Cisco - CISCO Vs Consumer Grade

11-05-2005, 10:53 PM

Hi All!

I'm setting up a small office network:

Server, 10 Workstations, Shared DSL connection, some remote access -
just basic stuff.

What advantages would there be for me in going with a CISCO product
(PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink,
etc).

I guess I'm asking, "What would going with a CISCO get me that a
Linksys won't?"

Thanks!

mark

mhaase-at-springmind.com

11-06-2005, 06:05 AM

Cisco products are more expensive, but then you get the support (security
updates, excellent warranty, etc.). Consumer grade routers/firewalls do not
provide as much config options / flexibility compared to Cisco.
For such a small network, and if you have some time to learn, you can
investigate on using a linux router/fw (netfilter or iptables) on a cheap 2
NIC computer.

"mhaase-at-springmind.com" <mhaase-at-springmind.com@> wrote in message
news:...
> Hi All!
>
> I'm setting up a small office network:
>
> Server, 10 Workstations, Shared DSL connection, some remote access -
> just basic stuff.
>
> What advantages would there be for me in going with a CISCO product
> (PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink,
> etc).
>
> I guess I'm asking, "What would going with a CISCO get me that a
> Linksys won't?"
>
> Thanks!
>
> mark
>
>

11-06-2005, 02:34 PM

Cen <> wrote:
>"mhaase-at-springmind.com" <mhaase-at-springmind.com@> wrote in message
>news:.. .
>> Hi All!
>>
>> I'm setting up a small office network:
>>
>> Server, 10 Workstations, Shared DSL connection, some remote access -
>> just basic stuff.
>>
>> What advantages would there be for me in going with a CISCO product
>> (PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink,
>> etc).
>>
>> I guess I'm asking, "What would going with a CISCO get me that a
>> Linksys won't?"
>>
>> Thanks!
>>
>> mark
>>
>Cisco products are more expensive, but then you get the support (security
>updates, excellent warranty, etc.). Consumer grade routers/firewalls do not
>provide as much config options / flexibility compared to Cisco.
>For such a small network, and if you have some time to learn, you can
>investigate on using a linux router/fw (netfilter or iptables) on a cheap 2
>NIC computer.

In addition to those items mentioned by Cen, a few others to
consider:

Consumer grade often seems to assume that routine rebooting or power
cycling is acceptable. I.e., you can't just install it and forget it.

Commercial grade typically provides better support for remote
monitoring and management. Consumer grade, for example, almost
never supports SNMP.

Consumer grade typically ships with a default configuration which
will provide functionality right out of the box, no effort required
(and typically no security provided either, but that is another
story). Commercial grade typically requires effort before it can
be used.

Commercial grade often tolerates a wider range of environment,
i.e., is specified to work at lower and higher temperatures than
consumer grade, which can assume use only in locations comfortable
to humans. But there are exceptions, so be careful. In particular,
some commercial grade HW are speced for data center environments.

RF emission limits are tighter on home products (FCC class B) than
they are on office/industrial products (FCC class A). Consumer
grade must meet the home limits while commercial grade may choose
to only meet the office/industrial limits.

As the old saying goes, "You get what you pay for." Although given
the scruples of many vendors, I'd be more inclined to rephrase it
in the negative: "You may not get what you pay for, but you never
get what you don't pay for!" As always, YMMV.

Good luck and have fun!
--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com

11-06-2005, 03:11 PM

In article <>,
mhaase-at-springmind.com <mhaase-at-springmind.com> wrote:
>I'm setting up a small office network:

>Server, 10 Workstations, Shared DSL connection, some remote access -
>just basic stuff.

>What advantages would there be for me in going with a CISCO product
>(PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink,
>etc).

>I guess I'm asking, "What would going with a CISCO get me that a
>Linksys won't?"

Routers and switches:

Until you get to the highest end Linksys, afaik, you won't get
a managed product -- no ability to look at error counts, no ability
to watch traffic volumes, no ability to check to see if new devices
are introduced on your network, and so on.

