Networking

Find the best Cisco router for your needs

With Cisco's router lineup changing so frequently, it can be difficult to stay up to date. What are the current models of routers, and which router would you use for which situations?

With Cisco's router lineup changing so frequently, it can be difficult to stay up to date. What are the current models of routers, and which router would you use for which situations?

What's missing from the lineup?

For those of us who have been working with Cisco routers for some time, some of the most well-known routers are missing from the current lineup. Cisco discontinued the 2600 and 3600 Series routers some time ago. For the remote branch office and SMB market, these routers were always the workhorse of the Cisco router lineup.

In my opinion, it wasn't their capabilities that made them obsolete. They could do just about anything that the latest routers could do. For that reason, many shops are still using them.

What made these series of routers depreciate was the limitation of their CPU processing, Flash, and RAM storage. The Cisco IOS grew to be larger than what those routers could handle efficiently with the maximum amount of RAM.

In addition, the packet load of the typical network grew so much that Gig-Ethernet became common on networks. These routers just didn't have the processing to handle that throughput with the CPU that they had.

Meet the ISRs

What's really been new in the last year or so is the concept of Cisco's Integrated Services Routers (ISR). As you can see in Figure A, the ISR is what Cisco calls all but its larger "services aggregation platforms."

Figure A

Figure A

ISRs work for all companies -- from the single telecommuter at the home office to the medium or large company running full BGP to the Internet. Cisco dubbed these routers "integrated services" because not only do they route like a traditional router, but they can also provides other services such as IPSec VPN, firewall, intrusion prevention, and VoIP call management.

Which router do I need?

People often ask me which router they should use for a specific situation. To begin, I think Figure A does a decent job of illustrating Cisco's available routers and the load they can take (as illustrated by the light blue column in the graphic).

Of course, there's no hard and fast rule telling us which router to use for which situation. However, here are some general guidelines that I suggest using.

Home office or small branch office

Let's say you have a home office worker who needs more than just a periodic VPN connection. The employee will be working a full 40-hour workweek over a site-to-site VPN, and you want him or her to have the most reliable and best performing connection possible.

Cisco 800 Series routers are ideal in this situation. They're great performing routers for a single person or even a small office of up to 10 people. They have the full Cisco IOS, including the latest IOS 12.4 including features such as Firewall, IPS, VPN, VLAN, QoS, NAC, and even high availability features. There are different models for different applications, including ISDN, DSL, and routers with integrated wireless.

I use a Cisco 871W router at my house. In addition to it being a great router to connect to the Internet, it's an excellent router for testing Cisco IOS commands. I also recommend the 800 Series routers to CCNA and CCNP candidates as the best option for studying IOS commands.

Remote office of 25 workers

For remote offices that have 25 or so workers, Cisco 1800 Series routers are an excellent choice. This router is perfect if all you need is a router to connect your office to the Internet, VPN, firewall, and wireless.

Remote office of 50 workers

If you're looking for the same basic functionality of the 1800 Series but need a lot more performance and expandability, Cisco 2800 Series routers are what you need. With the 2800 series lineup, you can get everything that's in the 1800 Series plus redundant power supply options, Gig-Ethernet ports, Network Module (NM) expansion slots, VoIP Call Manager Express (CME) with SRST, and much more performance.

Having the NM card slot lets you add things such as a 36-port switch with PoE, a DS3 ATM, a 24-port VoIP module, an intrusion detection module, a network analysis module, or a Cisco Unity Express voice mail module. In my opinion, the Network Module slot on the 2800 Series is where the Cisco router lineup really starts to get exciting.

Remote or HQ office of 100 workers

Cisco 3800 Series routers are similar to the 2800 Series in that there are a lot of HWIC and NM options for them. But what sets them apart from the 2800 Series is the sheer performance of the hardware and the number of HWIC and NM card that you can put into them.

Campus or large HQ office

For very large campus or service providers, the Catalyst 6500 and 7200/7300 Series platforms are for you. Cisco calls these "service aggregation platforms." These are very high-performance networking platforms with a huge capacity for expansion.

A quick disclaimer: Always read the specifications for the router you're considering, and consult with your local SE or experienced Cisco reseller to make sure you get the best router for the job.

