernet connectivity. Fast Ethernet. and Power over Ethernet (PoE) ports • Scalable up to 720 Gbps of switching capacity with packet throughput scalable to 450 Mpps for IPv4 (>200 Mpps for IPv6) in standalone mode. high resiliency. • They offer Gigabit Ethernet and 10-Gigabit Ethernet connectivity. and Web-based network management • Extensive Power over Ethernet (PoE) support. and STP enhancements. • These switches offer field-replaceable and -upgradable power supplies and fan. 1 Gigabit Ethernet. and Gigabit Ethernet connectivity are available. • They offer up to forty-eight 10/100/1000 ports plus two 10-Gigabit Ethernet ports per switch. and up to 30W of PoE per port for future high-power devices • IPv6 in hardware • Up to 388 ports of Fast Ethernet or Gigabit Ethernet and up to thirty-four 10-Gigabit Ethernet ports • High-performance Layer 2–4 switching at speeds up to 320 Gbps and 250 Mpps • Highest port density for 10 Gigabit Ethernet. small. small Layer 3 distribution. security. • The switches provide gigabit-interface-converter (GBIC)-based uplink ports for media flexibility.3af. • Configurations with up to 15. high availability. 2–3 Features Page Cisco Catalyst 6500 Series Switches 2–12 FIXED CONFIGURATION Cisco Catalyst Express 500 and Cisco Catalyst Express 520 Series Switches 2–17 Cisco Catalyst 2950 Series Switches 2–19 Cisco Catalyst 2960 Series Switches 2–22 Cisco Catalyst 3560 Series Switches 2–24 Cisco Catalyst 3560-E Series Switches 2–26 LAN Switching Products at a Glance 2-1 . • Cisco Catalyst 3560-E Series Switches offer Layer 2–4 switching and intelligent services with dynamic IP routing and IPv6. • These LAN Base switches offer intelligent Layer 2+ services for enhanced security. • These switches offer Layer 2–4 switching and intelligent services with dynamic IP routing and IPv6. Power over Ethernet (PoE). • LAN Lite switches offer entry-level Layer 2 features with scalable management. advanced security. 3-. and availability for the network edge. 20W for 802-11n access points. quality of service (QoS). • 8-. and 4-based services: Advanced quality of service (QoS). 24.4 watts (Class 3) of Power over Ethernet (PoE) on all 48 ports are available. network management. and Layer 4–7 switching • Integrated wireless LAN controller supporting up to 300 access points per module for a total of 1500 access points These standalone Layer 2 switches offer: • Fast Ethernet and Gigabit Ethernet connectivity • Up to twenty-four 10/100 ports with optional Power-over-Ethernet (PoE) or twelve 10/ 100/1000 ports • Up to 24 ports of Gigabit Ethernet • GUI-based management and configuration • Cisco Catalyst 2950 Series Switches offer the following Layer 2-. 15. and branch offices • Advanced network control with predictable performance. scales up to 1. granular quality of service (QoS).

4 switching and intelligent services with dynamic IP routing and IPv6 • Up to 40 10/100/1000 ports.shtml. emphasis on 2–36 Series Switches buffering for high throughput and full mesh traffic profiles.” Some parts have restricted access or are not available through distribution channels. and agility through consultative planning. creating network architectures that optimize IT services and enhance your business. For more information about Cisco Advanced Services. Maintain. This chapter provides only a small subset of all parts available via the URL listed under “For More Information.cisco.• These stackable. In addition. visit: http://www. • The switches offer Layer 2–4 switching and intelligent services with dynamic IP routing and IPv6. resilient system of up to nine switches. Enter a product description or SKU or search by product series family. see Chapter 10. • They offer Fast Ethernet and Gigabit Ethernet connectivity. Cisco Catalyst 3750 Series Switches Services to Protect. go to http:// www. • They provide a Cisco TwinGig Converter Module for migrating uplinks from Gigabit Ethernet to 10 Gigabit Ethernet. • The switches offer up to forty-eight 10/100/1000 ports plus two 10-Gigabit Ethernet ports per stackable switch. 2-2 LAN Switching Products at a Glance .com. use the Service Finder tool at http://www. “Services”.cisco. For more information about Cisco Technical Services. Cisco Catalyst 3750-E • These stackable. hot-swappable internal AC or DC power supplies • Hot-swappable fan trays Cisco Catalyst 4900M • Data center top-of-rack optimized switch with 2 half module slots. • The switches offer Layer 2–4 switching and intelligent services with dynamic IP routing and IPv6. fixed-configuration switches with Cisco StackWise Plus technology 2–32 Series Switches and a 64-Gbps interconnect provide a unified.com/en/US/ordering/index. operational maturity.cisco-servicefinder. • These switches are fully backward-compatible with the Cisco Catalyst 3750 Series Switches. • The switches offer field-replaceable and -upgradable power supplies and fan. To find the right technical service for any Cisco product. • The switches offer up to forty-eight 10/100/1000 ports plus 4 SFP ports per stackable switch. resilient system of up to nine switches. They offer: • Layer 2–4 switching and intelligent services with dynamic IP routing • Up to forty-eight 10/100/1000 ports with 4 Small Form-Factor Pluggable (SFP) ports or forty-eight 10/100/1000 ports with two 10-Gigabit Ethernet ports • Dual. solution development. and Optimize Cisco Products Cisco and our global community of partners offer a portfolio of technical services that help you maintain the health and performance of every Cisco product. up to 32 GbE SFP ports (via Twingig converter with 8-port 10 GbE modules) • Dual.cisco. fixed-configuration switches with Cisco StackWise technology and a 2–29 32-Gbps interconnect provide a unified.com/go/techservices. up to 24 ports of 10 GbE.com/go/ts. Cisco and our partners accelerate business transformation. For more information about all services. 2–35 Cisco Catalyst 4948 • The Cisco Catalyst 4948 Series Switches are data center top-of-rack optimized Series Switches switches with emphasis on buffering for high throughput and full mesh traffic profiles. Offerings range from traditional maintenance to proactive and predictive services. • They offer Gigabit Ethernet and 10-Gigabit Ethernet connectivity. • The integrated wireless LAN (WLAN) controller supports 25 or 50 access points per card and up to 4 cards for a total of 200 access points. visit http://www. hot-swappable internal AC or DC power supplies • Hot-swappable fan trays Product Ordering Website To place an order. very low packet size independent latency • Layer 2 . and full deployment.

advanced security. Wireless (WiSM). Network Analysis (NAM). media flexibility. and branch-office collapsed core. flexibility. Offers high-performance IPv6 in hardware. sophisticated quality of service (QoS). Enhanced FlexWAN X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Cisco Catalyst 4500 Series Switches The Cisco Catalyst 4500 Series is a medium-density modular switch delivering robust intelligent services for unified communications deployments. Voice Gateway (CMM). maximizing return on investment while minimizing recurring operational expenses. it offers the following: Offers highperformance Layer 2. The simple centralized architecture. It builds on Cisco Catalyst 4500 Series architecture offering higher services. distribution. and 4 switching (320-Gbps capacity. Intrusion Detection. The Cisco Catalyst 4500 Series delivers high levels of integrated resiliency in both hardware and software. The Cisco Catalyst 4500 E-Series is a high-performance next-generation extension of the Cisco Catalyst 4500 Series Switches. Optimized Cisco LAN and MAN Products Port Matrix 2-3 Catalyst 4900M Catalyst 4948 . The Cisco Catalyst 4500 Series Supervisor Engine 6-E is the latest supervisor engine offering an intelligent. predictable performance. up to 30 watts of PoE. IPSec VPN (SSC400) WAN Modules: SIP/SPA. The Cisco Catalyst 4500 Series extends intelligence and operational simplicity to the network edge (wiring closet) for unified communications with intelligent network services. and scalability of the Cisco Catalyst 4500 Series deliver maximum investment protection with backward and forward compatibility across several generations dating back to 1999. and comprehensive management features. Ideal for Companies that Need These Features Supervisors • Cisco Catalyst 4500 Series Supervisor Engine 6-E—Designed for high-density enterprise wiring closets. Anomaly Detection and Guard. features. Application Control Engine (ACE). minimizing costly downtime for both planned and unplanned network outages and helping maximize workforce productivity.Chapter 2 Cisco LAN and MAN Products Port Matrix Modular Switches Cisco Catalyst 4500 Cisco Catalyst 6500 Fixed Switches Cisco Catalyst 3560-E Cisco Catalyst 3750-E Cisco Catalyst 2950 Cisco Catalyst 2960 Cisco Catalyst 3560 Cisco Catalyst 3750 Cisco Catalyst Express 500/520 Fixed Ports Only Fixed and Modular Ports Modular Ports Only 100BASE-FX Switched 10/100 Autosensing Switched 10/100/1000BaseT Gigabit Ethernet 10 Gigabit Ethernet Integrated PoE Integrated Service Modules: Firewall Services. medium-sized core. highest-performance Catalyst 4500 supervisor engine optimized for customers deploying unified communications networks. 3. and performance while continuing to maximize investment protection across the Cisco Catalyst 4500 Series Switches. 250 mpps). Enables 24 Gbps per slot when deployed in the Cisco Catalyst 4500 E-Series chassis.

high availability (ISSU) through redundant supervisor engines (when these features are crucial to customer success). 10/100/ 1000BASE-T (with or without PoE). Support for both classic and ESeries line cards. it offers the following: Supports high-performance Layer 2. 10/100/ 1000BASE-T (with or without PoE). Support for both classic and E-Series line cards. and 4503 model chassis Cisco Catalyst 4500 Series Supervisor Engine II-Plus-TS—Designed for low-density. 10/100 (RJ-21 with or without PoE). Offers compatibility with future versions with two 10-Gigabit Ethernet and four Gigabit Ethernet uplinks. 102-Mpps. Port density up to two hundred forty-four 10/100 (RJ-45 with or without PoE). Supports classic and E-Series chassis. 10/100 (RJ-21 with or without PoE).and 10-slot redundant supervisor chassis support numerous connectivity and service configurations with 24-GB per-slot capacity. 100BASE-LX-10. 210-Mpps. Supports all Cisco Catalyst 4500 chassis Cisco Catalyst 4500 Series Supervisor Engine IV—Designed for entry-level Layer 3 enterprise wiring closets and small branch-office collapsed core. power supplies. it offers the following: Supports entry-level Layer 2 switching and services. 4507-R. 3. and 4503 model chassis Cisco Catalyst 4500 Series Supervisor Engine II-Plus—Designed for Layer 2 enterprise wiring closets. Supports Gigabit Ethernet uplinks. 10/100/1000BASET (with or without PoE). 4506. it offers the following: Supports high-performance Layer 2. it offers the following: Supports high-performance Layer 2 switching and services. or thirty-two 10-Gigabit Ethernet ports. and 4 switching. Supports Gigabit Ethernet uplinks. and 4503 model chassis Cisco Catalyst 4500 Series Supervisor Engine II-Plus-10GE—Designed for Layer 2 high-density enterprise wiring closets. Supports Cisco Catalyst 4507R-E. 4503-E. or 24-Gbps per-slot bandwidth when used with the Supervisor Engine 6-E • Cisco Catalyst 4503-E Switch—Port density up to one hundred eight 10/100 (RJ-45 with or without PoE). and 4 switching. 1000BASE-X. 250-Mpps forwarding rate using the Supervisor Engine 6-E. Offers NetFlow option with daughter card. Support for up to 280-Gbps. 1000BASE-X. security. Supports Cisco Catalyst 4507R-E. 10/100 (RJ-21 with or without PoE). Layer 2 small access layer and branch-office deployments. Supports Gigabit Ethernet uplinks. 2-4 Cisco Catalyst 4500 Series Switches . Simultaneously supports classic and E-Series line cards in same chassis. 3. Upgrading all system ports to higher-level functions and features are easy with a simple supervisor-engine upgrade. 100BASE-FX. Supports classic and E-Series chassis. 4506-E. port density. Up to 320-Gbps nonblocking switching fabric. Up to 280-Gbps.and 6-slot single supervisor chassis and 7. • Nonstop communications—Redundant supervisor engines offer In Service Software Upgrade (ISSU) and Nonstop Forwarding/Stateful Switchover (NSF/SSO) with 50-ms failover. Support for both classic and ESeries line cards. 100BASE-BX-D. 3. it offers the following: Supports high-performance Layer 2 switching and services. or 14 10-Gigabit Ethernet ports. Supports all Cisco Catalyst 4500 chassis Cisco Catalyst 4500 Series Supervisor Engine V—Designed for enterprise wiring closets and branch-office collapsed core. Key Features • Investment protection—Evolutionary centralized modular architecture provides maximum backward compatibility across several generations of Cisco Catalyst 4500 Series Switches. 1000BASE-X. 210-Mpps. 4506. and hot-swappable fan trays are designed with redundant fans. 100BASE-BX-D. 100BASE-LX-10. 100BASE-LX-10. or up to 34 10-Gigabit Ethernet ports. 4503-E. Offers compatibility with future versions with two 10-Gigabit Ethernet and four Gigabit Ethernet uplinks. redundant power supplies offer power circuit redundancy. 10/100/1000BASE-T (with or without PoE). Supports integrated NetFlow. and Catalyst 4503-E chassis provides investment protection with common supervisor engines. 100BASE-LX-10. or up to 24-Gbps per-slot bandwidth except the last 3 slots. 100BASE-BX-D. Catalyst 4506-E. and switching line cards. Supports Cisco Catalyst 4503-E and 4503 chassis only Chassis • Cisco Catalyst 4510R-E Switch—High performance. or 24-Gbps per-slot bandwidth when used with the Supervisor Engine 6-E Note: Compatible sparing between Cisco Catalyst 4510R-E. or 24-Gbps per-slot bandwidth when used with the Supervisor Engine 6-E • Cisco Catalyst 4506-E Switch—Port density up to two hundred forty-four 10/100 (RJ-45 with or without PoE). or up to 34 10-Gigabit Ethernet ports. 1000BASE-X. 4507-R. 4503-E. 4506. and 4 switching. 100BASE-FX. Supports twin gigabit converter module. Port density up to three hundred eighty-eight 10/100 (RJ-45 with or without PoE). and IPv6 resource optimization Cisco Catalyst 4500 Supervisor Engine V-10GE—Designed for high-density enterprise wiring closets and branch-office collapsed core. Supports Cisco Catalyst 4507R-E. Up to 136-Gbps. 100BASE-BX-D. Support for both classic and ESeries line cards. 100BASE-FX. Provides twelve 10/100/1000 PoE and 8 Small Form-Factor Pluggable (SFP) ports built onto the supervisor engine. 4506-E. 10/ 100 (RJ-21 with or without PoE). • Flexible options—Modular 3. 4507-R. 4506-E. 100BASE-FX. Supports dynamic QoS.• • • • • • for simultaneous IPv4 and IPv6 deployments or migration. which provide 6 Gbps per slot • Cisco Catalyst 4507R-E Switch—Network resiliency and high availability (ISSU) through redundant supervisor engines (when these features are crucial to customer success). it offers the following: Supports entry-level Layer 2. Catalyst 4507R-E.

(14.200 1.70 cm) WS-C4507R-E 7 Yes 248 with Dual Sup 6Es and 4xTwinGigs 34 240 240 240 11 280 Gbps No Up to 20W of PoE – 37 ports can be enabled @ 20W1 Up to 30W of PoE – 25 ports can be enabled @ 30W 1 Yes Yes WS-C4510R 10 Yes 384 2 384 384 384 14 136 Gbps No Up to 15.200 4.500 240 240 240 44.31 x 12.500 1.25 x 17.50 17.400 + power shelf = 1.500 1. (20.38 x 17.) 40. (18.11n support and up to 30 watts per port for future applications Specifications Classic 4500 Chassis Features Slots Redundant Supervisor Option Gigabit Ethernet GBIC/SFP density 10 GE X2 port density 10/100/1000 density 10/100 density 100BASE-FX.3af support. (61.4W on every port Yes Yes 4.4W on every port Yes Yes WS-C4506 6 No 240 2 240 240 240 10 100 Gbps No Up to 15.50 in (48.12 x 43.70 cm) WS-C4510R-E 10 Yes 392 with Dual Sup 6Es and 4xTwinGigs 34 384 384 384 14 320 Gbps No Up to 20W of PoE – 37 ports can be enabled @ 20W 1 Up to 30W of PoE – 25 ports can be enabled @ 30W1 Yes Yes 4.Chapter 2 • Comprehensive security—These switches support integrated Cisco Network Admission Control (NAC) and 802. Time Domain Reflectometer (TDR).200 1.18 kgs. Cisco IOS Embedded Event Manager (EEM). number of Class 3 devices (15.97 x 31.97 x 31.25 lbs. • High port density—These switches offer up to 384 Fast Ethernet or Gigabit Ethernet ports or thirty-four 10Gigabit Ethernet ports.1x.50 lbs.5 lbs. 20w for 802. access control lists (ACLs).31 x 12. and NetFlow.400 + UPS = 7.4W on every port Yes Yes 4.500 270 364 384 51.400 + UPS = 7.400 + UPS = 7.500 1. NetFlow.4W on every port Yes Yes WS-C4507R 7 Yes 240 2 240 240 240 11 100 Gbps No Up to 15.4w IEEE 802.97 x 31.84 x 43. Cisco Network Assistant.13 x 43.35 x 17. • IP communications—Cisco prestandard. integrated man-in-the-middle and denial-of-service (DoS) attack mitigation.4W) Max.200 1.19 x 17.31 x 12.70 cm) 4500 E-Series Chassis Features Slots Redundant Supervisor Option Gigabit Ethernet GBIC/SFP density 10 GE X2 port density 10/100/1000 density 10/100 density 100BASE-FX.07 kgs) 19. IPSLA. LX-10.500 Max. hardware-based Control Plane Policing (CoPP). • Comprehensive management—These switches support CiscoWorks.31 x 12. Remote Switched Port Analyzer (RSPAN).50 in (44.400 + power shelf = 7.97 x in (31.400 + power shelf = 7. and Secure Shell (SSH) Protocol. BX-D density Rack Unit (RU) Backplane Capacity using Supervisor 6-E Stackable Enhanced Power Over Ethernet (ePoE) Support Power Over Ethernet Plus (PoEP) Support (after software upgrade on premium linecard) 1+1 Power Supply Protection Hot-Swappable Power Supplies Max.500 DC Internal 1. (23.50 in.70 cm) 31.36 kgs) 24.25 lbs. up to 15. power supplies AC Internal 108 240 AC External with power shelf 108 240 DC Internal 108 240 Unit weight (chassis only) 31.74 x 43. watt power consumption AC Internal AC External with power shelf WS-C4503 3 No 104 2 108 108 96 7 64 Gbps No Up to 15.37 kgs) Dimensions (H x W x D) 12.400 + power shelf = 7. BX-D density Rack Unit (RU) Backplane Capacity Stackable Power Over Ethernet (PoE) Support 1+1 Power Supply Protection Hot-Swappable Power Supplies Max.500 7.400 + UPS = 7. LX-10. watt power consumption WS-C4503-E 3 No 104 14 108 96 96 7 136 Gbps No Up to 20W of PoE – 37 ports can be enabled @ 20W1 Up to 30W of PoE – 25 ports can be enabled @ 30W1 Yes Yes WS-C4506-E 6 No 244 32 240 240 240 10 280 Gbps No Up to 20W of PoE – 37 ports can be enabled @ 20W1 Up to 30W of PoE – 25 ports can be enabled @ 30W 1 Yes Yes Cisco Catalyst 4500 Series Switches 2-5 .

19 kgs) 19. 4Q/Port. no ps WS-C4507R-E Catalyst 4500 E-Series 7-Slot Chassis.50 in (48. With a maximum 750W per slot No Yes 256K 55K Unicast.74 x 43.97 x 31. 1 x S2+. power supplies AC Internal 108 240 AC External with power shelf 108 240 DC Internal 108 240 Unit weight (with Fan Tray) 32.500 240 240 240 44.500 Max. (20.97 x in (44. fan.97 x 31. Red Sup Capable WS-C4510R-E Catalyst 4500 E-Series 10-Slot Chassis. shaping.19 x 17. 4507R-E. (18.200 4.200 1. 1 x 1000AC. and 4510RE only 8Q/Port.31 x 12.500 1.70 cm) 4. 48 Mpps Enhanced L2/3/4 Services & Routing Yes 4507R Only 64 MB 64 MB Yes Yes 136 Gbps.4W) Max.70 cm) AC Internal AC External with power shelf Supervisor Engines Features Chassis supported Supervisor 6-E Supervisor V (WS-X45-Sup6-E) 10GE (WS-X4516 -10GE) All All 4. BGP Supervisor Redundancy QoS CPU NetFlow Support yes 320 250 (IPv4) 125 (IPv6) 1300 no 512 MB upgradable to 1 GB 128 MB Yes 320 Gbps. 4Q/Port. congestion avoidance with DBL marking 1300 MHz No yes 136 102 800 included 512 MB yes 96 72 400 option 512 MB 4503-E.31 x 12. 4507R-E. 102 Mpps 96 Gbps.38 x 17.400 + power shelf = 7.400 + power shelf = 7.500 1.500 270 364 384 54.400 + UPS = 7. no ps. 72 Mpps Enhanced L2/3/4 Services & Routing Yes 4507R and 4510R Only Enhanced L2/3/4 Services & Routing Yes 4507R and 4510R Only 4Q/Port.31 x 12. 4507R yes 64 48 333 option 512 MB 64 MB Yes 64 Gbps. (61.400 + UPS = 7. BGP.50 in (31.70 cm) Supervisor V (WS.50 lbs.50 17. 16K Multicast Yes Yes 128K 32K Unicast 16K Multicast Selected Part Numbers and Ordering Information Catalyst 4500 E-Series—Chassis WS-C4503-E Catalyst 4500 E-Series 3-Slot Chassis.12 x 43. 4510R. 16K Multicast 800 MHz Yes (Built-in functionality. number of Class 3 devices (15. Dynamic Tx Queue sizing. fan.400 + power shelf = 1.84 x 43. Red Sup Capable WS-C4503-E-S2+48 Catalyst 4503-E Data Bundle. congestion shaping.13 x 43.400 + UPS = 7.500 7. no ps WS-C4506-E Catalyst 4500 E-Series 6-Slot Chassis. 16K Multicast 400 MHz Yes (Optional Daughter Card) 333 MHz Yes (Optional Daughter Card) Yes Yes 128K 32K Unicast. 4503. 250 Mpps Enhanced L2/3/4 Services & Routing EIGRP. no Daughter Card Required) Yes Yes 128K 32K Unicast. OSPF.) 40. congestion avoidance avoidance avoidance ISL ACLS IP FIB entries MAC Addresses 1.31 x 12.63 kgs. policing.500 DC Internal 1.25 x 17. (14. no ps. IS:IS.97 x 31. fan.50 lbs. policing.50 lbs.500 1. MQC. 4506.400 + power shelf = 7. 1 x WS-X4148-RJ 2-6 Cisco Catalyst 4500 Series Switches .35 x 17. policing.70 cm) 31.400 + UPS = 7. OSPF. congestion shaping.200 1.Supervisor IV X4516) (WS-X4515) All Enhanced Layer 3 option Total bandwidth (Gbps) Packets per second (Mpps) CPU MHz NetFlow Onboard memory (DRAM) On-Board Flash Compact Flash Support Switching Capacity & Throughput Multilayer Switching (E)IGRP.4.200 1.73 kgs) 24. fan.50 in. RIPv1/2 4507R. shaping.37 kgs) Dimensions (H x W x D) 12. policing.25 lbs. 4506-E. (24.

1x S4. Power Shelf (2 slot). 12 10/100/1000 PoE+8 SFP slots WS-X4013+TS= Catalyst 4503 SupII-Plus-TS. Console (RJ-45) WS-X4516= Catalyst 4500 Supervisor V (2 GE). Power Shelf Redundant Power Supply Catalyst 4500 Non-PoE Power Supplies PWR-C45-1400AC Catalyst 4500 1400W AC Power Supply (Data Only) PWR-C45-1400AC/2 Catalyst 4500 1400W AC Power Supply Redundant (Data Only) PWR-C45-1400AC= Catalyst 4500 1400W AC Power Supply (Data Only) (Spare) PWR-C45-1000AC Catalyst 4500 1000W AC Power Supply (Data Only) PWR-C45-1000AC= Catalyst 4500 1000W AC Power Supply (Data Only) Spare PWR-C45-1000AC/2 Catalyst 4500 1000W AC Power Supply Redundant (Data Only) PWR-C45-1400DC Catalyst 4500 1400W DC Triple Input SP Power Supply-data only PWR-C45-1400DC= Catalyst 4500 1400W DC Triple Input SP Power Supply-data only PWR-C45-1400DC/2 Catalyst 4500 1400W DC Triple Input SP Power Supply-data only Catalyst 4500 E-Series Supervisor Engine WS-X45-SUP6-E Catalyst 4500 E-Series Sup 6-E. incl. 2x10GE (X2) and 4x1GE (SFP) WS-X4516-10GE/2 Catalyst 45xxR Supervisor V-10GE. 1x 1000AC. Console (RJ-45)(Spare) WS-X4516/2 Catalyst 45xxR Redundant Supervisor V (2 GE). Console (RJ-45) WS-X4013+= Catalyst 4500 Supervisor II-Plus (IOS). no p/s WS-C4503 Catalyst 4500 Chassis (3-Slot). 1x4402-25 WS-C4506-S4-AP50 Catalyst 4506 Bundle. Console (RJ-45)(Spare) WS-X4515/2 Catalyst 4507R Redundant Supervisor IV. Console (RJ-45) WS-X4013+TS Catalyst 4503 SupII-Plus-TS. 1 x 1300AC. 1x WS-X4306-GB. no p/s WS-C4506-S2+96 Catalyst 4506 Bundle. 2GE. no p/s. 12 10/100/1000 PoE+8 SFP slots WS-F4531 Catalyst 4500 NetFlow Services Card (Sup IV/V) WS-F4531= Catalyst 4500 NetFlow Services Card (Sup IV/V) (Spare) Catalyst 4500 E-Series Line Cards WS-X4648-RJ45V-E Catalyst 4500 E-Series 48-Port PoE 802. 2 GE.3af 10/100/1000(RJ45) WS-X4648-RJ45V-E= Catalyst 4500 E-Series 48-Port PoE 802. 2x10GE(X2) w/ Twin Gig Catalyst 4500 Supervisor Engines WS-X4516-10GE Catalyst 4500 Supervisor V-10GE. 1 x S2+. 2 x WS-X4148-RJ WS-C4507R-E-S2+96V Catalyst 4507R-E PoE Bundle.3af 10/100/1000(RJ45) WS-X4624-SFP-E= Catalyst 4500 E-Series 24-Port GE (SFP) WS-X4606-X2-E Catalyst 4500 E-Series 6-Port 10GbE (X2) Cisco Catalyst 4500 Series Switches 2-7 . 2x10GE(X2) w/ Twin Gig WS-X45-SUP6-E/2 Catalyst 45xxR E-Series Sup 6-E. Red Sup Capable WS-C4506 Catalyst 4500 Chassis (6-Slot). Console (RJ-45) WS-X4013+/2 Catalyst 4507R Redundant Sup II-Plus. 1x WS-X4306-GB.1 x WS-X4248-RJ45V WS-C4507R-E-S2+96 Catalyst 4507R-E Data Bundle. 2x10GE(X2) w/ Twin Gig WS-X45-SUP6-E= Catalyst 4500 E-Series Sup 6-E. fan.2x10GE (X2) and 4x1GE (SFP) WS-X4516 Catalyst 4500 Supervisor V (2 GE). 1x 1000AC. 1x S4. Console (RJ-45) WS-X4515 Catalyst 4500 Supervisor IV (2 GE). Red Sup Capable WS-C4507R Catalyst 4500 Chassis (7-Slot). 1x S2+. fan. 1 x 2800AC. 2x10GE (X2) and 4x1GE (SFP) WS-X4013+10GE= Catalyst 4500 Sup II+10GE. 1x 1000AC. no p/s.(2 GE).Chapter 2 WS-C4503-E-S2+48V Catalyst 4503-E PoE Bundle. 2x10GE (X2) and 4x1GE (SFP) WS-X4013+10GE/2 Catalyst 4507R Sup II+10GE. 2x WS-X4148-RJ WS-C4506-S4-AP25 Catalyst 4506 Bundle. Console (RJ-45) WS-X4515= Catalyst 4500 Supervisor IV. 1x 1000AC. fan. 1 x S2+. fan. Console (RJ-45) WS-X4013+10GE Catalyst 4500 Sup II+10GE. 1 x S2+. one PWR-4502 PWR-4502 Catalyst 4500 Aux.(2GE). 2xWS-X4248-RJ45V Catalyst 4500—Chassis WS-C4510R Catalyst 4500 Chassis (10-Slot). 2x10GE(X2) and 4x1GE (SFP) WS-X4013+ Catalyst 4500 Supervisor II-Plus (IOS). 1x4402-50 Catalyst 4500 PoE Enabled Power Supplies PWR-C45-4200ACV Catalyst 4500 4200W AC dual input Power Supply (Data + PoE) PWR-C45-4200ACV/2 Catalyst 4500 4200W AC dual input Power Supply (Data + PoE) PWR-C45-4200ACV= Catalyst 4500 4200W AC dual input Power Supply (Data + PoE) PWR-C45-2800ACV Catalyst 4500 2800W AC Power Supply (Data and PoE) PWR-C45-2800ACV= Catalyst 4500 2800W AC Power Supply (Data and PoE) PWR-C45-2800ACV/2 Catalyst 4500 2800W AC Power Supply (Data and PoE) PWR-C45-1300ACV Catalyst 4500 1300W AC Power Supply (Data and PoE) PWR-C45-1300ACV/2 Catalyst 4500 1300W AC Power Supply (Data and PoE) PWR-C45-1300ACV= Catalyst 4500 1300W AC Power Supply (Data and PoE) PWR-C45-1400DC-P Catalyst 4500 1400W DC Power Supply w/Int PEM PWR-C45-1400DC-P= Catalyst 4500 1400W DC Power Supply w/Int PEM (Spare) PWR-C45-1400DC-P/2 Catalyst 4500 1400W DC Power Supply Redundant w/Int PEM WS-P4502-1PSU Catalyst 4500 Aux. 2x10GE (X2) and 4x1GE (SFP) WS-X4516-10GE= Catalyst 4500 Supervisor V-10GE. 2GE.

