Cisco 830 Series Secure Broadband Routers

CISCO/라우터 & 라우팅 시스템 2007/05/04 00:56
CISCO 830 SERIES SECURE BROADBAND ROUTERS

Advanced security for data, voice, and video access ideal for small offices and teleworkers.

The Cisco® 830 Series of secure broadband routers is ideal for providing secure Internet and corporate network connectivity to small remote offices and to teleworkers. Cisco 830 Series routers provide a wide range of integrated security services and advanced quality of service (QoS) features for high-quality data, voice, and video applications. They offer easy deployment and remote management features with Cisco IOS® Software.

Figure 1. The Cisco 830 Series Router

The Cisco 830 Series is comprised of the Cisco 831 Ethernet Broadband Router, the Cisco 836 ADSL over ISDN Broadband Router with an ISDN BRI port, and the Cisco 837 ADSL Broadband Router. The Cisco 831 router has an Ethernet WAN port for use with an external digital subscriber line (DSL) or cable modem. The Cisco 836 router supports asymmetric DSL (ADSL) over Integrated Services Digital Network (ISDN). The Cisco 837 router supports ADSL over POTS (basic telephone service). All models offer a four-port 10/100 Ethernet LAN switch for connecting multiple PCs or network devices in a small-office network.

ADVANCED SECURITY AND PERFORMANCE FOR ENTERPRISE-CLASS VPNs

The Cisco 830 Series delivers integrated enterprise-class security services, including hardware-accelerated IP Security (IPSec), Triple Data Encryption Standard (3DES) encryption for virtual private networks (VPNs), and stateful-inspection firewall for secure Internet connectivity. Optional advanced features-such as OSPF, RIP, and RIP v2, EIGRP and BGP (limited) routing protocols; Cisco Easy VPN Remote (a software feature that allows simple deployment and management of VPNs) and Easy VPN Server (limited to five users); public key infrastructure (PKI) security requiring digital certificates; IPSec Network Address Translation transparency (NAT-T); the Cisco Intrusion Detection System (IDS); WCCP and URL filtering-help ensure that the small office receives the highest level of security, which contributes to the corporate network's security.

HIGH-QUALITY, SECURE VOICE AND VIDEO

The advanced QoS and high-performance encryption features offered in Cisco 830 Series routers provide high-quality voice and video services to remote users. When IP phones are connected at a remote site, a Cisco 830 Series router can queue and prioritize the voice traffic over data traffic to ensure a high-quality, secure voice-over-IP (VoIP) connection from the remote or home office back to the corporate network.

MANAGEABLE, SCALABLE, AND RELIABLE ACCESS

The Cisco 830 Series uses valuable management and deployment tools to deliver the industry's lowest total cost of ownership for connecting small remote offices and teleworkers to the corporate network. As a remotely manageable platform, the Cisco 830 Series supports advanced remote troubleshooting commands available in Cisco IOS Software; a virtual auxiliary (AUX) port for out-of-band management with an external modem or through an integrated ISDN Basic Rate Interface (BRI) ISDN port (Cisco 836 router); and Secure Shell (SSH) Protocol for secure in-band management via Telnet. Cisco 830 series routers come equipped with two embedded remote management tools, Cisco Security Device Manager (SDM) and Cisco Router Web SetUp Tool (CRWS).
For scalability in deployment and management, the Cisco Router Web SetUp Tool, available in several languages, allows nontechnical users to quickly set up the router and turn on key features such as the stateful firewall. Cisco Security Device Manager provides added functionality for Web-based security and router set up and monitoring. Cisco provides a suite of solutions-such as Cisco Easy VPN, the Cisco IE 2100 Intelligence Engine, Cisco VPN Solution Center (VPNSC), the CiscoWorks Router Management Center (Router MC) and Cisco Configuration Express-that allow for scalable network deployment and management, including automated security policy push and configuration updates.
For reliable access, the virtual AUX port on Cisco 831, 836, and 837 routers can be used for dial backup with an external modem, should the primary WAN connection fail. On the Cisco 836 router, an integrated ISDN BRI S/T port also provides ISDN dial backup and out-of-band management. The Cisco 830 Series runs Cisco IOS Software, the industry-proven software that has become the standard for reliable business access.