Conclusion

It can be difficult to stay up to date with Cisco's ever-expanding and changing router offerings. In this article, I covered the different scenarios where you would need a Cisco router and the five major Cisco router platforms that fit into those scenarios. I hope that the next time you need to select a Cisco router, you know exactly which router line to turn to.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

35 comments
glidlow
glidlow

As far as I know the primary function of an ISR, say a 800, is routing and has firewall and other functions. A PIX/ASA's (pix506e or asa5505) primary function is being a firewall and does routing and other functions. But both can can do more or less the same. When would you use one or the other ?

BALTHOR
BALTHOR

What do I get when I connect 25 computers to a router and a server?

No User
No User

First of all your article is interesting and certainly needs to be expanded upon and if so has great potential to provide some really terrific information. We have Cisco Routers, Switches, Firewalls, IPS, WAAS, CSA, CSM and Network Manager. That said lets iron out some ruff points first. I can see that a Switch on a local LAN with gigabyte Ethernet that will speed things up verse 100 MB. However if you have a T1 line what advantage does it bring to a Router? How much advantage would a Router with a gigabyte port connecting to a Switch with gigabyte ports actually bring to a remote site if the other end of that Router connects to a T1 line? What would the load need to be to actually notice the difference from a users perspective? The bottle neck for a Router is much more the communication line to the other Router then the number of devices at the remote end. The exception would be if you had multiple T1 lines per Router then you would benefit from a faster processor and other internal resources. I can see a remote Switch that has gigabyte Ethernet benefiting if you have local use for it but not if you have a bunch of PC's connected to that Switch that use a Router to connect them across a T1 line. Am I missing something? I think a WAAS would provide much better through put then a gigabyte Ethernet port that connects a Router to a Switch. I think a better way to choose a Router series then looking at how many people you have at a remote location is how many T1 or other communication lines you will have and what modules if any you will use such as WAAS and IPS. Another point you need to look at is how many remote sites connect to the Central location / Main office there you may want a faster Router and one that supports enough ports to connect your remote sites. As far as Cisco making their IOS larger then certain models can handle there by forcing you to upgrade. That is know as planned obsolescence. It is not a case of the old boys not being able to keep up. Think about that for a second. It?s a self fulfilling prophecy. ;) I find the break down of older routers such as 1711, 1721, 1751 they are 1700 series or 2600 XM 2611, 2621 they are 2600 series much harder to distinguish do to the lack of clear defining information. Although they add something like VOIP or VPN to the description what real advantage or disadvantage separates the various models of the same class? Some of the features only bring an advantage if you are using other Cisco equipment other wise they all can be used to route VPN and VOIP traffic. The WIC cards can also be confusing such as VWIC-1MFT-T1 1-Port RJ-48 Multiflex Voice T1 WIC and WIC-1DSU-T1-V2 out side of 2 ports is it a must have if you use VOIP or just Cisco VOIP? Outside of VOIP both are simply T1 boards with either one or two ports. I have not looked at all the models that the new series have but I?ll bet that it?s the internals such as back plain, CPU, Flash and memory that separate them just like the discontinued models. We have the 2811's for Remote site and a 3825 at the Main office. I think it all comes down to price and performance, the upgrade ability and one model has more robust components then the other and cost more. So they aim the Routers at markets based on price and performance. Such as the back plain how much memory, flash, CPU speed and so on a.k.a. internal resources and not VPN and VOIP unless you are using specific Cisco equipment that either must have it or derives a certain benefit from it. The IOS features that each one can use would be based on their internal resources. The configuration and expand ability of the equipment should spell it out for you in those cases. Although they certainly don't make it easy on someone who is choosing equipment I think the base configuration and modules you intend to add and the communication lines draw a better distinction to help you decide then the number of users at a remote site.

w0hls
w0hls

What router do I need for a Sierra Wireless 595 Air Card, PCMCIA in my notebook so I can access the internet from my desktop computers?