6-Ports (GBIC) WS-X4306-GB= Catalyst 4500 Gigabit Ethernet Module. 48-Ports (RJ21) WS-X4248-RJ21V= Catalyst 4500 PoE 802.100FX (MTRJ) (Spare) WS-X4148-FE-BD-LC Catalyst 4500 FE Module. 48-Ports Telco (4xRJ21)(spare) WS-X4248-RJ21V Catalyst 4500 PoE 802.100FX (MTRJ) WS-X4124-FX-MT= Catalyst 4500 FE Switching Module. 48-Ports (RJ45) WS-X4548-GB-RJ45V= Catalyst 4500 PoE 802. 48-Port BX-D (LC) (1550) (Spare) WS-X4148-FX-MT Catalyst 4500 FE Switching Module.3af 10/100/1000. Server Switching 18-Ports (GBIC) WS-X4448-GB-SFP Catalyst 4500 48-Port 1000Base-X (SFPs Optional) WS-X4448-GB-SFP= Catalyst 4500 48-Port 1000Base-X (SFPs Optional) Catalyst 4500 Transceiver Modules WS-G5483= 1000BASE-T GBIC WS-G5484 1000BASE-SX Short Wavelength GBIC (Multimode only) WS-G5486 1000BASE-LX/LH long haul GBIC (singlemode or multimode) WS-G5487 1000Base-ZX extended reach GBIC (singlemode) GLC-T 1000BASE-T SFP GLC-T24 24 GLC-T SFP GLC-SX-MM GE SFP. 48-Ports Telco (4xRJ21) WS-X4148-RJ21= Catalyst 4500 10/100 Module. 48-Ports (RJ-45) (Spare) WS-X4124-RJ45 Catalyst 4500 10/100 Module.24-Ports(RJ45) WS-X4124-RJ45= Catalyst 4500 10/100 Module. 2-Ports (GBIC) WS-X4302-GB= Catalyst 4500 Gigabit Ethernet Module. 2-Ports (GBIC) WS-X4418-GB Catalyst 4500 GE Module.2-GE(GBIC) WS-X4232-RJ-XX Catalyst 4500 10/100 Module. 48-Ports (RJ45) WS-X4248-RJ45V= Catalyst 4500 PoE 802.3af 10/ 100/1000 24-ports (RJ45) WS-X4524-GB-RJ45V= Catalyst 4500 PoE 802. 48-Ports (RJ45) WS-X4524-GB-RJ45V Catalyst 4500 PoE 802.3af 10/100. 48-Port BX-D (LC) (1550) WS-X4148-FE-BD-LC= Catalyst 4500 FE Module. 6-Ports (GBIC) (Spare) WS-X4506-GB-T Catalyst 4500 6-Port 10/100/1000 PoE or SFP (Optional) WS-X4506-GB-T= Catalyst 4500 6-Port 10/100/1000 PoE or SFP (Optional) WS-X4302-GB Catalyst 4500 Gigabit Ethernet Module.3af 10/100. LC connector SX transceiver GLC-LH-SM GE SFP.3af 10/100.3af 10/100. 48-Ports (RJ21) WS-X4248-RJ45V Catalyst 4500 PoE 802.2-GE(GBIC) WS-X4232-GB-RJ= Catalyst 4500 32-10/100 (RJ-45).3af 24-ports (RJ45) WS-X4224-RJ45V= Catalyst 4500 PoE 802.32-ports(RJ45)+Modular uplinks Catalyst 4500 10/100/1000 Line Cards WS-X4548-GB-RJ45 Catalyst 4500 Enhanced 48-Port 10/100/1000 Base-T (RJ-45) WS-X4548-GB-RJ45= Catalyst 4500 Enhanced 48-Port 10/100/1000 Base-T (RJ-45) WS-X4548-GB-RJ45V Catalyst 4500 PoE 802. 48-100FX MMF(MTRJ) WS-X4148-FX-MT= Catalyst 4500 FE Switching Module. 24. 24-Ports(RJ45) WS-X4148-RJ21 Catalyst 4500 10/100 Module. 48-100FX MMF(MTRJ) (Spare) WS-U4504-FX-MT Catalyst 4500 4-port 100FX(MTRJ) Uplink for WS-X4232-RJ-XX Catalyst 4500 1000 Base-X GE Line Cards WS-X4306-GB Catalyst 4500 Gigabit Ethernet Module. LC connector LX/LH transceiver GLC-FE-100BX-D48 48 units of GLC-FE-100BX-D GLC-FE-100BX-D 100BASE-BX10-D SFP GLC-FE-100BX-U 100BASE-BX10-U SFP GLC-FE-100FX 100BASE-FX SFP for FE port GLC-FE-100FX24 24 units of GLC-FE-100FX 2-8 Cisco Catalyst 4500 Series Switches .WS-X4606-X2-E= Catalyst 4500 E-Series 6-Port 10GbE (X2) WS-X4648-RJ45V+E Catalyst 4500 E-Series 48-Port Premium PoE 10/100/1000 Catalyst 4500 10/100 Line Cards WS-X4148-RJ Catalyst 4500 10/100 Auto Module. Server Switching 18-Ports (GBIC) WS-X4418-GB= Catalyst 4500 GE Module.3af 10/ 100/1000 24-ports (RJ45) WS-X4506-GB-T Catalyst 4500 6-Port 10/100/1000 PoE or SFP (Optional) WS-X4506-GB-T= Catalyst 4500 6-Port 10/100/1000 PoE or SFP (Optional) WS-X4424-GB-RJ45 Catalyst 4500 24-port 10/100/1000 Module (RJ45) WS-X4424-GB-RJ45= Catalyst 4500 24-port 10/100/1000 Module (RJ45) (Spare) Catalyst 4500 100 Base-X FE Line Cards ME-X4248-FE-BX= ME-X4248-FE-SFP and GLC-FE-100BX-D48 WS-X4248-FE-SFP Catalyst 4500 48-Port 100BASE-X (SFPs Optional) WS-X4248-FE-SFP= Catalyst 4500 48-Port 100BASE-X (SFPs Optional) WS-X4124-FX-MT Catalyst 4500 FE Switching Module. 48-Ports (RJ45) WS-X4224-RJ45V Catalyst 4500 10/100 PoE 802.3af 10/100 24-ports (RJ45) WS-X4232-GB-RJ Catalyst 4500 32-10/100 (RJ-45).3af 10/100/1000. 48-Ports (RJ-45) WS-X4148-RJ= Catalyst 4500 10/100 Auto Module. 24.

64MB Spare MEM-C4K-FLD128M Catalyst 4500 IOS-based Supervisor. 1310NM GLC-ZX-SM= 1000BASE-ZX SFP X2-10GB-CX4 10GBASE-CX4 X2 Module X2-10GB-SR 10GBASE-SR X2 Module X2-10GB-ER= 10GBASE-ER X2 Module X2-10GB-LX4 10GBASE-LX4 X2 Module X2-10GB-LR 10GBASE-LR X2 Module Catalyst 4500 E-Series Memory Options MEM-X45-512MB-E Catalyst 4500 512MB to 1GB SDRAM Upgrade for Sup6-E MEM-X45-512MB-E= Catalyst 4500 512MB to 1GB SDRAM Upgrade for Sup6-E Catalyst 4500 Memory Options MEM-C4K-FLD64M Catalyst 4500 IOS-based Supervisor. Compact Flash. Compact Flash.Chapter 2 GLC-FE-100FX48 48 units of GLC-FE-100FX GLC-FE-100LX 100BASE-LX SFP for FE port GLC-FE-100LX48 48 units of GLC-FE-100LX GLC-BX-D 1000BASE-BX SFP. 1490NM GLC-BX-U 1000BASE-BX SFP. Compact Flash. 64MB Option MEM-C4K-FLD64M= Catalyst 4500 IOS-based Supervisor. 128MB Option MEM-C4K-FLD128M= Catalyst 4500 IOS-based Supervisor. Compact Flash. 128MB Spare MEM-C4K-256-SDRAM= 256 DIMM DRAM for Supervisor II-Plus-10GE MEMC4K-U512D-SDRAM 512 DIM DRAM Factory Upgrade for Supervisor II-Plus-10GE MEMC4K-512D-SDRAM= 512 DIMM DRAM for Supervisor II-Plus-10GE and V-10GE Catalyst 4500 E-Series Accessories WS-X4593-E= Catalyst 4503-E Fan Tray (Spare) WS-X4596-E= Catalyst 4506-E Fan Tray (Spare) WS-X4597-E= Catalyst 4507R-E Fan Tray (Spare) WS-X4582-E= Catalyst 4510R-E Fan Tray (Spare) WS-X4K-CLOCK-E= Catalyst 4507R-E/4510R-E Clock Module (Spare) WS-X4590-E= Catalyst 4507R-E/4510R-E Fabric Redundancy Module C4K-SLOT-CVR-E Catalyst 4500 E-Series Family Slot Cover C4K-SLOT-CVR-E= Catalyst 4500 E-Series Family Slot Cover (Spare) WS-X4503E-23CNTR= C4503 E Center Mount 23 Inch Rack Kit L/R C WS-X4506E-23CNTR= C4506 E Center Mount 23 Inch Rack Kit L/R C WS-X4507E-23CNTR= C4507R E Center Mount 23 Inch Rack Kit L/R C WS-X4510E-23CNTR= C4510R E Center Mount 23 Inch Rack Kit L/R C Catalyst 4500 Accessories WS-X4593= Catalyst 4503 Fan Tray (Spare) WS-X4596= Catalyst 4506 Fan Tray (Spare) WS-X4597= Catalyst 4507R Fan Tray (Spare) WS-X4598= Catalyst 4510R 23 inch Rackmount WS-X4581= Catalyst 4510R 19 inch Rackmount WS-X4582= Catalyst 4510R Fan Tray (Spare) WS-X4583= Catalyst 4503 19 Inch Rackmount WS-X4584= Catalyst 4503 23 Inch Rackmount WS-X4585= Catalyst 4506 19 Inch Rackmount WS-X4586= Catalyst 4506 23 Inch Rackmount WS-X4587= Catalyst 4507R 19 Inch Rackmount WS-X4588= Catalyst 4507R 23 Inch Rackmount WS-X4590= Catalyst 4507R/4510R Fabric Redundancy Module WS-X4503-23CNTR= C4503 Center Mount 23 Inch Rack Kit L/R WS-X4503-FILTER= C4503 Center Mount 23 Inch Filter (1 Set) WS-X4506-23CNTR= C4506 Center Mount 23 Inch Rack Kit L/R WS-X4506-FILTER= C4506 Center Mount 23 Inch Filter (1 Set) WS-X4507-23CNTR= C4507R Center Mount 23 Inch Rack Kit L/R WS-X4507-FILTER= C4507R Center Mount 23 Inch Filter (1 Set) WS-X4510-23CNTR= C4510R Center Mount 23 Inch Rack Kit L/R WS-X4510-FILTER= C4510R Center Mount 23 Inch Filter (1 Set) C4K-SLOT-CVR= Catalyst 4000 Family Slot Cover (Spare) C4K-SLOT-CVR-E Catalyst 4500 E-Series Family Slot Cover C4K-UPLINK-CVR Catalyst 4000 UPLINK COVER C4K-UPLINK-CVR= Catalyst 4000 UPLINK COVER (SPARE) CAB-AC-2800W-EU Europe Power Cord CAB-AC-2800W-EU= Europe Power Cord CAB-AC-2800W-INT International Power Cord CAB-AC-2800W-INT= International Power Cord Cisco Catalyst 4500 Series Switches 2-9 .

Power Cord.S. India CAB-4502-DC-2M Catalyst 4500 2 meter DC Cable set for Aux Power Shelf CAB-4502-DC-2M= Catalyst 4500 2 meter DC Cable set for Aux Power Shelf CAB-4502-DC-60CM Catalyst 4500 60cm DC Cable set for Aux Power Shelf CAB-4502-DC-60CM= Catalyst 4500 60cm DC Cable set for Aux Power Shelf CAB-4502AC-EU AC Power cord for PWR-4502 (Europe) CAB-4502AC-EU= AC Power cord for PWR-4502 (Europe) CAB-4502AC-UK AC Power cord for PWR-4502 (UK) CAB-4502AC-UK= AC Power cord for PWR-4502 (UK) CAB-4502AC-US L6-20 AC Power cord for PWR-4502 (North America) CAB-4502AC-US= AC Power cord for PWR-4502 (North America) WS-X4571= Catalyst 4500 Connection Strap for Aux. Power Shelf CAB-US520-C19-US NEMA 5-15 to IEC-C19 14ft US CAB-US520-C19-US= NEMA 5-15 to IEC-C19 14ft US WS-X4500-PS01= Plastic cover for Catalyst 4500 power shelf (WS-P4502-1) CWDM GBIC Solution for Catalyst 4500 CWDM-GBIC-1470= 1000BASE-CWDM 1470 nm GBIC (single mode only) CWDM-GBIC-1490= 1000BASE-CWDM 1490 nm GBIC (single mode only) CWDM-GBIC-1510= 1000BASE-CWDM 1510 nm GBIC (single mode only) 2-10 Cisco Catalyst 4500 Series Switches . Power Shelf CAB-ACS-10 AC Power Cord (Swiss) 10A CAB-ACS-10= AC Power Cord (Swiss) 10A CAB-ACS-16 AC Power Cord (Swiss) 16A CAB-ACS-16= AC Power Cord (Swiss) 16A CAB-S132-C19-ISRL S132 to IEC-C19 14ft Israeli CAB-S132-C19-ISRL= S132 to IEC-C19 14ft Israeli CAB-C2316-C15-IT CEI 23-16 to IEC-C15 8ft Italy CAB-CEE77-C15-EU CEE 7/7 to IEC-C15 8ft Europe CAB-CEE77-C15-EU= CEE 7/7 to IEC-C15 8ft Europe CAB-IR2073-C15-AR IRSM 2073 to IEC-C15 8ft Argen CAB-IR2073-C19-AR IRSM 2073 to IEC-C19 14ft Argen CAB-IR2073-C19-AR= IRSM 2073 to IEC-C19 14ft Argen CAB-SABS-C15-IND SABS 164-1 to IEC-C15 India CAB-SABS-C15-IND= SABS 164-1 to IEC-C15 India CAB-SABS-C19-IND SABS 164-1 to IEC-C19 India CAB-SABS-C19-IND= SABS 164-1 to IEC-C19 India CAB-US515-C15-US NEMA 5-15 to IEC-C15 8ft US CAB-US515-C15-US= NEMA 5-15 to IEC-C15 8ft US BLANK-PWR-4502 Catalyst 4500 Blank p/s Cover for Aux. India CAB-BS546-C19-SA BS 546 to IEC-C19 14ft South Africa. Twist Lock. Twist Lock.CAB-AC-2800W-TWLK U.S. NEMA 6-20 Plug CAB-AC-2800W-6-20 Non-locking NEMA Cord For The 2800WAC PS CAB-AC-2800W-6-20= Non-Locking NEMA Cord For The 2800WAC PS CAB-AS3112-C15-AU AS-3112 to IEC-C15 8ft Aus CAB-US515P-C19-US NEMA 5-15 to IEC-C19 13ft US CAB-US515P-C19-US= NEMA 5-15 to IEC-C19 13ft US CAB-L520P-C19-US NEMA L5-20 to IEC-C19 6ft US CAB-L520P-C19-US= NEMA L5-20 to IEC-C19 6ft US CAB-L620P-C19-US NEMA L6-20 to IEC-C19 14ft US CAB-L620P-C19-US= NEMA L6-20 to IEC-C19 14ft US CAB-US620P-C19-US NEMA 6-20 to IEC-C19 13ft US CAB-US620P-C19-US= NEMA 6-20 to IEC-C19 13ft US CAB-CEE77-C19-EU CEE 7/7 to IEC-C19 13ft Europe CAB-CEE77-C19-EU= CEE 7/7 to IEC-C19 13ft Europe CAB-I309-C19-INT IEC-309 to IEC-C19 13ft Int CAB-I309-C19-INT= IEC-309 to IEC-C19 13ft Int CAB-A3112-C19-AUS AS-3112 to IEC-C19 14ft Aus CAB-A3112-C19-AUS= AS-3112 to IEC-C19 14ft Aus CAB-C2316-C19-IT= CEI 23-16 to IEC-C19 14ft Italy CAB-C2316-C19-IT CEI 23-16 to IEC-C19 14ft Italy CAB-BS1363-C19-UK BS-1363 to IEC-C19 14ft UK BLANK-PWR-4502= Catalyst 4500 Blank p/s Cover for Aux. Power Shelf CAB-BS1363-C15-UK BS-1363 to IEC-C15 8ft UK CAB-BS1363-C15-UK= BS-1363 to IEC-C15 8ft UK CAB-BS1363-C19-UK= BS-1363 to IEC-C19 14ft UK CAB-BS546-C15-SA BS 546 to IEC-C15 6ft South Africa. Power Cord. NEMA 6-20 Plug CAB-AC-2800W-TWLK= U.

Chapter 2
CWDM-GBIC-1530= 1000BASE-CWDM 1530 nm GBIC (single mode only) CWDM-GBIC-1550= 1000BASE-CWDM 1550 nm GBIC (single mode only) CWDM-GBIC-1570= 1000BASE-CWDM 1570 nm GBIC (single mode only) CWDM-GBIC-1590= 1000BASE-CWDM 1590 nm GBIC (single mode only) CWDM-GBIC-1610= 1000BASE-CWDM 1610 nm GBIC (single mode only) CWDM-MUX8A= 8-channels CWDM MUX/DEMUX Module CWDM-OADM1-1470= Dual single channel OADM Module (1470nm) CWDM-OADM1-1490= Dual single channel OADM Module (1490nm) CWDM-OADM1-1510= Dual single channel OADM Module (1510nm) CWDM-OADM1-1530= Dual single channel OADM Module (1530nm) CWDM-OADM1-1550= Dual single channel OADM Module (1550nm) CWDM-OADM1-1570= Dual single channel OADM Module (1570nm) CWDM-OADM1-1590= Dual single channel OADM Module (1590nm) CWDM-OADM1-1610= Dual single channel OADM Module (1610nm) CWDM-OADM4-1= 4-channels CWDM OADM Module (1470, 1490, 1510, 1530) CWDM-OADM4-2= 4-channels CWDM OADM Module (1550, 1570, 1590, 16100) WDM-1300-1550-S= 1300nm/1550nm WDM splitter cable CWDM-CHASSIS-2= 2 Slot Chassis for CWDM Mux Plug in Modules WDM-SFP-2CH-CONV= 2-channel WDM SFP-based transponder CWDM-MUX-4-SF1= Single Fiber 4-Channel Mux/Demux CWDM-MUX-4-SF2= Single Fiber 4-Channel Mux/Demux EWDM-MUX8= 8-channels EWDM MUX/DEMUX Module EWDM-OADM4= 4-channels EWDM OADM Module EWDM-OADM2= 2-channels EWDM OADM Module EWDM-OA= EWDM Optical Amplifier CWDM GBIC Solution for Catalyst 4500 CWDM-GBIC-1470= 1000BASE-CWDM 1470 nm GBIC (single mode only) CWDM-GBIC-1490= 1000BASE-CWDM 1490 nm GBIC (single mode only) CWDM-GBIC-1510= 1000BASE-CWDM 1510 nm GBIC (single mode only) CWDM-GBIC-1530= 1000BASE-CWDM 1530 nm GBIC (single mode only) CWDM-GBIC-1550= 1000BASE-CWDM 1550 nm GBIC (single mode only) CWDM-GBIC-1570= 1000BASE-CWDM 1570 nm GBIC (single mode only) CWDM-GBIC-1590= 1000BASE-CWDM 1590 nm GBIC (single mode only) CWDM-GBIC-1610= 1000BASE-CWDM 1610 nm GBIC (single mode only) CWDM-MUX8A= 8-channels CWDM MUX/DEMUX Module CWDM-OADM1-1470= Dual single channel OADM Module (1470nm) CWDM-OADM1-1490= Dual single channel OADM Module (1490nm) CWDM-OADM1-1510= Dual single channel OADM Module (1510nm) CWDM-OADM1-1530= Dual single channel OADM Module (1530nm) CWDM-OADM1-1550= Dual single channel OADM Module (1550nm) CWDM-OADM1-1570= Dual single channel OADM Module (1570nm) CWDM-OADM1-1590= Dual single channel OADM Module (1590nm) CWDM-OADM1-1610= Dual single channel OADM Module (1610nm) CWDM-OADM4-1= 4-channels CWDM OADM Module (1470, 1490, 1510, 1530) CWDM-OADM4-2= 4-channels CWDM OADM Module (1550, 1570, 1590, 16100) WDM-1300-1550-S= 1300nm/1550nm WDM splitter cable CWDM-CHASSIS-2= 2 Slot Chassis for CWDM Mux Plug in Modules WDM-SFP-2CH-CONV= 2-channel WDM SFP-based transponder CWDM-MUX-4-SF1= Single Fiber 4-Channel Mux/Demux CWDM-MUX-4-SF2= Single Fiber 4-Channel Mux/Demux EWDM-MUX8= 8-channels EWDM MUX/DEMUX Module EWDM-OADM4= 4-channels EWDM OADM Module EWDM-OADM2= 2-channels EWDM OADM Module EWDM-OA= EWDM Optical Amplifier

For More Information
For more information about the Cisco Catalyst 4500 Series, visit: http://www.cisco.com/go/catalyst4500.

Cisco Catalyst 4500 Series Switches

2-11

Cisco Catalyst 6500 Series Switches
The Cisco Catalyst 6500 Series continues to be one of the industry’s most innovative switching platforms, delivering very high levels of availability, integrated security, virtualization, enhanced manageability, IP communications, wireless, and applications support to enterprise customers, medium-sized businesses, and service providers. The feature richness, flexibility, density, and scalability of this product line set the standard for converged data, voice, and video networks, and facilitate outstanding operational efficiency and investment protection.

Ideal for Companies that Need These Features
• Cisco Catalyst 6509-E Switch—9 slots; Front-access power supplies; Ideal for use in the wiring closet, distribution, core, data center, and WAN edge. • Cisco Catalyst 6506-E Switch—6 slots; Front-access power supplies; Medium-form factor chassis for the wiring closet, distribution, core, data center, and WAN edge. • Cisco Catalyst 6504-E Switch—4 slots; Rear-access power supplies; Small form factor, high performance, chassis sharing interface modules and supervisor engines with larger chassis for common sparing; Suitable for small and medium-sized enterprise core or distribution, or the metro or enterprise WAN edge. • Cisco Catalyst 6503-E Switch—3 slots; Rear-access power supplies; Low-density, wiring-closet chassis sharing interface modules and supervisor engines with larger chassis for common sparing • Cisco Catalyst 6513 Switch—13 slots; Front-access power supplies; High-capacity chassis for Ethernet connectivity, with slots to spare for services modules providing network security and management • Cisco Catalyst 6509-V-E Switch—9 slots with vertical orientation; Front-access power supplies; Integrated cable management for high-density cabling environments; Front-to-back airflow optimized for high-density data center deployments • Cisco Catalyst 6500 Virtual Switching Supervisor Engine 720-10G—Cisco Catalyst 6500 Virtual Switching System (VSS) technology; Two integrated line-rate 10-Gigabit Ethernet uplinks and 720-Gbps switching fabric; High-bandwidth deployments: core, distribution, aggregation, and data center access. It is compatible with all Cisco Catalyst 6500 chassis (except the Cisco Catalyst 6503 Switch.) • Cisco Catalyst 6500 Series Supervisor Engine 720—Integrated switching fabric capable of 720 Gbps; Highbandwidth deployments: core, distribution, aggregation, and data center access. It is compatible with all Cisco Catalyst 6500 chassis.) • Cisco Catalyst 6500 Supervisor Engine 32 PISA—Multigigabit stateful Network Based Application Recognition (NBAR) for proactive application recognition; Hardware-accelerated Cisco IOS Flexible Packet Matching (FPM) for worm detection; 32-Gbps shared bus switching architecture; Ideal for wiring closet access and the WAN edge. It is compatible with all Cisco Catalyst 6500 chassis. • Cisco Catalyst 6500 Supervisor Engine 32—32-Gbps shared-bus switching architecture; Ideal for wiring closet access. It is compatible with all Cisco Catalyst 6500 chassis.

Key Features
• Cisco IOS Software modularity—The Cisco Catalyst 6500 Series reduces planned and unplanned downtime while boosting operational efficiency. Modular subsystems run as independent processes, facilitating subsystem In Service Software Upgrades (ISSUs). Faults within modular subsystems are isolated from all other processes, and can be restarted without losing state (stateful process restarts). • Cisco IOS Embedded Event Manager (EEM)—The Cisco IOS EEM automates proactive administrative tasks and network reactions to unexpected events to further enhance operational efficiency. • Maximum PoE scalability—The Cisco Catalyst 6500 Series supports up to 409 Class 3 devices; it leads the industry in PoE port density and accelerates deployment of PoE-enabled devices such as IP telephones and wireless access points. Cisco Intelligent Power Management allocates the optimal amount of power per device. • Cisco Catalyst 6500 Virtual Switching Supervisor Engine 720-10G—The Virtual Switching System (VSS) technology, built upon this supervisor engine, facilitates easy-to-use, reliable, and scalable switching for enterprise core, distribution, data center, and server access. VSS delivers a system performance of up to 1.44 Tbps by unifying two physical switches into a single, logical entity offering optimized network convergence, load balancing, and manageability. The supervisor engine can be used in standalone mode to deliver up to 48 Mpps of centralized and 450 Mpps of distributed switching performance, building the foundation for the Cisco Catalyst 6500 Virtual Switching System 1440. • Cisco Catalyst 6500 Series Supervisor Engine 720—This supervisor engine is optimized for high-bandwidth needs of the enterprise core, distribution, and data centers; it delivers up to 720-Gbps switch-fabric bandwidth and more than 400 Mpps of switching performance. Throughput is increased with support for line cards with Cisco Express Forwarding and distributed Cisco Express Forwarding IPv6 and Multiprotocol Label Switching (MPLS) are supported in hardware. The switch supports the following Layer 3 routing protocols:
2-12 Cisco Catalyst 6500 Series Switches

Chapter 2
Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), and Border Gateway Protocol (BGP). • Cisco Catalyst 6500 Supervisor Engine 32 PISA—This supervisor engine is optimized for oversubscribed wiring closet deployments and the WAN edge, where application intelligence is critical. The Programmable Intelligent Services Accelerator (PISA) technology used on this supervisor engine provides hardwareaccelerated Deep Packet Inspection using Network Based Application Recognition (NBAR) and Cisco IOS Flexible Packet Matching (FPM). This intelligence provides greater visibility into critical applications and prevents the spread of worms and viruses. Multiple uplink configurations are available (refer to information about the Cisco Catalyst 6500 Supervisor Engine 32). • Cisco Catalyst 6500 Supervisor Engine 32—This supervisor engine is optimized for oversubscribed wiring closet deployments; it incorporates a 32-Gbps shared bus architecture with support for up to 15 Mpps of switching performance. Centralizing Layer 2 and Layer 3 forwarding, the supervisor engine is available in two models: 8-port Gigabit Ethernet uplinks or 2-port 10-Gigabit Ethernet uplinks. • Various integrated service modules allow multigigabit throughput of services such as firewall, intrusion detection, anomaly detection, content switching (load balancing), network analysis, wireless integration (up to 1500 access points), voice gateway, and so on. These services provide industry-leading service integration into the Cisco Catalyst 6500.

Specifications
Feature WS-C6503-E WS-C6504-E WS-C6506-E WS-C6509-E WS-C6509-V-E WS-C6513 6 242 82 241 480 242 6,000 9 386 130 385 768 386 8,700 9 386 130 385 768 386 8,700 13 410 84 577 1152 578 8,700 Modular Slots 3 4 Gigabit Ethernet 98 146 SFP density 10 Gigabit Ethernet 34 50 XENPAK/X2 port density 10/100/1000 density 97 145 10/100 density 192 288 100BASE-FX density 98 146 Max. watt power consumption (redundant mode) 1,400 2,700 AC Internal1

DC Internal 950 2,700 4,000 4,000 4,000 4,000 Max. number of 10/100/1000 Class 3 devices (15.4W) Max. power supplies AC Internal 48 110 240 384 384 265 WAN Interfaces DS0 to OC-192 Available Bandwidth Scalable to Scalable to Scalable to Scalable to Scalable to 720 Scalable to 240 Gbps 320 Gbps 480 Gbps 720 Gbps Gbps 720 Gbps Throughput Scalable to Scalable to Scalable to Scalable to Scalable to Scalable to 131Mpps 179Mpps 275Mpps 419Mpps 419Mpps 457Mpps Redundant Supervisor Yes Hot-Swappable Power Yes Supplies VLAN Maximum 4096 EtherChannel Capable Yes; up to 8 links of Fast Ethernet, Gigabit Ethernet or 10GE. Management Capabilities CiscoWorks 2000, RMON, Encapsulated Remote Switched Port Analyzer (ERSPAN), SNMP, Telnet, BOOTP, and Trivial File Transfer Protocol (TFTP) Rack Unit (RU) 4 5 12 15 21 20 Dimensions 7x 8.7 x 19.2 x 17.5 x 24.5 x 17.5 x 36.75 x 17.2 x 20.7 33.3 x 17.3 x (H x W x D) 17.5 x 21.7 in. 17.5 x 21.6 in. 18.2 in. (48.8 x 18.2 in. (62.2 x in. (93.3 x 43.1 x 18.1 in. (84.6 x (17.8 x 44.1 x (22.2 x 44.5 x 44.5 x 46.0 cm.) 44.5 x 46.0 cm.) 53.3 cm.) 43.7 x 46.0 cm.) 55.2 cm.) 55.2 cm.) Unit weight 33 lbs. 40 lbs. 50 lbs. 60 lbs. 121 lbs. 98 lbs. (chassis only) (15.0 kgs.) (18.1 kgs.) (22.7 kgs.) (27.3 kgs.) (54.9 kgs.) (45.0 kgs.) Virtual Switching Supervisor Engine 720- Supervisor Engine 720 (WS-SUP720-3BXL) Supervisor Engines 10G (VS-S720-10G-3C=) (VS-S720-10G- (WS-SUP720-3B) 3CXL=) Chassis supported All (except 6503 non-E) All Bandwidth per slot 40 Gbps 40 Gbps Total bandwidth 720 Gbps 720 Gbps Packets per second 48 Mpps centralized; 457 Mpps distributed; 30 Mpps centralized; 425 Mpps distributed 840 Mpps VSS configuration MAC addresses supported 96K Max./80K effective 64K Max./32K effective Routes supported 256,000 (3C); 1,000,000 (3CXL) 256,000 (3B); 1,000,000 (3BXL) Onboard memory (DRAM) 1 GB Up to 1GB Supervisor Engine 32-PISA (WS-S32-GE- Supervisor 32 (WS-SUP32-10GE-3B) Supervisor Engines PISA=) (WS-S32-10GE-PISA=) (WS-SUP32-GE-3B)

Cisco Catalyst 6500 Series Switches

2-13

P/S) WS-C6506E-S32P10GE Catalyst 6506E chassis. Fan Tray (req./32K effective 256. Fan Tray (req. Fan Tray (req.P/S) WS-C6504E-S32-10GE Catalyst 6504-E Chassis + Fan Tray + Sup32-10GE WS-C6506E-S32-10GE Catalyst 6506E chassis. Fan Tray (req. NO VSS VS-C6509VE-S720-10G Catalyst Chassis+Fan Tray+Sup720-10G. NO VSS VS-C6509E-S720-10G Catalyst Chassis+Fan Tray+Sup720-10G. Fan Tray (req. IP Base ONLY.20RU. WS-S32-10GE-PISA. Fan Tray (req.P/S) WS-C6504E-S32P-GE Catalyst 6504E chassis. Fan Tray (req.P/S) WS-C6509E-S32P-GE Catalyst 6509E chassis. WS-S32-10GE-PISA. IP Base ONLY. WS-S32-10GE-PISA.P/S) WS-C6509E-S32-10GE Catalyst 6509E chassis. P/S) WS-C6513-S32-GE Cisco Catalyst 6513. no Fan Tray WS-C6509-V-E Catalyst 6500 Enhanced 9-slot Chassis (Vertical).no PS. Fan Tray (req. P/S) WS-C6504E-S32-GE 6504-E Chassis + Fan Tray + Sup32-GE WS-C6506E-S32-GE Cisco Catalyst 6506E. WS-SUP32-10GE-3B. P/S) Advanced Technology Bundles WS-C6504-E-VPN+-K9 Cisco Catalyst 6504E IPSec VPN SPA Security System WS-C6506-E-VPN+-K9 Cisco Catalyst 6506E IPSec VPN SPA Security System WS-C6509-E-VPN+-K9 Cisco Catalyst 6509E IPSec VPN SPA Security System 2-14 Cisco Catalyst 6500 Series Switches . P/S) WS-C6503E-S32-GE Cisco Catalyst 6503E.P/S) Supervisor Engine 32 Bundles WS-C6503E-S32-10GE Catalyst 6503E chassis. IP Base ONLY. NO VSS VS-C6513-S720-10G Catalyst Chassis+Fan Tray+Sup720-10G. Redundant Mode All (approx 2 Gbps) All N/A (approx 2 Gbps) N/A 32 Gbps 15 Mpps 64K Max. no Fan Tray WS-C6506-E Catalyst 6500 Enhanced 6-slot chassis.12RU. WS-SUP32-GE-3B. Fan Tray (req.000 Up to 1 GB Selected Part Numbers and Ordering Information Catalyst 6500 Chassis WS-C6503-E Catalyst 6500 Enhanced 3-slot chassis. WS-S32-GE-PISA. Fan Tray (req. Fan Tray (req. IP Base ONLY. NO VSS Supervisor Engine 32-PISA Bundles WS-C6503E-S32P10GE Catalyst 6503E chassis./32K effective 256. WS-SUP32-10GE-3B.no PS.P/S) WS-C6513-S32P-GE Catalyst 6513 chassis.P/S) WS-C6513-S32P10GE Catalyst 6513 chassis. No PS.no PS.P/S) WS-C6503E-S32P-GE Catalyst 6503E chassis.P/S) WS-C6506E-S32P-GE Catalyst 6506E chassis.no PS. WS-SUP32-10GE-3B. Fan Tray (req. Fan Tray (req. WS-SUP32-GE-3B. Fan Tray (req. NO VSS VS-C6506E-S720-10G Catalyst Chassis+Fan Tray+Sup720-10G. IP Base ONLY. WS-SUP32-GE-3B. Fan Tray (req.P/S) WS-C6509E-S32P10GE Catalyst 6509E chassis. Fan Tray (req.P/S) WS-C6504E-S32P10GE Catalyst 6504E chassis. Fan Tray (req. no Fan Tray WS-C6504-E Catalyst 6500 Enhanced 4-slot chassis. no Fan Tray Supervisor Engines VS-S720-10G-3CXL= Catalyst 6500 Supervisor 720 with 2 ports 10GbE MSFC3 PFC3CXL VS-S720-10G-3C= Catalyst 6500 Supervisor 720 with 2 ports 10GbE MSFC3 PFC3C WS-SUP720-3BXL= Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3 PFC3BXL WS-SUP720-3B= Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3 PFC3B WS-S32-10GE-PISA= Catalyst 6500 Supervisor 32 with PISA and 2 ports 10GbE WS-S32-GE-PISA= Catalyst 6500 Supervisor 32 with PISA and 8 GE uplinks WS-SUP32-10GE-3B= Catalyst 6500 Supervisor 32 with 2 ports 10GbE and PFC3B WS-SUP32-GE-3B= Catalyst 6500 Supervisor 32 with 8 GE uplinks and PFC3B Virtual Switching Supervisor Engine 720-10G Bundles VS-C6504E-S720-10G Catalyst Chassis+Fan Tray+Sup720-10G. Fan WS-C6513 Catalyst 6500 13-slot chassis.5RU.Chassis supported Hardware Accelerated Network Based Application Recognition (NBAR) Hardware Accelerated Flexible Packet Matching (FPM) Total bandwidth Packets per second MAC addresses supported Routes supported Onboard Memory (DRAM) 1. no Fan Tray WS-C6509-E Catalyst 6500 Enhanced 9-slot chassis. WS-S32-10GE-PISA. WS-S32-GE-PISA. WS-S32-GE-PISA.P/S) WS-C6513-S32-10GE Catalyst 6513 chassis. P/S) WS-C6509E-S32-GE Cisco Catalyst 6509E. WS-S32-GE-PISA. WS-SUP32-10GE-3B. Fan Tray (req.4RU. WS-S32-10GE-PISA. WS-SUP32-GE-3B.no PS.15RU. WS-S32-GE-PISA.000 Up to 1GB 32 Gbps 15 Mpps 64K Max.