I don't recall that any of the Linksys devices are "wire speed" -- able
to handle all the ports at full speed.

The linksys isn't going to have policy-based routing, or any
facility for bandwidth control and not much (if any) facility
for traffic policing.

Firewalls:

The BEFSX11 supports only two Security Associations, both to the
same peer. Once to four times each day, the currently transmitting
TCP connection freezes, the security associations drop, and when
they get renegotiated the other TCP connections are fine but that
active connection is dead, never to be recoverable. (Suppose for example
you are in the middle of typing a letter on a remote system and it
freezes on you...) I'm not sure about cause and effect here: plausibly
it was a case that when the SA's were expiring normally that the active
TCP connection would die. The frequency of the freezes make this
device unsuitable for use in business where loss of a connection may
be a significant hastle.

The BEFVP41 supports more Security Associations, and more than one
peer, and only freezes the connections once a week or less
(but they still do freeze from time to time.) The BEFVP41 has trouble
recovering sometimes when the ISP changes a DHCP'd interface IP
being used for a tunnel, requiring that one go in to the GUI interface
and press the "connect" control... not so bad if you are local, but
not something you want to be dealing with on a remote system.

The PIX has *much* finer-grained control over what is allowed
through and what is not, and much finer-grained control over exactly
how IP addresses get translated.

The PIX has support for a series of protocols, to know to translate
IP addresses and port numbers embedded in the protocols (e.g., in
order to receive a file in FTP, your system has to tell the other
system which IP and port to connect to, and the PIX needs to
mediate between your internal addresses and the external ones.)
The set of protocols supported by the PIX is not as extensive as
is now supported by some of the other manufacturers... but the
Linksys simply don't document that kind of protocol support at all.

--
All is vanity. -- Ecclesiastes

11-06-2005, 06:05 AM	#2
Cen Posts: n/a	Re: CISCO Vs Consumer Grade Cisco products are more expensive, but then you get the support (security updates, excellent warranty, etc.). Consumer grade routers/firewalls do not provide as much config options / flexibility compared to Cisco. For such a small network, and if you have some time to learn, you can investigate on using a linux router/fw (netfilter or iptables) on a cheap 2 NIC computer. "mhaase-at-springmind.com" <mhaase-at-springmind.com@> wrote in message news:... > Hi All! > > I'm setting up a small office network: > > Server, 10 Workstations, Shared DSL connection, some remote access - > just basic stuff. > > What advantages would there be for me in going with a CISCO product > (PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink, > etc). > > I guess I'm asking, "What would going with a CISCO get me that a > Linksys won't?" > > Thanks! > > mark > >

11-06-2005, 02:34 PM	#3
Vincent C Jones Posts: n/a	Re: CISCO Vs Consumer Grade Cen <> wrote: >"mhaase-at-springmind.com" <mhaase-at-springmind.com@> wrote in message >news:.. . >> Hi All! >> >> I'm setting up a small office network: >> >> Server, 10 Workstations, Shared DSL connection, some remote access - >> just basic stuff. >> >> What advantages would there be for me in going with a CISCO product >> (PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink, >> etc). >> >> I guess I'm asking, "What would going with a CISCO get me that a >> Linksys won't?" >> >> Thanks! >> >> mark >> >Cisco products are more expensive, but then you get the support (security >updates, excellent warranty, etc.). Consumer grade routers/firewalls do not >provide as much config options / flexibility compared to Cisco. >For such a small network, and if you have some time to learn, you can >investigate on using a linux router/fw (netfilter or iptables) on a cheap 2 >NIC computer. In addition to those items mentioned by Cen, a few others to consider: Consumer grade often seems to assume that routine rebooting or power cycling is acceptable. I.e., you can't just install it and forget it. Commercial grade typically provides better support for remote monitoring and management. Consumer grade, for example, almost never supports SNMP. Consumer grade typically ships with a default configuration which will provide functionality right out of the box, no effort required (and typically no security provided either, but that is another story). Commercial grade typically requires effort before it can be used. Commercial grade often tolerates a wider range of environment, i.e., is specified to work at lower and higher temperatures than consumer grade, which can assume use only in locations comfortable to humans. But there are exceptions, so be careful. In particular, some commercial grade HW are speced for data center environments. RF emission limits are tighter on home products (FCC class B) than they are on office/industrial products (FCC class A). Consumer grade must meet the home limits while commercial grade may choose to only meet the office/industrial limits. As the old saying goes, "You get what you pay for." Although given the scruples of many vendors, I'd be more inclined to rephrase it in the negative: "You may not get what you pay for, but you never get what you don't pay for!" As always, YMMV. Good luck and have fun! -- Vincent C Jones, Consultant Expert advice and a helping hand Networking Unlimited, Inc. for those who want to manage and Tenafly, NJ Phone: 201 568-7810 control their networking destiny http://www.networkingunlimited.com