kmdennis
kmdennis

Hey,I may have seen a few hours too late. So I am planning on studying the CISCO stuff and just purchased 2 routers: 1- 2524 and 1 2610. Do you think these could be effective to use in my training for the CCNA? And which switch would be a good (cheap) choice to add? What else would you suggest to compliment this little line up for a CCNA Lab. Thanks for your answers

rschaefer
rschaefer

First you hate Microsoft then you hate Cisco, I guess theres always something to complain about. I tell my clients that technology doubles every 18 months. That doesn't mean they need to upgrade, but you need to be aware that application developers are not making software applications any leaner. If you compare the specs of all your different manufacturers I think you will find that Cisco offers some of the highest quality devices. Compare a Cisco Pix 501 which Cisco no longer sells. It is better then many of the firewalls that you are mentioning here. It supports 7500 TCP connections, how many do your sonicwall or watchdog support. I have installed Cisco devices over 3 years ago which still haven't been reebooted show me the uptime on your cheaper devices. I think you will find they come up short. If your in a smb market these other brands might work well for you and may fit into your pricing, but when your big business, you need Big Iron, Cisco, Foundry and a few others Compare the throughput on the backplanes of the switches and see which is the best. If you don't need it that much throughput thats fine use a lesser device. I say lesser device because I'm pretty sure the Internet doesn't runs on Dlink, netgear, watchdog, or even sonicwall routers running BGP. I don't even think that these devices can be configured for BGP and if your an ISA lover, tell me how you connect a DS3 or OC3 Circuit to your ISA firewall without the use of a real router. Not all ISP give you an ethernet handoff. I don't care about personal opinions, I care about hard numbers and uptime, so do my clients.

CG IT
CG IT

on new products with the exception of pricing. Cisco products aren't inexpensive [their very expensive] and the fact that it's infrastructure rather than user environment makes an ever changing product lineup that much more difficult to plan out. Install a 2600 you though would last at least 7 years now only lasted what? 3? and just 1 2600 cost upwards of $3k to $5k brand new not to mention the cost of modules and then just configuring it. I've been on 5 projects now, one where I work and 4 that I consulted on where upgrading infrastructure was a consideration until they saw the cost.

JoeBeckner
JoeBeckner

Do you mean what kind of router to get?

JoeBeckner
JoeBeckner

The interface on the routers and switches is GigaBit Per Second, not GigaByte per Second (8 bits to a byte). When a router attaches to a T1 line only packets that need to be routed across the T1 line are sent over it, so if data is entering the router at 1Gbps not every packet is going over the T1 line. One advantage to a 1Gbps interface on the router is that the data gets read into the buffers faster for processing by the CPU.

wratholix
wratholix

Either a cheap linksys/netgear if it doesnt matter much. If you want a Cisco device, the 837 (Build in ADSL modem) or 831 (WAN port for external modem) will do for you.

wsasser
wsasser

Packet Tracer is probably a LOT cheaper and it emulates everything you would do with Physical Devices. Packet Tracer do a Google and you'll find a copy. I'm on 5.1

Dumphrey
Dumphrey

in fact, if you can get several 2500's with serial interfaces, you can set them up as frame relay switches to play with that as well. Really any switch will do. Down the road you may need more kit, but 2 routers and 2 (managed cisco)switches is enough to do most everything.

Cincinnerdi
Cincinnerdi

As a consultant, I've caught myself thinking, "This small company isn't going to want to pay for Cisco." But they pay for peace of mind and that often means Cisco. Used to be if the office power went off, everyone would be sent home. Now, it's if the internet is off, no one can do their work. What's the cost per hour to a business of 15 people if their network is down? Doesn't take long to justify the cost of reliable equipment.

Dumphrey
Dumphrey

CG is not hatin' on the Crisco, he is simply pointing out a financial reality of the SMB market. Your points are very valid and correct. Where Cisco made its marjet is in WAN infrastructure. The PIX was/is a divine piece of equipment. We have 2. But we also have a Catalyst 4008, with 2 fiber modules (1 2 port, 1 4 port) and 2 36 port 10/100 ethernet modules, and the admin managment module. So it cost close to $10,000 new (5 years ago) and is now out of support, and EOL. It was from day one ONLY used for PASSIVE switching. No vlans, no mac security, just simple connection. Even using Cisco gear this could have been achieved for $3000 or less. This "oversell" of Cisco by re-sell partners to people who do not know better is a large part of the "Cisco Hatin'" you see alot now a days. The SMB market has got this shaft more times then I can count, and other companies are attempting (badly in my opinion) to fill the niche being created for "mid-level" networking gear. (Linksys SOHO gear is pure $h!t.) In all bisness, it comes down to price for performance. In many places, the proven reliability of Cisco is a requirement for true 24x7 performance. In other places, the extra cost is the difference between employees getting paid or network downtime in the unforseen future... Drop down out of the clouds of Corporate money and try to shop like an SMB on a yearly budget of say, $9000.