3af Catalyst 6500 96-Port.card w/TDR Catalyst 6500 96-Port 10/100 (RJ45).3af Catalyst 6500 48-Port PoE 802. (2) P/S) Catalyst 6509-E WiSM bundle(SUP720-3B.3af PoE & ePoE daughter card: 6x48x-GETX.3af 10/100 . SFPs) Catalyst 6500 24-port GigE Mod: fabric-enabled (Req.WiSM.3af Upgrades WS-F6K-48-AF= WS-F6K-FE48X2-AF= WS-X6148-45AF-UG= WS-X6148-21AF-UG= WAN Interface Modules Cisco Catalyst 6513 IPSec VPN SPA Security System Cisco Catalyst 6503E Firewall Security System Cisco Catalyst 6506E Firewall Security System Cisco Catalyst 6509E Firewall Security System Cisco Catalyst 6513 Firewall Security System ACE20 4G 6504E Bundle ACE20 8G 6509E Bundle Catalyst 6504-E WiSM bundle(SUP720-3B. VFW License Separate IDSM-2 600M mod spare Catalyst 6500 Cisco Anomaly Detection Module Catalyst 6500 Cisco Anomaly Guard Module Catalyst 6500 Network Analysis Module-1 Catalyst 6500 Network Analysis Module Cisco 7600 / Catalyst 6500 Services SPA Carrier Card Cisco 7600 / Catalyst 6500 IPSec VPN SPA .RJ-21 Catalyst 6500 48-port 10/100 Inline Power Module. PoE 802. x-bar Catalyst 6500 48 port 100Base-X module (require SFP) Wireless Service Module (WiSM) for up to 300 Lightweight APs Application Control Engine 20 Hardware (requires Software) Content Switching Module with SSL daughter card Catalyst 6500/7600 Content Switching Module SSL Module for Catalyst 6500 Firewall blade for 6500 and 7600. Fan Tray.3af upgrade for 6148-RJ-45 (trade-in order only) Catalyst 6500 . Fan Tray.Chapter 2 WS-C6513-VPN+-K9 WS-C6503-E-FWM-K9 WS-C6506-E-FWM-K9 WS-C6509-E-FWM-K9 WS-C6513-FWM-K9 WS-C6504E-ACE20-K9 WS-C6509E-ACE20-K9 WS-C6504-E-WISM WS-C6509-E-WISM 10 Gigabit Ethernet WS-X6716-10GE= WS-X6708-10GE= WS-X6704-10GE= Gigabit Ethernet WS-X6748-SFP= WS-X6724-SFP= WS-X6816-GBIC= WS-X6516A-GBIC= WS-X6408A-GBIC= 10/100/1000 Ethernet WS-X6748-GE-TX= WS-X6148A-GE-TX= WS-X6148A-GE-45AF= WS-X6548-GE-TX= WS-X6548-GE-45AF= 10/100 Ethernet WS-X6148A-RJ-45= WS-X6148A-45AF= WS-X6148X2-RJ-45= WS-X6148X2-45AF= WS-X6196-RJ-21= WS-X6196-21AF= WS-X6148-RJ21V= WS-X6548-RJ-45= 100FX Ethernet WS-X6148-FE-SFP= Service Modules WS-SVC-WISM-1-K9= ACE20-MOD-K9= WS-X6066-SLB-S-K9= WS-X6066-SLB-APC= WS-SVC-SSL-1-K9= WS-SVC-FWM-1-K9= WS-SVC-IDS2BUNK9= WS-SVC-ADM-1-K9= WS-SVC-AGM-1-K9= WS-SVC-NAM-1= WS-SVC-NAM-2= 7600-SSC-400= SPA-IPSEC-2G= SPA-IPSEC-SSC400-1 SPA-IPSEC-SSC400-2 WS-SVC-WEBVPN-K9= WS-SVC-CMM= WS-SVC-CMM-6E1= WS-SVC-CMM-6T1= WS-SVC-CMM-ACT= WS-SVC-CMM-24FXS= WS-SVC-CMM-BLANK= 802. w/Jumbo Frame Catalyst 6500 48-port fabric-enabled 10/100/1000 Module Catalyst 6500 PoE 802.3af 10/100/1000.3af upgrade .WiSM. Upgradeable to PoE 802. 96-Port (RJ-45) line card Catalyst 6500 96-Port 10/100 Upgradeable . GBICs) Catalyst 6000 8-port GE. DFC/DFC3) Catalyst 6500 16-port GigE Mod.3af 10/100. GBICs) Catalyst 6500 48-port 10/100/1000 GE Mod: fabric enabled.PoE 802. RJ-45 Catalyst 6500 48-port 10/100/1000 w/Jumbo Frame. Upgradeable .DES/3DES/AES Cisco 6500/7600 IPSec VPN SPA Bundle 1 (system only) Cisco 6500/7600 IPSec VPN SPA Bundle 2 (system only) SSL VPN Module for Catalyst 6500 Communication Media Module 6-Port E1 Interface Port Adapter 6-Port T1 Interface Port Adapter Adhoc Conferencing and Transcoding PA 24-Port FXS Interface Port Adapter CMM module Blank Panel Cover C6k 802.3af 10/100/1000 48-port(RJ45)CEF256 card Catalyst 6500 48-Port 10/100 w/TDR. (Req GBICs. 2 fab I/F. Enhanced QoS (Req.6148-RJ-21 Cisco Catalyst 6500 Series Switches 2-15 .PoE 802.6148A-RJ45 C6k PoE 802. SFPs) Catalyst 6500 16-port GigE mod. RJ-21 Catalyst 6500 48-port 10/100. RJ-45 Catalyst 6500 48-Port PoE 802.3af Voice Card (WS-X6148X2-RJ-45 and -RJ-21) C6500 802.PoE 802. no P/S) Catalyst 6500 16-port 10 Gigabit Ethernet Module (requires X2s) Catalyst 6500 8-port 10 Gigabit Ethernet Module (requires X2s) Catalyst 6500 4-port 10 Gigabit Ethernet Module (req. RJ-45.3af Catalyst 6500 PoE 802. XENPAKs) Catalyst 6500 48-port CEF720 GigE Module (Req. fabric-enabled (Req.3af 10/100.

xxnm XENPAK (100GHz ITU grid) WDM-XENPAK-REC= Receive-Only WDM XENPAK XENPAK-10GB-ZR= 10GBASE-ZR XENPAK Module XENPAK-10GB-ER(+)= 10GBASE-ER XENPAK Module XENPAK-10GB-LR(+)= 10GBASE-LR XENPAK Module XENPAK-10GB-LRM= 10GBASE-LRM XENPAK Module XENPAK-10GB-LX4= 10GBASE-LX4 XENPAK Module XENPAK-10GB-SR= 10GBASE-SR XENPAK Module XENPAK-10GB-CX4= 10GBASE-CX4 XENPAK Module Optics/Transceivers Gigabit Ethernet DWDM-SFP-xxxx= DWDM SFP 15xx. Fabric-enabled Optics/Transceivers 10 Gigabit Ethernet X2-10GB-ER= 10GBASE-ER X2 Module X2-10GB-LR= 10GBASE-LR X2 Module X2-10GB-LRM= 10GBASE-LRM X2 Module X2-10GB-LX4= 10GBASE-LX4 X2 Module X2-10GB-SR= 10GBASE-SR X2 Module X2-10GB-CX4= 10GBASE-CX4 X2 Module XENPAK-10GB-LW= 10GBASE-LW XENPAK Module DWDM-XENPAK-xx. 1490NM GLC-BX-U= 1000BASE-BX SFP. WS-C6503 PWR-2700-AC/4= 2700W AC Power Supply for Cisco 7604/6504-E WS-CAC-3000W= Catalyst 6500 3000W AC power supply (spare) WS-CAC-6000W= Catalyst 6500 6000W AC Power Supply WS-CAC-8700W-E= Catalyst 6500 8700W Enhanced AC Power Supply Power Supplies DC PWR-950-DC= Spare 950W DC P/S for Cisco 7603/Catalyst 6503 2-16 Cisco Catalyst 6500 Series Switches . Spare WS-C6597= Catalyst C6506/9 23in Center Rack Mount Kit WS-6513-RACK-MNT= 23in Rack Mount Kit for 6513 KIT-MNTG-09= Mounting Kit For CISCO7609/Catalyst 6509-NEB-A chassis CABLETRAY-09= Cable Tray Assembly for Cisco 7609/Catalyst 6509-NEB-A WS-F6K-48X2-SPLTR= Spare .Y-Type Splitter Bar for WS-X6148X2-RJ-45 Power Supplies AC PWR-1400-AC= 1400W AC pwr/sup for CISCO7603 and Catalyst WS-C6503 chassis PEM-20A-AC+= PwrEntryMod use w/1400W AC P/S for Cisco 7603.7600-SIP-600= Cisco 7600 Series SPA Interface Processor-600 7600-SIP-400= Cisco 7600 Series SPA Interface Processor-400 7600-SIP-200= Cisco 7600 Series SPA Interface Processor-200 WS-X6582-2PA= Cisco7600/Catalyst6500 Enhanced FlexWAN.xx nm SFP (100 GHz ITU grid) CWDM-SFP-xxxx= CWDM xxxx NM SFP Gigabit Ethernet and 1G/2G FC GLC-BX-D= 1000BASE-BX SFP.xxnm GBIC (100GHz ITU grid) WDM-GBIC-REC= xWDM Receive-Only GBIC CWDM-GBIC-xxxx= 1000BASE-CWDM xxxx nm GBIC (single mode only) WS-G5487= 1000Base-ZX extended reach GBIC (singlemode) WS-G5486= 1000BASE-LX/LH long haul GBIC (singlemode or multimode) WS-G5484= 1000BASE-SX Short Wavelength GBIC (Multimode only) WS-G5483= 1000BASE-T GBIC Optics/Transceivers Fast Ethernet GLC-FE-100BX-U= 100BASE-BX10-U SFP GLC-FE-100BX-D= 100BASE-BX10-D SFP GLC-FE-100ZX= 100BASE-ZX SFP (80km) GLC-FE-100EX= 100BASE-EX SFP (40km) GLC-FE-100LX= 100BASE-LX SFP for FE port GLC-FE-100FX= 100BASE-FX SFP for FE port Rack Mount Kits and Accessories KIT-MNTG-CG-3= Mounting Kit and Cable Guide For Cisco 7603/Catalyst 6503 chassis KIT-MNTG-CG-4= Mounting Kit and Cable Guide For Cisco 7604 and 6504-E WS-C6X06-RACK= Catalyst 6x06 Rack Mount Kit and Cable Organizer. Spare WS-C6509-E-RACK= Catalyst 6509-E Rack Mount Kit WS-C6513-RACK= Catalyst 6513 Rack Mount Kit and Cable Organizer. LC connector SX transceiver GLC-T= 1000BASE-T SFP DWDM-GBIC-xx-xx= 1000BASE-DWDM 15xx. 1310NM GLC-ZX-SM= 1000BASE-ZX SFP GLC-LH-SM= GE SFP. LC connector LX/LH transceiver GLC-SX-MM= GE SFP.xx= 10GBASE-DWDM 15xx. Spare WS-C6X09-RACK= Catalyst 6x09 Rack Mount Kit and Cable Organizer.

Ideal for Companies that Need These Features • Power-over-Ethernet (PoE) ports • Ability to upgrade from unmanaged switches or hubs • GUI-based configuration and management These switches are ideal for customers who are deploying switching solutions in networks with fewer than 250 users. • The Cisco Catalyst Express switches allow centralized management of small and medium-sized business (SMB) networks. wireless. using a single IP address. simplifying deployment and eliminating the need and cost of installing separate power supplies for connected endpoints.000 32 2 2 CE500-24PC 8. • Cisco offers a limited lifetime hardware warranty on these switches. Spare 4000W DC Pwr Supply for CISCO7609/13 and Catalyst 6509/13 For More Information For more information about the Cisco Catalyst 6500 Family.8 6. and ongoing optimization of the solutions. wireless networks. 8-.6 8. Key Features • Cisco IOS Software support—Cisco IOS Software ships with all Cisco Catalyst Express switches.and medium-sized businesses (SMBs).000 32 4 12 Cisco Catalyst Express 500 and Catalyst Express 520 Series Switches . troubleshooting. and Cisco Unified IP Phones. IP video cameras.Chapter 2 PEM-DC/3= PWR-2700-DC/4= WS-CDC-2500W= PWR-4000-DC= Spare DC Power Entry Mod for Cisco7603/Catalyst 6503 2700W DC Power Supply for Cisco 7604/6504-E Catalyst 6000 2500W DC Power Supply.4W simultaneously on all ports and can power connected IP phones.8 6. This setup simplifies the deployment of IP communications and wireless LAN (WLAN) solutions by automatically detecting these applications and optimizing network QoS and security settings to support them. visit: http://www. and IP communications for organizations with up to 250 employees. Specifications Feature Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Onboard memory (DRAM MB) Gigabit Ethernet GBIC/SFP density 10/100/1000 density CE500-24TT 8.cisco. or IP communications solutions. wireless access points. The Cisco Catalyst Express 520 Series is preconfigured to support Cisco Smart Business Communications System [SBCS] phone deployments.com/go/catalyst6500. • High performance—The solutions provide nonblocking. wire-speed switching on all ports to increase network availability and bandwidth.8 6.6 8.6 8. downloadable Cisco Network Assistant and Cisco Configuration Assistant provide easy-to-use GUIs and Cisco Smartports technology to eliminate the complexity that typically accompanies configuration and simplify the management. • Power over Ethernet (PoE)—Four-.000 32 2 2 CE500G-12TC 24 18 8. and other devices directly over the Ethernet connection. providing an easy-to-manage. • Optimized quality of service (QoS) with Cisco Smartports—Cisco Smartports technology matches the appropriate class-of-service (CoS) and differentiated-services-code-point (DSCP) values to the specific Cisco device connected to the Cisco Catalyst Express switch. • Robust network security—These switches provide security at the device level with Secure Sockets Layer (SSL) and Simple Network Management Protocol (SNMP) encryption. integrated services routers. Cisco Catalyst Express 500 and Catalyst Express 520 Series Switches The Cisco Catalyst Express 500 and Catalyst Express 520 Series switches are custom-built for growing small. secure network foundation optimized for data. using a Secure Sockets Layer (SSL) connection. and at the network level with the Cisco Network Assistant security slider. as well as features to manage port congestion and preserve performance. and 24-port PoE configurations provide full 15.000 32 0 2 CE500-24LC 8. • Easy installation and configuration—The embedded Device Manager and the free. Management can be done locally or remotely. including Cisco Catalyst switches. which offers three preconfigured security levels.

73 x 17. LC connector SX transceiver GLC-FE-100LX 100BASE-LX SFP for FE port GLC-FE-100BX-U 100BASE-BX10-U SFP GLC-FE-100BX-D 100BASE-BX10-D SFP RPS RPS-2300 Redundant Power System 2300 (select PoE models only) CAB-RPS2300 Cable compatible with Catalyst Express C3K-PWR-750WAC For 24 ports of Class 3 PoE (15.6 x 9.3af Class 3 devices (15.15 cm. (3.5 x 9.8 6.73 x 17. GUI WS-CE500-24PC 24 10/100 (24PoE) and 2 10/100/1000BT or SFP uplinks. GUI managed WS-CE520-24PC-K9 24 10/100 (24PoE) and 2 10/100/1000BT or SFP uplinks.6 3.9 in.73 x 17.3afClass 2 devices (7. (4.3W) AC/DC support Dimensions (H x W x D) Unit weight Selected Part Numbers and Ordering Information Cisco Catalyst Express 500 Series WS-CE500-24TT 24 10/100 and 2 10/100/1000BT uplinks.39 x 44.4W/port) For More Information For more information about the Cisco Catalyst Express 500 Switches. GUI software Cisco Catalyst Express 520 Series WS-CE520-24-TT-K9 12 10/100 and 2 10/100/1000BT uplinks.39 x 44.73 x 17.7 kg) 0 45 0 0 AC only 1.000 32 2 2 24 460 24 24 AC only 1. (4.45 x 25.15 cm) 8 lb (3.7 kg) 24 460 24 24 AC only 1.000 32 2 2 24 110 4 4 AC only 1.1 in.39 x 44.4 in.) 8 lbs (3. (4.9 in.73 x 17.7 kg) 24 110 4 4 AC only 1.45 x 25. (5. (4.45x 25.) CE520-24TT 8.73 x 17. (4.000 32 1 0 8 204 8 8 AC only 1. GUI managed WS-CE520-24LC-K9 24 10/100 (4 PoE) and 2 10/100/1000BT or SFP uplinks.4W) PoE: Max. 802.5 kgs.6 8. GUI managed SFPs GLC-GE-100FX= 100FX SFP on GE SFP ports for DSBU switches GLC-FE-100FX 100BASE-FX SFP for FE port GLC-LH-SM= GE SFP. visit: http://www.) 12 lbs. (4.) CE520-24PC 8.3 kg) Unit weight Feature Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Onboard memory (DRAM MB) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density Max.7 kgs. (4.9 in. (4.5 x 9.73 x 17. GUI managed WS-CE520-24TC-K9 24 10/100/1000BT ports and 2 10/100/1000 or SFP ports. watt power consumption PoE: Max.com/go/catalystexpress500.) CE520-24LC 8.39 x 44.5 x 9.73 x 10.39 x 44. 802.6 8.15 cm.) 8 lbs.3afClass 2 devices (7.cisco.45x 25.15 cm.39 x 44. 802.LC connector LX/LH transceiver GLC-SX-MM= GE SFP.3af Class 3 devices (15.3W) AC/DC support Dimensions (H x W x D) 24 30 0 0 AC only 1.15 cm) 8 lb (3. 802.9 in.) 8 lbs. GUI sw WS-CE500G-12TC 8 10/100/1000BT and 4 10/100/1000BT or SFPs.7 kgs. GUI software WS-CE500-24LC 24 10/100 (4 PoE) and 2 10/100/1000BT or SFP uplinks.10/100 density Max.2 8. (3.45 x 25.58 cm.000 32 0 2 24 30 0 0 AC only 1.7 kgs.39 x 44.5 x 9.) CE520-8P 3.15 cm) 8 lb (3.8 6.4W) PoE: Max.9 in.5 x 9. GUI managed WS-CE520-8PC-K9 8 10/100 PoE and 1 10/100/1000BT or SFP uplink.4 x 27 x 23 cm) 5 lb (2. 2-18 Cisco Catalyst Express 500 and Catalyst Express 520 Series Switches .9 in.8 6.5 x 9. watt power consumption PoE: Max.45x 36.45 x 25.5 x 14.6 8.

Cisco Network Assistant. High port density • Cisco Catalyst 2950G-24-EI Switches—Desktop connectivity. midsize service provider and industrial networks. Medium port density • Cisco Catalyst 2950G-24-EI-DC Switches—Network Equipment Building Standards (NEBS) compliance. video.while maintaining the simplicity of traditional LAN switching. standalone. When a Cisco Catalyst 2950 Switch is combined with a Cisco Catalyst 3550 Series Switch. managed 10/100 switches with Gigabit uplinks (part numbers 2950SX-48. Low price per port • Cisco Catalyst 2950 Series Switches with Standard Image (SI) Software—Wire-speed. These wire-speed desktop switches come with Standard Image (SI) software features and offer Cisco IOS Software functions for basic data. fixedconfiguration. security. Cisco Network Assistant (These switches are ideal for desktop connectivity. • These switches provide intelligent services such as advanced quality of service (QoS). and 2950SX-24 only) providing user connectivity for small to midsize networks. 2950T-48. • These switches are ideal for small and midsize networks. high-performance switches for delivering 10-/100-Mbps speed connectivity to desktop PCs. Ideal for Companies that Need These Features • Cisco Catalyst 2950 Series Switches with Enhanced Image (EI) Software—Layer 2-. Low price per port • Cisco Catalyst 2950C-24 Switches—High-speed uplink connectivity over extended distances with 2 fixed 100BASE-FX connections using MT-RJ connectors. In addition to the range of Intelligent Ethernet switches.) • Cisco Catalyst 2950G-12-EI Switches—Low port density. Wire-speed performance. • These switches support the Cisco Redundant Power System 675 (RPS 675). Stackable infrastructure. 3-. and stackable switches that provide wire-speed Fast Ethernet and Gigabit Ethernet connectivity for small.Chapter 2 Cisco Catalyst 2950 Series Switches The Cisco Catalyst 2950 Series Switches are fixed-configuration. high availability. High-speed uplink connectivity with 2 fixed 10/100/ 1000 ports • Cisco Catalyst 2950T-24 Switches—High-speed uplink connectivity with 2 fixed 10/100/1000 ports . These Intelligent Ethernet switches come with Enhanced Image (EI) software configuration only. and other systems. Layer 2-based quality-of-service (QoS) and security features. and multicast management to the network edge -. • These switches offer scalability and high-availability features. Gigabit interface converter (GBIC)-based uplink ports for media flexibility • Cisco Catalyst 2950G-48-EI Switches—Desktop connectivity. servers. This PC-based network-management application is optimized for networks with 20 devices or fewer. High-speed uplink connectivity with 2 fixed 1000BASE-SX ports • Cisco Catalyst 2950SX-24 Switches—High-speed uplink connectivity with 2 fixed 1000BASE-SX ports . • Cisco Catalyst 2950 Series Switches offer wire-speed performance in connecting end stations to the LAN. (These switches are ideal for desktop connectivity. security filters.) • Cisco Catalyst 2950-12 Switches—Low port density • Cisco Catalyst 2950-24 Switches—Medium port density • Cisco Catalyst 2950SX-48 Switches—High port density. the solution can facilitate IP routing from the edge to the core of the network. (These switches are ideal for telco or data-center-networking [DCN] environments. • These switches offer sophisticated multicast management with Internet Group Management Protocol (IGMP) Snooping. the Cisco Catalyst 2950 Series also includes switches with Standard Image (SI) software configuration only and are standalone. rate limiting.) • Cisco Catalyst 2950T-48 Switches—High port density. Specifications Feature 2950G-48-EI 2950G-24-EI 2950G-24-EI-DC 2950G-12-EI 2950T-24 Cisco Catalyst 2950 Series Switches 2-19 . and voice services at the edge of the network. and 4-based services: Advanced quality of service (QoS). Medium port density Key Features • Cisco Network Assistant offers centralized management and configuration of Cisco networks to simplify deployment and ongoing maintenance by taking advantage of Cisco Smartports technology. and STP enhancements. Medium port density.

Layer 3 and 4 Services. 4 egress queues.6 Mpps 6. Private VLAN Edge.Same as 2950GVLANs EI EI EI 48-EI FEC Yes Yes Yes Yes Yes 802.52 in. IBNS.Same as 2950GRMON Alarms.5 x 13 in. Same as 2950-24 Same as 2950-24 Same as 2950-24 for Intrusion CWSI.6 Mpps All Ports 2950SX-48 50-port (48 10/100 autosensing & 2 ports 1000BASESX) 12 10/100 ports 24-port 10/100 50-port (48 10/100 autosensing autosensing & 2 ports 10/100/1000) T-12: 2 fixed 10/100/ 1000 uplink ports Forwarding Bandwidth Forwarding Rate Full-Duplex Capabilities VLAN Maximum FEC 802. Telnet.5 x 16 in. BPDU Scheduling.6 Mpps All Ports 4.Fixed Ports Forwarding Bandwidth 48 port 10/100 autosensing & 2 GBIC-based Gigabit Ethernet ports 13.Same as 2950G-48.Same as 2950G-48. (H x W x D) Feature Fixed Ports 2950T-48 2950-24 2950-12 12-port 10/100 autosensing 2950SX-12 26-port (24 10/100 autosensing & 2 ports1000BaseSX) C-12:2 fixed 100BASE-FX multimode uplink ports. (CLI)-based out-of-band.8 Gbps 24 port 10/100 autosensing & 2 GBIC ports and DC Power 8. 1. Spanning Tree Root Guard Same as 2950G-48. TACACS+. RMON.11x.5 x 9. SPAN for Intrusion Detection. 1.8 Mpps 6.72 x 17. Same as 2950G-48.Same as 2950G-48. 1. with MAC aging. TACACS+. WRR.1 Mpps 6.1P. 4 egress queues. Strict Priority Scheduling Standard Image (SI) Standard Image (SI) Standard Image (SI) Standard Image (SI) Standard Image (SI) 8 MB 8 MB 8 MB 8 MB 8 MB 16 MB 16 MB 16 MB 16 MB 16 MB Express Setup. Telnet.72 x 17. SPAN for Intrusion Detection.8 Gbps Forwarding Rate 10. L2 Trace Route. Statistics EI EI EI 48-EI Dimensions 1.72 x 17.6 Mpps Full-Duplex All Ports All Ports All Ports All Ports All Ports Capabilities VLAN Maximum 250-port-based Same as 2950G-48. Auto configuration. embedded CMS 2-20 Cisco Catalyst 2950 Series Switches . ACL.Same as 2950G-48. Auto QoS Management Express Setup.4 Gbps 1. VLAN 1 embedded CMS minimization. EI EI EI 48-EI Multicast VLAN Registration QoS 802. 802. RSPAN Software Image Enhanced Image (EI) Enhanced Image (EI) Enhanced Image (EI) Enhanced Image (EI) Enhanced Image (EI) Flash Memory 8 MB 8 MB 8 MB 8 MB 8 MB CPU DRAM 16 MB 16 MB 16 MB 16 MB 16 MB Embedded History.52 in. RADIUS. Marking.6 Mpps 4. Weighted Round Robin. RMON.1P. SPAN SNMP.5 x 9. Route.52 in.72 x 17. Same as 2950G-48. Private VLAN Edge. VLAN 1 minimization. SPAN for Intrusion Detection.Same as 2950GEI EI EI EI 48-EI 802.5 x 9.Same as 2950G-48. SNMP. BPDU Scheduling. (CLI)-based Detection.1Q Yes Yes Yes Yes Yes Security Port Security.6 Gbps 13. Auto configuration.Same as 2950G-48. Expedite Queuing. Policing. SNMP.8 Gbps 3.11x. SNMPv3 (crypto). L2 Trace out-of-band.1Q Security Multicast QoS Software Image Flash Memory CPU DRAM Management Capabilities 13.Same as 2950G-48.6 Mpps All Ports 64-port-based 64-port-based 64-port-based 64-port-based 64-port-based VLANs VLANs VLANs VLANs VLANs Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Port Security.Same as 2950G-48. with MAC aging.Same as 2950G-48.8 Gbps 6. Strict Priority Scheduling. RMON. BPDU Guard. S-12: 2 fixed 100BASE-LX singlemode uplink ports 8. Capabilities Telnet.4Gbps 26-port (24 10/100 autosensing & 2 ports 1000BaseT 8. Spanning Tree Root Guard Multicast IGMP Snooping.75 x 17.8 Mpps All Ports 13. BPDU Guard.8Gbps 12 port 10/100 autosensing & 2 GBIC ports 6.6 Gbps 13.Same as 2950GIGMP filtering. (CLI)-based out-ofband. SSH. RADIUS. CWSI. 802.6 Gbps 24 port 10/100 autosensing & 2 GBIC ports 8. embedded CMS.6 Mpps All Ports 2. Events. CWSI. 1.

Enhanced Image WS-C2950G-12-EI Cisco Catalyst 2950G-12 switch with 12 10/100 ports and 2 GBIC ports.75 x 17.Same as 2950G-48.75 x 17. Standard Image Gigabit Interface Converters (GBICs) WS-X3500-XL GigaStack GBIC Gigabit Ethernet stacking GBIC and 50 cm cable WS-G5484= 1000BaseSX GBIC short wavelength GBIC (multimode fiber only) WS-G5486= 1000BaseLX/LH GBIC long wavelength/long haul GBIC (single or multimode fiber) WS-G5487= 1000BaseZX GBIC extended-reach GBIC (single mode fiber only) WS-G5483= 1000BaseT GBIC.11x. Weighted Round Robin.Same as 2950G-48. with MAC aging. SPAN for Intrusion Detection. ACL. Enhanced Image WS-C2950T-24 Cisco Catalyst 2950C-24T switch with 24 10/100 ports and two fixed 1000BaseT Uplink ports.Chapter 2 Embedded RMON Dimensions (H x W x D) Feature Fixed Ports Forwarding Bandwidth Forwarding Rate Full-Duplex Capabilities VLAN Maximum FEC 802. 2950C-24 26-port (24 10/100 autosensing & 2 ports100BaseFX) 5.5 x 13 in. 2 GBIC ports and DC Power. (CLI)-based out-of-band.Gigabit-Ethernet-over-copper GBIC Redundant Power System (RPS) PWR675-AC-RPS-N1= 675W Redundant Power Supply with 1 connector cable VAB-RPS-1414= 1.2 meter cable for Cisco RPS 300 to external device connection Cables/Accessories CAB-RPS-1614= 1 RPS 675 connector cable 16/14 CAB-GS-50CM 50 centimeter cable for GigaStack GBIC STK-RACKMOUNT-1RU= Rack mount kit for 1 RU versions of Cisco Catalyst 2950. TACACS+.5 x 13 in. RPSAN Enhanced Image (EI) 8 MB 16 MB Same as Cisco Catalyst 2950G-48-EI 1. SNMP. Spanning Tree Root Guard Same as 2950G-48-EI 802. and FastHub 400 switches Packaged SMARTnet 8x5xNBD Maintenance Contract Cisco Catalyst 2950 Series Switches 2-21 . L2 Trace Route. Private VLAN Edge. CWSI. RMON.5 x 9. embedded CMS.5 x 11.5 x 9. SSH. IBNS. Standard Image WS-C2950-24 Cisco Catalyst 2950-24 switch with 24 10/100 ports.9 Mpps All Ports 250-port-based VLANs Yes Yes Port Security.1Q Security Multicast QoS Management Capabilities Software Image Flash Memory CPU DRAM Embedded RMON Dimensions (H x W x D) Same as 2950G-48. SNMPv3 (crypto). Auto configuration.2 Gbps 3.Same as 2950G-48. VLAN 1 minimization. BPDU Guard. Standard Image WS-C2950-12 Cisco Catalyst 2950-12 switch with 12 10/100 ports. Enhanced Image WS-C2950G-24-EI-DC Cisco Catalyst 2950G-24-DC switch with 24 10/100 ports.75 x 17. 2900 XL.Same as 2950GEI EI EI EI 48-EI 1.52 in.8 in. BPDU Scheduling.75 x 17. 1900. 4 egress queues. Enhanced Image WS-C2950SX-48-SI Cisco Catalyst 2950SX-48 switch with 48 10/100 ports and two fixed 1000BASE-SX Uplink ports.8 in. Strict Priority Scheduling. 1.5 x 11. Enhanced Image WS-C2950G-24-EI Cisco Catalyst 2950G-24 switch with 24 10/100 ports and 2 GBIC ports. Enhanced Image WS-C2950C-24 Cisco Catalyst 2950C-24 switch with 24 10/100 ports and two fixed 100BaseFX Uplink ports. 1. Selected Part Numbers and Ordering Information Cisco Catalyst 2950 Series Switches WS-C2950G-48-EI Cisco Catalyst 2950G-48 switch with 48 10/100 ports and 2 Gigabit Interface Converter (GBIC)-based GE ports.52 in. SPAN for Intrusion Detection. RADIUS. Telnet. 802.75 x 17. 3500 XL.75 x 17. Standard Image WS-C2950SX-24 Cisco Catalyst 2950SX-24 switch with 24 10/00 ports and two fixed 1000BaseSX Uplink ports. Standard Image WS-C2950T-48-SI Cisco Catalyst 2950T-48 switch with 48 10/100 ports and two fixed 10/100/1000 Uplink ports. 1. Express Setup.1P. 1.

