Cisco ISR edition (4321)

NewToNetwork · May 21, 2017, 10:45:25 AM

Hi,
As my user name says, I am new to the networking and I am looking for advise - is there any router that would be similar to the Cisco ISR4321 - at the moment, we are looking for something that can connect 3 different networks, has ACL list configured, so those specifications.
Although Cisco ISR4321 is not one of the more expensive ones, I am still not sure if additional things (such as licence etc) needs to be purchased, so I am wondering if there might be something cheaper (or easier to configure, as apparently I have read that Cisco routers are not one of the easiest ones to set up, is that true?)
Any response would be much appreciated
Thanks in advance

deanwebb · May 21, 2017, 11:09:16 AM

Oh, I thought your name was "Newton Etwork"!

Welcome to the forums!

Typically, Cisco will have you purchase a license with the hardware, as the license will determine which premium features will be available for you to use.

As for setting up, most enterprise-class routers will be done via the command-line, which can be difficult, especially for people completely new to networking. A small business-class router would be more likely to offer a web page with step-by-step wizards or input screens to assist in setting them up correctly.

A value-added reseller or VAR would be a good resource here. The VAR would not only contract to provide the equipment, but would also offer professional services in sending one of their techs over to set up the equipment for you.

So perhaps a little more information about your situation could help. What size company do you work for? Are the networks all in the same physical location, or are they remote sites? Will this be also acting as a firewall? Do the network connections involve VPNs? Do you have a reseller relationship already established that can help you with evaluating your needs?

NewToNetwork · May 21, 2017, 11:23:52 AM

DeanWebb, thanks for your reply! I wish I had a Newton's capacity in the networking world

So, this particular router would be used just for the testing (networks in the same physical location, and should be acting as a firewall as well), therefore I presume that "small business-class router would be more likely to offer a web page with step-by-step wizards or input screens to assist in setting them up correctly" as you have stated below would be good choice, am I correct?
Could you recommend any of those routers?
Thanks

deanwebb · May 21, 2017, 11:33:15 AM

Recommend? Not quite yet, but this conversation will eventually help us arrive at a good destination for you.

If the router is for testing, we need to know if it is for testing configurations before putting them on production routers - for that, you want a model very close or exactly like what you use in production.

If it is for other groups testing their code and all they need are 3 networks to work with, then even a switch with layer 3 functions can do the job here and, yes, a small business router might fit the ticket.

So... what's being tested here?

NewToNetwork · May 21, 2017, 01:45:13 PM

Yes, this router would be for testing before putting it in production and in production, Cisco ISR4321 is used (however, probably in production, it is used for wider/further networking of other networks).
Thanks

deanwebb · May 21, 2017, 04:37:32 PM

If this is for testing production routers, then you need something similar to a production router. Purchasing one second-hand, though, might be a solution for you.

Have you contacted a Cisco reseller about your current issue?

NewToNetwork · May 21, 2017, 05:11:49 PM

I think that second-hand is not really preferred solution.

Also, how easy/difficult is to set up Cisco router?

I haven't contacted Cisco re-seller yet...
How about competitors such as Juniper, HP and IBM, would they have anything similar on their market?
Thanks

SimonV · May 22, 2017, 02:46:23 AM

I would definitely look at the Juniper SRX300 or SRX320 too. There's a bit of a learning curve on the CLI, but it also has a web-interface which makes it a bit more accessible for beginners.

Can you describe your requirements please - how many users, how much traffic throughput, security requirements for your ACLs, etc?

NewToNetwork · May 22, 2017, 05:22:36 AM

SimonV, thanks for reply.

this particular router would be used for the testing where 3 servers from different networks (in the same physical location) would need to communicate/connect to each other.
As for the ACL list, as each Server/Interface uses different ports to connect, they would need to be specified in the ACL list.
Are you saying that Juniper SRX300 would be suitable for this?
Thanks again

SimonV · May 22, 2017, 06:00:17 AM

ACLs on a Cisco router are very hard to maintain, and they are not stateful (well, it's possible) so you need to create ACLs in both directions. If ACLs are one of your requirements, I would definitely choose a proper firewall over a standard router as they are built specifically for that purpose. I'm a big SRX fan but I'm sure every vendor out there has a small firewall that would fit your requirements.

In the simplest form of what you describe, you would configure three physical ports with the IP address that will serve as your server's default Gateway and then start building security policies between them. You can make it more complex and robust but that requires more experience, and it also depends on the underlying network. How does the rest of your network look like? Is this new design something you will build from scratch, or are you integrating into an existing network?

NewToNetwork · May 22, 2017, 09:17:02 AM

So, you are saying (translated in my own language) that in general configuring Cisco router especially ACLs is quiet complicated, therefore I should avoid it (with which I agree)?

You are saying "if ACLs are one of your requirements, I would definitely choose a proper firewall over a standard router as they are built specifically for that purpose." - does it mean that SRX is a firewall not a router?

Thanks for help

NewToNetwork · May 22, 2017, 04:52:57 PM

I would appreciate if I could get more help on this! Thanks in advance

deanwebb · May 22, 2017, 05:04:46 PM

Quote from: NewToNetwork on May 22, 2017, 04:52:57 PM
I would appreciate if I could get more help on this! Thanks in advance

We can give you more help, but before we can do that, we need more information from you.

When you said this was for testing, you were not clear on what the test is... we need more information there.

If you would like to post both in English and your native language, that might help, we have people here that can try to understand that way.

NewToNetwork · May 22, 2017, 05:16:33 PM

deanwebb,
Yes, English is not my native language (well, obviously), however, what I meant was that Network is certainly "language" I don't understand...
And that is why is probably difficult to explain what I need, not that much because of my (bad) English, but more likely because of my poor understanding of what I want/need to do....
I will try to get a "better" story, and will get back to you.
Thank you so far for your time.
BR

SimonV · May 23, 2017, 02:53:37 AM

So what's your native language then?