CG IT
CG IT

everything you've mentioned is correct. I have no qualms with Cisco infrastructure equipment at the campus or regional level at all. Heck at that level, I'd only use Cisco stuff [well I might opt for some 3Comm switches]... But I think at the SMB level, the 1800, 2800 and 3800 stuff often ends up being out of their budget, especially when new product offerings end up on a 3 year cycle. Having the latest and greatest is a phenomenom that mfgs and software makers would love everyone to buy into. However the economic feasability of buying $20,000 to $30,000 of infrastructure equipment let alone desktops, servers and their respective software every 3 years is just unrealistic. No matter which way you spin the #s or juggle the retirement schedule.

Dumphrey
Dumphrey

the upgrade would do very little at all for the network. Gigabit routing between vlans could be a significant upgrade, if you have gigabit switching etc. But as a general rule, unless you NEED a new feature, chances are wasting your money. And if you didn't need the feature before you found out about it, you don't need it. What Cisco is doing is the same think MS does, now that their market saturation is to the point of diversify or shrink, they are trying to "force" hardware upgrades. Unlike MS, what router you have in place rarely makes a big enough difference to either the Boss or the bean counters to justify replacing it every three years. It would take something big to make me want to upgrade, like major speed upgrades where needed, ie copper gigabit or f2tdt, or a hardware death forcing a new kit anyway.

No User
No User

Gigabit - Gigabyte - A billion bits or a billion bytes and a T1 is 1.5 meg take your pick 1.5 million bits or bytes it's less then 1% of the Ethernet port speed. Gigabit or Gigabyte how can either improve the router through put over a T1 line? Sounds like hurry up and wait to me any way you look at it.

CG IT
CG IT

for switches. Their great, do lots of stuff with them. If you get a CCNA then you probably will go for the CCNP and routing and switching is a big part of CCNP. I've done frame relay with 2500s because at the time they were cheap and the 2600s were not. Haven't done much with 2600s because they seemed to just come and go in the lifecycle area. 1800s are great routers if you can get your hands on used ones. I'd get a PIX as well just so you can get familiar with them. Even if Cisco no longer supports PIX, there's plenty of places with them and knowing how to configure them gives you the basics of Ciscos new intergrated services routers. If you really want to go all out, I'd get a 2511 with the octal cable and hook up everything to it then do remote sessions from it.

kmdennis
kmdennis

So as an open source alternative, Vyatta is claiming to be CISCO's equal. I have installed it and done a little basic configuration on the firewall, but nothing with routing. I believe they now have it on there own hardware. But if anyone wants to comment on it especially if you have used or heard of anyone who have used, please do so. If is is as great as they tout, then it may a nice compliment to CISCO.

gforsythe7
gforsythe7

Just over a year ago, I convinced my CEO that we needed to forklift our Alcatel VoIP trunking phone system along with the dell unmanaged switches and Netvanta routers in favor of Cisco. I'm talking complete network overhaul. We were fraught with T1 outages, laging, as well as periods of inability to call remote sites thru the phone system. We are a medium size business and I asked for $85,000, which was no small chunk. I promised almost no downtime, complete reduction in compaints about the phones, and increased productivity at remote sites, and a few other things. He said, are you ready to risk your job on it. Install started December 06, it's March 08 and we couldn't be happier. I can come to work and be confident that I will not be repairing my network. Oh, and when the roof leaked and flooded my PoE switch, Cisco replaced it the same day! As my 3 year old likes to say, "Beat that!"

nhahajn
nhahajn

Cisco is proabably overkill for Small businesses. But there products are great, same interface over all products make it easier to learn(although not that easy). But I would say even if you didn't intend to, you came across as Cisco hater. I would say even a small business would do well to at least use a Cisco device as there firewall, we were forced to use a Sidewinder as ours and hate it.