Ideal for Companies that Need These Features • Intelligent services at entry-level functions • QoS. Cisco Catalyst 2960 Series Switches The Cisco Catalyst 2960 Series Switches are fixedconfiguration switches offering Fast Ethernet. and Per-VLAN Spanning Tree Plus (PVST+) increases available bandwidth by allowing traffic on redundant links. Key Features • Power over Ethernet (PoE)—Cisco Catalyst 2960 Series Switches offer 370W PoE. Cisco Smartports automatically detects connected Cisco devices and recommends preset configurations for the switch port connected to the device. visit: http://www.CON-SNT-PKG3 CON-SNT-PKG4 CON-SNT-PKG6 Packaged SMARTnet 8x5xNBD Maintenance for the Cisco Catalyst 2950G-12. and micro branch offices where space is a premium. Power over Ethernet (PoE).6 8. and Gigabit Ethernet connectivity with intelligent LAN services for midmarket and branch-office networks. and the Cisco Catalyst 2960 LAN Lite Switches offer entrylevel features with scalable management and easy troubleshooting. Three compact models offer a small footprint and silent operation yet deliver the enterprise feature set.000 64 MB 1 1 8 0 20 AC only WS-C2960-24TC-L 16 6. Flexlink provides sub-100-msec convergence. watt power consumption AC/DC support WS-C2960-8TC-L 16 2.7 8. and rapid recovery.000 64 MB 2 2 48 0 45 AC only 2-22 Cisco Catalyst 2960 Series Switches .000 64 MB 0 2 24 0 30 AC only WS-C2960-48TC-L 16 10.000 64 MB 2 2 24 0 30 AC only WS-C2960-24TT-L 16 6. which simplifies IP telephony. The Cisco Catalyst 2960 LAN Base Switches offer enhanced security. access control lists (ACLs). load balancing. • Availability—The 802. quality of service (QoS). It also provides intelligent power-management features. and video surveillance deployments.6 8. ports. enhanced security. and availability • Easy deployment and management of their networks The Cisco Catalyst 2960 Series Switches are ideal for situations where space is a constraint. and availability. 2950-24 and 2950-12 Packaged SMARTnet 8x5xNBD Maintenance for the Cisco Catalyst 2950G-24 and 2850G-24-DC Packaged SMARTnet 8x5xNBD Maintenance for the Cisco Catalyst 2950G-48 For More Information For more information about the Cisco Catalyst 2950 Series Switches. • Management—Cisco Network Assistant is a GUI-based management tool for configuration management and troubleshooting. • Security—Network security is enabled through a wide range of authentication methods. granular rate limiting. Specifications Features Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Onboard memory (DRAM) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density 100BASE-FX density Max. data-encryption technologies. classrooms. • Quality of service (QoS)—Network control and bandwidth optimization are achieved through advanced QoS. they are ideal for applications outside the wiring closet such as office workspaces. and multicast services.1S/W standard facilitates standards-based fault tolerance.1 8.com/go/catalyst2950. and Cisco Network Admission Control (NAC) based on users. and MAC addresses.cisco. wireless.

73 x 17. watt power consumption AC/DC support Dimensions (H x W x D) Unit weight Features Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Onboard memory (DRAM) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density 100BASE-FX density PoE: Max. (3.5 x 9.6 kgs.) 1. (4.Chapter 2 Dimensions (H x W x D) Unit weight Features Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Onboard memory (DRAM) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density 100BASE-FX density Max.73 x 17.4 x 44.5 x 23.5 x 9.5 x 23.5 x 23.5 x 9.) 8 lbs. (3.5 cm) 3 lbs. 802.5 x 12.6 kgs.) 32 39 8.9 8.5 x 23.5 8.000 64 MB 4 24 0 0 75 AC only 1.7 8.8 cm.6 cm.5 x 9.3 in.5 x 9.5 8.5 x 23.4 x 44.4W) PoE: Max.4 kgs.4 x 44.) WS-C2960-48TC-S 16 10. (1.6 cm) 8 lbs.000 64 MB 2 2 24 0 30 AC only 1.000 64 MB 0 2 24 0 8 8 175W (dissipated power 51W) AC only 1.1 8.5 x 32.6 kgs.000 64 MB 0 0 24 0 30 AC only 1.3 cm) 3 lbs.000 64 MB 4 48 0 0 140 AC only 1. (4.4 x 44.9 in. (3.5 x 9.4 x 44.6 kgs.3 in.) 12 lbs.4 kgs.4 x 44.6 cm.) 3 lbs.9 in.6 cm. DC input 1.) 8 lbs.6 x 8.4 x 44.6 cm.5 kgs.6 kgs.8 cm.000 64 MB 2 22 48 0 45 AC only 1.5 x 32.) WS-C2960PD-8TT-L 16 2.000 64 MB 1 7 0 0 30 AC only 1. (3. (3. (3. 27 x 20.73 x 10. 802.4 x 44.) 10 lbs. (4.73 x 17.9 in.5 cm) (4.4 x 27 x 16.1 in. (4.5 x 23.1 in.4 kgs.) WS-C2960-48TT-L 16 10. watt power consumption AC/DC support Dimensions (H x W x D) Unit weight 1. (3.) 8 lbs.5 kgs.) 8 lbs. (4.4 x 44.3 in.5 x 9.6 kgs. (4.000 64 MB 0 2 48 0 45 AC only 1.) Cisco Catalyst 2960 Series Switches 2-23 .000 64 MB 2 2 24 0 24 24 470W (dissipated power 100W) AC only 1.3 in.73 x 10. (4.6 kgs. (4.4 x 44.73 x 17. (1.) WS-C2960-24-S 16 3.5 x 12.6 cm.) 8 lbs.4 kgs.6 8.3 in.4 x 27 x 20. watt power consumption AC/DC support Dimensions (H x W x D) Unit weight Features Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Onboard memory (DRAM) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density 100BASE-FX density Max. (4. (4.73 x 17.6 x 8. (5.3 in.000 64 MB 0 1 8 0 0 0 11W 1.6 cm.73 x 17.8 cm.73 x 17.3W) Max. (4.73 x 17.) 32 35.1 8.5 x 9.4 x 44.5 x 12.5 x 23.5 8.73 x 17.73 x 17.) 10 lbs.) WS-C2960G-24TC-L WS-C2960G-48TC-L No internal power supply.) WS-C2960G-8TC-L 32 11.3 in.) WS-C2960-24TC-S 16 6.6 kgs.73 x 17.4 x 1. (1. (4.4 in. (4.7 8.6 x 6.) WS-C2960-24PC-L 16 6.5 x 32. (4.73 x 10.3af Class 2 devices (7.6 cm. (4.5 x 23. (3.) WS-C2960-24LT-L 16 6.3 in.) 8 lbs.3af Class 3 devices (15.) 8 lbs.

visit: http://www.LC connector LX/LH transceiver GLC-SX-MM= GE SFP. and one or more fiber uplinks • Cisco Catalyst 3560G-24TS Switches—Low-density 10/100/1000 access. and one or more fiber uplinks • Cisco Catalyst 3560-48PS Switches—Medium-density access. and scalability.com/go/catalyst2960. deployments of IP telephony. and one or more fiber uplinks • Cisco Catalyst 3560G-48PS Switches—Medium-density 10/100/1000 access. security. Layer 2+ or Layer 3 features. Layer 2+ or Layer 3 features. Power over Ethernet (PoE). 4 T/SFP LAN Base Image Cisco Catalyst 2960 Series LAN Lite Switches WS-C2960-24-S 24 10/100 LAN Lite Image WS-C2960-24TC-S 24 10/100 + 2T/SFP LAN Lite Image WS-C2960-48TC-S 48 10/100 + 2T/SFP LAN Lite Image SFPs GLC-GE-100FX= 100FX SFP on GE SFP ports for DSBU switches GLC-FE-100FX 100BASE-FX SFP for FE port GLC-LH-SM= GE SFP. LC connector SX transceiver GLC-FE-100LX 100BASE-LX SFP for FE port GLC-FE-100BX-U 100BASE-BX10-U SFP GLC-FE-100BX-D 100BASE-BX10-D SFP GLC-ZX-SM= 1000BASE-ZX SFP RPS PWR-RPS2300 RPS2300 redundant power supply with 1 connector cable For More Information For more information about Cisco Catalyst 2960 Series Switches.cisco. and one or more fiber uplinks • Cisco Catalyst 3560-48TS Switches—Medium-density access. and one or more fiber uplinks • Cisco Catalyst 3560G-48TS Switches—Medium-density 10/100/1000 access. resiliency. PoE. 1 T/SFP LAN Base Image WS-C2960G-24TC-L 24 10/100/1000. Layer 2+ or Layer 3 features. Layer 2+ or Layer 3 features. Layer 2+ or Layer 3 features. or Gigabit to the Desktop (GTTD) • Cisco Catalyst 3560-24TS Switches—Low-density access. PoE. PoE. and one or more fiber uplinks 2-24 Cisco Catalyst 3560 Series Switches . 4 T/SFP LAN Base Image WS-C2960G-48TC-L 48 10/100/1000. Ideal for Companies that Need These Features • Cisco Catalyst 3560 Series Switches—Enhanced business productivity. Layer 2+ or Layer 3 features. wireless. Layer 2+ or Layer 3 features. Cisco Catalyst 3560 Series Switches The Cisco Catalyst 3560 Series Switches are fixed-configuration switches combining Gigabit Ethernet connectivity and Power over Ethernet (PoE) for small enterprise LAN access and branch office deployments. and one or more fiber uplinks • Cisco Catalyst 3560-24PS Switches—Low-density access. and one or more fiber uplinks • Cisco Catalyst 3560G-24PS Switches—Low-density 10/100/1000 access. quick deployment and easy management of their networks.Selected Part Numbers and Ordering Information Cisco Catalyst 2960 Series LAN Base Switches WS-C2960PD-8TT-L 8 10/100 + 1 1000BT (PoE input) LAN Base Image WS-C2960-8TC-L 8 10/100 + 1 T/SFP LAN Base Image WS-C2960-24PC-L 24 10/100 PoE + 2T/SFP LAN Base Image WS-C2960-24TC-L 24 10/100 + 2T/SFP LAN Base Image WS-C2960-24LT-L 24 10/100 (8 PoE) + 2 1000BT LAN Base Image WS-C2960-24TT-L 24 10/100 + 2 1000BT LAN Base Image WS-C2960-48TC-L 48 10/100 + 2 T/SFP LAN Base Image WS-C2960-48TT-L 10/100 Ports + 2 1000BT LAN Base Image WS-C2960G-8TC-L 7 10/100/1000. Layer 2+ or Layer 3 features.

) 8.1 12.1 in.) WS-C3560G-24TS 32 38.4W) PoE: Max.5 x 11. wireless.000 11. (4.73 x 17. and IPv6.000 128/32 MB 4 0 48 0 0 AC only 1.5 x 14.1 cm.73 x 17. equal cost routing as well as multicast routing such as Protocol Independent Multicast (PIM).5 12.0 kgs.Chapter 2 Key Features • Availability—The Cisco Catalyst 3560 Series Switches offer fault tolerance.9 in. (6.8 in.4 x 44. (4.7 12. and Policy Based Routing (PBR) to increase network scale. 802.4 x 44.5 x 30. Enhanced Interior Gateway Routing Protocol (EIGRP).5 x 30.3W) AC/DC support Dimensions (H x W x D) Unit weight Features Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Routes supported Onboard memory (DRAM/Flash) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density PoE: Max.73 x 17.000 11.3af Class 2 devices (7.73 x 17.5 x 14.4 x 44. (6.9 in. (3.8 in.) 11. (7.9 in. (5.1 12.5 lbs. and video-surveillance deployments.5 x 11.9 cm.000 11.3af Class 3 devices (15. shaped Round Robin guarantees bandwidth to mission-critical applications.) WS-C3560G-48PS 32 38. • Security—Dynamic Host Configuration Protocol (DHCP) Snooping allows only trusted ports to relay DHCP messages. and port security prevents MAC address flooding attacks.8 cm.4 x 44. • Management—Cisco Smartports quicken and simplify configuration of advanced Cisco Catalyst intelligent capabilities.4 x 44.5 lbs.5 x 40.1 kgs.000 128/32 MB 2 0 24 0 0 AC only 1.3af Class 3 devices (15.5 x 37.73 x 17.4W) PoE: Max.) 9.1 kgs.5 x 16.5 lbs.5 x 30. and PoE combined with Fast Ethernet or Gigabit Ethernet. (5.) 13.) 1.8 cm.4 x 44. eliminating rogue DHCP servers. (4.7 12.000 11. 802.7 12.000 128/32 MB 4 24 0 0 0 1.) 12 lbs.5 x 37. 802.4 x 44.000 128/32 MB 4 48 0 0 0 WS-C3560-24PS 32 6. 802.000 128/32 MB 4 24 0 24 24 WS-C3560-48PS 32 13. (4.5 12. Express setup facilitates quick and easy setup through a Web interface.1x and Identity-Based Network Services allow only authorized persons on the network. and resource templates help tailor switch resources for the application.) 14 lbs.4 kgs.) (4.7 12. (4. Specifications Features Forwarding bandwidth (Gbps) Packets per second (Mpps) MAC addresses supported Routes supported Onboard memory (DRAM/Flash) Gigabit Ethernet GBIC/SFP density 10/100/1000 density 10/100 density PoE: Max. (4.5 x 11. 802.9 cm. increased available bandwidth with Per VLAN Spanning Tree Plus (PVST+) by allowing traffic on redundant links. • Layer 3—The switches support advanced routing protocols such as Open Shortest Path First (OPSF).000 11. (4.1lbs. load balancing.) WS-C3560G-24PS 32 38. and Scavenger Queuing protects against worms overloading resources.5 x 14.4 kgs. 1. (4.1 kgs.8 in. (6.000 128/32 MB 4 48 0 24 48 1.000 128/16 MB 2 0 24 24 24 AC only 1. which simplifies IP telephony.73 x 17.2 lbs.1 cm.4 x 44.000 11. Cisco Network Admission Control (NAC) prevents the propagation of costly worms and viruses.0 kgs.) 15.73 x 17.3W) Dimensions (H x W x D) Unit weight WS-C3560-24TS 32 6.3af Class 2 devices (7.5 x 37.) WS-C3560G-48TS 32 38. • QoS—Traffic shaping smooths a sudden traffic flow outburst without dropping packets.1 in.5 x 40.9 kgs.73 x 17.3 lbs.5 x 16. Dynamic ARP Inspection and IP Source Guard prevent against man-in-the-middle attacks. and sub-100-millisecond convergence with Flexlink technology. Virtual Route Forwarding Lite (VRFLite) to secure traffic. intelligent power-management features.1 cm.) Selected Part Numbers and Ordering Information Cisco Catalyst 3560 Series 10/100/1000 Workgroup Switches1 Cisco Catalyst 3560 Series Switches 2-25 .) 13.000 128/16 MB 4 0 48 24 48 AC only 1.) WS-C3560-48TS 32 13.8 cm. and rapid recovery.000 11.000 11. • Power over Ethernet (PoE)—The switches provide 370W PoE.

and video. LC connector SX transceiver GLC-T= 1000BASE-T SFP GLC-ZX-SM= 1000BASE-ZX SFP CWDM-SFP-1470= CWDM 1470 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1490= CWDM 1490 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1510= CWDM 1510 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1530= CWDM 1530 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1550= CWDM 1550 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1570= CWDM 1570 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1590= CWDM 1590 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1610= CWDM 1610 NM SFP Gigabit Ethernet and 1G/2G FC CAB-SFP-50CM= Cisco Catalyst 3560 SFP Interconnect Cable.LC connector LX/LH transceiver GLC-SX-MM= GE SFP. S=IP Base. 50cm RPS 2300 PWR-RPS2300 Cisco Redundant Power System 2300 and Blower. wireless. Combining 10/100/1000 and Power over Ethernet (PoE) configurations with uplinks that easily upgrade from 1 to 10 Gigabit Ethernet. No Power Supply 3 C3K-PWR-1150WAC Cisco Catalyst 3750-E / 3560-E / RPS 2300 1150WAC power supply C3K-PWR-750WAC Cisco Catalyst 3750-E / 3560-E / RPS 2300 750WAC power supply ACC-RPS2300= Spare Accessory Kit for Cisco Redundant Power System 2300 BLNK-RPS2300= Spare Bay Insert for Cisco Redundant Power System 2300 CAB-RPS2300= Spare RPS Cable for Cisco Redundant Power System 2300 CAB-RPS2300-E= Spare RPS Cable RPS 2300 Catalyst 3750E/3560E Switches BLWR-RPS2300= Spare 45CFM Blower for Cisco Redundant Power System 2300 1. E=IP Services For More Information For more information about the Cisco Catalyst 3560 Series. 2-26 Cisco Catalyst 3560-E Series Switches . Cisco Catalyst 3560-E Series Switches The Cisco Catalyst 3560-E Series is an enterprise-class line of standalone wiring closet switches that ease the deployment of secure converged applications. visit: http://www.WS-C3560G-48PS-S 48 10/100/1000T PoE + 4 SFP Standard Image WS-C3560G-48PS-E 48 10/100/1000T PoE + 4 SFP Enhanced Image WS-C3560G-24PS-S 24 10/100/1000T PoE + 4 SFP Standard Image WS-C3560G-24PS-E 24 10/100/1000T PoE + 4 SFP Enhanced Image WS-C3560G-48TS-S 48 10/100/1000T + 4 SFP Standard Image WS-C3560G-48TS-E 48 10/100/1000T + 4 SFP Enhanced Image WS-C3560G-24TS-S 24 10/100/1000T + 4 SFP Standard Image WS-C3560G-24TS-E 24 10/100/1000T + 4 SFP Enhanced Image Cisco Catalyst 3560 Series 10/100 Workgroup Switches WS-C3560-48PS-S 48 10/100 PoE + 4 SFP Standard Image WS-C3560-48PS-E 48 10/100 PoE + 4 SFP Enhanced Image WS-C3560-24PS-S 24 10/100 PoE + 2 SFP Standard Image WS-C3560-24PS-E 24 10/100 PoE + 2 SFP Enhanced Image WS-C3560-48TS-S 48 10/100 + 4 SFP Standard Image WS-C3560-48TS-E 48 10/100 + 4 SFP Enhanced Image WS-C3560-24TS-S 24 10/100 + 2 SFP Standard Image WS-C3560-24TS-E 24 10/100 + 2 SFP Enhanced Image IOS Upgrades CD-3560-EMI= Enhanced Multilayer Image upgrade for 3560 10/100 models CD-3560G-EMI= Enhanced Multilayer Image upgrade for 3560 GE models 3560-AISK9-LIC-B= Advanced IP Services for 3560 FE models running SMI 3560-AISK9-LIC-S= Advanced IP Services upgrade for 3560 FE models running EMI 3560G-AISK9-LIC-B= Advanced IP Services upgrade for 3560 GE models running SMI 3560G-AISK9-LIC-S= Advanced IP Services upgrade for 3560 GE models running EMI SFPs GLC-GE-100FX= 100FX SFP on GE SFP ports for DSBU switches GLC-LH-SM= GE SFP.com/go/catalyst3560. these switches enhance worker productivity by enabling applications such as IP telephony.cisco.

Layer 2+ or Layer 3 features. Layer 2+ or Layer 3 features. eliminating rogue DHCP servers.3W) AC/DC support AC and DC WS-C3560E48TD 64 13.5 MAC addresses supported 12. increased available bandwidth with Per VLAN Spanning Tree Plus (PVST+) by allowing traffic on redundant link. and IPv6. Quick deployment and easy management of their networks. and one or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-24PD Switches—Low-density access.000 128/16 MB 48 48 48 48 AC and DC WS-C356048PD Full Power 64 13.1 12. Layer 2+ or Layer 3 features. wireless. full 15. and Scavenger Queuing protects against worms overloading resources. Layer 2+ or Layer 3 features. • Power over Ethernet (PoE)—The switches offer 1150W PoE. and 1 or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-48TD Switches—Medium-density access. Layer 2+ or Layer 3 features. and video-surveillance deployments. Specifications Features WS-C3560E24TD Forwarding bandwidth (Gbps) 64 Packets per second (Mpps) 6. and resource templates help tailor switch resources for the application.1 12. load balancing. Virtual Route Forwarding Lite (VRFLite) to secure traffic.4W) PoE: Max. Enhanced Interior Gateway Routing Protocol (EIGRP). 1. 802. 802. • Quality of service (QoS)—Traffic shaping smooths a sudden traffic flow outburst without dropping packets. Layer 2+ or Layer 3 features. and one or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-12SD Switches—Low-density Gigabit Ethernet fiber aggregation. resiliency. • Layer 3—Advanced routing protocols such as Open Shortest Path First (OPSF). PoE. 802. • The switches provide field-replaceable and -upgradable power supplies and fan. The switches provide equal cost routing as well as multicast routing such as Protocol Independent Multicast (PIM).000 128/16 MB 24 24 24 24 AC and DC WS-C3560E48PD 64 13.000 128/32 MB 48 48 48 48 AC and DC WS-C3560E24PD 64 6. which simplifies IP telephony. Cisco Network Admission Control (NAC) prevents the propagation of costly worms and viruses. • Security—Dynamic Host Configuration Protocol (DHCP) Snooping allows only trusted ports to relay DHCP messages. or Gigabit to the Desktop (GTTD). PoE.000 11. express setup facilitates quick and easy setup through a Web interface.to 10-Gigabit Ethernet upgradable uplinks • Cisco Catalyst 3560E-24TD Switches—Low-density access. wireless. security. and one or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-48PD Switches—Medium-density access. shaped Round Robin guarantees bandwidth to mission-critical applications.Chapter 2 Ideal for Companies that Need These Features • Cisco Catalyst 3560-E Series Switches—Enhanced business productivity.1x and Identity-Based Network Services allow only authorized persons on the network. and scalability.1 12. and Policy Based Routing (PBR) increase network scale.000 11.000 11. and one or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-12D Switches—Low-density 10-Gigabit Ethernet fiber aggregation and Layer 2+ or Layer 3 features Key Features • Availability—The Cisco Catalyst 3560-E Series Switches offer fault tolerance.000 Routes supported 11. Deployment of IP telephony. Dynamic ARP Inspection and IP Source Guard prevent against manin-the-middle attacks. • Management—Cisco Smartports quicken and simplify configuration of advanced Cisco Catalyst intelligent capabilities. and one or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-48TD Switches—Medium-density access. It provides intelligent power-management features and PoE combined with Fast Ethernet or Gigabit Ethernet.000 11.3af Class 3 24 devices (15.5 12.000 128/16 MB 48 48 48 48 AC and DC Cisco Catalyst 3560-E Series Switches 2-27 . PoE.3af Class 2 24 devices (7. and one or more 10-Gigabit Ethernet fiber uplinks • Cisco Catalyst 3560E-48PD Full Power—Medium-density 10/100/1000 access.000 Onboard memory (DRAM/ 128/32 MB Flash) 10/100/1000 density 24 10/100 density 24 PoE: Max. Layer 2+ or Layer 3 features. • The switches provide a Cisco TwinGig Converter Module for migrating uplinks from 1 Gigabit Ethernet (Small Form-Factor Pluggable [SFP]) to 10 Gigabit Ethernet (X2). and sub-100-millisecond convergence with Flexlink technology.4W of PoE on every port. and rapid recovery. and port security prevents MAC address flooding attacks.

5 x 46. (4.) 20.) 1. LC connector SX transceiver GLC-T= 1000BASE-T SFP GLC-ZX-SM= 1000BASE-ZX SFP GLC-BX-D= 1000BASE-BX SFP. 1490NM GLC-BX-U= 1000BASE-BX SFP. (4.IPS s/w WS-C3560E-24PD-S Cisco Catalyst 3560E 24 10/100/1000 PoE+2*10GE(X2).45 x 44.265W.9 lbs.0 cm.9 lbs.5 x 55. (8.265W.) 18.IPS s/w WS-C3560E-48PD-S Cisco Catalyst 3560E 48 10/100/1000 PoE+2*10GE(X2).IPB s/w WS-C3560E-24TD-S Cisco Catalyst 3560E 24 10/100/1000+2*10GE(X2).8lbs.6kgs.0 cm.1 kgs.5 kgs.5 x 46.) Unit weight 19.) 1.IPB s/w WS-C3560E-48TD-E Cisco Catalyst 3560E 48 10/100/1000+2*10GE(X2).5 x 46. IPS s/w WS-C3560E-12D-S Catalyst 3560E 12*10GE(X2).1 in.73 x 17.5 x 21. 1310NM CWDM-SFP-1470= CWDM 1470 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1490= CWDM 1490 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1510= CWDM 1510 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1530= CWDM 1530 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1550= CWDM 1550 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1570= CWDM 1570 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1590= CWDM 1590 NM SFP Gigabit Ethernet and 1G/2G FC CWDM-SFP-1610= CWDM 1610 NM SFP Gigabit Ethernet and 1G/2G FC X2 for Cisco Catalyst 3750-E Series X2-10GB-ER= 10GBASE-ER X2 Module X2-10GB-LR= 10GBASE-LR X2 Module 2-28 Cisco Catalyst 3560-E Series Switches .IPB s/w WS-C3560E-24TD-E Cisco Catalyst 3560E 24 10/100/1000+2*10GE(X2).1 in. (8.265W.) 1.) 1.750W.1 in.73 x 17.5 x 18.45 x 44.2 lbs.IPS s/w WS-C3560E-12SD-S Catalyst 3560E 12 SFP + 2*10GE(X2). (8.) 17.750W. (4.IPB s/w WS-C3560E-48PD-EF Cisco Catalyst 3560E 48 10/100/1000 PoE+2*10GE(X2).Dimensions (H x W x D) 1.73 x 17.5 x 18.0 cm.1 in.) Selected Part Numbers and Ordering Information Cisco Catalyst 3560-E Series 10/100/1000 Workgroup Switches1 WS-C3560E-24TD-S Cisco Catalyst 3560E 24 10/100/1000+2*10GE(X2). upgrade from IP Base 3560E-AISK9LCSQTY Advanced IP Services for 3560 E.1150W.7 in. IPB s/w WS-C3560E-12SD-E Catalyst 3560E 12 SFP + 2*10GE(X2).73 x 17.5 x 18. IPB s/w WS-C3560E-12D-E Catalyst 3560E 12*10GE(X2). 8. LC connector LX/LH transceiver GLC-SX-MM= GE SFP.45 x 44.75kgs. IPS s/w Cisco Catalyst 3560-E Series Product Activation Keys 3560E-AISK9LCBQTY Advanced IP Services for 3560 E.IPB s/w WS-C3560E-24PD-E Cisco Catalyst 3560E 24 10/100/1000 PoE+2*10GE(X2). (4. No Power Supply 3 C3K-PWR-1150WAC Cisco Catalyst 3750-E / 3560-E / RPS 2300 1150WAC power supply C3K-PWR-750WAC Cisco Catalyst 3750-E / 3560-E / RPS 2300 750WAC power supply ACC-RPS2300= Spare Accessory Kit for Cisco Redundant Power System 2300 BLNK-RPS2300= Spare Bay Insert for Cisco Redundant Power System 2300 CAB-RPS2300= Spare RPS Cable for Cisco Redundant Power System 2300 CAB-RPS2300-E= Spare RPS Cable RPS 2300 Catalyst 3750E/3560E Switches BLWR-RPS2300= Spare 45CFM Blower for Cisco Redundant Power System 2300 TwinGig Converter Module CVR-X2-SFP= TwinGig Converter Module SFPs for the Cisco Catalyst 3560-E Series GLC-GE-100FX= 100FX SFP on GE SFP ports for DSBU switches GLC-LH-SM= GE SFP.IPS s/w WS-C3560E-48TD-S Cisco Catalyst 3560E 48 10/100/1000+2*10GE(X2).3kgs. (9.IPB s/w WS-C3560E-48PD-E Cisco Catalyst 3560E 48 10/100/1000 PoE+2*10GE(X2).1150W.5 x 18. (4.5 x 44.750W.5 x 46.2 cm.265W.45 x 44.) 18. upgrade from the IP Base Feature Set Power Supplies C3K-PWR-265WAC= Cisco Catalyst 3750-E/3560-E 265WAC power supply C3K-PWR-265WDC= Cisco Catalyst 3750-E/3560-E 265WDC power supply C3K-PWR-750WAC= Cisco Catalyst 3750-E/3560-E/RPS 2300 750WAC power supply C3K-PWR-1150WAC= Cisco Catalyst 3750-E/3560-E/RPS 2300 1150WAC power supply C3K-BLWR-60CFM= Fan Module for the Cisco Catalyst 3750-E/3560-E RPS 2300 PWR-RPS2300 Cisco Redundant Power System 2300 and Blower.3 lbs.265W.0 cm.IPS s/w WS-C3560E-48PD-SF Cisco Catalyst 3560E 48 10/100/1000 PoE+2*10GE(X2).750W. upgrade from IP Services 3560E-IPSLCB-QTY IP Services for 3560 E.73 x 17.