FEATURES AND BENEFITS

Table 1. Key Product Features and Benefits

Features

Benefits

Advanced Security and Performance for Enterprise-Class VPNs

Demilitarized Zone Port (DMZ)
One of the switch ports could be convertsed in to a DMZ port to place publicly accessible servers or to segregate users on the LAN.
Dynamic DNS
The router could be accessed by a DNS name. Hence the router will be accessible even if the WAN IP address keeps on changing.
Stateful-Inspection Firewall

• Offers internal users secure, per-application dynamic access control (stateful inspection) for all traffic across perimeters

• Defends and protects router resources against denial-of-service (DoS) attacks

• Provides context-based access control (CBAC)

• Checks packet headers and drops suspicious packets

• Protects against unidentified, malicious Java applets

• Details transactions for reporting on a per-application, per-feature basis

Network Security Features with Cisco IOS Software, Including Access Control Lists (ACLs), Network Address Translation/Port Address Translation (NAT/PAT), Lock & Key Security, Dynamic ACLs, and Router and Route Authentication
Provides perimeter network security to prevent unauthorized network access
Cisco IDS
Detects and prevents DoS attacks and unauthorized network access; sends alerts to initiate appropriate action
Hardware-Accelerated IPSec 3DES Encryption

• Delivers high-performance IPSec VPN encryption for broadband connections

• Supports Internet Key Exchange (IKE) and IPSec VPN standards for up to ten simultaneous tunnels

• Provides WAN encryption for all users on the LAN without requiring the configuration of individual PCs

Cisco Easy VPN Remote
Provides easy deployment and maintenance of VPN connections with auto-IPSec tunnel initiation and policy push from a Cisco VPN concentrator or server
Cisco Easy VPN Server (up to five users)
Allow up to five remote VPN clients (Cisco Easy VPN Remote clients/nodes) to terminate on the 83x0 Series routers via Cisco Easy VPN implementation
URL Filtering with WebSENSE Software and Server

• Allows a network administrator to easily apply Internet use policies to permit access only to company-approved URLs or categories of sites

• WebSENSE URL filtering software filters HTTP requests based on destination host name, destination IP address, keywords, and user name

• WebSENSE maintains and updates a URL database of more than 20 million sites, organized into more than 60 categories

URL Filtering with N2H2 Software and Server
N2H2 is a globally deployed URL-filtering software that can filter http requests based on destination hostname, destination IP address, and username and password. It relies on a sophisticated URL database exceeding 15 million sites and is organized into over 40 categories using both Internet technology and human review.
IPSec NAT Transparency (NAT Traversal or NAT Aware IPSec)
Allows reliable creation of VPN tunnels independent of the placement of firewalls and NAT across multiple networks
PKI Support with Digital Certificates

• Standards-based robust key management allows better network scaling and enhanced key security

• Facilitates extranet communications

High-Quality, Secure Voice and Video

IP QoS-Low Latency Queuing (LLQ), Pre-Classify, Pre-Fragmentation, Weighted Random Early Detection (WRED), Committed Access Rate (CAR), and Class-Based Traffic Shaping

• Ensures consistent response times for multiple applications by intelligently allocating bandwidth

• Allows for classification of applications and gives the most important applications priority use of the WAN line

• Provides congestion avoidance by throttling down certain Transmission Control Protocol (TCP) sessions, depending on each session's priority level

Asynchronous Transfer Mode (ATM) QoS (for the Cisco 836 and 837 routers)-ATM Traffic Universal Bit Rate (UBR), Variable Bit Rate non real time (VBRnrt), Variable Bit Rate real time (VBRrt) and Constant Bit Rate (CBR) with per-VC Queuing and Traffic Shaping
Provides QoS guarantees for real-time traffic, with ability to send traffic over the appropriate virtual circuit to provide ATM-level shaping and ensure that no head-of-line blocking can occur between circuits of different or equal traffic classes
High-Performance Encryption
Provides secure connectivity without affecting performance for bandwidth-intensive applications
IP Multicast Technology
Reduces redundant traffic; conserves bandwidth for corporate communications, distance-learning applications such as Cisco IP/TV®, software distribution, and access to stock quotes and news applications

