Hi,
As my user name says, I am new to the networking and I am looking for advise - is there any router that would be similar to the Cisco ISR4321 - at the moment, we are looking for something that can connect 3 different networks, has ACL list configured, so those specifications.
Although Cisco ISR4321 is not one of the more expensive ones, I am still not sure if additional things (such as licence etc) needs to be purchased, so I am wondering if there might be something cheaper (or easier to configure, as apparently I have read that Cisco routers are not one of the easiest ones to set up, is that true?)
Any response would be much appreciated
Thanks in advance
Oh, I thought your name was "Newton Etwork"! :D Welcome to the forums!
Typically, Cisco will have you purchase a license with the hardware, as the license will determine which premium features will be available for you to use.
As for setting up, most enterprise-class routers will be done via the command-line, which can be difficult, especially for people completely new to networking. A small business-class router would be more likely to offer a web page with step-by-step wizards or input screens to assist in setting them up correctly.
A value-added reseller or VAR would be a good resource here. The VAR would not only contract to provide the equipment, but would also offer professional services in sending one of their techs over to set up the equipment for you.
So perhaps a little more information about your situation could help. What size company do you work for? Are the networks all in the same physical location, or are they remote sites? Will this be also acting as a firewall? Do the network connections involve VPNs? Do you have a reseller relationship already established that can help you with evaluating your needs?
DeanWebb, thanks for your reply! I wish I had a Newton's capacity in the networking world :)
So, this particular router would be used just for the testing (networks in the same physical location, and should be acting as a firewall as well), therefore I presume that "small business-class router would be more likely to offer a web page with step-by-step wizards or input screens to assist in setting them up correctly" as you have stated below would be good choice, am I correct?
Could you recommend any of those routers?
Thanks
Recommend? Not quite yet, but this conversation will eventually help us arrive at a good destination for you.
If the router is for testing, we need to know if it is for testing configurations before putting them on production routers - for that, you want a model very close or exactly like what you use in production.
If it is for other groups testing their code and all they need are 3 networks to work with, then even a switch with layer 3 functions can do the job here and, yes, a small business router might fit the ticket.
So... what's being tested here?
Yes, this router would be for testing before putting it in production and in production, Cisco ISR4321 is used (however, probably in production, it is used for wider/further networking of other networks).
Thanks
If this is for testing production routers, then you need something similar to a production router. Purchasing one second-hand, though, might be a solution for you.
Have you contacted a Cisco reseller about your current issue?
I think that second-hand is not really preferred solution.
Also, how easy/difficult is to set up Cisco router?
I haven't contacted Cisco re-seller yet...
How about competitors such as Juniper, HP and IBM, would they have anything similar on their market?
Thanks
I would definitely look at the Juniper SRX300 or SRX320 too. There's a bit of a learning curve on the CLI, but it also has a web-interface which makes it a bit more accessible for beginners.
Can you describe your requirements please - how many users, how much traffic throughput, security requirements for your ACLs, etc?
SimonV, thanks for reply.
this particular router would be used for the testing where 3 servers from different networks (in the same physical location) would need to communicate/connect to each other.
As for the ACL list, as each Server/Interface uses different ports to connect, they would need to be specified in the ACL list.
Are you saying that Juniper SRX300 would be suitable for this?
Thanks again
ACLs on a Cisco router are very hard to maintain, and they are not stateful (well, it's possible) so you need to create ACLs in both directions. If ACLs are one of your requirements, I would definitely choose a proper firewall over a standard router as they are built specifically for that purpose. I'm a big SRX fan but I'm sure every vendor out there has a small firewall that would fit your requirements.
In the simplest form of what you describe, you would configure three physical ports with the IP address that will serve as your server's default Gateway and then start building security policies between them. You can make it more complex and robust but that requires more experience, and it also depends on the underlying network. How does the rest of your network look like? Is this new design something you will build from scratch, or are you integrating into an existing network?
So, you are saying (translated in my own language) that in general configuring Cisco router especially ACLs is quiet complicated, therefore I should avoid it (with which I agree)?
You are saying "if ACLs are one of your requirements, I would definitely choose a proper firewall over a standard router as they are built specifically for that purpose." - does it mean that SRX is a firewall not a router?
Thanks for help
I would appreciate if I could get more help on this! Thanks in advance
Quote from: NewToNetwork on May 22, 2017, 04:52:57 PM
I would appreciate if I could get more help on this! Thanks in advance
We can give you more help, but before we can do that, we need more information from you.
When you said this was for testing, you were not clear on what the test is... we need more information there.
If you would like to post both in English and your native language, that might help, we have people here that can try to understand that way.
deanwebb,
Yes, English is not my native language (well, obviously), however, what I meant was that Network is certainly "language" I don't understand...
And that is why is probably difficult to explain what I need, not that much because of my (bad) English, but more likely because of my poor understanding of what I want/need to do....
I will try to get a "better" story, and will get back to you.
Thank you so far for your time.
BR
So what's your native language then? :)
I'm as much of a SRX fanboy as the next router guy, but in your case, I'd recommend a fortigate instead. Their web ui is much easier than Juniper's. Cisco's basically doesn't exist.
If you didn't need 3 separate interfaces I'd just say go buy a prosumer 'router' but they don't fit your requirements
don't get hung up about router vs firewall, in your case you want the functions of both, both SRX and Fortigate will do it. Cisco will too but the firewall part will suck and you'll have to CLI all of it. You're also kneecapped by bandwidth licensing and an artificial cap (IIRC maximum 100M on a 4321?) - ISRs are targeted at WAN gateway functionality.
wintermute000, sorry, I just saw your reply, thanks for getting back to me.
Does it mean that SRX doesn't need CLI configured, how will different ports be allowed for communication?
SRX has web UI but last time I used it it was horrible, basically a direct fascimile of CLI. If you don't know CLI hyou won't know what to do. New gen software may have fixed it, dunno.
TBH your questions are so basic, I'd just save the trouble and get a pro in, you're over your head.
Quote from: wintermute000 on May 31, 2017, 05:59:06 AM
TBH your questions are so basic, I'd just save the trouble and get a pro in
+1 to that suggestion. Really, a lot of your issues could be solved by getting a consultant or value-added reseller to go to your firm and taking a look at things there with you. I think that one of those guys would possibly see something that you're missing and would be able to recommend a better solution than what you may be considering.
Ok guys, I got the message...
Thanks anyway
Br