CG IT
CG IT

Either Cisco has to make their products more affordable or they will lose their market dominance to competetors who price their infrastructure gear to allow for 3 to 5 year upgrades. That is if Cisco is trying to get in on the 3 to 5 year lifecycle that IT mfgs seem to want.

anooppshenoi
anooppshenoi

hi it will support web vpn in asa box and visual firewall,

CG IT
CG IT

is this the intergrated platform that also handle VoIP? Think I'm thinking of a different ASA model that is the SMB market switch.....

JoeBeckner
JoeBeckner

I've used the ASA5500 a lot since it came out. It's really the next generation of the PIX. I think they should have kept the PIX name and just called it the PIX5500 or something like that.

JoeBeckner
JoeBeckner

ok, ... ISA does do the Windows side of things well. From what I have seen it does a good job as a Proxy server (and content filter), and as a RADIUS server that integrates with Active Directory. I set up the ISA server as the RADIUS (backended to AD) authentication server for a Cisco ASA5500 VPN Gateway recently and it works great.

CG IT
CG IT

only in that it's really a proxy server that has firewall capabilities plus some pretty good filtering capabilities. What most make mistakes with ISA is that they think its a firewall when in reality it's a proxy server that also has port filtering and content filtering and intergrates with Active Directory. It works a lot like Cisco PIXs where unless allowed, all traffic is denied, but that's where any similarities end. Haven't done anything with ASA except read Ciscos data sheets and some Cisco training material for them.

JoeBeckner
JoeBeckner

The current OS release for the PIX is almost exactly the same as the new ASA5500 series. The ASA5500 has a higher performance. The PIX is a good, reliable system but the new ASA5500 improves on the PIX. By the way the Cisco PIX is still supported. The End-of-Sale for the PIX515E will be July 28, 2008. The last ship date will be Ocober 26, 2008. The last day of new software maintenance realeases for the PIX 8.0 will be July 28, 2009. The last day of hardware and software support will be July 13, 2013 (yes 5 years from now). Speaking of firewalls, I have installed many dozens of Cisco IOS Firewalls, PIXes and ASAs for my clients and they work great. A few months ago I had to help a client who was also has a MS ISA server. I read a book on the ISA, and researched the Microsoft website prior to doing any work on it. The ISA server in my opinion should only be used as a RADIUS authentication server. The firewall capabilities built into the ISA server are a convoluted mess that do not meet generally accepted networking industry practices, supported by other vendors such as Cisco, 3Com, Checkpoint, Sonicwall etc. It looks like Microsoft decided to invent their own networking standards. But I guess that shouldn't come as a surprise

Dumphrey
Dumphrey

"and after 5 years, every other vendor has let me down but not Cisco." Cisco, beyond a doubt, makes high grade equipment. I bemoan the fact that the pix 501 is no more, it flat out kicks @ss as (another poster has noted). And while my config skills on it are poor, Cisco has great support. But in our environment, we have no active switching, its all passive, network connection based. SO $1800 switches did not make sense. But I was well aware of the relaibility trade off between the cisco and trendnet we bought (which have been running problem free for over a month now). So while asadasd was right, Big Buisness Needs Big Iron, CGIt was right as well, SMB and SOHO can not afford Cisco prices (especially at the "target" upgrade cycle), even on their "SMB" products.

CG IT
CG IT

First I'll qualify myself with my opening salvo towards Cisco. At an enterprise level/campus/regional level, Cisco beats anyone elses offerings hands down. Period. Their reliable, stable, and do the job unlike some competing products. At the Consumer & SMB level, Cisco doesn't do so good. One of the biggest problems is pricing. Wel for any one selling to the SMB and consumer markets, price is always the biggest factor. As every infrastructure design is unique, so to are the mixes of products necessary to achieve results. I've installed instrastructure and servers at school districts and have been consulted with regarding upgrades to schools IT systems. In every case, I recommend Cisco equipment for switches, routers and firewalls [well I tend to like ISA Server but that's because its more user friendly for sys admins than Ciscos firewalls [though they have gotten better with web based management]. Schools, like medical facilities require many layers of security to comply with the many privacy laws. Cisco equipment by far bets the competition in providing this [again I lean towards ISA but...]. However, overall, in the SMB and consumer market, Cisco products are way over priced. I would love to stick 1800s and 2960s in every SMB clients network but a basic 1800 costs from $750 to $2000 and to configure it, you need to know IOS and infrastructure networking [not Windows networking]. If that $750 to $2000 capital investment becomes obsolute in 3 to 5 years, the SMB isn't going to plunk down another $750 to $2000 for a new one just because the old one is obsolute or unsupported. Latest and greatest works for gamers, and speciality uses like digital movie making, but SMB and the majority of consumers don't want to spend $750 to $2000 every 3 to 5 years on their networking equipment when they also have to spend another $750 to $2000+ on their computers/laptops as well as new software applications they feel they must have. Here's an example, the post office still uses Windows NT desktops and some NT servers. Some banks still use W2K for desktops. In the SMB area, W2K is still used and I've run into the mom and pop shops that still use Windows 98 and at one place Windows 95. Heck their DOS application only runs on Windows 95 and because every other offering that runs on XP is give a far more complicated user interface, they stuck with their old one.