Advanced Management Features for Low Cost of Ownership

Plug-and-Play Installation with Default Settings and Web-Based Setup Tool
Nontechnical users can easily set up the router and customize advanced features
Cisco Security Device Manager (SDM)-An Intuitive, Web-Based Device Management Tool Embedded within Cisco IOS® Access Routers

• Simplifies router and security configuration through intelligent wizards

• Enabling customers to quickly and easily deploy, configure and monitor a Cisco 83x0 Series routers without requiring knowledge of Cisco IOS command line interface (CLI)

Cisco Router Web SetUp Tool
Allows nontechnical users to complete installation by simply pointing a browser at the router and providing user information
Cisco Easy VPN Remote and Server (up to five users)
Provides easy deployment and maintenance of VPN connections with auto-IPSec tunnel initiation and pushed policy acceptance
Cisco Configuration Express
Lowers the cost of deployment by shipping preconfigured units directly to end users without requiring staging or storage
Router Status Page in Cisco Router Web SetUp Tool
Provides a Web-based visual presentation of router configuration and feature status
Cisco IOS Software Interactive Debug and Remote Management Features
Enables remote management and monitoring via Simple Network Management Protocol (SNMP), Telnet, or HTTP and local management via console port to diagnose network problems in detail
Cisco IOS Software Command-Line Interface (CLI)
Allows customers to use existing knowledge of Cisco IOS Software
CLI for easier installation and manageability without requiring additional training
Cisco IOS Software Technology
Offers technology that is used throughout the backbone of the Internet and in most enterprise networks
Cisco ISC (IE 2100 Intelligence Engine Management Appliance, VPNSC, Configuration Express)
Allows remote sites to be configured to automatically contact this centrally located device for Cisco IOS Software configuration updates
Supported by Cisco VPNSC, CiscoWorks VPN/Security Management Solution (VMS), and Cisco Secure Policy Manager
Allows for scalable deployment of security policy management
SSH v2.0
Provides a secure, encrypted connection to a router that is similar to an inbound Telnet session

PRODUCT SPECIFICATIONS

Table 2. Cisco 830 Series Hardware Specifications

Hardware Specifications

Cisco 831, 836, and 837 Routers

Processor
Motorola RISC

Default DRAM* Memory
64 MB

Maximum DRAM Memory
80 MB

Default Flash* Memory
12 MB

Maximum Flash Memory
24 MB

WAN

• 10BASE-T Ethernet (Cisco 831 router)

• ADSL over ISDN-Annex B (Cisco 836 router)

• ADSL over POTS-Annex A (Cisco 837 router)

LAN
Four-port 10/100BASE-T with autosensing MDI/MDX for autocrossover

Console Port
This port can be configured to behave as an auxiliary port (virtual AUX supports modem control for dial backup and out-of-band management)

RJ-45
ISDN BRI S/T port which can be configured for ISDN dial backup or out-of-band management (Cisco 836 only)

LEDs
10

External Power Supply
Universal 100-240 VAC
* DRAM and Flash memory must be obtained from Cisco

Table 3. Memory Requirements and Software Feature Sets for Cisco 831, 836, and 837 Routers

Cisco 830 Series with Cisco IOS Software Images

Cisco 830 Series Memory Requirements

 

Flash

DRAM

IP/Firewall/IPSec 3DES (default)
12 MB
48 MB

IP/Firewall/IPSec 3DES PLUS1
12 MB
48 MB

IP/Firewall/IPSec 3DES/PLUS/dial backup (Cisco 836 router only)
12 MB
48 MB
Table 4 lists features supported in each of the above images by platform.

Table 4. Cisco 830 Series Software Feature Sets

Protocols and Features Supported by Cisco 830 Series Secure Broadband Routers

IP/FW/IPSec 3DES (default feature set)

IP/FW/IPSec 3DES PLUS

IP/FW/IPSec 3DES PLUS ISDN Dial Backup (Cisco 836 router only)

Routing and Bridging

Transparent Bridging
X
X
X
IP Routing, Integrated Routing and Bridging (IRB)
X
X
X
Point-to-Point Protocol over Ethernet (PPPoE), Including TCP MSS Adjust
X
X
X
PPP over ATM (PPPoA), (Cisco 836 and 837 routers only)
X
X
X
IP-Enhanced Interior Gateway Routing Protocol (IGRP)
-
X
X
Routing Information Protocol (RIP), RIPv2
-
X
X