11-06-2005, 03:11 PM	#4
Walter Roberson Posts: n/a	Re: CISCO Vs Consumer Grade In article <>, mhaase-at-springmind.com <mhaase-at-springmind.com> wrote: >I'm setting up a small office network: >Server, 10 Workstations, Shared DSL connection, some remote access - >just basic stuff. >What advantages would there be for me in going with a CISCO product >(PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink, >etc). >I guess I'm asking, "What would going with a CISCO get me that a >Linksys won't?" Routers and switches: Until you get to the highest end Linksys, afaik, you won't get a managed product -- no ability to look at error counts, no ability to watch traffic volumes, no ability to check to see if new devices are introduced on your network, and so on. I don't recall that any of the Linksys devices are "wire speed" -- able to handle all the ports at full speed. The linksys isn't going to have policy-based routing, or any facility for bandwidth control and not much (if any) facility for traffic policing. Firewalls: The BEFSX11 supports only two Security Associations, both to the same peer. Once to four times each day, the currently transmitting TCP connection freezes, the security associations drop, and when they get renegotiated the other TCP connections are fine but that active connection is dead, never to be recoverable. (Suppose for example you are in the middle of typing a letter on a remote system and it freezes on you...) I'm not sure about cause and effect here: plausibly it was a case that when the SA's were expiring normally that the active TCP connection would die. The frequency of the freezes make this device unsuitable for use in business where loss of a connection may be a significant hastle. The BEFVP41 supports more Security Associations, and more than one peer, and only freezes the connections once a week or less (but they still do freeze from time to time.) The BEFVP41 has trouble recovering sometimes when the ISP changes a DHCP'd interface IP being used for a tunnel, requiring that one go in to the GUI interface and press the "connect" control... not so bad if you are local, but not something you want to be dealing with on a remote system. The PIX has much finer-grained control over what is allowed through and what is not, and much finer-grained control over exactly how IP addresses get translated. The PIX has support for a series of protocols, to know to translate IP addresses and port numbers embedded in the protocols (e.g., in order to receive a file in FTP, your system has to tell the other system which IP and port to connect to, and the PIX needs to mediate between your internal addresses and the external ones.) The set of protocols supported by the PIX is not as extensive as is now supported by some of the other manufacturers... but the Linksys simply don't document that kind of protocol support at all. -- All is vanity. -- Ecclesiastes

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

11-05-2005, 10:53 PM	#1
	CISCO Vs Consumer Grade Hi All! I'm setting up a small office network: Server, 10 Workstations, Shared DSL connection, some remote access - just basic stuff. What advantages would there be for me in going with a CISCO product (PIX, etc), over a Consumer Grade router/firewall (linksys, Dlink, etc). I guess I'm asking, "What would going with a CISCO get me that a Linksys won't?" Thanks! mark mhaase-at-springmind.com