Chapter 5: Security

Security Products at a Glance
Product ENDPOINT SECURITY Cisco IOS Security • Cisco IOS Security tightly integrates security services with advanced routing technologies. • Comprehensive, secure connectivity capabilities include IP Security (IPSec) VPN, Cisco Group Encrypted Transport (GET) VPN, Dynamic Multipoint VPN (DMVPN), Easy VPN, and Secure Sockets Layer (SSL) VPN. • The solution offers integrated threat control services such as category-based URL filtering, Cisco Network Admission Control (NAC), and intrusion prevention system (IPS). • A firewall for voice traversal through Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP), and H.323 protocols is supported. • Cisco IOS Security supports transparent firewalling for deployment, with no address change required in the network. • Virtual (Virtual Route Forwarding [VRF]-aware) firewalls offer isolated route space and overlapping addresses. • The modular chassis offers flexible deployment options. Cisco Security Agent Cisco Security Agent protects endpoints from all types of malware and confidential data loss with a lower total cost of ownership, and provides with the following benefits: • Proven: With proven behavior-based detection, endpoints are proactively protected from new and unknown threats • Persistent: With persistent security, endpoints are always protected, even when they are not connected to the corporate network or are lacking the latest patches • Integrated: With tightly integrated behavior-based detection, data loss protection, antivirus, antispyware, acceptable use and compliance policies, and a personal firewall into a single agent, CSA provides comprehensive endpoint protection in a simple-to-manage, lower total cost solution. Cisco NAC Appliance This easily deployed network-admission-control (NAC) solution allows network administrators to authenticate, authorize, validate, quarantine, and remediate wired, wireless, and remote users and their machines prior to allowing access to the network. It offers the following benefits: • The Cisco NAC Appliance integrates authentication, posture assessment, quarantine, and remediation into one product. • The appliance supports built-in policies for more than 350 applications from leading antivirus, antispyware, and other security and management software solution providers. Automatic security policy updates (rule sets) provide up-to-date patching, definition files, and hot fixes. • The appliance generates significant cost savings by empowering users to repair and update their own machines. • It improves network health and resiliency by using a roles-based method to prevent unauthorized access and by requiring that all incoming devices comply with corporate security policies and standards. • The solution scales from 50 to 100,000 user deployments. NETWORK SECURITY Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500 Series Adaptive Security Appliances are easy-to-deploy solutions that integrate world-class firewall, unified communications (voice and video) security SSLand IPSec VPN, intrusion prevention systems (IPSs), and content security services in a flexible, modular product family. The Cisco ASA 5500 is designed to provide: • Intelligent threat defense and secure communications services that stop attacks before they affect business continuity • Protection for networks of all sizes • Lowered overall deployment and operations costs while delivering comprehensive multilayer security 5–4 Features Page

CH APTE R 5 S e cur it y

5–6

5–7

5–11

Security Products at a Glance

5-1

Cisco Intrusion Prevention Systems (IPS)

Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious traffic, including worms, spyware, adware, network viruses, and application abuse, before they affect business resiliency. Cisco IPS solutions deliver market-leading threat protection through: • Pervasive network integration by defeating threats from multiple vectors, including network, server, and desktop endpoints • Collaborative threat prevention with a unique, system-wide security ecosystem that assesses and reacts to threats, delivering unmatched network scalability and resiliency • Proactive posture adaptation by evolving and adapting the network to stay ahead of the security landscape, mitigating threats by both known and unknown attacks • The Cisco IPS solution offers flexibility in deployment through multiple full featured form factors, including: The IDSM Module for the Cat6K; The 4200 Series appliance family; The AIM-IPS Module for the ISR Router; The AIP-SSM Module for the ASA platform appliances Cisco Catalyst 6500 The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) is a high-speed, Series Firewall integrated firewall module for Cisco Catalyst 6500 Switches and Cisco 7600 Series Routers Services Module that provides some of the fastest firewall data rates in the industry: 5-Gbps throughput, 100,000 cells per second (CPS), and 1 million concurrent connections. Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. Based on Cisco PIX Firewall technology, the Cisco Catalyst 6500 FWSM offers large enterprises and service providers excellent security, reliability, and performance while providing the following benefits: • This integrated module is installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router. • It will be compatible with future versions. • It offers enhanced reliability. • It offers a lower cost of ownership with among the best price-to-performance ratios of any firewall. • It is easy to use with the Cisco Adaptive Security Device Manager (ASDM). • Efficiency and productivity gains with the virtualized FWSM deliver multiple firewalls on one physical hardware platform. Cisco Catalyst 6500 The Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module is a high-speed, Series/7600 Series integrated SSL VPN services module for Cisco Catalyst 6500 Series Switches and Cisco WebVPN Services 7600 Series Routers that addresses the scalability, performance, application support, and Module security required for large-scale, remote-access SSL VPN deployments. Taking advantage of the broad, industry-proven application support and endpoint security provided by Cisco VPN 3000 Series Concentrators, the Cisco WebVPN Services Module is ideally suited to meet the secure connectivity demands of any organization. Important features include: • Integration with network infrastructure • Virtualization and Virtual Route Forwarding (VRF) awareness • Advanced endpoint security • Scalability • Ease of deployment Cisco SSL VPN Cisco SSL VPN solutions (formerly known as Cisco WebVPN solutions) offer a flexible and Solutions secure way to extend networking resources to virtually any remote user with access to the Internet and a Web browser. The Cisco Adaptive Security Appliance Software Version now provides enhanced SSL VPN functions to increase the ease, security, and granular control of SSL VPN connections. The ubiquity of the Internet, combined with today's VPN technologies, lets organizations cost-effectively and securely extend the reach of their network resources to telecommuters, partners, and mobile workers. These solutions deliver remote-access connectivity features and benefits such as: • Web-based clientless access and full network access without preinstalled desktop software • Threat-protected VPN • Simple, flexible, and cost-effective licensing • Single device for both SSL VPN and true IPSec VPN, as well as unified threat management (UTM) • Breadth of endpoint and platform support, including exclusive iPhone full tunnel support • Highly scalable, performance-optimized solution CONTENT SECURITY IronPort E-mail IronPort e-mail security appliances provide a multi-layer approach to stopping e-mail-based Security Appliances threats: • Spam protection—E-mail and Web reputation filtering technology is combined with industry-leading IronPort Anti-Spam. • Virus defense—IronPort Virus Outbreak Filters are paired with fully integrated traditional anti-virus technology. • Secure messaging—Policy enforcement and content-filtering technology fulfills compliance and regulatory requirements.

5–15

5–17

5–18

5–20

5–22

5-2

Security Products at a Glance

Chapter 5
IronPort Web Security Appliances IronPort Web security appliances provide a multi-layer approach to stopping web-based threats: • Fast Web proxy—Allows for deep content analysis, which is critical to accurately detect devious and rapidly mutating Web-based malware • Acceptable Use Policies (AUP)—URL filtering from IronPort enables the enforcement of corporate Internet usage policies. • Integrated Layer 4 (L4) Traffic Monitor—Scans all ports at wire speed, detecting and blocking spyware “phone-home” activity. • Malware Filtering—The first solution on the market that offers multiple anti-malware scanning engines on a single, integrated appliance APPLICATION SECURITY Cisco ACE Web Cisco ACE WAF protects Web applications and helps organizations comply with regulatory Application Firewall requirements with the following benefits: • Secure: Built upon a proven understanding of XML, Cisco ACE WAF secures and protects Web applications from common attacks such as identity theft, data theft, application disruption, fraud, and targeted attacks. • Scalable: Gigabit throughput, unparalleled support for concurrent transactions, and the ability to scale to the largest of data centers enables uninterrupted collaboration in highpaced environments with fewer appliances to store and manage. • Simple: Enterprise-ready management, including pre-defined compliance and security profiles, allows for simple deployment and management, even with no prior application experience. • Compliant: Out-of-the-box PCI customizable policies allows you to protect your back-end databases and demonstrate compliance through securing, auditing, and reporting on Web application activity. SYSTEM MANAGEMENT AND CONTROL Cisco Security Cisco Security Manager provides centralized management of security solutions for faster Manager deployments -- and with increased accuracy. The application is cost-effective for small networks, and offers scalability for large enterprises. It offers the following benefits: • Cisco Security Manager centrally manages firewall, VPN, and intrusion prevention systems (IPSs) (configuration, changes, and updates). • It bridges the “gap” between network operations and security operations through workflow collaboration and standardized policy definitions to appliances, routers, and switches. • It integrates cross-functions with Cisco Security MARS for real-time event, log, and policy changes. • It maintains and documents a consistent security policy, and provides for policy provisioning. • The application provides exportable reports of who configured what, when, where, and why. • Cisco Security Manager works in conjunction with Cisco ACS as well as identifying any outof-band configuration changes. • The application applies firewall rules and IPS signatures to mitigate threats. • Cisco Security Manager generates automated hourly IPS signature updates. Cisco Security The Cisco Security Monitoring, Analysis and Response System (MARS) is a centralized Monitoring, Analysis monitoring, event-correlation, attack-mitigation, and compliance reporting system. It offers and Response the following benefits: System (MARS) • It provides topology awareness and monitoring. • It provides automated alerting and mitigation. • The flexible device support framework of Cisco Security MARS provides for simplified monitoring of both Cisco and third-party platforms. • NetFlow analysis detects zero-day worms and viruses. • It analyzes up to 1000 events per second on a single box as well as offering a highly scalable, distributed architecture. • It makes sense of data by reducing millions of security events down to a handful of incidents. • It generates hundreds of packaged reports, all user-configurable, including support for Payment Card Industry (PCI), Health Information and Patient Privacy Act (HIPPA), Control Objectives for Information and related Technology (COBIT), and others. • The application collaborates CSM for policy control and tuning. Cisco Secure Access • Cisco Secure Access Control Server (ACS) is the integration and control platform for Control Server (ACS) managing access policy for network resources. 4.2 for Windows • It is part of the Proactive Automation of Change Control (PACE) solution. • The solution extends access security by combining authentication, user or administrator access, and policy control from a centralized identity networking solution, thereby allowing for greater flexibility and mobility, increased security, and user productivity gains. • The new 4.2 version includes improved DBMS synchronization, Lightweight Directory Access Protocol (LDAP) options, better logging, more Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) options, and more. 5–25

5–27

5–28

5–30

5–32

Security Products at a Glance

5-3

security.shtml. Solution Engine (ACS • This 1-rack unit (1RU) appliance serves as a high-performance access control server SE) supporting centralized RADIUS and TACACS+. IT. Cisco IOS Security Cisco IOS Software routers ship with the industry's most comprehensive security services. 5–35 Compliance Manager • It tracks and regulates configuration and software changes throughout a multivendor 1. and the CLI offers multilevel administrative access control. security5–33 Control Server 4. mobile users. “Services”. and troubleshooting functions 5–33 Control Server View for Cisco Secure ACS deployments. and wireless in the platform portfolio for fast. operational maturity. and agility through consultative planning. Maintain. integrated solution for connecting remote offices. For more information about Cisco Advanced Services. Cisco IOS Software routers include security services that address customer concerns regarding threat control. alerting. voice.cisco.com/go/ts.0 • It collects and correlates data from multiple Cisco Secure ACS servers and logs. Services to Protect. creating network architectures that optimize IT services and enhance your business. Cisco and our partners accelerate business transformation. integrated network solutions. CiscoWorks Network • This solution is part of the Cisco PACE solution. switches. • As with Cisco Secure ACS 4. For more information about Cisco Technical Services. VPN services. or retail branch office. use the Service Finder tool at http://www. Cisco Network Access Control (NAC). and 3800 Series Integrated Services Routers are ideal for small businesses and enterprise branch offices. Offerings range from traditional maintenance to proactive and predictive services. Express) • The web-based GUI is easy to manage.3 network infrastructure (including Cisco routers. and partner extranets or service provider-managed customer premises equipment (CPE). load balancers. corporate governance. Cisco Secure Access • This solution provides the highest level of reporting. delivering a rich. In addition. intrusion prevention system (IPS). and technology best practices. and content filtering. For more information about all services. • The solution delivers maximum visibility into configured policies and authentication and authorization activities across the network.com/en/US/ordering/index. scalable delivery of mission-critical business applications.cisco-servicefinder. Cisco Secure ACS Express also supports both network access and device administration (RADIUS and TACACS+). Enter a product description or SKU or search by product series family. • Cisco Secure ACS View is the ideal solution for organizations requiring the greatest levels of reporting and control. Express 5. visit http://www.cisco. corporate regional office. and full deployment. see Chapter 10. the Cisco IOS Security routers give customers flexibility to choose a solution that meets their bandwidth. go to http:// www. secure connectivity. With the convergence of features such as advanced firewall.2 hardened server dedicated to running Cisco Secure ACS services. firewalls. This chapter provides only a small subset of all parts available via the URL listed under “For More Information. 4. and multiservice requirements while benefiting from advanced security.Cisco Secure Access • Cisco Secure Access Control Server (ACS) Solution Engine is a ready-to-use. The Cisco 800 Series Routers and Cisco 1800. To find the right technical service for any Cisco product. and wireless access points). and security management. • It includes features of the Cisco Secure Access Control Server. 5-4 Cisco IOS Security . 2800.0 (ACS • It supports up to 50 devices and 350 users. • The solution offers broad authentication protocol support and integral support for internal and external authentication databases. LAN and WAN density.2. Product Ordering Website To place an order.” Some parts have restricted access or are not available through distribution channels. The Cisco 7200 and 7300 Series Routers and the Cisco ASR 1000 Series Aggregated Services Routers are ideal for WAN aggregation security services in campus environments and large branch offices. and Optimize Cisco Products Cisco and our global community of partners offer a portfolio of technical services that help you maintain the health and performance of every Cisco product.com/go/techservices. Cisco Secure Access • This solution includes comprehensive access-control-server functions and is relatively 5-49 Control Server economic and easy-to-operate. solution development. • Aggregate views of system activity as well as detailed information at the transaction level are provided for both network access and device administration.com. • This solution is ideal for the medium or small enterprise. • It provides unparalleled visibility into network changes and can track compliance with a broad variety of regulatory. visit: http://www. intelligently embedding data.cisco.

7200. 3700. integrated solution for connecting remote offices. Specifications Supported Network Interfaces Supported Platforms All network interfaces on supported platforms Cisco 1720. which provides secure. • Cisco IOS Security supports Cisco Router and Security Device Manager (SDM) for granular single-device configuration and monitoring capabilities. Cisco 2800—up to 1500. 1600. the Cisco 7301. Analysis and Response System (MARS). • Cisco Network Admission Control (NAC) support extends the ability of the network to enforce organizational security policies on devices seeking network access by delivering NAC services on an integrated services module. secure connectivity and encryption services for multiple use cases around site-to-site VPN and unified remote-access security. mobile users. and Secure Sockets Layer (SSL) VPN. as well as entry voice (Voice Security [VSEC]) and Voice and Video Enabled VPN (V3PN) bundles for combined security and unified communications. Cisco 1800—up to 800. Cisco Group Encrypted Transport (GET) VPN. and 2500 series router platforms include all firewall features with the exception of authentication proxy Cisco 800—up to 20. 2800. • Cisco IOS Security includes Cisco IOS Inline Intrusion Prevention for real-time monitoring. Cisco 3825—855 Mbps. and response to network misuse for supporting thousands of attack signatures. advanced firewall inspection for SIP protocols offers dynamic protection for secure unified communications and remote teleworkers. 3800. • Graphical policy management and monitoring for large-scale deployments is achieved with Cisco Security Manager and Cisco Security Monitoring. Cisco 1800—125 Mbps. per-user authentication and authorization for LAN. remote access. 1800. UBR900. 7200/7301 bundles—up to 5000 Cisco 800—10 Mbps. service capabilities. These services include IP Security (IPSec) VPN. Cisco 3845—1 Gbps. Cisco 3745-VPN—197 Mbps. application-based packet inspection to support the latest protocols and advanced applications. and 7301 series router platforms (supports full feature set) Cisco 800. Cisco 3725-VPN. and 3800 Series Integrated Services Routers. and partner extranets or service providermanaged customer premises equipment (CPE). 2800. reliability. WAN. The ordering process is simplified by providing the following important features: • The Cisco 800 Routers are ideal for small businesses and enterprise branch offices. enhanced security bundles for added performance and scale. IPS. Cisco 7200/7301 Bundles—1 Gbps Max IPsec Tunnel Cisco IOS Firewall Performance1 1. UDP traffic only Selected Part Numbers and Ordering Information The Cisco IOS Security router bundles are based on the Cisco 800 Series Routers. They include the entry security bundles. and the Cisco ASR 1000 Series Aggregation Services Routers • Integrated. The Cisco ASR 1000 Series Aggregated Services Routers offer service providers and enterprises industry-leading performance. Cisco 2691-VPN—197 Mbps. Cisco 2600XM—35 Mbps. Easy VPN. stateful. • Cisco IOS Security offers comprehensive. Cisco 2800—530 Mbps. interception. delivering a rich. and VPN clients.Chapter 5 Ideal for Companies that Need These Features • An integrated security solution that includes firewall. and Cisco IOS Security 5-5 . Cisco 1800. and content filtering technologies • Low total cost of ownership by taking advantage of the existing infrastructure for modular and flexible deployment options • An integrated ICSA-certified stateful firewall solution with powerful security and multiprotocol routing all on the same routing platform • Scalability options from the Cisco 800 Series up to the Cisco 7200 Series. • Voice security is included. • The application supports Cisco IOS Software-based content security through reputation and category-based filtering. Cisco 1700—20 Mbps. Dynamic Multipoint VPN (DMVPN). Cisco 3800—up to 2500. VPN. Health Insurance Portability and Accountability Act (HIPAA). and Cisco 7200 and 7300 Series Router platforms. 2600/2600XM. secure network solutions including secure unified communications and secure mobility • Secure extranet and intranet perimeters and Internet connectivity for branch and remote offices • Ability to meet compliance regulations such Payment Card Industry (PCI). or Sarbanes-Oxley Act of 2002 (SOX) that require firewall or data-encryption services Key Features • Cisco IOS Security offers an advanced firewall that includes context-based access control (CBAC). • Cisco IOS Security offers dynamic.

Cisco 800 and 1800 Series Integrated Services Routers offer embedded VPN acceleration. cannot copy sensitive information to removable media while off the corporate network) • Provides behavioral-based protection from known and unknown threats. For More Information For more information about the Cisco IOS Security feature set. copying sensitive information and pasting to IM. high-performance services. • All security bundles come preinstalled with Cisco Router and Security Device Manager (SDM) for fast and easy deployment based on Cisco Technical Assistance Center (TAC) and ICSA Labs recommended router security configurations. including—Preventing Clipboard abuse (for example. entry voice bundles (VSEC). • Integrates antivirus protection with automatic. visit: http://www. including multigigabit encryption. no-cost updates.com/go/routersecurity. servers. • Offers network collaboration that strengthens the security posture of the organization. Cisco 7200 and 7301 bundles include the selected router platform. This exceptional blend of capabilities defends servers and desktops against sophisticated zero-day attacks and enforces acceptable-use and compliance policies within a simplified management infrastructure. • Is the critical endpoint component of the Cisco Self-Defending Network architecture. Preventing sensitive information from being copied.cisco.). not allowing uploads of sensitive files via Outlook). Ideal for Companies that Need These Features • Real-time protection from persistent & evolving threats • Easier. enhanced security bundles. delivering integrated.e. or written to USB devices. For details about the Cisco router security bundles. and reporting. • A Cisco router with all the necessary security components is orderable with a single part number at a reduced price compared to ordering each component separately.cisco.com/go/securitybundles. data-loss prevention. faster deployment and enhanced visibility • Device malware scanning and deletion • Automatic. CDs. and POS devices. and signature-based antivirus into a single. Allowing only authorized applications to access the sensitive information (for example. accessing the network (TCP/UDP). broadband. Imposing restrictions for wireless and remote users (i. no-cost audio-visual signature updates • Identification & control of sensitive information to • Lower total cost of ownership prevent data loss • Regulatory-compliance monitoring and enforcement Key Features • Provides industry-leading protection for laptops. 5-6 Cisco Security Agent . visit: http://www. and V3PN bundles offer varying capabilities and price points to meet a variety of needs. (NBAR). • Prevents against data loss at the endpoint. 10 Gbps firewall.efficiencies in a compact form factor. and the Cisco IOS Software to run IP Security (IPSec) Triple Digital Encryption Standard (3DES) or Advanced Encryption Standard (AES) encryption. Cisco Security Agent Businesses are under intense pressure to protect their IT assets from attacks that are increasing in frequency and sophistication while at the same time addressing stringent compliance requirements and minimizing expenses and complexity.0 is the first endpoint security solution that integrates behavioral-based intrusion protection. and session border control (all software enabled—no service blades required). desktops. blogs. • Cisco 2800 and 3800 Series Routers now have advanced security network modules available for hardwarebased intrusion detection systems (IDSs). manageable agent. additional memory. and other removable media. • Entry security bundles. a VPN hardware card. written to network drives. visibility. etc. • Offers comprehensive management. Cisco Security Agent 6.

The Cisco NAC Profiler facilitates the deployment and management of Cisco NAC by discovering.cisco. the NAC appliance comes preinstalled with rule sets for operating system updates. which performs device compliance checks as users attempt to access the network. Customers also need at least one Cisco NAC Manager to define access policies and to manage the server(s). including nonauthenticating devices such as IP phones and printers. Customers will need at least one Cisco NAC Server. which can support up to 20 NAC servers. It complements wireless deployments. Cisco NAC Appliance The Cisco NAC Appliance is an easily deployed networkadmission-control (NAC) solution that allows network administrators to authenticate. such as Cisco Security Agent and Cisco Security Monitoring. or as a manager “lite. remote-access deployments. The Cisco NAC Guest Server is another optional device that provides secure guest access service.0 ES and AS Cisco Security Desktop Agent • Windows Vista • Windows Embedded Point of Service (WEPOS) • Windows XP Professional • Windows XP Tablet Edition • Windows 2000 Professional • Red Hat Enterprise Linux 4. evaluate. The Cisco NAC Appliance is the market’s most widely deployed NAC solution. and remote users and their machines prior to permitting access to the network. 500-. tracking. and monitoring the location. and other security products. simplifying the task of determining which policies to enforce and how to enforce them. concurrent users. Analysis and Response System (MARS). and remediate wired.000 DLP Desktop Agent Upgrade] For More Information For more information about Cisco Security Agent.0 WS • Red Hat Enterprise Linux 3. The Cisco NAC Profiler is an optional device that provides device profiling service. The number of users is defined as online.000 Desktop Agent Bundle] Cisco Security Agent [25 DLP Desktop Agent Upgrade] Cisco Security Agent [100 DLP Desktop Agent Upgrade] Cisco Security Agent [250 DLP Desktop Agent Upgrade] Cisco Security Agent [1. 250-. It identifies whether machines are compliant with security policies and repairs vulnerabilities before network access is allowed. and behavior of all LAN-attached endpoints. The Cisco NAC Appliance is ideal for midsize and large enterprises that are looking for a client policy enforcement solution. and antispyware software from all major vendors.” which can support up to 3 NAC servers. and 1500-user license-based Cisco NAC Server seats. It keeps a real-time. The appliance is available either as a “standard” manager.0 WS Cisco Security Agent Management Console Microsoft Windows 2003 R2 Server and Advanced Server Selected Part Numbers and Ordering Information CSA-SRVR-K9= CSA-B10-SRVR-K9 CSA-B25-SRVR-K9 CSA-B100-SRVR-K9 CSA-B25-DTOP-K9 CSA-B100-DTOP-K9 CSA-B250-DTOP-K9 CSA-B1000-DTOP-K9 CSA-DLPD-25-K9 CSA-DLPD-100-K9 CSA-DLPD-250-K9 CSA-DLPD-1000-K9 Cisco Security Agent [1 Server Agent Bundle] Cisco Security Agent [10 Server Agent Bundle] Cisco Security Agent [25 Server Agent Bundle] Cisco Security Agent [100 Server Agent Bundle] Cisco Security Agent [25 Desktop Agent Bundle] Cisco Security Agent [100 Desktop Agent Bundle] Cisco Security Agent [250 Desktop Agent Bundle] Cisco Security Agent [1. To enhance its ease of use.com/go/csa. It can be deployed as a virtual gateway or as a real IP gateway.Chapter 5 Specifications Feature Platforms Cisco Security Server Agent • Windows 2003 Server • Windows 2000 Server and Advanced Server • Solaris 9 SPARC architecture (64-bit kernel) • Solaris 8 SPARC architecture (64-bit kernel) • Red Hat Enterprise Linux 4. contextual inventory of all devices in a network. It also uses the information about the device to apply appropriate Cisco NAC policies. visit: http://www. wireless. The Cisco NAC Agent is an optional client software component for more stringent vulnerability assessment. antivirus software updates. The appliance is available with 100-. types. authorize.0 ES and AS • Red Hat Enterprise Linux 3. Cisco NAC Appliance 5-7 .

Active Directory. • Remediation and repair—The Cisco NAC Appliance gives devices access to remediation servers during quarantine that can provide operating system patches and updates. and 500 users Cisco NAC Lite Manager Dual-core Intel Xeon 2. and S/Ident. 250. It eases the management cost on network administrators. One management console can manage several servers. and managed and unmanaged assets. and monitors the location. and reporting of guest users on wired and wireless networks. notification.and out-of-band deployments are possible. or endpoint security solutions such as Cisco Security Agent. and non-PC networked devices such as Xbox. Guest Access. 2500. Microsoft Windows. • Single Sign On (SSO)—The appliance supports SSO with VPN clients. it can also conduct scans of Windows registries without client software. Linux machines. RADIUS. eDirectory. Administrators have the option of automatically installing these fixes using the Cisco NAC Appliance enforcement agent.. up to 3500 users Support for up to 20 NAC servers Simplified provisioning. tracks. and behavior of all LAN-attached endpoints. Specifications Cisco NAC Servers and NAC Managers Feature Product Cisco NAC Appliance 3310 Cisco NAC Appliance 3350 Cisco NAC Server for 100. management. or by using a quarantine VLAN. and reporting of guest users on wired and wireless networks Key Features • Authentication integration—The Cisco NAC Appliance supports roles-based access control by acting as an authentication proxy for most forms of authentication. • Solution for major customer pain points—This appliance supports identity-based access control. remote-access (VPN). including policies that check for critical operating system updates and common antivirus software virus definition updates. notification. • Device quarantine—The Cisco NAC Appliance laces noncompliant machines into quarantine. In a managed domain. and reporting of guest users on wired and wireless networks. preventing the spread of infection while maintaining access to remediation resources. types. natively integrating with Kerberos. management.33-GHz 1 GB PC2-4200 (2 x 512 MB) 1333-MHz FSB Embedded SATA RAID Controller 80-GB NPH SATA drive CD/DVD-ROM drive Cisco NAC Server for 1500. Lightweight Directory Access Protocol (LDAP). virus-definition files. and 3500 users Cisco NAC Standard Manager Dual-core Intel Xeon 3. and main campus (LAN) environments.The Cisco NAC Guest Server vastly simplifies the provisioning. It allows administrators to maintain multiple user profiles with varying degrees of access.0-GHz 4 GB PC2-5300 (4 x 1 GB) 1333-MHz FSB Smart Array E200i Controller 2 x 72-GB SFF SAS RAID drives 4 x 72-GB SFF SAS RAID drives CD/DVD-ROM drive CD/DVD-ROM drive 5-8 Cisco NAC Appliance . PlayStation 2. Ideal for Companies that Need These Features • • • • A client policy enforcement solution License-based server seats for 100. it quarantines these machines by using subnets as small as /30. • Flexibility—The appliance is ideal for flexible deployment scenarios. and wireless deployments.. • Centralized management—The web-based management console allows administrators to define the types of scans required for each role as well as the related remediation packages necessary for recovery. • Guest access service—The appliance simplifies the provisioning. management.0-GHz 2 GB PC2-5300 (2 x 1 GB) 1333-MHz FSB Smart Array E200i Controller Cisco NAC Appliance 3390 Cisco NAC Super Manager Processor Memory Memory bus clock Controller Hard disk Removable media Network Connectivity 2 x dual-core Intel Xeon 3. • Automatic security policy updates—The Cisco NAC Appliance provides predefined policies for the most common network access criteria. Mac OS. notification. 500. It conducts network-based scans or can use custom-built scans as required. • Autoremediation for Windows • Device profiling service—The appliance discovers. • Vulnerability assessment—The Cisco NAC Appliance supports scanning of all Windows-based operating systems. branch offices (WAN). 250. and personal digital assistants. Both in. who can rely on the Cisco NAC Appliance (Clean Access) system to constantly maintain updated policies. it supports wireless.

one internal.70 x 16.62 x 70. redundant 2910 BTUs/hr (at 120 VAC). (4.49 cm) Dual 700W (redundant) 9.32 x 42.0 ports 4 (one front. (100m) Cat 5 UTP up to 328 ft. two rear) Keyboard ports 1 Video ports 1 Mouse ports 1 External SCSI ports None System Unit Form factor Rack-mount 1 RU Weight 35 lb (15. non-hot plug.75 in. two rear) 1 1 1 None Rack-mount 1 RU 35 lb (15. 4.32 x 42. or 5 UTP up to 328 ft.32 x 42. PFC 6. or 5 unshielded twisted pair (UTP) up to 328 ft. one internal. (4.33-GHz 1 GB PC2-4200 (2 x 512 MB) 1333-MHz FSB Embedded SATA RAID controller 80-GB NPH SATA drive Cisco NAC Appliance 5-9 .87 kg) fully configured Dimensions 1. 2870 (at 240 VAC) Specifications Dual-core Intel Xeon 3. (4.49 cm) Dual 700W (redundant) 9. (4. redundant 2910 BTUs/hr (at 120 VAC).78 x 27. or 5 UTP up to 328 ft (100m) support 10/100/1000BASE-TX Cat 5 UTP up to 328 ft (100m) cable support Interfaces Serial ports 1 USB 2.49 cm) 650W auto-switching.70 x 16. (100m) Cat 5 UTP up to 328 ft.78 x 27.70 x 16.75 in.0-GHz 2 GB PC2-5300 (2 x 1 GB) 1333-MHz FSB Smart Array E200i Controller 2 x 72-GB SFF SAS RAID drives CD/DVD-ROM drive 1 4 (one front.75 in.0 ports Keyboard port Video port Mouse port External SCSI port System Unit Form factor Weight Dimensions Power supply Cooling fans BTU rating Cisco NAC Profiler Feature Components Processor Memory Memory bus clock Controller Hard disk 1 4 (two front.62 x 70.78 x 27. 2870 (at 240 VAC) Cisco NAC Guest Server Components Processor Memory Memory bus clock Controller Hard disk Dual-core Intel Xeon 2. (100m) Cat 5 UTP up to 328 ft. 2870 (at 240 VAC) 1 4 (one front. two rear) 1 1 1 None Rack-mount 1 RU 35 lb (15. 2870 (at 240 VAC) Removable media Network Connectivity Ethernet network • 2 x Integrated Broadcom 10/100/1000 5708 NICs interface cards (NICs) • 2 x Intel e1000 Gigabit NICs (PCI-X) 10BASE-T cable Cat 3. 4. nonredundant 2910 BTUs/hr (at 120 VAC). 4. redundant BTU rating 2910 BTUs per hour (at 120 VAC).32 x 42. (100m) Cavium CN1120-NHB-E 2 x Integrated Broadcom 10/100/ 1000 5721 NICs 2 x Intel e1000 Gigabit NICs (PCI-X) Cat 3. or 5 UTP up to 328 ft.75 in.87 kg) fully configured 1.62 x 70.87 kg) fully configured 1.87 kg) fully configured 1. one internal.78 x 27. two rear) 1 1 1 None Rack-mount 1 RU 35 lb (15. (100m) Cavium CN1120-NHB-E 10BASE-T cable support 10/100/1000BASETX cable support Secure Sockets Layer (SSL) accelerator card Interfaces Serial ports USB 2. (100m) None 2 x Integrated Broadcom 10/100/ 1000 5721 NICs 2 x Intel e1000 Gigabit NICs (PCIX) Cat 3. 4.70 x 16.49 cm) Power supply Dual 700W (redundant) Cooling fans 9.62 x 70.Chapter 5 Ethernet network interface cards (NICs) 2 x Integrated Broadcom 10/ 100/1000 5708 NICs 2 x Intel e1000 Gigabit NICs (PCI-X) Category (Cat) 3.

visit: http://www.78 x 27.70 x 16. two rear) 1 1 1 None Rack-mount 1 RU 35 lb (15. (4.Removable media Network Connectivity Ethernet network interface cards (NICs) 10BASE-T cable support 10/100/1000BASE-TX cable support Interfaces Serial ports USB 2. non-hot plug. nonredundant 2910 BTUs per hour (at 120 VAC). or 5 UTP up to 328 ft (100m) Cat5 UTP up to 328 ft (100m) 1 4 (two front.0 ports Keyboard ports Video ports Mouse ports External SCSI ports System Unit Form factor Weight Dimensions Power supply Cooling fans BTU rating CD/DVD-ROM drive • 2 x integrated Broadcom 10/100/1000 5708 NICs • 2 x Intel e1000 Gigabit NICs (PCI-X) Cat3.32 x 42. 5-10 Cisco NAC Appliance .cisco.49 cm) 650W auto switching. 2870 (at 240 VAC) Selected Part Numbers and Ordering Information Cisco NAC Server NAC3310-100-K9 NAC3310-100FB-K9 NAC3310-100FBUL NAC3310-100UL NAC3310-250-K9 NAC3310-250FB-K9 NAC3310-250FBUL NAC3310-250UL NAC3310-500-K9 NAC3310-500FB-K9 NAC3350-1500-K9 NAC3350-1500FB-K9 NAC3350-1500FBUL NAC3350-15000UL NAC3350-2500-K9 NAC3350-2500FB-K9 NAC3350-2500FBUL NAC3350-25000UL NAC3350-3500-K9 NAC3350-3500FB-K9 Cisco NAC Manager NACMGR-3-K9 NACMGR-3FB-K9 NACMGR-20-K9 NACMGR-20FB-K9 NACMGR-40-K9 NACMGR-40FB-K9 Cisco NAC Profiler NAC3350-PROF-K9 NAC3350-PROF-FB-K9 NAC3350-CLT-K9= Cisco NAC Guest Server NAC3310-GUEST-K9 NAC Appliance 3310 Server—Max 100 users NAC Appliance 3310 Server Failover Bundle—Max 100 users NAC Appliance 3310 FB License Upgrade—100 to 250 users NAC Appliance 3310 License Upgrade—100 to 250 users NAC Appliance 3310 Server—Max 250 users NAC Appliance 3310 Server Failover Bundle—Max 250 users NAC Appliance 3310 FB License Upgrade—250 to 500 users NAC Appliance 3310 License Upgrade—250 to 500 users NAC Appliance 3310 Server—Max 500 users NAC Appliance 3310 Server Failover Bundle—Max 250 users NAC Appliance 3350 Server—Max 1500 users NAC Appliance 3350 Server Failover Bundle—Max 1500 users NAC Appliance 3350 FB License Upgrade—1500 to 2500 users NAC Appliance 3350 License Upgrade—1500 to 2500 users NAC Appliance 3350 Server—Max 2500 users NAC Appliance 3350 Server Failover Bundle—Max 2500 users NAC Appliance 3350 FB License Upgrade—2500 to 3500 users NAC Appliance 3350 License Upgrade—2500 to 3500 users NAC Appliance 3350 Server—Max 3500 users NAC Appliance 3350 Server Failover Bundle—Max 3500 users NAC Appliance 3310 Manager—Max 3 servers NAC Appliance 3310 Manager Failover Bundle—Max 3 servers NAC Appliance 3350 Manager—Max 20 servers NAC Appliance 3350 Manager Failover Bundle—Max 20 servers NAC Appliance 3390 Manager—Max 40 servers NAC Appliance 3390 Manager Failover Bundle—Max 40 servers NAC 3350 Profiler—Max up to 40K devices NAC 3350 Profiler Failover Bundle—Max up to 40K devices NAC3350 Collector—Up to NAC Srv user count Cisco NAC Guest Server For More Information For more information about the Cisco NAC Appliance. PFC 6.62 x 70.75 in.87 kg) fully configured 1. 4.com/go/NAC.

