Cisco 3845 ISR with CallManager Express

Reviews 24 May, 2006

Dave Mitchell takes a look at the latest behemoth from networking specialists Cisco and discovers that, for IT departments looking to consolidate masses of kit, the firm's range of ISRs (integrated services routers) is well worth a look

4
Price: 
£6,885
From £6,885
Verdict: 
Cisco's new ISR offers a veritable feast of communications, security and data services, a huge expansion potential and a surprisingly simple installation plus excellent wizard-driven configuration and management processes

The launch of Cisco's new ISR (integrated services router) family see the networking giant take on centralised network security and services across the entire SMB, mid-range and enterprise markets.

At the entry point, you have the new Series 800 appliances. This is followed by the Series 2800, which takes on the SMB and enterprise branch office markets, and it all culminates in the Series 3800, which targets mid-size businesses and enterprises. In this review, we take an exclusive look at the top dog 3845 ISR platform along with Cisco's latest Unified CallManager Express and VoiceMail features.

For IP telephony, the 3845 supports up to 240 IP phones and can accept a huge range of optional modules with over 90 currently available. Four small slots arranged along the top of the rear panel accept Cisco's single-wide and double-wide HWICs (high-speed WAN interface cards), and there are plenty to choose from. For example, you have ISDN, E1 and T1 with four- and nine-port WAN modules.

There are also ADSL modules available, the latest of which is a single-wide module with ADSL2/2+ support and ISDN dial-up backup. Wireless is also supported, with the router able to act as a central administrative point for multiple Cisco AiroNet access points.

Underneath these slots are four larger ones for Cisco's network modules with 16 and 36-port 10/100BaseTX modules available and PoE with the optional power supply upgrade fitted.

Using the EVM (extension voice module) slot, you can fit a module that'll provide standard analogue and digital voice and fax services, and there are expansion cards that add IP telephony with support for both H.323 and SIP protocols. The latter can bring into play a wide range of Cisco IP phones, all managed using the Unified CallManager Express tools.

Wizard stuff

You don't need to access the IOS for initial installation. You just point a web browser at the router's default IP address, where you're greeted by Cisco's new SDM (security device manager) Express. This offers wizards to help set up basic LAN, WAN and firewall configuration after which you can install the full SDM utility on a PC and firmware using the router's CompactFlash memory card.

The main SDR interface kicks off with an overview of the router showing the status of flash memory, LAN and WAN interfaces, firewall policies and so on. The Configure tab provides access to all features and you can start by setting up the various interfaces.

The firewall is turned off by default, but the basic setup wizard will have it running in seconds as you select the internal and external interfaces and choose from three predefined settings. The highest of these employs standard SPI firewalling but augments it with application inspection allowing you to block traffic such as IM and P2P. The firewall can be customised with your own rules using an advanced wizard and this includes options for DMZs using specific interfaces.

Rules can also be created using the router's application inspection abilities, so you can inspect email, block or allow P2P and IM traffic, filter URLs locally or add details of external filtering servers. You can also request alerts to be sent when traffic such as multimedia or FTP is detected.

Intrusion prevention uses regularly downloaded signature files, while QoS can be applied on the WAN interfaces. Again, a wizard takes you through this process and allows you to select real-time traffic such as VoIP or business-critical traffic including database and network management traffic. The 3845 offers extensive IPSec VPN features too, including 3DES and AES hardware encryption.

Site-to-site tunnels can be configured in a few steps using yet another wizard, and as well as mobile client tunnels the router also offers Cisco's WebVPN feature for creating SSL VPNs.

VOIP capabilities

IP telephony is covered by Cisco's AIM and CUE modules, which come preinstalled. Cisco offers a new range of IP phones with to connect to the ISR that boast higher-resolution displays and video call support.

All call and handset management is dealt with by Unified Call Manager Express, a web-based interface that allows management with a browser. Cisco has worked hard on reducing installation to dial-tone times and the handsets can be easily registered with the router using a bar-code scanner.

And, once installed on the network, phones are listed in the main interface for easy access. From here you can remotely modify display panels and set up advanced features such as hunt groups, call blocking, dial plans and so on.

For voicemail, a separate module needs to be added that provides a hard disk for storing messages. With this in place, you'll find a new tab on the CallManager management interface for accessing Cisco's Unity Express VoiceMail. From here you can manage individual's mailboxes and distribution lists, configure call handling, prompts and scripts and even add details such as holiday dates.

Two areas that the router doesn't address are anti-virus and anti-spam, but even here the 3845 has an answer. For the former, you use Cisco's NAC (network admission control), which determines an endpoint's security status, or "posture" on the network. This grants access dependant on what is running on the endpoint, which in this case would be anti-virus software.

NAC is enabled by default on all the router's interfaces, but it must have a connection using RADIUS to a Cisco Secure ACS (access control server). Setting up NAC on the 3845, however, is easy enough, as a wizard runs through defining the ACS and creating an exception list for devices such as printers and IP phones. Each client is permitted or denied access by Cisco's NAD (network access device), and this component runs on the router. For anti-spam measures, you'll need to set up access controls from SDM that look for POP3 and SMTP traffic and pass it on to a separate filtering server or appliance.

All in one

Cisco's 3845 is one seriously impressive appliance, one that has the ability to handle virtually all of a business's data services, security and communications requirements.

At only 3U high, the chassis is also incredibly compact in comparison to the equipment you could replace with it, and it also supports a massive range of modules, offering huge expansion potential. Installation and configuration, too, are handled with aplomb.

It's an excellent piece of equipment: well-designed, easy to use, impressively competent and comes highly recommended.

Specifications: 

Form factor: 3U rack chassis
Memory: 256MB ECC SDRAM expandable to 1GB, 64MB flash memory
Ports: 2 x Gigabit Ethernet, RJ-45 console port, 2 x USB 2, 4 x WAN interface slots, 4 x NME module slots, 1 x EVM module slot, 1 x CompactFlash card slot, Cisco SDM included, IOS and web browser management
Hardware modules for Unity Express: AIM, £974; NM-CUE, £1,627