Security

Route and Router Authentication
-
X
X
Multilevel User Authentication for Access to Router for Management
X
X
X
Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Local Password
X
X
X
Generic Routing Encapsulation (GRE) Tunneling
-
X
X
IP Basic and Extended Access Lists, Lock & Key
X
X
X
Stateful-Inspection Firewall
X
X
X
IPSec 56-Bit Encryption
X
X
X
IPSec 3DES Encryption
X
X
X
Hardware-Accelerated IPSec 3DES Encryption
Cisco 831 router (Cisco 836 and 837 routers require PLUS image)
X
X
PKI with Digital Certificates
-
X
X
Cisco Easy VPN Remote
Cisco 831 router (Cisco 836 and 837 routers require PLUS image)
X
X
Cisco Easy VPN Server (up to five users)
X
X
X
Multiuser IPSec Pass-Through (TCP and unencapsulated)
X
X
X
Multiuser Point-to-Point Tunneling Protocol (PPTP) Pass-Through
X
X
X
Advanced Encryption Standard (AES) (software-based)
-
X
X
URL Filtering with WebSENSE Software and Server
-
X
X
IPSec NAT Transparency (NAT Traversal or NAT Aware IPSec)
-
X
X
Remote Authentication Dial-In User Service (RADIUS)
-
X
X
Terminal Access Controller Access Control System Plus (TACACS+)
-
X
X
QoS
X
X
X
LLQ
X
X
X
Pre-Classify
-
X
X
Pre-Fragmentation
-
X
X
IP Policy Routing
X
X
X
Class-Based Traffic Shaping (Cisco 831 router only)
X
X
X
WRED
-
X
X
CAR
-
X
X
Link Fragmentation and Interleaving (LFI)
-
X
X
Per-VC Queuing and per-VC Traffic Shaping (Cisco 836 and 837 routers only)
X
X
X
ATM UBR, CBR, VBRnrt, and VBRrt (Cisco 836 and 837 routers only)
X
X
X
ATM Fault Management, Operation, Administration and Maintenance (OAM) (F5) Segment Continuity Check and Segment and End-to-End Loopback and Interim Local Management Interface (ILMI) Support (Cisco 836 and 837 routers only)
X
X
X
Ten Virtual Circuits/Permanent Virtual Circuits (PVCs)
X
X
X
TX Ring Adjustment (Cisco 836 and 837 routers only)
X
X
X

Bandwidth Optimization and Management

IP Multicast
-
X
X
Protocol Independent Multicast (PIM) Sparse Mode
-
X
X
Standard-Based Encryption (STAC)
X
X
X

Ease of Use and Deployment

Cisco SDM
X
X
X
CRWS
X
X
X
Easy VPN Remote
-
X
X
Management
SNMP, Telnet, and Console Port
X
X
X
Syslog
X
X
X
Network Time Protocol (NTP) Client and Server
X
X
X
Trivial File Transfer Protocol (TFTP) Client and Server
X
X
X
Cisco Service Assurance Agent (SAA)
X
X
X
Out-Of-Band Management Through Virtual AUX Port
X
X
X
Out-of-Band Management Through ISDN BRI S/T Port (Cisco 836 router only)
Cisco 836 router
Cisco 836 router
Cisco 836 router

Redundancy

Hot Standby Router Protocol (HSRP)
-
X
X
Dial Backup with External Modem Through Virtual AUX Port
X
X
X
Dial Backup with External Modem Through ISDN BRI S/T Port (Cisco 836 router)
N/A
N/A
Cisco 836 router

Address Conservation and Allocation

NAT Many-to-One (PAT)
X
X
X
NAT Many-to-Many (multi-NAT)
X
X
X
H.323 Support with NAT
X
X
X
NetMeeting V.2.10/1 and 3.01
X
X
X
Session Initiation Protocol (SIP) Support with NAT
X
X
X
IP Control Protocol (IPCP) Address and Subnet Negotiation
X
X
X
Dynamic Host Control Protocol (DHCP) Client and Server
X
X
X
DHCP Relay
X
X
X
DHCP Client Address Negotiation
X
X
X
DHCP Client Host Name (option 12) for Certain Cable Services (Cisco 831 router only)
X
X
X