• Extensible services architecture—Taking advantage of a modular services processing and policy framework offered by the Cisco ASA 5500 Series Adaptive Security Appliances. extensible services architecture. controls network activity and application traffic. multivector threat prevention: This appliance achieves maximum attack identification through multiple analysis techniques and technologies. content security. Mac OSX. The efficiencies of this policy framework. intrusion prevention system (IPS). and intelligent network integration. Designed as a core component of the Cisco Self-Defending Network. small and medium-sized business. delivering highly granular policy controls and a wide range of protective services with streamlined traffic processing. and outbreak prevention. virtualization. and remote user-site connectivity. and data center networks while reducing the overall deployment and operations costs and complexities associated with providing this new level of security. Easy deployment and management • Cisco ASA 5500 Series SSL/IPsec VPN Edition—SSL and IPsec VPN for any deployment environment: Clientless and full network VPN access delivers superior customizability for diverse requirements. Key Features • Market-proven security and VPN capabilities—Full-featured. URL and content filtering. reliable deployment options: This appliance provides a wide range of services such as transparent firewall. Advanced configuration and monitoring tools simplify and scale the deployment and maintenance operations. incident response. Threatprotected VPN. and security. branch-office. Cost-effective VPN: Integrated load balancing. monitoring. Optimized VPN remote access: Application and network connection optimization for topperformance client and clientless VPN remote access helps ensure transparent use of the network applications and resources. antiphishing. and antispam. Comprehensive management solutions to lower operational costs: Flexible centralized management solutions provide fullfeatured provisioning and monitoring services. and an exclusive iPhone full VPN tunnel capability. advance the evolution of existing services and the deployment of new services without requiring a platform replacement or performance compromise. Cisco ASA 5500 Series Adaptive Security Appliances 5-11 . Flexible. the Cisco ASA 5500 Series provides the foundation for highly customizable security policies and exceptional services extensibility to help protect against the fast-evolving threat environment.and 64-bit). as well as high scalability reduces the number of devices required to scale and secure the VPN.and application-based access control. Broad endpoint and platform support: Cisco ASA 5500 Series SSL and IPsec VPN edition includes Windows 2000. and SSL/IPsec VPN technologies deliver robust application security. Accurate. helping to decrease the costs of deployment and ongoing operations. user. • Cisco ASA 5500 Content Security Edition—Trusted firewall technology. enterprise. malware protection. businesses can apply specific security and network services on a per-traffic flow basis. as well as software and hardware extensibility through user-installable security services modules (SSMs) and security services cards (SSCs). Linux.Chapter 5 Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500 Series Adaptive Security Appliances are purpose-built solutions that combine best-in-class security and VPN services with an innovative. The result is a powerful multifunction network security appliance family that provides the security breadth and depth for protecting home-office. Windows XP/Vista (32. worm and virus mitigation. Complete incident lifecycle management: This complete solution covers management. Windows Mobile Pocket PC. Ideal for Companies that Need These Features • Cisco ASA 5500 Series Firewall Edition—Ability to deploy new applications securely while protecting valuable assets from unauthorized access. and delivers flexible VPN connectivity. With these capabilities. high-performance firewall. • Reduced deployment and operations costs—The multifunction Cisco ASA 5500 Series allows for platform configuration and management standardization. network intelligence. the Cisco ASA 5500 Series provides proactive threat defense that stops attacks before they spread through the network. including antivirus and antispyware. • Cisco ASA 5500 Series IPS Edition—Control access to critical assets: Firewall access control and application policy enforcement provide authenticated access to critical resources. Market-leading content security capabilities. content filtering. Threatprotected VPN: Integrated endpoint and network security technologies help ensure that the VPN is not a conduit for damaging security threats.

Enterprise Teleworker 150 Mbps Cisco 5580-20 Cisco 5580-40 Data Center. 4-SFP. 4-GE SR LC.000 10 Gbps (realworld HTTP). 10 Gbps (jumbo frames) 1. 4 SFP (with 4GE SSM) 1 GB 64 MB 4-10/100/ 1000.000 9000 190.000 1 Gbps 10.000 2 256 MB 64 MB 8 port 10/100 switch with 2 Power over Ethernet ports 256 MB 64 MB 5-10/100 / 2-10/100/ 1000.000 225 Mbps 750 400.000. 4-GE SSM SSM SSM SR LC.000 36.000.000 90.2 Gbps 5 Gbps (realworld HTTP). 1-10/ 100 8 GB 1 GB 2-10/100/ 1000 Management +4-10/100/ 1000 (with ASA55804GE-CU) + 4 GE SR LC (with ASA55804GE-FI) +2 10GE SR LC (with ASA55802X10GE-SR) 100 (2503) 12 GB 1 GB 2-10/100/1000 Management +4-10/100/ 1000 (with ASA55804GE-CU) + 4 GE SR LC (with ASA55804GE-FI) +2 10GE SR LC (with ASA55802X10GE-SR) 100 (2505) 3 (trunking disabled) / 20 (trunking enabled) Expansion Capabilities SSC/SSM/IC Expansion SSC/SSM/ICs supported 1-SSC Future.000 Maximum firewall connections Maximum firewall connections/second Packets per second (64 byte) Maximum 3DES/AES VPN throughput Maximum site-to-site and remote access VPN sessions Maximum SSL VPN user sessions1 Bundled SSL VPN user session1 Technical Summary Memory Minimum system flash Integrated ports2 10000 / 25.000 500. 20 Gbps (jumbo frames) 2. 4GE AIP SSM.000 600. 1-10/100 +4-10/100/ 1000. Campus Campus Performance Summary Maximum firewall and IPS throughput (Mbps) 300 Mbps 450 Mbps 650 Mbps 1. CSC SSM.Specifications Cisco 5505 Cisco 5510 Cisco 5520 Cisco 5540 Cisco 5550 Network location Small Business. 1-10/100 +4-10/100/ 1000. 4 SFP (with 4GE SSM) 512 MB 64 MB 4-10/100/ 1000.000 100 Mbps 10 / 25 25 2 50. Data Center.000 4.000 / 130.000 320.000 170 Mbps 250 280.000.000 2 10.000 325 Mbps 5000 650.000 2. 2-10GE SR LC Not Available Not available CSC SSM. Branch Office. CSC SSM.000 150.000 425 Mbps 5000 250 2 750 2 2500 2 5000 2 10.000 4000 85. 4 SFP (with 4GE SSM) 4 GB 64 MB 8-10/100/ 1000. 210GE SR LC Intrusion Prevention Not available Yes (with AIP Yes (with AIP Yes (with AIP Not Available Not Available SSM) SSM) SSM) Concurrent threat Not available 150 (with AIP 225 (with AIP 500 (with AIP Not available Not available mitigation throughput SSM-10) SSM-10) SSM-20) (Mbps) (firewall + IPS 300 (with AIP 375 (with AIP 650 (with AIP services) SSM-20) SSM-20) SSM-40) 450 (with AIP SSM-40) 5-12 Cisco ASA 5500 Series Adaptive Security Appliances . Campus Internet Edge Internet Edge Internet Edge Internet Edge.500.000 25. SSC Maximum virtual interfaces (VLANs) 50 / 100 150 200 250 1-SSM 1-SSM 1-SSM Not Available 6-IC 6-IC 4-10/100/ 1000. 3-10/ 100 +4-10/100/ 1000. 4GE AIP SSM. 4GE 1000.000 12.000 1 Gbps 10. Not Available 4-10/100/ AIP SSM.

2 SSL VPN peers. 2 SSL VPN peers. DES license ASA5510-SEC-BUN-K9 Cisco ASA 5510 Security Plus Firewall Edition includes 2 Gigabit Ethernet + 3 Fast Ethernet interfaces. DES license Cisco ASA 5500 Series Adaptive Security Appliances 5-13 . Active/Standby high availability.0 8.0 8.1. SSL VPN (Web VPN) capability requires a license. 3DES/AES license ASA5505-UL-BUN-K9 Cisco ASA 5505 Unlimited-User Bundle includes 8-port Fast Ethernet switch. 3DES/AES license ASA5505-SEC-BUN-K9 Cisco ASA 5505 Unlimited-User Security Plus Bundle includes 8-port Fast Ethernet switch. Active/Active and Active/Standby high availability. SSM-10) anti-spyware. 250 IPsec VPN peers. A/A = Active/Active Selected Part Numbers and Ordering Information Cisco ASA 5500 Series Firewall Edition Bundles ASA5505-BUN-K9 Cisco ASA 5505 10-User Bundle includes 8-port Fast Ethernet switch. Systems include 2 SSL VPN users by default for evaluation and remote management purposes Beginning with Cisco ASA Software v7. 2 SSL VPN peers. antiCSC SSM) spyware. 25 IPsec VPN peers. stateless Active/Standby high availability. the ASA 5510 Security Plus license enables 2 10/100/1000 interfaces and 3 10/100 interfaces Supported in a future ASA software release Licensed features A/S = Active/Standby. 10 IPsec VPN peers.0 8. 3DES/AES license ASA5510-BUN-K9 Cisco ASA 5510 Firewall Edition includes 3 Fast Ethernet interfaces. 3. 2 SSL VPN peers. 10 IPsec VPN peers. 4. Triple Data Encryption Standard/Advanced Encryption Standard (3DES/AES) license ASA5505-K8 Cisco ASA 5505 10-User Bundle includes 8-port Fast Ethernet switch. 3DES/AES license ASA5520-K8 Cisco ASA 5520 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface. 3DES/AES license ASA5510-K8 Cisco ASA 5510 Firewall Edition includes 3 Fast Ethernet interfaces. 10 IPsec VPN peers. Anti-spam.1 8. DMZ. Plus License features anti-phishing. anti-phishing. URL filtering URL filtering 8.1 Yes Yes Yes Yes Yes Yes Yes Yes 0/0 Yes 0/0 / 2/5 Yes 2/20 Yes 2/50 Yes A/A and A/S Yes 2/50 Yes A/A and A/S Yes 2/50 Yes A/A and A/S Yes 2/50 Yes A/A and A/S Not available Not available Yes Not supported Stateless A/S Yes Not supported A/A and A/S Yes A/A and A/S Yes Yes Yes Yes Yes Yes Yes Yes Yes Not available Not available Yes / Yes Yes Yes Yes Yes Yes Yes Yes Beginning with Cisco ASA Software v7. Data Encryption Standard (DES) license ASA5505-50-BUN-K9 Cisco ASA 5505 50-User Bundle includes 8-port Fast Ethernet switch.0 8. 3DES/AES license ASA5520-BUN-K9 Cisco ASA 5520 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface. 750 IPsec VPN peers. 5. 750 IPsec VPN peers. Not available Not available Not available anti-phishing. 250 IPsec VPN peers. 2 SSL VPN peers. file blocking) Maximum number of Not available 500 (CSCusers for anti-virus. 2 SSL VPN peers. 2 SSL VPN peers. 2 SSL VPN peers. 2 SSL VPN peers. 10 IPsec VPN peers.0 Yes (with CSC SSM) Yes (with CSC SSM) Not available Not available Not available 500 (CSCSSM-10) 1000 (CSCSSM-20) 500 (CSCSSM-10) 1000 (CSCSSM-20) Not available Not available Not available Anti-spam. 250 IPsec VPN peers. URL filtering Features Cisco Adaptive Security Appliance Software Version (latest) Applicationlayer firewall services Layer 2 transparent firewalling Security contexts (included/maximum)4 GTP/GPRS inspection4 High availability support5 SSL and IPsec VPN services VPN clustering and load balancing Advanced endpoint assessment4 1.2. Active/Active and Active/Standby high availability.3.Chapter 5 Content Security Not available Yes (with (anti-virus. 2. 8. 2 SSL VPN peers. file 1000 (CSCblocking (CSC SSM SSM-20) only) Content Security Not available Anti-spam.

DES license ASA5580-20-BUN-K8 Cisco ASA 5580-20 Firewall Edition includes 2 management interfaces. 4 Gigabit Ethernet interfaces. firewall services. 5000 IPsec VPN peers. 250 SSL VPN peers. 750 IPsec VPN peers. 3DES/AES license ASA5550-K8 Cisco ASA 5550 Firewall Edition includes 8 Gigabit Ethernet interfaces + 1 Fast Ethernet interface. 750 IPsec VPN peers. 2 SSL VPN peers. 3DES/AES license ASA5580-40-8GE-K9 Cisco ASA 5580-40 Firewall Edition 8 Gigabit Ethernet Bundle includes 8 Gigabit Ethernet interfaces. 3DES/AES license ASA5540-K8 Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface. 2 SSL VPN peers. firewall services. 2 management interfaces. 2 SSL VPN peers. 2 SSL VPN peers. firewall services. 4 Gigabit SFP interfaces. 1 Fast Ethernet interface ASA5520-CSC20-K9 Cisco ASA 5520 Content Security Edition includes CSC-SSM-20. 1000 SSL VPN peers. 1 Fast Ethernet interface Cisco ASA 5500 Series SSL/IPsec VPN Edition Bundles ASA5505-SSL10-K9 Cisco ASA 5505 SSL/IPsec VPN Edition includes 10 IPsec VPN peers. 5 Fast Ethernet interfaces ASA5520-AIP10-K9 Cisco ASA 5520 IPS Edition includes AIP-SSM-10. 3 Fast Ethernet interfaces ASA5520-SSL500-K9 Cisco ASA 5520 SSL/IPsec VPN Edition includes 750 IPsec VPN peers. 5000 IPsec VPN peers. 2 SSL VPN peers. firewall services. 8-port Fast Ethernet switch ASA5510-SSL50-K9 Cisco ASA 5510 SSL/IPsec VPN Edition includes 250 IPsec VPN peers. firewall services. 2 SSL VPN peers. firewall services. 50 firewall users. 1 Fast Ethernet interface ASA5540-SSL2500-K9 Cisco ASA 5540 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers. DES license ASA5580-20-BUN-K9 Cisco ASA 5580-20 Firewall Edition includes 2 management interfaces. 500 SSL VPN peers. 2 SSL VPN peers. 2500 SSL VPN peers. Dual AC power. 2 SSL VPN peers. 2 SSL VPN peers. 5000 IPsec VPN peers. firewall services. 750 IPsec VPN peers. 1 Fast Ethernet interface ASA5540-SSL1000-K9 Cisco ASA 5540 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers. 1 Fast Ethernet interface ASA5550-SSL2500-K9 Cisco ASA 5550 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers. 1 Fast Ethernet interface ASA5540-AIP40-K9 Cisco ASA 5540 IPS Edition includes AIP-SSM-40. 2 management interfaces. 8-port Fast Ethernet switch ASA5505-SSL25-K9 Cisco ASA 5505 SSL/IPsec VPN Edition includes 25 IPsec VPN peers. 50-user antivirus/anti-spyware with 1year subscription. 2 SSL VPN peers. firewall services. Dual AC power. 2 SSL VPN peers. 4 Gigabit Ethernet interfaces. Dual AC power. 4 Gigabit Ethernet interfaces. 2 SSL VPN peers. 5000 IPsec VPN peers. 1 Fast Ethernet interface ASA5540-AIP20-K9 Cisco ASA 5540 IPS Edition includes AIP-SSM-20. firewall services. 2 SSL VPN peers. 8 Gigabit Ethernet interfaces. 2 SSL VPN peers. 25 SSL VPN peers. 250 IPsec VPN peers. 5000 IPsec VPN peers. 2500 SSL VPN peers. Dual AC power. 3 Fast Ethernet interfaces ASA5510-SSL250-K9 Cisco ASA 5510 SSL/IPsec VPN Edition includes 250 IPsec VPN peers. 3DES/AES license ASA5580-40-10GE-K9 Cisco ASA 5580-40 Firewall Edition 4 10Gigabit Ethernet Bundle includes 4 10Gigabit Ethernet interfaces. 4 Gigabit Ethernet interfaces. 2 SSL VPN peers. 250 IPsec VPN peers. 100 SSL VPN 100 peers. 3 Fast Ethernet interfaces ASA5510-SSL100-K9 Cisco ASA 5510 SSL/IPsec VPN Edition includes 250 IPsec VPN peers. 2 management interfaces. 2 SSL VPN peers. 5000 IPsec VPN peers. 3 Fast Ethernet interfaces ASA5520-CSC10-K9 Cisco ASA 5520 Content Security Edition includes CSC-SSM-10. 2 SSL VPN peers. 5000 IPsec VPN peers. firewall services. 5000 IPsec VPN peers. 3 Fast Ethernet interfaces ASA5510-CSC20-K9 Cisco ASA 5510 Content Security Edition includes CSC-SSM-20. 5000 IPsec VPN peers. 750 IPsec VPN peers. DES license ASA5580-40-BUN-K9 Cisco ASA 5580-40 Firewall Edition includes 2 management interfaces. 5000 IPsec VPN peers. 5000 IPsec VPN peers. firewall services. 3DES/ AES license Cisco ASA 5500 Series IPS Edition Bundles ASA5510-AIP10-K9 Cisco ASA 5510 IPS Edition includes AIP-SSM-10. 3DES/AES license ASA5580-40-BUN-K8 Cisco ASA 5580-40 Firewall Edition includes 2 management interfaces. 4 Gigabit SFP interfaces. 50-user antivirus/anti-spyware with 1year subscription. 1 Fast Ethernet interface 5-14 Cisco ASA 5500 Series Adaptive Security Appliances . firewall services. 4 Gigabit Ethernet interfaces. 2 SSL VPN peers. 3DES/AES license ASA5580-20-8GE-K9 Cisco ASA 5580-20 Firewall Edition 8 Gigabit Ethernet Bundle includes 8 Gigabit Ethernet interfaces. firewall services. 5000 IPsec VPN peers. 3DES/AES license ASA5580-20-4GE-K9 Cisco ASA 5580-20 Firewall Edition 4 Gigabit Ethernet Bundle includes 4 Gigabit Ethernet interfaces. 2 SSL VPN peers. 4 Gigabit Ethernet interfaces. 4 Gigabit Ethernet interfaces. 4 Gigabit Ethernet interfaces. 4 Gigabit Ethernet interfaces. 4 Gigabit Ethernet interfaces. 500-user antivirus/anti-spyware with 1-year subscription. 250 IPsec VPN peers. 1 Fast Ethernet interface ASA5520-AIP20-K9 Cisco ASA 5520 IPS Edition includes AIP-SSM-20. firewall services. 50 SSL VPN peers. 50 firewall users. 750 IPsec VPN peers. 5000 IPsec VPN peers.ASA5540-BUN-K9 Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface. DES license ASA5550-BUN-K9 Cisco ASA 5550 Firewall Edition includes 8 Gigabit Ethernet interfaces + 1 Fast Ethernet interface. 5000 IPsec VPN peers. firewall services. 1 Fast Ethernet interface Cisco ASA 5500 Series Content Security Edition Bundles ASA5510-CSC10-K9 Cisco ASA 5510 Content Security Edition includes CSC-SSM-10. firewall services. 500-user antivirus/anti-spyware with 1-year subscription. 2 SSL VPN peers. firewall services. 2 SSL VPN peers. 1 Fast Ethernet interface ASA5520-AIP40-K9 Cisco ASA 5520 IPS Edition includes AIP-SSM-40. 10 SSL VPN peers. 2 SSL VPN peers. 2 management interfaces.

and safeguarding intellectual property. intelligent detection with precision response from the network edge to the data center. LC ASA5580-2X10GE-SR= Cisco ASA 5580 2-port 10 Gigabit Ethernet fiber interface card.com/go/asa. network viruses.000 SSL VPN peers. The sensors can be deployed widely and incrementally on servers and endpoints. protecting brand reputation. 5000 SSL VPN peers. including worms. obstruct access to applications and resources. and application misuse. 250 Mbps—Cisco IPS 4240 Sensor. classify. They collaborate and adapt in real time to emerging threats. 600 Mbps—Cisco IPS 4255 Sensor. and stop known and unknown threats. 1-year subscription ASA-SSM-CSC-20-K9= Cisco ASA Content Security and Control Security Services Module 20 with 500-user antivirus/antispyware. This inline. so organizations can anticipate true IPS performance tailored to their business. firewall services. and cause significant communications disruption. switches. organizations easily manage their IPS deployment with near-real time updates to the most recent threats. 3DES/AES license Security Services Modules ASA-SSM-AIP-10-K9= Cisco ASA Advanced Inspection and Prevention Security Services Module 10 ASA-SSM-AIP-20-K9= Cisco ASA Advanced Inspection and Prevention Security Services Module 20 ASA-SSM-CSC-10-K9= Cisco ASA Content Security and Control Security Services Module 10 with 50-user antivirus/antispyware. 8 Gigabit Ethernet interfaces. This technology provides metrics in both multimedia and transactional environments.cisco. business priorities now include minimizing legal liability. RJ45 ASA5580-4GE-FI= Cisco ASA 5580 4-port Gigabit Ethernet fiber interface card. 10. system intrusion attempts. the Cisco Intrusion Prevention System (IPS) provides end-to-end protection for your network. Cisco IPS Sensors and Cisco IPS Sensor Software deliver high-performance. with Cisco Services for IPS. LC Cisco ASA 5500 Series Software ASA-SW-UPGRADE= Cisco ASA Software one-time upgrade for nonsupport customers For More Information For more information about the Cisco ASA 5500 Series Adaptive Security Appliance. In addition. application threats. because of compliance regulations and consumer privacy laws. 1 Gbps—Cisco IPS 4260 Sensor. Cisco Intrusion Prevention System 5-15 . 2800. 4 Gbps—Cisco IPS 4270 Sensor • Cisco IDS Services Module 2 (IDSM-2)—IPS security module for Cisco Catalyst 6500 Series Switches with this performance level: 500 Mbps • Cisco Advanced Inspection and Prevention Security Services Module (AIP-SSM)—IPS security module for the Cisco ASA 5500 Series Adaptive Security Appliance with these performance levels: 100 Mbps—Cisco AIP-SSM. Ideal for Companies that Need These Features • Cisco IPS 4200 Series Sensor—A dedicated hardware appliance platform with these performance levels: 80 Mbps—Cisco IDS 4215 Sensor. 2 management interfaces. Cisco Intrusion Prevention System Business networks of all sizes now face increasingly sophisticated attacks that can impede productivity. networkbased defense can identify. 1 Fast Ethernet interface ASA5580-20-10K-K9 Cisco ASA 5580 SSL/IPsec VPN Edition includes 10.000 IPsec VPN peers. as dedicated appliances and as service modules on routers. and firewalls. firewall services. visit: http://www. and 3800 Series Integrated Services Routers with this performance level: 45 Mbps • Cisco IDS Network Module (NM-CIDS)—Cisco network module that provides IDS capability for Cisco access routers with this performance level: 45 Mbps • Cisco IOS IPS—Focused set of IPS capabilities using Cisco IOS Software on the router with varying performance levels. Dual AC power. 4 Gigabit Ethernet interfaces. SR. 200 Mbps—Cisco AIP-SSM 20 • Cisco IPS Advanced Integration Module (AIM)—IPS AIM for the Cisco 1841.Chapter 5 ASA5550-SSL5000-K9 Cisco ASA 5550 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers. In addition. 1-year subscription SSM-4GE= Cisco ASA 4-Port Gigabit Ethernet Security Services Module Cisco ASA 5580 Series Interface Expansion Cards ASA5580-4GE-CU= Cisco ASA 5580 4-port 10/100/1000 Ethernet interface card. As an integral part of the Cisco Self-Defending Network and Cisco Threat Control solutions. SR.

SSH. server. SSH. two onboard 10/100BASE-TX interfaces with RJ-45 connector plus 4-FE interface card) IPS-4240-K9 Cisco IPS 4240 Sensor (chassis. The solutions extend across Cisco platforms. two onboard 10/100/ 1000BASE-TX interfaces with RJ-45 connector. and host-based (Cisco Security Agent) IPS collaboration. software. and four 10/100/1000BASE-TX interfaces) IPS4270-20-4SX-K9 Cisco IPS 4270 Sensor (chassis. two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector. two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector) IPS-4260-4GE-BP-K9 Cisco IPS 4260 Sensor with an included 4-GE copper NIC with hardware bypass (chassis. two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector. and rapid threat-response techniques save time. from purpose-built appliances and integrated firewall and IPS devices to services modules for routers and switches. and four fiber interfaces) 5-16 Cisco Intrusion Prevention System . and most importantly. two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector. NOTE: IPS technology strategically deployed throughout the network provides excellent end-to-end. four 10/100/1000BASETX interfaces with RJ-45 connector) IPS-4255-K9 Cisco IPS 4255 Sensor (chassis. • Collaborative threat prevention—A Cisco IPS solution employs a unique. and desktop endpoints. attack-path identification. Specifications Feature Performance Monitoring Interface IDS-4215 65 Mbps IPS-4240 250 Mbps IPS-4255 500 Mbps Four 10/100/ 1000 Base-TX IPS-4260 1 Gbps IPS Module (IDSM-2) 500 Mbps IPS Network Module (NMCIDS) 45 Mbps Internal 10-100Mbps Ethernet and external 10100-Mbps Ethernet Autosensing Four 10/100/ 10/100 Base-T 1000 Base-TX Ethernet Autosensing 10/ PCI 100/1000 BaseTX Four 10/100 Base-Tx (4FE) sniffing interfaces (allowing a total of 5 sniffing interfaces) Command and 10/100 Base. two onboard 10/100BASE-TX interfaces w/ RJ-45 connector) IDS-4215-4FE-K9 Cisco IPS 4215 Sensor (chassis.Key Features • Pervasive network integration—Cisco Intrusion Prevention System (IPS) solutions defeat threats from multiple vectors. SSH. and two fiber interfaces) IPS4270-20-K9 Cisco IPS 4270 Sensor (chassis.10/100 Base-TX 10/100 Base-TX Control Interface TX Optional Interface 4x 10/100/1000 Base-TX 2x1000SX 10/100 Base-TX PCI 10/1010/100 Base-TX Selected Part Numbers and Ordering Information IPS 4200 Appliances IDS-4215-K9 Cisco IPS 4215 Sensor (chassis. including network. SSH. redundant power. Extensive behavioral analysis. redundant power. four 10/100/1000BASE-TX interfaces with RJ-45 connector) IPS-4260-K9 Cisco IPS 4260 Sensor (chassis. • Proactive posture adaptation—As an organization’s network threat posture changes. and four 10/100/1000BASE-TX interfaces with built-in bypass) IPS-4260-2SX-K9 Cisco IPS 4260 Sensor with an included NIC card (chassis. software. mitigating threats by both known and unknown attacks. software. passive-active fingerprinting. common policy management. A Cisco IPS solution protects the network from policy violations. anomaly detection. This ubiquitous alliance includes cross-solution feedback linkages. software. multivendor event correlation. SSH. redundant power. software. system-wide security ecosystem that assesses and reacts to threats. SSH. two onboard 10/100/1000BASE-TX interfaces with RJ-45 connector) IPS4270-20-4GE-K9 Cisco IPS 4270 Sensor (chassis. across the entire network. a Cisco IPS solution evolves and adapts to stay ahead of the security landscape. software. SSH. the organization's assets and productivity. software. zero-day protection. policy adjustments. software. vulnerability exploitations. resources. SSH. SSH. SSH. software. SSH. and anomalous activity through detailed inspection of traffic at Layers 2 through 7. A Cisco IPS solution protects an organization’s infrastructure and business. delivering exceptional network scalability and resiliency. software. four 10/100/1000BASE-TX interfaces with RJ-45 connector) IPS4240-DC-K9 Cisco IPS 4240 NEBS-Compliant Sensor with DC power (chassis. software.

Because FWSM is based on the Cisco PIX Firewall. The transparent firewall feature configures the FWSM to act as a Layer 2 bridging firewall. • Enhanced reliability—The FWSM is based on Cisco PIX technology and uses the same time-tested Cisco PIX Operating System. there are fewer boxes to manage. 100. Cisco Catalyst 6500 Series Firewall Services Module 5-17 . Network administrators can configure. Up to four FWSMs can be installed in a single chassis. 300 VPN peers. deploy. software. 50 VPN peers. software. • Compatibility with future versions—The FWSM can handle up to 5 Gbps of traffic. • Efficiency and productivity gains—Virtualized FWSM delivers multiple firewalls on one physical hardware platform. the cost of training and management is lower. and 1 million concurrent connections. • Ease of use—The intuitive GUI of the Cisco PIX Device Manager can be used to manage and configure the features within the FWSM. a secure. providing exceptional performance to meet future requirements without requiring a system overhaul. and manage these functions as if they were separate devices.2 as well. Using virtualization to reduce the number of physical devices in a network significantly reduces the cost and complexity of managing network infrastructure. 300 VPN peers. The Cisco FWSM includes numerous advanced features that help reduce costs and operational complexity while allowing organizations to manage multiple firewalls from the same management platform. 3800 Cisco Catalyst 6500 Series Firewall Services Module The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) is a highspeed. integrated firewall module for Cisco Catalyst 6500 Switches and Cisco 7600 Series Routers. software. resulting in minimal changes to network topology. Ideal for Companies that Need These Features • Ability to add an integrated firewall module for Cisco Catalyst 6500 Switches and Cisco 7600 Series Routers Key Features • An integrated module—Installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router. 4 Fast Ethernet interfaces.Chapter 5 IPS-4GE-BP-INT= Spare 4-port copper interface card with built-in hardware bypass for the Cisco IPS 4260 and 4270 IPS-2SX-INT= Spare 2-port fiber interface card for the Cisco IPS 4260 and 4270 Cisco ASA 5510 Series Adaptive Security Appliances ASA5510-AIP10-K9 Cisco ASA 5510 Adaptive Security Appliance with SSM-AIP-10 (chassis. software. 3DES/AES) Security Services Modules ASA-SSM-AIP-10-K9= Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 10 (AIP-SSM-10) ASA-SSM-AIP-20-K9= Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 20 (AIP-SSM-20) IPS AIM for ISR AIM-IPS-K9 Cisco Intrusion Prevention System Advanced Integrated Module for Cisco 1841. 2800. Triple Data Encryption Standard/Advanced Encryption Standard [3DES/AES]) Cisco ASA 5520 Series Adaptive Security Appliances ASA5520-AIP10-K9 Cisco ASA 5520 Adaptive Security Appliance with SSM-AIP-10 (chassis. providing scalability to 20 Gbps per chassis. 4 Gigabit Ethernet interfaces. Based on Cisco PIX Firewall technology.000 cells per second (CPS). thus helping ensure that one security context does not interfere with another. 4 Gigabit Ethernet interfaces. 3DES/AES) ASA5520-AIP20-K9 Cisco ASA 5520 Adaptive Security Appliance with SSM-AIP-20 (chassis. and because it is integrated in the chassis. 4 Gigabit Ethernet interfaces. Up to three additional FWSMs can be added to the Cisco Catalyst 6500 to achieve better than 10-Gigabit Ethernet scalability. The FWSM can now be managed using the Cisco ASA 5500 Series Adaptive Security Device Manager (ASDM) v5. • Lower cost of ownership—The FWSM offers among the best price-to-performance ratios of any firewall. real-time operating system. reliability. Features such as resource manager helps organizations limit the resources allocated to any security context at any time. the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) allows any port on the device to operate as a firewall port and integrates firewall security inside the network infrastructure. It provides one of the fastest firewall data rates in the industry: 5-Gbps throughput. 500 VPN peers. 3DES/AES) Cisco ASA 5540 Series Adaptive Security Appliances ASA5540-AIP20-K9 Cisco ASA 5540 Adaptive Security Appliance with SSM-AIP-20 (chassis. and performance. the Cisco FWSM offers large enterprises and service providers exceptional security.