agonza07
agonza07

As a reseller I never understood why people didn't get something a lot cheaper that Cisco, "I know I would" I told myself. But when I became network admin for a small school district, I found out the hard way that some equipment just ain't up to par with Cisco's offering. 3Com switches that needed to be continually rebooted, Allied Telesyn routers with 100% CPU utilization. In the end you have to get the best for your situation. I ended up replacing my routers with 2621s, I decided to go with Enterprise Dlink for my switches, and a Sonicwall for my Firewall and web filter. I went with Dlink and Sonicwall because I needed to make it easy for the admins to make changes via a web interface and the cost was better than Cisco. The switches can be moved around if one goes down, the firewalls can be moved over to the Cisco routers in case they fail. I place my trust on those Cisco routers staying up, and after 5 years, every other vendor has let me down but not Cisco.

Dumphrey
Dumphrey

and I can see the point of mac address sticky, and the trendnet may do so, I never bothered checking. I would never buy a symantec product unless forced. Sonicwall, no experience with them at all. At one point I had some hope for the linksys soho appliances, the routers in particular, but from all I have read, they flop big =\ Not really an improvement over their consumer products, just an alternative. Now, don't get me wrong, Im not Cisco Hatein'. I like Cisco, but there needs to me more (viable) choice for SOHO's and SMB's. A cisco 871 is still close to $800, but would do jsut fine for smaller SMB's and like a champ for a SOHO (actually, I use one at home, thank you cisco academy). And at work, I love our PIX. It does its job well. Heck, we are barely using a third of its capacity. Its tiny, sucks next to no juice, and seriously fast. I could not build something that size, with that power, for less then $1500 (flexibility would still be an issue as would vpn end point as that would depend on software). But Cisco does need to take a step back and cut out the clutter. Make about 8 chassis, all modular. pay for the interfaces you need. A small basic unit with 2 rj45's? $500. A grand daddy beast with 17 serials, 128 rj45s, and 16 fiber? $50,000. Modular. They would lower production cost, and raise sales. Chasis cheep(ish), interface cards pricey.

CG IT
CG IT

for SMB market, who needs pricey Cisco stuff when there is cheaper equipment that does everything you need it to do at a 3rd or more the cost. The only think I like about Catalyst switches is that I can assign a MAC address to a switch port for security with or without VLANs. The only other product for SMB that I see a real need for and is reasonably priced, is the ability to limit internet access by user or device by time. Don't get me started with Sonicwall devices or symantec devices. SonicWall has great devices and great prices for their basic routers, but when you start adding in their functionality modules that you really need that aren't supported by their basic design, the TOC starts going up rapidly. Especially when you figure in the yearly licensing costs for all that functionality. If Microsoft came out with a device that ran ISA server that costs under $500.00 the SMB market would eat it up. Heck with Cisco.

Dumphrey
Dumphrey

it can be more like 5 to 7 depending on the role played by the gear. An edge router or firewall? 3 to 5 sure. An off in the corner workgroup switch? Who cares? someday it may just die and get replaced... What cisco is counting on is their name to pull them through... it aint happening. When we moved, I did not buy any cisco switches, I bought trendnet. I can replace the trendnet 48port gigabit switch like 9 times (or more) for the cost of 1 cisco. And at that price, I could afford to upgrade every 3 to 5 years. Its not a fully managed switch, but it can do vlans, trunks, port mirroring and qos through a web interface. 99% of everything i'm likely to do with a switch.