Table 5. Cisco 800 Series-DSLAM Interoperability

DSLAM

Chipset

Interoperability Status

Comments

Alcatel ASAM 1000
AME
Yes
-

Alcatel 7300
AME
Yes
-

Lucent Stinger
AME
Yes
-

ECI
ADI 918
Yes
UR-2 compliant

ECI
ADI 930
Yes
UR-2 compliant

Siemens XpressLink 2.0
TI
Yes
UR-2 compliant

Siemens XpressLink 2.1
TI
Yes
UR-2 compliant

REGULATORY AND STANDARDS COMPLIANCE

Business-class Cisco 830 Series secure broadband routers are available for worldwide deployment.

Safety

• UL 1950/CSA 950-95: Third Edition

• IEC 950: Second Edition with Amendments 1, 2, 3, and 4

• EN60950: 1992 with Amendments 1, 2, 3, and 4

• CS-03, Canadian Telecom Requirements

• FCC Part 68 U.S. Telecom Requirements

• AS/NZS 3260: 1996 with Amendments 1, 2, 3, and 4

• ETSI 300-047

• TS 001 with Amendment 1

• EMI

• AS/NRZ 3548: 1992 Class B

• CFR 47 Part 15 Class B

• EN60555-2 Class B

• EN55022 Class B

• VCCI Class II

• ICES-003, Issue 2, Class B, April 1997S

• IEC 1000-3-2

Immunity

• IEC 1000-4-2 (EN61000-4-2)

• IEC 1000-4-3 (ENV50140)

• IEC 1000-4-4 (EN61000-4-4)

Cisco 837 Router ADSL Specifications

• ST-Micro DynaMiTe (formerly Alcatel Micro Electronics) ADSL Chipset (20150)

• T1.413 ANSI ADSL DMT issue 2

• G.992.1 ITU G.DMT support

• G.992.2 ITU G.Lite support

• G.992.3 ITU G.hs ADSL type negotiation

The chipset does not provide interoperability with carrierless amplitude modulation/phase modulation (CAP)-based ADSL lines.

Cisco 836 Router ADSL Specifications

• ST-Micro DynaMiTe (formerly Alcatel Micro Electronics) ADSL Chipset (20150)

• ETSI 101-388 v1.2.1 ADSL over ISDN

• Annex B ITU ADSL over ISDN support (Planned)

• UR-2 Specification (Deutsche Telekom)

The chipset does not provide interoperability with carrierless amplitude modulation/phase modulation (CAP)-based ADSL lines.

ISDN Specifications (Cisco 836 Router)

• Two B channels plus one D channel: 2 x 64 Kbps (precompressed)

• Interoperable switched 56: 2 x 56 Kbps (precompressed)

• Single-point and multipoint configurations

• Compatible with data or voice B-channel ISDN switch types

• CTR3 (ETSI, NET3)

• VN3/4/5 (France)

Physical Specifications

• Dimensions (H x W x D): 2.0 x 9.7 x 8.5 in. (5.1 x 24.6 x 21.6 cm)

• Weight: 1.48/1.5 lb (0.67/0.68 kg)

Environmental Operating Ranges

• Nonoperating temperature: -4 to 149° F (-20 to 65° C)

• Nonoperating humidity: 5 to 95%, relative humidity (noncondensing)

• Nonoperating altitude: 0 to 15,000 ft (0 to 4,570 m)

• Operating temperature: 32 to 104° F (0 to 40° C)

• Operating humidity: 10 to 85%, relative humidity (noncondensing)

• Operating altitude: 0 to 10,000 ft (0 to 3,000 m)

Power Ratings

• AC input voltage: 100 to 250 VAC, 50 to 60 Hz

• Power consumption: 6 to 10W (idle-maximum consumption)

• Power supply rating: 15

2007/05/04 00:56 2007/05/04 00:56
트랙백 0, 댓글 0개가 달렸습니다.

트랙백 주소 :: http://thinkit.or.kr/network/trackback/311

댓글을 달아 주세요

1 ... 68 69 70 71 72 73 74 75 76 ... 382