256. performance. visit: http://www. For More Information For more information about the Cisco Catalyst 6500 Series Firewall Services Module.3-K9 SC-SVC-FWM-2.2 for Cisco Catalyst 6500 and 7600 Series Firewall Services Module Software Release 2.2 for Cisco Catalyst 6500 and 7600 Series (spare) NOTE: Cisco Firewall Services Module Software 1.000 concurrent NAT or PAT translations.3 or 3.cisco. 8 VLAN pairs per security context in transparent mode Access Lists Up to 80.3 for Cisco Catalyst 6500 and 7600 Series (spare) Firewall Services Module Software Release 3.3-K9= SC-SVC-FWM-3.000 connections per chassis. 100. Up to four FWSMs (20 Gbps) per Catalyst 6500 chassis with static VLAN or IOS Policy-based Routing. Selected Part Numbers and Ordering Information Hardware WS-SVC-FWM-1-K9 WS-SVC-FWM-1-K9= Security Bundles WS-C6506-E-FWM-K9 WS-C6509-E-FWM-K9 WS-C6513-FWM-K9 WS-6509EXL-2FWM-K9 WS-6513XL-2FWM-K9 WS-6506-EXL-FWM-K9 WS-6509-EXL-FWM-K9 WS-C6513-XL-FWM-K9 Software SC-SVC-FWM-1. Taking advantage of the broad.1-K9= SC-SVC-FWM-3.1 for Cisco Catalyst 6500 and 7600 Series (spare) Firewall Services Module Software Release 2.000 connection setups and teardowns per second. Customers are encouraged to upgrade or purchase FWSM Software 2.1 for Cisco Catalyst 6500 and 7600 Series (spare) Firewall Services Module Software Release 3. Supervisor 720 3BXL and one Firewall Service Module Firewall Services Module Software Release 1. Virtual Firewalls and 1 administrative context are provided for (Security Contexts) testing purposes.2-K9 SC-SVC-FWM-3. industry-proven application support and endpoint security provided by Cisco VPN 3000 Series Concentrators.1-K9 SC-SVC-FWM-1.8 Mpps.1 has reached end-of-sale status.1 for Cisco Catalyst 6500 and 7600 Series Firewall Services Module Software Release 1. Supervisor 720 3BXL and one Firewall Service Module Cisco Catalyst 6513 Firewall Security System with Enhanced Chassis. The innovative virtualization capabilities integrated into the module simplify the policy creation and enforcement for diverse enterprise user communities and make it an ideal solution for managed service providers.2-K9= Firewall Services Module for Cisco Catalyst 6500 and 7600 Series Firewall Services Module for Cisco Catalyst 6500 and 7600 Series (spare) Cisco Catalyst 6506 Firewall Security System with Enhanced Chassis and Supervisor 720 3B Cisco Catalyst 6509 Firewall Security System with Enhanced Chassis and Supervisor 720 3B Cisco Catalyst 6513 Firewall Security System with Supervisor 720 3B Cisco Catalyst 6509 Firewall Security System with Enhanced Chassis. the Cisco WebVPN Services Module can cost-effectively meet the capacity requirements of large enterprises.html. 100. Jumbo Ethernet packets (8500 bytes) supported VLAN Interfaces 1000 total per service module.1-K9= SC-SVC-FWM-2. the 5-18 Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module . 3.3 for Cisco Catalyst 6500 and 7600 Series Firewall Services Module Software Release 2. and security required for large-scale. 50.com/en/US/products/hw/modules/ps2706/ps4452/index.2. Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module The Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module is a high-speed.2-K9= SC-SVC-FWM-2.1.5 Gbps throughput per service module.2-K9 SC-SVC-FWM-2. 256 VLANs per security context in routed mode. Supervisor 720 3BXL and one Firewall Service Module Cisco Catalyst 6506 Firewall Security System with Enhanced Chassis. 2. Supervisor 720 3BXL and two Firewall Service Modules Cisco Catalyst 6513 Firewall Security System with Supervisor 720 3BXL and two Firewall Service Modules Cisco Catalyst 6506 Firewall Security System with Enhanced Chassis.1 for Cisco Catalyst 6500 and 7600 Series Firewall Services Module Software Release 3.Specifications Performance 5. remote-access SSL VPN deployments.2 for Cisco Catalyst 6500 and 7600 Series (spare) Firewall Services Module Software Release 2. Supporting up to 32. 1 million concurrent connections. integrated SSL VPN services module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that addresses the scalability.1-K9 SC-SVC-FWM-3. application support.2 for Cisco Catalyst 6500 and 7600 Series Firewall Services Module Software Release 3.000 SSL VPN users and 128. 250 Virtual Firewall licenses.000 access control entries in single context mode NOTE: The FWSM implements Layer 3 and 4 access control security checks in hardware with virtually no performance impact using non-upgradeable high-speed memory Virtual Firewalls 20.

Group-based access control using Cisco Secure Access Control Server (ACS) End-System Integrity Antivirus check. Differentiated Services Code Point/Type of Service (DSCP/ToS). Per-VRF AAA server. Internet Explorer. • Advanced endpoint security—A primary component of the Cisco WebVPN Services Module.1 WebVPN Services Module Software 1. providing a ready-to-deploy solution. Single-IP model (URL-based or login-name-based). SSL_RSA_WITH_DES_CSC_SHA. Seeks to minimize risk of temporary and downloaded files and (Cisco Secure cookies from remaining on system Desktop integration) Redundancy and Load Stateless failover. Per-VRF number of users User Authentication RADIUS. Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module 5- .000 simultaneous SSL VPN users and 128. internal buffer Cipher Suites SSL_RSA_WITH_RC4_128_MD5.000 connections. Cisco IOS Software server-load balancing (SLB) and Content Switching Module Sharing integration within the chassis.0 Configuration and Console CLI. Per-VRF DNS server. TLS 1. • Virtualization and Virtual Route Forwarding (VRF) awareness—Virtualization technology is a way to pool resources while masking the physical attributes and boundaries of the resources from the resource users. UNIX NIS.000 concurrent connections. Windows NT. Telnet. Active Directory.0 and 3.Chapter 5 Cisco WebVPN Services Module is ideally suited to meet the secure connectivity demands of any organization. per-user. Up to 64 SSL VPN virtual contexts and 64 gateways. This support helps configure and provision the module without the need for an external element management system. complete with separate policies and configuration VRF-Aware VRF mapping. Ideal for Companies that Need These Features • Ability to add a high-speed. SSL_RSA_WITH_3DES_EDE_CBC_SHA Network Access IP address. Active/Active failover Application Support Web access.1. with each context as a complete logical representation of the WebVPN Services Module. Multiple-IP model. Personal firewall check. Up to 128 VRF-aware virtual contexts are supported per module. external server. integrated SSL VPN services module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers Key Features • Integration with network infrastructure—Incorporating VPN into the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Internet Routers helps secure the network without the need for extra overlay equipment or network alterations.html. HTTP. Per-VRF gateway. Firefox Protocols SSL 3. file transfer. Up to 4 modules in a chassis Virtualization Ability to divide into multiple contexts. Specifications Scalability Up to 8000 users. Up to 300 Mbps.1 (spare) For More Information For more information about the Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module. legacy applications.cisco. HTTPS. visit: http://www. Up to four modules can be supported in a single chassis to support up to 32. specialized applications Browser Support Netscape. SSL_RSA_WITH_RC4_128_SHA. file services. TCP/UDP port. • Scalability—A single module is capable of supporting up to 8000 simultaneous users and up to 32.com/en/US/products/ps6404/index. e-mail. • Ease of deployment—The Cisco Catalyst 6500 Series/7600 Series WebVPN Services Module comes with integrated device-manager support. Telnet. Secure Shell (SSH) Management Syslog Support Console display. Cisco Secure Desktop offers preconnection security posture assessment and a consistent and reliable means of eliminating all traces of sensitive data. Control per-group Selected Part Numbers and Ordering Information WS-SVC-WEBVPN-K9 WS-SVC-WEBVPN-K9= SC-SVC-WVPN-11-K9 SC-SVC-WVPN-11-K9= WebVPN Services Module for Cisco Catalyst 6500 Series and Cisco 7600 Series WebVPN Services Module (spare) WebVPN Services Module Software 1.

• Granular control—The solution empowers network and IT management with additional tools to provide controlled access to corporate network resources and applications. • Comprehensive network access—Broad application and network resource access is provided through the Cisco AnyConnect VPN Client. an automatically downloadable network-tunneling client that provides access to virtually any application or resource. and content-security capabilities • A comprehensive. namely for delay-sensitive applications such as voice and video Key Features • Deployment flexibility—The Cisco SSL VPN with Cisco ASA 5500 Series Adaptive Security Appliance extends the appropriate SSL VPN technology. intrusion-prevention-system (IPS). Specifications Cisco ASA 5505 Maximum VPN Throughput Maximum Concurrent SSL VPN Sessions1 Maximum Concurrent IPsec VPN Sessions1 Profile Stateful Failover 100 Mbps 25 Cisco ASA 5510 170 Mbps 250 Cisco ASA 5520 225 Mbps 750 Cisco ASA 5540 325 Mbps 2500 Cisco ASA 5550 425 Mbps 5000 Cisco ASA 5580-20 1 Gbps 10. flexible.000 Desktop No 1-RU Licensed feature2 1-RU Yes 1-RU Yes 1-RU Yes 4-RU Yes 4-RU Yes 5-20 Cisco SSL VPN Solutions . • Ubiquitous clientless access—The solution delivers secure remote access to authenticated users on both managed and unmanaged endpoints. intrusionprevention-system (IPS). and endpoints. devices. and scalability. facilitating increased productivity by providing “anytime access” to the network. and content-security technologies on a single. • Exceptional management flexibility—The application simplifies the complexity of managing diverse. on a resource-granular per-session basis. coupled with industry-leading firewall. the Cisco ASA 5500 Series SSL/ IPsec VPN Edition delivers maximum value to organizations with its exceptionally comprehensive set of Secure Socket Layer (SSL) and IP Security (IPsec) VPN features. performance-optimized solution that offers high-quality application support. Ideal for Companies that Need These Features • A feature-rich solution that offers a comprehensive breadth of platform and endpoint support in a simple-tomanage. including mobile and fixed endpoints.000 Cisco ASA 5580-40 1 Gbps 10. • Low total cost of ownership (TCO)—The solution reduces expensive help-desk calls associated with network connectivity problems and eliminates the administration costs of managing VPN client software on every endpoint. unified platform. remoteaccess connectivity requirements common in today's enterprise. contractors. cost-effective solution • Concurrent user scalability from 10–10. The Cisco ASA 5500 Series SSL/IPsec VPN Edition also allows organizations to use a powerful combination of multiple market-proven firewall. Supporting a wide range of deployment and application environments.000 25 250 750 5000 5000 10. such as voice-over-IP (VoIP) traffic or TCP-based application access. • Optimized network performance—The Cisco AnyConnect VPN Client provides an optimized VPN connection for latency-sensitive traffic.000 sessions per device and tens of thousands of sessions per cluster • Combined SSL and true IPSec remote-access capability.000 10. and business partners. either clientless or full-network access. depending on the user group or endpoint accessing the network. The Cisco SSL VPN Client with Cisco ASA 5500 Series SSL and IPsec VPN Edition allows organizations to securely provide network access to a broad array of users. easy-to-deploy. performance. remote offices.Cisco SSL VPN Solutions Today's remote-access VPN deployments require the ability to safely and easily extend corporate network access beyond managed desktops to different users.

000 SSL VPN users Cisco ASA 5505 SSL/IPsec VPN Edition for 10 concurrent SSL VPN users Cisco ASA 5505 SSL/IPsec VPN Edition for 25 concurrent SSL VPN users Cisco ASA 5510 SSL/IPsec VPN Edition for 50 concurrent SSL VPN users Cisco ASA 5510 SSL/IPsec VPN Edition for 100 concurrent SSL VPN users Cisco ASA 5510 SSL/IPsec VPN Edition for 250 concurrent SSL VPN users Cisco ASA 5520 SSL/IPsec VPN Edition for 500 concurrent SSL VPN users Cisco ASA 5540 SSL/IPsec VPN Edition for 1000 concurrent SSL VPN users Cisco ASA 5540 SSL/IPsec VPN Edition for 2500 concurrent SSL VPN users Cisco ASA 5550 SSL/IPsec VPN Edition for 2500 concurrent SSL VPN users Cisco ASA 5550 SSL/IPsec VPN Edition for 5000 concurrent SSL VPN users Cisco ASA 5580-20 SSL/IPsec VPN Edition for 10. The total concurrent IPsec and SSL (clientless and tunnel-based) VPN sessions may not exceed the maximum concurrent IPsec session count shown in the chart. All Cisco ASA 5500 Series appliances include maximum IPsec concurrent users in the base configuration of the chassis. Two RJ45 Management ports. Two RJ-45 Management ports. Two Gigabit Ethernet Management ports With Interface Expansion Cards: -Up to Twelve 10 Gigabit Ethernet (10GE) ports -Up to TwentyFour Gigabit Ethernet ports -Up to TwentyFour 10/100/ 1000 Ethernet ports 1. Ordering Information for Edition Bundles ASA5505-SSL10-K9 10 SSL VPN users ASA5505-SSL25-K9 25 SSL VPN users ASA5510-SSL50-K9 50 SSL VPN users ASA5510-SSL100-K9 100 SSL VPN users ASA5510-SSL250-K9 250 SSL VPN users ASA5520-SSL500-K9 500 SSL VPN users ASA5540-SSL1000-K9 1000 SSL VPN users ASA5540-SSL2500-K9 2500 SSL VPN users ASA5550-SSL2500-K9 2500 SSL VPN users ASA5550-SSL5000-K9 5000 SSL VPN users ASA5580-20-10K-K9 10. Every Cisco ASA 5500 Series model can support SSL VPN through the purchase of an SSL VPN license.000 concurrent SSL VPN users Cisco ASA Chassis and Applicable SSL VPN Licenses SSL VPN User Requirements 10 SSL VPN users 25 SSL VPN users 50 SSL VPN users Part Number Cisco ASA Cisco ASA Cisco ASA Cisco ASA Cisco ASA Cisco ASA Cisco ASA 5505 5510 5520 5540 5550 5580-20 5580-40 ASA5500-SSL-10 ASA5500-SSL-25 ASA5500-SSL-50 X X X X X X X X X X X X X X X X X X X X Cisco SSL VPN Solutions 5-21 . Upgrade Licenses paths are available for migration to higher Concurrent SSL users counts. as indicated in Table 3. visit the Cisco Ordering Home Page. SSL VPN on the Cisco ASA 5500 Series may be purchased under a single part number as an edition bundle. two USB ports Yes Four 10/100/ 1000 copper Ethernet ports. To place an order. one Fast Ethernet port Yes Two USB ports. These items should be taken in to consideration as part of your capacity planning 2. two USB ports Yes Eight Gigabit Ethernet ports. SSL VPN Users licenses are not additive. Two Gigabit Ethernet Management ports With Interface Expansion Cards: -Up to Twelve 10 Gigabit Ethernet (10GE) ports -Up to TwentyFour Gigabit Ethernet ports -Up to TwentyFour 10/100/ 1000 Ethernet ports Yes Two USB ports. Devices include a license for two SSL VPN users for evaluation and remote management purposes. All SSL VPN features are included under a single feature license. one out-ofband management port. or the chassis and SSL VPN feature license may be purchased separately. four SFP fiber ports. one out-ofband management port. The ASA 5580 Series supports greater simultaneous users than the ASA 5550 Series at comparable overall SSL VPN throughput as the ASA 5550 Series. The SSL VPN session number may also not exceed the number of licensed sessions on the device. three USB ports No Yes Four 10/100/ 1000 copper Ethernet ports. Selected Part Numbers and Ordering Information The following tables provide a subset of ordering information for the Cisco ASA 5500 Series SSL/IPsec VPN Edition. Upgrade is available with Cisco ASA 5510 Security Plus license. Ethernet two USB ports ports with dynamic port grouping (include two Power over Ethernet ports).Chapter 5 VPN Load Balancing Interfaces Licensed feature2 Eight 10/100 Five 10/100 copper copper Ethernet ports.

IronPort e-mail security appliances support and protect organizations’ e-mail systems. • Data loss prevention (DLP)—IronPort delivers high-performance. IronPort C150—For small to midsize organizations. IronPort believes that a holistic solution for monitoring and data loss across all communication channels is vital to ensure the integrity of an organization's policies.cisco. not only from today's threats. • E-mail encryption—IronPort PXE technology provides secure. IronPort C650—For enterprises. together with its partnerships with industry-leading DLP vendors. puts IronPort in the unique position to offer a single vantage point to enterprises for this critical functionality.100 SSL VPN users 250 SSL VPN users 500 SSL VPN users 750 SSL VPN users 1000 SSL VPN users 2500 SSL VPN users 5000 SSL VPN users 10. Sarbanes-Oxley Act of 2002 (SOX). and protect their brand and reputation. • Regulatory compliance—IronPort’s predefined content filters for Health Insurance Portability and Accountability Act (HIPAA). In production at eight of the ten largest Internet service providers (ISPs) and more than 20 percent of the world's largest enterprises. Reputation Filters dispose of up to 90 percent of incoming spam at the connection level -. and accessible from any e-mail platform. Gramm-Leach-Bliley (GLB). high-performance software architecture engineered from the ground up to address concurrency-based communications bottlenecks and the limitations of file-based queuing. IronPort C350—For midsize enterprises. enforce compliance. Ideal for Companies that Need These Features • Anti-spam and anti-virus solution—IronPort offers multiple layers of defense against spam and viruses with a 99 percent catch rate and an industry-low false-positive rate of one in one million.saving bandwidth. these products facilitate the administration of corporate mail systems and reduce the burden on technical staff. The same code base that powers the most sophisticated customers is available in all of IronPort e-mail security appliances to protect enterprises of all sizes.com/go/asa. Easily extensible lexicons allow companies to customize these rules to meet specific requirements. • IronPort Reputation Filters—IronPort Reputation Filters perform a real-time e-mail threat assessment and then identify suspicious e-mail senders. and other regulations automatically scan e-mail messages for protected financial and health information. It meets compliance requirements and protects confidential information without the cost and complexity of the public key infrastructure (PKI). Suspicious senders are rate-limited or blocked.000 SSL VPN users ASA5500-SSL-100 ASA5500-SSL-250 ASA5500-SSL-500 ASA5500-SSL-750 ASA5500-SSL1000 ASA5500-SSL2500 ASA5500-SSL5000 ASA5500-SSL-10K X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X For More Information For more information about the Cisco SSL VPN Client with Cisco ASA 5500 Series Adaptive Security Appliance. comprehensive data loss prevention for data in motion -. Key Features • IronPort AsyncOS—IronPort AsyncOS is a unique. 5-22 IronPort E-mail Security Appliances .helping organizations both large and small prevent leaks. The following list offers a general description for each product: IronPort Blocker—1–200 email users. IronPort X1050—For large enterprises and Internet service providers (ISPs) NOTE: Please contact IronPort for sizing of specific appliances. visit: http://www. preventing malicious traffic from entering the network. policy-based e-mail encryption that is simple for both senders and receivers. IronPort E-mail Security Appliances The IronPort e-mail security appliances are some of the most sophisticated systems available today. • Organization size requirements—IronPort offers various appliances to meet the needs of companies of all sizes. and a wide variety of other threats. viruses. these systems have a demonstrated record of unparalleled security and reliability. As the first line of defense on the IronPort e-mail security appliances. but from those certain to evolve in the future. By reducing the downtime associated with spam. Leadership within the Internet security market.

Chapter 5
conserving system resources, and yielding the very highest levels of security for critical messaging systems. A proven preventive solution, IronPort Reputation Filters defend the largest Internet service provider (ISP) and enterprise networks, as well as small and medium-sized businesses (SMBs), in production environments around the world. IronPort Anti-Spam—The catch rate of IronPort Anti-Spam is 97 to 99 percent. Its false positive rate is less than 1 in 1 million. To eliminate the broadest range of known and emerging e-mail threats, IronPort Anti-Spam combines best-of-class conventional techniques with breakthrough context-sensitive detection technology. IronPort Virus Outbreak Filters—IronPort Virus Outbreak Filters detect new virus outbreaks in real time, and then quarantine suspicious messages -- offering protection up to 42 hours before traditional anti-virus solutions. IronPort PXE—IronPort PXE encryption technology revolutionizes e-mail encryption, meeting compliance requirements while delivering powerful new business-class e-mail features. IronPort Data Loss Prevention (DLP)—IronPort delivers high-performance, comprehensive data loss prevention for data in motion, helping organizations both large and small prevent leaks, enforce compliance, and protect their brand and reputation. The IronPort SenderBase Network—SenderBase collects data from more than ten times the networks of competing monitoring systems, with data on more than 30 percent of the world's e-mail and Web traffic. This volume provides a very statistically significant sample size, resulting in immediate and accurate detection of even low-volume mail senders. A highly diverse group of more than 100,000 organizations, including some of the largest networks in the world, contribute information to IronPort’s SenderBase on a remarkable 5 billion messages per day. SenderBase gives mail administrators excellent real-time visibility into security threats from around the world. The IronPort Threat Operations Center—The 24-hour IronPort Threat Operations Center (TOC) provides a view into global traffic activity, enabling IronPort to analyze anomalies, uncover new threats, and track traffic trends.

• •

Specifications
C150 Chassis/Processor Form Factor Dimensions CPU Storage RAID Drives Connectivity Ethernet Serial Mail Operations Mail Injection Protocols Mail Delivery Protocols DNS Interfaces/Configuration Web Interface Command Line Interface File Transfer Programmatic Monitoring C350 Chassis / Processor Form Factor Dimensions CPU Power Supplies Storage RAID Drives Capacity Connectivity Ethernet Serial Mail Operations 19" Rack-Mountable, 2U rack height 3.5" (h) x 19" (w) x 29" (d) One Intel Xeon processor Hot-plug redundant, 700 watts, 100/240 volts RAID 1 configuration; Dual channel hardware with battery-backed cache Two hot-swappable, 146GB Ultra 3 SCSI 35GB effective queue capacity, 45GB non-mail (e.g. log) capacity One Intel 10/100 BaseT and two Broadcom Gigabit BaseT Ethernet ports One RS-232 (DB-9) Serial Port 17" 1U rack mounted chassis 1.7" (h) x 17" (w) x 22" (d) Single Intel Processor RAID 1 configuration Two 80GB 7200 RPM SATA drives Two Embedded Intel Gigabit NICs 1 DB-9 Serial Port SMTP, ESMTP, Secure SMTP over TLS SMTP, ESMTP, Secure SMTP over TLS Internal resolver/cache; Can resolve using local DNS or Internet DNS servers Accessible by HTTP or HTTPS Accessible via SSH or Telnet; Configuration Wizards SCP or FTP XML-based configuration files

IronPort E-mail Security Appliances

5-23

Mail Protocols DNS LDAP Interfaces / Configuration Web Interface Command Line Interface File Transfer Programmatic Monitoring Configuration Files Cryptographic Algorithms TLS (Encrypted SMTP) DomainKeys Signing SSH for System Management Programmatic Monitoring SSH for System Management HTTPS for System Management C650 Chassis / Processor Form Factor Dimensions CPU Power Supplies Storage RAID Drives Capacity Connectivity Ethernet Serial Mail Operations Mail Injection Protocols Mail Delivery Protocols DNS LDAP Interfaces / Configuration Web Interface Command Line Interface File Transfer Programmatic Monitoring Configuration Files Cryptographic Algorithms TLS (Encrypted SMTP) DomainKeys Signing SSH for System Management HTTPS for System Management X1050 Chassis / Processor Form Factor Dimensions CPU Power Supplies Storage RAID Drives Capacity Connectivity Ethernet Two-port fiber-optic NIC Serial Mail Operations

SMTP, ESMTP, Secure SMTP over TLS Internal resolver/cache; Can resolve using local DNS or Internet root servers Integrates with Active Directory, Notes, Domino and OpenLDAP servers Accessible by HTTP or HTTPS Accessible via SSH or Telnet; Configuration Wizard or command-based SCP or FTP XML over HTTP(S) XML-based configuration files archived or transferred to cluster 56-bit DES, 168-bit 3DES, 128-bit RC4, 128-bit AES and 256-bit-AES 512, 768, 1024, 1536 and 2048-bit RSA 768 and 1024-bit RSA RC4-SHA and RC4-MD5 768 and 1024-bit RSA RC4-SHA and RC4-MD5

19" Rack-Mountable, 2U rack height 3.5" (h) x 19" (w) x 29" (d) Two Intel Multi-Core Processors Hot-plug redundant, 750 watts, 100/240 volts RAID 1+0 configuration; Dual channel hardware with battery-backed cache Four hot-swappable, 146 GB Serial attached SCSI 70 GB queue capacity, 110 GB discretionary capacity (reporting data, logs, configuration, archives) Two Broadcom Gigabit BaseT and One Intel 10/100 BaseT Ethernet ports One RS-232 (DB-9) Serial Port SMTP, ESMTP, Secure SMTP over TLS SMTP, ESMTP, Secure SMTP over TLS Internal resolver/cache; Can resolve using local DNS or Internet DNS servers Integrates with Active Directory, Notes, Domino and OpenLDAP servers Accessible by HTTP or HTTPS Accessible via SSH or Telnet; Configuration Wizard or command-based SCP or FTP XML over HTTP(S) XML-based configuration files archived or transferred to cluster 56-bit DES, 168-bit 3DES, 128-bit RC4, 128-bit AES and 256-bit-AES 512, 768, 1024, 1536 and 2048-bit RSA 768 and 1024-bit RSA RC4-SHA and RC4-MD5

19” rack-mountable, 2U rack height 3.5” (h) x 19” (w) x 29” (d) Two Intel Multi-Core Processors Hot-plug redundant, 750 watts, 100/240 volts RAID 1+0 configuration; Dual channel hardware with battery-backed cache Four hot-swappable, 146 GB Serial attached SCSI 70 GB queue capacity, 110 GB discretionary capacity (reporting data, logs, configuration, archives) Two Broadcom Gigabit BaseT and One Intel 10/100 BaseT Ethernet ports One RS-232 (DB-9) serial port

5-24

IronPort E-mail Security Appliances

Chapter 5
Mail Protocols DNS LDAP Interfaces / Configuration Web Interface Command Line Interface File Transfer Programmatic Monitoring Configuration Files Cryptographic Algorithms TLS (Encrypted SMTP) DomainKeys Signing SSH for System Management HTTPS for System Management SMTP, ESMTP, Secure SMTP over TLS Internal resolver/cache; Can resolve using local DNS or Internet DNS servers Integrates with Active Directory, Notes, Domino and OpenLDAP servers Accessible by HTTP or HTTPS Accessible via SSH or Telnet; Configuration Wizard or command-based SCP or FTP XML over HTTP(S) XML-based configuration files archived or transferred to cluster 56-bit DES, 168-bit 3DES, 128-bit RC4, 128-bit AES and 256-bit-AES 512, 768, 1024, 1536 and 2048-bit RSA 768 and 1024-bit RSA RC4-SHA and RC4-MD5

Selected Part Numbers and Ordering Information
Information below pertains to IronPort’s bundle offerings. For a-la-carte, government, or educational pricing, contact an IronPort sales representative at sales@ironport.com. • AS = Anti-Spam; AV = Anti-Virus; VOF = Virus Outbreak Filters; ENCR = IronPort E-mail Encryption Single Appliance 1 year AS EBUN-1A-EN-S-1Y Single Appliance 3 year AS EBUN-1A-EN-S-3Y Dual Appliance 1 year AS EBUN-2A-EN-S-1Y Dual Appliance 3 year AS EBUN-2A-EN-S-3Y AS+AV EBUN-1A-EN-SQ-1Y AS+AV EBUN-1A-EN-SQ-3Y AS+AV EBUN-2A-EN-SQ-1Y AS+AV EBUN-2A-EN-SQ-3Y AS+AV+VOF EBUN-1A-EN-SQR-1Y AS+AV+VOF EBUN-1A-EN-SQR-3Y AS+AV+VOF EBUN-2A-EN-SQR-1Y AS+AV+VOF EBUN-2A-EN-SQR-3Y AS+AV+VOF+ENCR EBUN-1A-EN-SQRT-1Y AS+AV+VOF+ENCR EBUN-1A-EN-SQRT-3Y AS+AV+VOF+ENCR EBUN-2A-EN-SQRT-1Y AS+AV+VOF+ENCR EBUN-2A-EN-SQRT-3Y

For More Information
For more information about IronPort products, visit: http://www.cisco.com/web/products/ironport or http://www.ironport.com/products/email_security_appliances.html

IronPort Web Security Appliance
Designed to meet the needs of the most demanding organizations, the IronPort S-Series Web security appliance protects the network perimeter against spyware and a wide variety of Web-based threats. The IronPort Web security appliance combines multiple layers of Web security technology such as deep application content inspection, IronPort’s Layer 4 (L4) Traffic Monitor, IronPort Web Reputation Filters and multiple malware signatures.

Ideal for Companies that Need These Features
• A secure Web gateway, with multiple layers of defense against malware—With IronPort, these layers run concurrently on a single, integrated appliance. • High security and high performance—Unlike other solutions on the market (for example, Blue Coat, Websense), security was not developed as an afterthought on the IronPort S-Series. • Consolidated security, acceptable use policy (AUP), application control, and content caching features, all on a single, integrated appliance—Offers ease-of-management and low total cost of ownership (TCO) • HTTPS decryption and scanning—Most similar solutions cannot scan HTTPS traffic, leaving the user exposed to Web-based threats.

Key Features
• A fast Web proxy is the foundation for security and acceptable use policy (AUP) enforcement. It allows for deep content analysis, which is critical to accurately detect devious and rapidly mutating Web-based malware.

