Re: [c-nsp] Router advice
Doug McIntyre wrote: The PACs are tied to the serial number of the box. You can backup the number you get back from the PAC tool, but if you swap hardware, then you need to go to TAC to get a new PAC. Sure, you can stock spares, then if you need to bring up a spare box, you get 30 days of trial license, and you go to TAC and tell them you need a new PAC because the old box is borked, and you work it out with TAC. If any of your disaster items happen, you go back to TAC and explain while running live on your 30 day trial license to get new PACs. Its a very simple solution that in practice works easily. You seem to want to pick on this thread for Cisco's license enforcement. I don't work for them. But I can certainly see a need for it from their point of view. I do already use Cisco licensing on other hardware that has been doing this exact thing for sometime (ie. SanOS and PIX), and haven't encountered any the sky-is-falling problems with any of it. It seems fair to me, compared to what I'd guess are many IOS boxes not being properly licensed for what they are running due to Cisco's pretty open licensing policies of years past. *shrug* None of the hardware I use uses universal images, nor do I open TAC cases that often (last one was September 2008 for a bricked 877W). The idea they could decide at any time to deny a license transfer is scary. I'd rather stock spare hardware than pay for same day TAC that I've never used, and it would really suck if Cisco changed their mind now that they have the option to do so. My intention is not to pick on them, but voice concerns. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
Its not like we can run Cisco IOS on any other vendor's equipment. If I buy an ISR from Cisco, I have to pay them additional money to use the software that only Cisco can create.. for that box? Its an arbitrary blood-rock scheme. You pay twice to use the equipment you buy from them. Its an argument against licensing in general in cases where you are dealing with *both* closed software and closed hardware from the same vendor. Nevertheless, its reality now. It would be interesting to see key-generators or IOS jailbreakers soon. From: Doug McIntyre mer...@geeks.org To: cisco-nsp@puck.nether.net Sent: Sun, November 22, 2009 1:21:27 AM Subject: Re: [c-nsp] Router advice On Thu, Nov 19, 2009 at 11:53:22AM -0800, Seth Mattinen wrote: Doug McIntyre wrote: On Wed, Nov 18, 2009 at 01:28:53PM -0800, Seth Mattinen wrote: Ivan wrote: You may also want to check out the new ISR models (ISR G2 http://www.cisco.com/go/isrg2). I get the impression from reading about the new universal image that they phone home for license keys before it will activate features. Is this accurate? No, you get base level features out of the box, and you can activate the advanced features that are licensed on a trial basis for x days until you can get your PACs from the Cisco license website and apply it permamently to that box. Are they backup-able? That is, can you get the device back to full functionality from local copies without access to the website? What happens if hardware gets stolen or somebody yanks the flash card and loses it? Can you still keep spares in storage? The PACs are tied to the serial number of the box. You can backup the number you get back from the PAC tool, but if you swap hardware, then you need to go to TAC to get a new PAC. Sure, you can stock spares, then if you need to bring up a spare box, you get 30 days of trial license, and you go to TAC and tell them you need a new PAC because the old box is borked, and you work it out with TAC. If any of your disaster items happen, you go back to TAC and explain while running live on your 30 day trial license to get new PACs. Its a very simple solution that in practice works easily. You seem to want to pick on this thread for Cisco's license enforcement. I don't work for them. But I can certainly see a need for it from their point of view. I do already use Cisco licensing on other hardware that has been doing this exact thing for sometime (ie. SanOS and PIX), and haven't encountered any the sky-is-falling problems with any of it. It seems fair to me, compared to what I'd guess are many IOS boxes not being properly licensed for what they are running due to Cisco's pretty open licensing policies of years past. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
On Wed, Nov 18, 2009 at 01:28:53PM -0800, Seth Mattinen wrote: Ivan wrote: You may also want to check out the new ISR models (ISR G2 http://www.cisco.com/go/isrg2). I get the impression from reading about the new universal image that they phone home for license keys before it will activate features. Is this accurate? No, you get base level features out of the box, and you can activate the advanced features that are licensed on a trial basis for x days until you can get your PACs from the Cisco license website and apply it permamently to that box. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
Doug McIntyre wrote: On Wed, Nov 18, 2009 at 01:28:53PM -0800, Seth Mattinen wrote: Ivan wrote: You may also want to check out the new ISR models (ISR G2 http://www.cisco.com/go/isrg2). I get the impression from reading about the new universal image that they phone home for license keys before it will activate features. Is this accurate? No, you get base level features out of the box, and you can activate the advanced features that are licensed on a trial basis for x days until you can get your PACs from the Cisco license website and apply it permamently to that box. Are they backup-able? That is, can you get the device back to full functionality from local copies without access to the website? What happens if hardware gets stolen or somebody yanks the flash card and loses it? Can you still keep spares in storage? ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
Ed W wrote: Greetings, I've been out of the market on the latest Cisco routers for a while and I'm looking for some info about a router to use in a small co-located environment. Basic requirements: 2 Copper FastE/GigE 50-75 Mbps throughput HSRP NetFlow Basic ACLs/null routing for Bogons, etc. No dynamic routing No NAT/PAT Preferably 1U More than 2 FE interfaces, IPv6 support and room to grow into a BGP session or two would be nice, but not required. Traffic will be mostly HTTP/HTTPS, Mail (IMAP, POP, SMTP) and some VOIP channels mixed in (G711 G729) My first thought after some research was a 2800 series, but NetFlow seems like a possible red flag. The 2800's support netflow just fine, but you won't get that kind of performance out of a 2811 (fastest 1U), nor anything else in the 2800 line over a handful of single large packet flows. 3845 *maybe* depending on features, but it's 3U. If you need 1U then go for a 7201 which is basically a 1U 7200VXR NPE-G2. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
I don't know if the 7201 will accept PVDMs, so if you need to do voice xcoding on your box that may be a show stopper. According to Cisco's marketing speak the new 2900s will do up to 75Mbps with services such as security, mobility, WAN Optimization However it is 2U. -mtw -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Bill Blackford Sent: Wednesday, November 18, 2009 12:54 PM To: 'Scott Granados'; Ed W; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router advice The 7201 is 1RU. It's basically an NPE-G2 shoehorned into a 1RU chassis. -b -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Wednesday, November 18, 2009 12:50 PM To: Ed W; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router advice I'm thinking 7200 series makes sense for you although I believe they are more than 1U. - Original Message - From: Ed W ed.whitesell+li...@gmail.com To: cisco-nsp@puck.nether.net Sent: Wednesday, November 18, 2009 12:09 PM Subject: [c-nsp] Router advice Greetings, I've been out of the market on the latest Cisco routers for a while and I'm looking for some info about a router to use in a small co-located environment. Basic requirements: 2 Copper FastE/GigE 50-75 Mbps throughput HSRP NetFlow Basic ACLs/null routing for Bogons, etc. No dynamic routing No NAT/PAT Preferably 1U More than 2 FE interfaces, IPv6 support and room to grow into a BGP session or two would be nice, but not required. Traffic will be mostly HTTP/HTTPS, Mail (IMAP, POP, SMTP) and some VOIP channels mixed in (G711 G729) My first thought after some research was a 2800 series, but NetFlow seems like a possible red flag. I'd be open to hearing about other vendors' options that meet the requirements (offlist of course), but no Build Your Own/Quagga options. Thanks, Ed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
Ivan wrote: You may also want to check out the new ISR models (ISR G2 http://www.cisco.com/go/isrg2). I get the impression from reading about the new universal image that they phone home for license keys before it will activate features. Is this accurate? ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
You may also want to check out the new ISR models (ISR G2 http://www.cisco.com/go/isrg2). Ivan Seth Mattinen wrote: Ed W wrote: Greetings, I've been out of the market on the latest Cisco routers for a while and I'm looking for some info about a router to use in a small co-located environment. Basic requirements: 2 Copper FastE/GigE 50-75 Mbps throughput HSRP NetFlow Basic ACLs/null routing for Bogons, etc. No dynamic routing No NAT/PAT Preferably 1U More than 2 FE interfaces, IPv6 support and room to grow into a BGP session or two would be nice, but not required. Traffic will be mostly HTTP/HTTPS, Mail (IMAP, POP, SMTP) and some VOIP channels mixed in (G711 G729) My first thought after some research was a 2800 series, but NetFlow seems like a possible red flag. The 2800's support netflow just fine, but you won't get that kind of performance out of a 2811 (fastest 1U), nor anything else in the 2800 line over a handful of single large packet flows. 3845 *maybe* depending on features, but it's 3U. If you need 1U then go for a 7201 which is basically a 1U 7200VXR NPE-G2. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router advice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Seth Mattinen wrote: Ivan wrote: You may also want to check out the new ISR models (ISR G2 http://www.cisco.com/go/isrg2). I get the impression from reading about the new universal image that they phone home for license keys before it will activate features. Is this accurate? ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ What if the device is not connected to the internet? Manolo -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJLBG2oAAoJEOcnyWxdB1IrmboIAMPjIzElaklqYAmweAjN5MSU 6Ga27JDll+/nZF73cjZlP6ZtgEvhi3zDGnPYjUr4Tjl1qdi8Tn1I6lq67XbxuKue sRte3bBSvghF70MF4W9ctlbJbxIbhY+HLHDA5A1tLkZ65fliDaFgF6Y4XjHFSscm wnMY+EEZVvPTUJjIniUGlFAQj4Cn4TBPtOsRvvImdvJrPnF2uuMuDWOY7ucn62pL EVqZEwrJU23KkTzAguiHjoqoNdS6nhDmUOPrmiRWNgtjdsew97ewQui5EJsRpRC2 2NR0iYERLPUI3ao27lcpVJnzKJMjg97uJ5m+boHdcOxzMhdBK1mATCerAhrAHEY= =pLJa -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/