IronPort Web Security Appliance

5-25

535 network ports. the world's top threat research center. • Multiple deployment modes facilitate flexibility within a corporate network. • Integrated authentication through standard directories (such as Lightweight Directory Access Protocol [LDAP] or Active Directory) and the ability to implement multiple authentication schemes (such as NT LAN Manager [NTLM] or Basic) lets enterprises deploy the IronPort S-Series transparently.• IronPort’s integrated Layer 4 (L4) Traffic Monitor scans all ports at wire speed. Multi-vendor Defense in Depth • IronPort URL Filters offer exceptionally broad reach and a very high accuracy rate in controlling Web content. The Webroot scanning engine.along with the ability to specify custom log formats consistent with enterprise logging policies. The McAfee scanning engine is backed by Avert Labs. • The IronPort Anti-Malware System helps enable the IronPort S-Series to be the first solution on the market that offers multiple anti-malware scanning engines on a single. This system uses the IronPort Dynamic Vectoring and Streaming (DVS) engine and verdict engines from Webroot and McAfee to full advantage. Squid or Squid-detailed -. x6 Backplane. integrated appliance. Deployment modes include deployment as an explicit forward proxy for the network or transparent deployment off a Layer 4 switch or a Web Cache Communication Protocol (WCCP) router within the network. The McAfee database includes in-depth analysis on both viruses and malware. reputation filtering. and availability. easy-to-understand view of all access and security policies configured on the appliance. 146 GB SAS Drives. • A Simple Network Management Protocol (SNMP) Enterprise MIB facilitates hands-off monitoring and alerting for key system metrics. Dual Embedded Broadcom Gigabit NIC 2x Intel® PRO 1000PT Gigabit NIC One RS-232 (DB-9) Serial Port Accessible by HTTP or HTTPS Accessible via SSH or Telnet. easily addressing acceptable use policy (AUP) concerns. 876 GB Total 4 Port. These on. 2U rack height 3. as well as threat identification and prevention. • Extensive logging allows enterprises to keep track of all Web traffic. • The IronPort DVS engine was built to provide an integrated.5" (h) x 19" (w) x 29" (d) 2x Dual Core Intel Xeon 5140. performs both request. Comprehensive Management and Reporting Capabilities • IronPort Web Security Manager provides a single. while taking advantage of preexisting authentication and access control policies within their networks. It employs sophisticated object parsing and streaming techniques to provide all of IronPort's AUP and security features for Web traffic. 100/240 volts RAID 10 configuration. Standard log formats include Apache. By tracking all 65. IronPort's Web security solution is the first to use Web reputation and URL filtering to make HTTPS decryption decisions. Dual channel hardware with battery-backed cache Six hot-swappable. both benign and malware-related. performance. Integrated Controller Card Hot-plug redundant. and malware filtering) from a single location. including hardware. Multi-layer.and off-box reports are designed to provide actionable information as well as historical trends. • IronPort Web Security Monitor provides valuable insight into overall Web activity. Specifications Chassis / Processor Form Factor Dimensions CPU Memory Backplane Power Supplies Storage RAID Drives Connectivity Ethernet Serial Interfaces / Configuration Web Interface Command Line Interface File Transfer Form Factor 19" Rack-Mountable. • HTTPS decryption enables the IronPort S-Series to enforce acceptable use and security policies over HTTPS-decrypted data. • Scanning engines from Webroot and McAfee are fully integrated into the IronPort S-Series appliances. Dual Ranked DIMMs PERC 5/i. within corporate networks. FTP or SYSLOG 5-26 IronPort Web Security Appliance . backed by a threat research team at Webroot.and response-side scans. detecting and blocking spyware “phone-home” activity. 4 MB Cache 4 GB 533 MHz. These filters compare users' Web traffic requests against administrator-set policies for 52 predefined (and an unlimited number of custom) categories. 700 watts. Administrators manage all Web access policies (including those for URL filtering. the L4 Traffic Monitor effectively stops malware that attempts to bypass Port 80. single-appliance solution with multiple antimalware scanning engines from different vendors. Configuration Wizard or command-based SCP.

and the ability to scale to the largest of data centers. The result is dramatically reduced business exposure to attacks on modern mission-critical applications.0 and service-oriented-architecture (SOA) application solutions. accelerating compliance efforts focused on application security as seen with the PCI DSS (Payment Card Industry Data Security Standard) 1. It combines deep Web application analysis with high-performance Extensible Markup Language (XML) inspection and management to address the full range of threats associated with Web application services.1 standard • A comprehensive Layer 7 security solution to complement existing network firewalls (for customers hosting Web applications) Key Features • Secure—Built upon a proven understanding of XML. criminals are increasingly exploiting these applications for identity theft. Web Reputation Filters. • Scalable—With gigabit throughput. and enhanced availability. For a-la-carte. AV = Antivirus and anti-malware Single Appliance Bundles (1 Year) URL Users WBUN-1A-EN-A-1Y Single Appliance Bundles (3 Years) Users URL WBUN-1A-EN-A-3Y URL+WREP WBUN-1A-EN-AB-1Y URL+WREP WBUN-1A-EN-AB-3Y URL+WREP WBUN-2A-EN-AB-1Y URL+WREP WBUN-2A-EN-AB-3Y URL+WREP+ASPY+AV WBUN-1A-EN-ABC-1Y URL+WREP+ASPY+AV WBUN-1A-EN-ABC-3Y URL+WREP+ASPY+AV WBUN-2A-EN-ABC-1Y URL+WREP+ASPY+AV WBUN-2A-EN-ABC-3Y Dual Appliance Bundles (1 Year) URL Users WBUN-2A-EN-A-1Y Dual Appliance Bundles (3 Years) URL Users WBUN-2A-EN-A-3Y For More Information For more information about the IronPort S-Series Web Security Appliance. protection of sensitive customer and corporate information.com/web/ products/ironport or http://www. application disruption. URL Filtering. fraud. application disruption. Unfortunately.ironport. Cisco ACE WAF enables uninterrupted collaboration in high-paced environments with fewer appliances to store and manage.Chapter 5 Programmatic Monitoring Configuration Files XML over HTTP(S) XML-based configuration files Selected Part Numbers and Ordering Information Information below pertains to IronPort’s bundle offerings.html Cisco ACE Web Application Firewall Companies are increasing efficiency and profitably with the implementation of new Web 2.com/products/web_security_appliances. and Sawmill Software for IronPort. Rails (4-Post Square). • Simple—With centralized enterprise-ready management. government.1 mandate.cisco. and fraud. Cisco ACE Web Application Firewall 5-27 . and targeted attacks. even with no prior application experience. Cisco ACE WAF can be simply deployed and easily managed. Cisco ACE WAF secures and protects Web applications from common attacks such as identity theft. The Cisco ACE Web Application Firewall provides full compliance with the latest PCI requirements. data theft.com.5 and 6. Ideal for Companies that Need These Features • A firewall with deep web application analysis with high-performance Extensible Markup Language (XML) inspection • Compliance with sections 6. The IronPort Anti-Malware System includes signatures from Webroot and McAfee Note the following abbreviations: URL = URL Filtering. unparalleled support for concurrent transactions. data theft. WEBREP = IronPort Web Reputation Filters. or educational pricing please contact an IronPort sales representative at sales@ironport. ASPY = Anti-spyware.6 of the PCI DSS (Payment Card Industry Data Security Standard) 1. visit: http://www. Note the following: All bundles include Platinum Support. and Anti-Malware System by IronPort. including pre-defined compliance and security profiles.

easy-touse tool efficiently scales for managing networks with fewer than 10 devices to very large networks consisting of thousands of devices. VPNs. VPNs. 2008. visit: http://www. Blowfish. Cisco Security Manager collaborates with Cisco Security MARS to provide a complete security management solution. statistics. multitechnology security provisioning for a unified management system Configuration wizards to reduce complexity Enhanced visibility through customized views: Device. Cisco ACE WAF allows you to protect your backend databases and demonstrate compliance through securing.html. Simple Network Management Protocol (SNMP). Groups. comprehensive solution for provisioning and policy administration of Cisco firewalls. For More Information For more information about the Cisco ACE Web Application Firewall. Secure Hash Algorithm 1 (SHA-1) and Message-Digest 5 (MD5) Web Application Security Full reverse proxy.cisco. Monitor mode deployment. Command-line interface. HTTP parameter manipulation. auditing. Cryptography enforcement. Cisco Security Manager Cisco Security Manager is a highly scalable. and IPSs Multiproduct. Statistics for monitoring and various alerts and triggers. Ideal for Companies that Need These Features • • • • • Scalable network management of centrally provisioned Cisco firewalls. Referrer enforcement. Monitoring. FIPS 140-2 Level 3 platforms available Cryptographic algorithms including—Advanced Encryption Standard (AES). SQL injection. and Topology Advanced decision-support workflow 5-28 Cisco Security Manager . Positive and negative security models. and reporting on web application activity. Buffer overflow. RSA. This powerful. Protocol compliance. Application and server error message cloaking. Cookie and session tampering.com/en/US/products/ps9586/index. and logs Logging. PCI compliance profiles Administration Web user interface. Traffic and service-level agreement (SLA) monitoring and Auditing reporting.• Compliant—With out-of-the-box PCI customizable policies. Digital Signature Algorithm (DSA). Delegated administration. Import and export of configuration. SSH. Flexible firewall actions. Command injection.0 ACE-XML-FIPS or ACE-XML-NONFIPS ACE-WAF-GAT-LICFX or ACE-WAF-MGT-LICFX Product Name Cisco ACE Web Application Firewall Appliance Product Options Chassis Support and Services CON-SNT-ACEXK9 or CON-SNT-ACEXNK9 CON-SNT-ACEXFIPS or CON-SNT-ACEXNFIP CON-SAU-ACEWGW or CON-SAU-ACEWMG Cisco ACE Web Application Firewall Software FIPS-compliant SSL acceleration or Non-FIPS-compliant SSL acceleration Cisco ACE Web Application Firewall license or Cisco ACE Web Application Firewall Manager license Software Cryptography Licensing NOTE: Cisco ACE Web Application Firewall will be available for ordering beginning May 1. and Syslog and message and event logs. Custom rules and signatures. Privacy enforcement by preventing information leak. Response filtering and rewriting. An integral component of the Cisco Security Management Suite. Audit trail of administrative operations Selected Part Numbers and Ordering Information Part Number ACE-XML-K9 or ACE-XML-NF-K9 ACE-XML-SW-6. Cross-site scripting (XSS). Data Encryption Standard (DES). Null byte blocking. The GUI increases the speed and accuracy of policy definitions and deployment. Triple DES (3DES). Diffie-Helmann. Roles-based access control (RBAC). Central policy management and distributed enforcement. and intrusion prevention systems (IPSs). Specifications Item Transport Security Cryptographic Support Specification Full SSL v2/3 support with configurable cipher suites. Input encoding normalization.

7.S. or administration responsibility.1 Enterprise Standard—25 Device Limit Media Kit CS Mgr 3. Mozilla 1.5 Includes an embedded and completely isolated version of Java Browser Java3 1. Color monitor with video card set to 24-bit color depth.1-K9 CSMPR50-3. Specifications Server Requirements System hardware IBM PC-compatible with a 2-GHz or faster processor. 2.0.1-K9 CSMST5-3. Cisco PIX security appliances. This Java version does not interfere with browser settings or with other Java-based applications.7 or 1.5 Compression software WinZip 9.1 Enterprise Pro—50 Minor Upg Media Kit CS Mgr Enterprise Pro 50—RME/PerfMon License CS Mgr Enterprise Std-25 to Pro-50 Upgrade CS Mgr 3. or with SP1 (6. • The application can scale from managing a few devices to thousands of devices. Supports only the U. English and Japanese versions of Windows.1-MR-K9 CS Mgr Enterprise Pro .Chapter 5 Key Features • Cisco Security Manager provides a single policy table for all devices—Cisco ASA 5500 Series Adaptive Security Appliances. Color monitor with at least 1024 x 768 resolution and a video card capable of 16-bit colors. and Cisco router platforms running a Cisco IOS Software security software image.1 Enterprise Pro—50 Device Base Lic Media Kit CS Mgr 3.2600). CS Manager does not support any other language version.7 or 1. • The solution provides automatic updates for IPS sensors. Mouse 1 GB 512 MB 10 GB Microsoft Windows XP Professional with SP1 or higher. 100Base-T (100 Mbps) or faster network connection. Microsoft Windows 2000—Advanced Server with SP4. VPNs. business function. Keyboard. If the server has more than one IP address. DVD-ROM drive.7. • The solution provides flexible application views to support operational needs. • Flexible device grouping options allow for management of devices based on type. Opening IPS Manager without required version of Java results in CS Manager server displaying a message to install the required Java version.1-K9 CSMST25-3.1-MR-K9 CSMPR50-PAK-2 CSMST-CSMPR-UPG-K9 CSMST25-3. Professional with SP4 Microsoft Internet Explorer 6.510 or later is also required to work with Sybase database files.Incremental 100 Device License CS Mgr Enterprise Pro—Incremental 500 Device License CS Mgr Enterprise Pro—Incremental 1000 Device License CS Mgr 3.Incremental 50 Device License CS Mgr Enterprise Pro .0.1 Enterprise Standard—5 Minor Upg Media Kit Cisco Security Manager 5-29 .0. Microsoft Windows 2003—Server Edition with SP1. • The solution provisions Cisco firewalls.2800). Mozilla 1. and intrusion prevention systems (IPSs) regardless of platform. Cisco IPS 4200 Series Sensors. Dynamic addresses are not supported. Enterprise Edition with SP1. Microsoft System Software1 Windows 2000—Advanced Server with SP4. • Cisco Security Manager provides intelligent analysis of policies for increased accuracy. Professional with SP4 Browser Microsoft Internet Explorer 6. or with SP1 (6.2600). location.0 or compatible Hard drive space 20 GB One static IP address IP Address2 Component Client requirements System hardware Memory (RAM) Virtual memory/swap space Hard drive space Operating system1 Minimum requirement IBM PC-compatible with a 1-GHz or faster processor. Cisco Catalyst 6500 Series services modules. single interface only. Standard Edition with SP1.0.0 (6. disable all but one address.1 Enterprise Standard—5 Device LimitMedia Kit CS Mgr 3.1-MR-K9 CSMST25-PAK-2 CSMST5-3.2800). Keyboard and mouse File system NTFS Memory (RAM) 2 GB Microsoft Windows 2003 Server—Enterprise Edition with SP1.1 Enterprise Standard—25 Minor Upg Media Kit CS Mgr Enterprise Standard 25—RME/PerfMon License CS Mgr 3. 3. Server with SP4.0 (6. The CS Manager installer displays a warning if it detects any dynamic IP addresses on the target server. Server only: Microsoft ODBC Driver Manager 3. Selected Part Numbers and Ordering Information CSMPR-LIC-50 CSMPR-LIC-100 CSMPR-LIC-500 CSMPR-LIC-1000 CSMPR50-3.

00 NetFlow flows per second. and large firewalls. such as firewalls. 2000-GB RAID storage (Cisco Security MARS 210 is ideal for second-generation appliances for large enterprises. 250-GB storage (Cisco Security MARS 25 is ideal for small offices. and NetFlow communication. By combining network intelligence. nearest attached switch port. central offices.000 events per second. • Central event repository—The central event repository serves as a central repository for all events generated by security devices.) Key Features • Centralized monitoring—Cisco Security MARS provides detailed information about the network infrastructure. retail establishments. scalable appliances for threat management.000 NetFlow flows per second. Cisco Security MARS helps companies accurately identify and eliminate network attacks while maintaining network compliance. Analysis of up to 75. test labs. DMZs.) • Cisco Security MARS 25R—Low-end device to plot network topology and gain insight into network topology. Analysis. DMZs.) • Cisco Security MARS 110R—Analysis of up to 4500 events per second.) • Cisco Security MARS 210—Analysis of up to 15. authentication servers. remote branch offices. 1000-GB RAID storage (Cisco Security MARS 110R is ideal for large enterprises. and large firewalls [FWSMs]. and CPE. Analysis of up to 15. Analysis of up to 1500 events per second. hotspot identification. Analysis of up to 300. Analysis and Response System (MARS) is a family of high-performance.000 NetFlow flows per second. switches. Analysis of up to 30. test labs. Analysis of up to 15. network intrusion prevention systems (IPSs) and intrusion detection systems (IDSs) and proxy servers.000 NetFlow flows per second. and Response System (MARS) Cisco Security Monitoring. and automated mitigation capabilities. and customer premises equipment [CPE]. firewall services modules [FWSMs]. and Response System (MARS) . and endpoint devices.CSMST5-PAK-2 VMS-CSMPR-UPG-K9 VMS-CSMST5-UPG-K9 VMS-CSMST25-UPG-K9 CS Mgr Enterprise Standard 5—RME/PerfMon License VMS to CS Mgr Enterprise Pro—50 Upgrade Media Kit VMS to CS Mgr Enterprise Std—5 Upgrade Media Kit VMS to CS Mgr Enterprise Std—25 Upgrade Media Kit For More Information For more information about Cisco Security Manager. visit: http://www. including routers.) • Cisco Security MARS GC—Preservation of WAN.000 NetFlow flows per second. All collected events are cross-correlated in real time.) • Cisco Security MARS 55—Consolidation of firewall and intrusion detection system (IDS) with network events and network flows in a small network. departments. 500-GB storage (Cisco Security MARS 55 is ideal for small to medium-sized offices. DMZs. 1500-GB Redundant Array of Independent Disks (RAID) storage (Cisco Security MARS 110 is ideal for second-generation appliances for large offices and CPE. alerts.) • Cisco Security MARS GC2—Preservation of WAN (Cisco Security MARS GC2 is ideal for second-generation appliances in large distributed environments [large enterprises or service provider companies] and MSSPs. small retail establishments. Analysis of up to 750 events per second. Analysis of up to 150. as well as the attack path through the network. It is also useful for autonomous business units that are rolling activities to global teams and for state and federal governments for consolidating activities from various agencies. firewalls. and mitigation that enable customers to make more effective use of network and security devices by combining traditional security event monitoring with network intelligence.000 NetFlow flows per second. vector analysis. an understanding of network topology.) • Cisco Security MARS 110—Analysis of up to 7500 events per second. It is also useful for autonomous business units that are rolling activities to global teams and for state and federal governments for consolidating activities from various agencies. departments. 5-30 Cisco Security Monitoring. central offices. through a variety of device logs.cisco. VPN concentrators. It also provides process threat information down to the IP and MAC address. and automated mitigation capabilities. anomaly detection. small businesses. that is. small retail establishments. Cisco Security Monitoring. Analysis.com/go/csmanager. Consolidation of reports from distributed “local” controller (Cisco Security MARS GC is ideal for large distributed environments [large enterprises or service provider companies] and multiservice switching platforms [MSSPs]. 250-GB storage (Cisco Security MARS 25R is ideal for small offices. Analysis of up to 75 events per second. context correlation. Ideal for Companies that Need These Features • Cisco Security MARS 25—Low-end device to plot network topology and gain insight into network topology. monitoring. and CPE.

1x support—The application facilitates authentication of a host connecting to the switch port before obtaining an IP address. 3. 3. 120/240V autoswitch 300W. reducing the number of alarms and the time needed to take action. 19” (W) 2 x 750W dualredundant 120/240V autoswitch Power Supply 500W dualredundant 120/240V autoswitch Events/sec. 19” (W) 2 x 750W dualredundant 120/240V autoswitch 7500 150. It uses the full configurations of all types of network devices and end systems. • Integrated vulnerability assessment—This solution determines whether a possible network attack is genuine or a false positive.000 300. 3. Port Address Translation (PAT). Feature Storage Form Factor 50 1500 CS-MARS-210-K9 2000 TB RAID 10 Hotswappable 2 RU x 27 3/4” (D). • End-to-end network awareness—The application integrates Network Address Translation (NAT).000 flows per second.6 1000 30. • Case management—Administrators can escalate an incident by creating a case and forwarding the case with notes to other users and security administrators. 19” (W) 2 x 750W dualredundant 120/240V autoswitch 15. targets. Specifications Feature Storage Form Factor Power Supply CS-MARS-25R-K9 120 GB (non-RAID) 1RU x 16 CS-MARS-25-K9 120 GB (non-RAID) 1RU x 16 CS-MARS-55-K9 240 GB RAID 0 1RU x 25. Netflows/ sec. • NetFlow analysis—Cisco IOS NetFlow data is collected and analyzed by Cisco Security MARS. 120/240V autoswitch CS-MARS-110-K9 1500 GB RAID 10 Hot-swappable 2RU x 27 3/4” (D). Pre.44” (H). and MAC address information to identify attackers. • Cisco Distributed Threat Mitigation (DTM) and CICS support—This collaborative solution proactively identifies the most active signatures from the IPS appliance deployed in the network and.Chapter 5 • Data reduction—Cisco Security MARS can reduce millions of security events to a handful of actual reported network incidents. Maximum Connections Not restricted Not restricted Selected Part Numbers and Ordering Information Cisco SMARTnet Service Part Number CS-MARS-25R-K9 CON-SNT-MARS25R CSMARS-25-LIC-K9= CON-SNT-MARS25U CS-MARS-25-K9 CON-SNT-MARS25 CS-MARS-55-K9 CON-SNT-MARS55 CS-MARS-110R-K9 CON-SNT-MARS110R CSMARS-110-LIC-K9= CON-SNT-MARS110U CS-MARS-110-K9 CON-SNT-MARS110 CS-MARS-210-K9 CON-SNT-MARS210 CS-MARS-GC2R-K9 CON-SNT-MARSGC2R Cisco Security MARS 25R Cisco Security MARS 25R upgrade license to CS-MARS-25-K9 Cisco Security MARS 25 Cisco Security MARS 55 Cisco Security MARS 110R Cisco Security MARS 110R upgrade license to CS-MARS-110-K9 Cisco Security MARS 110 Cisco Security MARS 210 Cisco Security MARS GC2R Cisco Security Monitoring.000 500 15.000 CS-MAR-GC-K9 1 TB RAID 10 Hotswappable 4RU x 25. at speeds as high as 300.44” (H). • Timely attack mitigation—Built-in expertise recognizes and recommends mitigation for attacks before they can bring down an entire network. based on the most active threats detected on the network. Netflows/ sec. • Standard 802.000 CS-MARS-GC2-K9 2 TB RAID 10 Hotswappable 2 RU x 27 3/4” (D).and post-NAT addresses can be displayed.000 300W. distributes the same IPS signatures to the user-defined Cisco IOS IPS devices. and network hotspots in graphical form for quick action. • Reduced deployment and operation cost—Cisco Security MARS discovers and then maps the topology of a network and becomes operational in a very short period of time. 120/240V autoswitch Performance Events/sec. and Response System (MARS) 5-31 . Analysis.6 300W.44” (H). • This application provides real-time investigation and compliance reporting.

cisco. Protected EAP (PEAP).2 Upgrade to Cisco Secure ACS 4.com/en/US/products/ps6241/index. including wireless LAN. Extensible Authentication Protocol-Message Digest algorithm 5 (EAP-MD5). identity-based access policy system for Cisco intelligent information networks. Challenge Handshake Authentication Protocol (CHAP). 1GB RAM minimum . and other authorization parameters. visit: http://www.2-WINUP-K9 Cisco Secure ACS for Windows 4.com/go/acs. or billing 802.2 for Windows Cisco Secure Access Control Server (ACS) provides a comprehensive.2-WIN-MR-K9 CSACS-4.8 GHz or faster . Lightweight Directory Access Protocol (LDAP). and remote access. • Cisco Secure ACS replication allows replication of administrator-defined configuration items across ACS servers in the network. • Cisco Secure ACS allows the configuration of complex network access policies that may include authentication protocol requirements. • Cisco Secure ACS supports a wide range of authentication protocols. and accounting (AAA) platform in the market. 1. VLAN assignments. posture validation.cisco. and accounting (AAA): RADIUS and TACACS+ for the concurrent support of network access and network device access control.2 for Windows from version 3. Cisco Secure ACS may apply downloadable access control lists (dACLs). time-of-day restrictions. EAP-Generic Token Card (EAPGTC).2 for Windows from version 4. Support for RSA SecurID Authentication Manager and RADIUS-enabled token servers allows integration of strong authentication.1x machine authentication Key Features • Cisco Secure Access Control Server (ACS) supports two distinct protocols for authentication. Cisco LEAP. Microsoft CHAP (MS-CHAP).0 or 4. and EAP-Transport Layer Security (EAP-TLS) to support all authentication requirements. authorization. EAP-Flexible Authentication via Secure Tunneling (EAP-FAST). CD-ROM drive . troubleshooting. The leading authentication. authorization. visit: http://www.2 for Windows . Color monitor with minimum graphics resolution of 256 colors at 800 x 600 resolution . • Cisco Secure ACS logs are viewable and exportable for use in other systems. • Cisco Secure ACS provides an onboard database while supporting Windows Active Directory.x For More Information For more information about Cisco Secure ACS for Windows. Cisco Secure ACS provides central management of access policies for both network access and device administration and supports a wide range of access scenarios. planning. Ideal for Companies that Need These Features • Centralized access policy management for network resources • • Management of network access for wired and wireless • connections • Management of administrative access for network devices • • Management of remote access RADIUS or TACACS+ services Accounting and log information for audit. Service Pack 2 OS Requirements Selected Part Numbers and Ordering Information CSACS-4. device restrictions. providing both flexibility and ease of administration for large networks. Specifications Hardware Requirements IBM PC compatible with Pentium IV processor. R2. 802.CSMARS-GC2-LIC-K9= CS-MARS-GC2-K9 CON-SNT-MARSGC2L CON-SNT-MARSGC2 Cisco Security MARS GC2R upgrade license to CS-MARS-GC2-K9 Cisco Security MARS GC2 For More Information For more information about Cisco Security MARS. and Open Database Connectivity (ODBC) for integration with existing user databases. 5-32 Cisco Secure Access Control Server 4. Cisco Secure Access Control Server 4.1 Upgrade to Cisco Secure ACS 4.1x wired.html. including Password Authentication Protocol (PAP). 100BaseT or faster network connection Windows Server 2003. Cisco Secure ACS is deployed by 90 percent of the top 500 Cisco customers. and other access requirements.2-WIN-K9 CSACS-4. It is the integration and control platform for managing access policy for network resources.

recovery. maintenance.cisco. software upgrades.html.2 Solution Engine (ACS SE) 5-33 . includes Cisco 1113 hardware platform and Cisco Secure ACS Software 4. identity-based network access control.2-SWUP-K9 CSACSE-1113-UP-K9 Cisco Secure ACS Solution Engine 4.0 provides the highest level of reporting. • A serial console interface is provided for initial configuration.1 software Cisco Secure ACS software upgrade to 4. and troubleshooting functions for Cisco Secure ACS deployments. and troubleshooting functions.2 Solution Engine (ACS SE) is a ready-to-use. highly scalable access policy platform that supports comprehensive.2 For More Information For more information about the Cisco Secure ACS Solution Engine. Ideal for Companies that Need These Features • A dedicated. or configuration modifications.2. security-hardened. Providing maximum visibility into configured policies and authentication and authorization activities across the network.4 GHz 1 GB RAM 120 GB SATA CD/DVD combo Two integrated 10/100/1000 Ethernet ports Selected Part Numbers and Ordering Information CSACSE-1113-K9 CSACSE4. Cisco Secure ACS is an industryleading.2 for existing Cisco Secure ACS Solution Engine customers (1112 or 1113 appliances) with 4.1x wired. and remote access.Chapter 5 Cisco Secure Access Control Server 4. Cisco Secure Access Control Server View 4. securityhardened server dedicated to running Cisco Secure ACS services. visit: http://www. and application of upgrade and recovery procedures. access to the Cisco Secure ACS HTML interface. 802. • Preinstalled. Cisco Secure ACS View is the ideal solution for organizations that require the greatest levels of reporting and control. 3. monitoring.0 or 4.2-SW-MR-K9 CSACSE-4. • A packet-filtering service blocks traffic on all but the necessary Cisco Secure ACS-specific TCP and User Datagram Protocol (UDP) ports. alerting.2 Cisco Secure ACS software upgrade to 4. subsequent management of IP connections. • Solution engine-specific management tools provide generic appliance-management capabilities including backup.2. • The solution provides authentication against Windows domains and remote logging capabilities of user accounting records.2 for existing Cisco Secure ACS Solution Engine customers (1112 or 1113 appliances) with 3. or Cisco ACS Solution Engine 1111/1112 platform to the Cisco Secure ACS Solution Engine 4. • Built-in Network Time Protocol (NTP) functions maintain network timing synchronization and consistency with other Cisco Secure ACS appliances or network devices. additions. Key Features • Cisco Secure ACS SE is dedicated to run only the Cisco Secure ACS service.2 Solution Engine (ACS SE) Cisco Secure Access Control Server 4.x software Upgrade for customers using Cisco Secure ACS for Windows. including wireless LAN. includes Cisco 1113 hardware platform and Cisco Secure ACS Software 4. standalone Cisco Security Agent helps protects Cisco Secure ACS Solution Engine from zeroday attacks. Specifications Processor Memory Hard drive Optical Drive Interfaces Pentium IV. application-specific appliance package This product is ideal for customers not willing to install or manage a Windows OS environment. preventing any appliancebased OS changes.com/en/US/products/sw/secursw/ps5338/index.0 Cisco Secure Access Control Server (ACS) View 4. Cisco Secure Access Control Server 4. Cisco Secure ACS provides central management of access policies for both network access and device administration and supports a wide range of access scenarios.

13 Ghz 4 GB RAM 500 GB SATA DVD-ROM Two onboard 10BASE-T/100BASE-TX/1000BASE-T Ethernet NIC ports Selected Part Numbers and Ordering Information CSACS4. • Cisco Secure ACS View collects syslog messages from individual ACS servers or the central logging ACS server and has access to near-real time data without affecting the performance of the ACS deployment. • Cisco Secure ACS Express supports Active Directory. 5-34 Cisco Secure Access Control Server Express 5. System-defined threshold alerts monitor Cisco Secure ACS View system resources.0 software and license for managing two ACS servers (version 4. • User-defined alerts can be used to monitor authentication activity. It provides the flexibility to build queries and reports as required to meet organizational needs. Specifications Processor Memory Hard drive Optical Drive Interfaces Intel Core 2 Duo 2. configuration reports.2 required) License for managing an additional ACS server with Cisco Secure ACS View 4.0 . group and aggregate data as required.0 is an entry-level RADIUS and TACACS+ authentication. • Cisco Secure ACS Express supports a wide array of access protocols such as RADIUS. session reports.0 For More Information For more information about Cisco Secure ACS. Lightweight Directory Access Protocol (LDAP). • Cisco Secure ACS View includes a report design tool that allows you to pick and choose the data needed. The interactive viewer allows on-demand formatting. • Cisco Secure ACS Express can be upgraded and patched remotely. • Cisco Secure ACS Express offers a simplified yet comprehensive access policy that allows the definition of multiple profiles for network access. and device administration transparently. • Cisco Secure ACS Express can be securely administered from the Web GUI (HTTPS) or through the scriptable command-line interface (CLI). and present the results in tabular and graphical form. Cisco Secure Access Control Server Express 5. generated reports. and the customizable authentication failure code utility lists possible root causes and recommendation actions for resolution. User authentication status and user account status are quickly available.cisco. Extensible Authentication Protocol (EAP). Ideal for Companies that Need These Features • An access control solution for fewer than 350 users and 50 devices • Streamlined GUI and management for SMB or branch-office deployments Key Features • Ease of use and low complexity helps organizations quickly set up and deploy an identity solution in their organizations. and sorting of generated reports to maximize the value of the information. remote access. and troubleshooting for Cisco Secure ACS Key Features • The Cisco Secure ACS View dashboard provides quick access to favorite queries. filtering. and accounting (AAA) server for retail and enterprise branch-office deployments and small and medium-sized businesses (SMBs) with fewer than 350 users and 50 devices.0-VIEWLIC Cisco Secure ACS View appliance with ACS View 4. • Predefined authentication reports. and ACS administration reports provide Cisco Secure ACS View with ready-to-use functions. visit: http://www.0-VIEW-K9 CSACS4. • Cisco Secure ACS View provides reports to assist in troubleshooting access problems.com/go/acs.0 Cisco Secure ACS Express 5. ACS server administration activity. and TACACS. device administration reports. and one-time password (OTP) servers that allow deployments to integrate with customers' user repositories.1.4 or 4. wireless access. and alerts. device administration command activity. and ACS server process status.Ideal for Companies that Need These Features • Enhanced reporting. ACS server backup and replication operations. monitoring. authorization.

• It includes centralized access-control-list (ACL) management. is uploaded into CiscoWorks NCM Alert Center and is hosted at a Cisco. and install processes. For More Information For more information about CiscoWorks Network Compliance Manager (NCM). CiscoWorks Network Compliance Manager 1. IT. • It increases uptime. visit: http://wwwin-nmbu.0-EXP-K9 Cisco Secure ACS Express 5. validation. automatic image download. • The solution supports thousands of device models or versions from Cisco and 35 other vendors.cisco.cfm. and technology requirements. CiscoWorks Network Compliance Manager 1. and automatic rollback on error.com/go/acsexp. • It facilitates automated software image management with recommendation.cisco. licensing.0 appliance For More Information For more information about the Cisco Secure ACS Express.3 5-35 . corporate governance. CiscoWorks NCM Alert Center content.com URL for subscribers to download into CiscoWorks NCM. visit: http://www. • The solution eases audit of configuration changes.com/fieldportal/index. Ideal for Companies that Need These Features • Increased visibility of policy noncompliance • Decreased network downtime • Automated network discovery and remediation • Consolidation and expansion of the data center Key Features • CiscoWorks Network Compliance Manager (NCM) simplifies the ordering. • The application provides the ability to automate compliance on an “as-running” basis as well as the traditional “as-configured” basis. such as security-compliance policies in NCM format and product extensions. • The solution provides up-to-date information about devices and modules that have reached end-of-sale or end-of-life status in the network (currently supports Cisco devices only). CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems such as network instability and service interruption.Chapter 5 Specifications Processor Memory Hard drive Optical Drive Interfaces Intel 352 Celeron D 1 GB RAM 250 GB DVD-ROM Two onboard 10/100/1000 Ethernet NIC ports Selected Part Numbers and Ordering Information CSACS-5. • It dramatically reduces the need for regular expressions for creating rules. • The solution facilitates role-based access control and lock down. • The solution facilitates real-time process enforcement.3 CiscoWorks Network Compliance Manager (NCM) tracks and regulates configuration and software changes throughout a multivendor network infrastructure. It provides superior visibility into network changes and can track compliance with a broad variety of regulatory. • It eliminates manual administration of devices. synchronization. • Frequent and easy-to-deploy device driver releases are available. helping enable customers to get their NCM systems operational more easily. • It improves control of network resources. • Subscription services complement the NCM software offering.

3 .5-36 CiscoWorks Network Compliance Manager 1.