07-22-2009 04:16 AM
I am very dissapointed with Ciscos release of the SR520. I was excited at first having a good software feature set and rack mountable (about the only ADSL router I have found that doesnt need a shelf). My dissapointment was with the CCA config software (using the latest 2.0.1 version). Having used CCA with the UC500, I was pleased with it (although I have moved away from CCA for my own system due to lack of support for EM, I will be sticking to it as much as possible for out UC500 installs to customers). However I came across the following major problems:
- ADSLoPOTS setup... the UK (and alot of europe as far as I know) use PPPoA for ADSL connections. There is no support for this within CCA
- VPN setup... trying to create a VPN tunnel between this and a Watchguard.... no support for IPSEC tunnels within CCA
- Firewall setup.... trying to create a basic firewall... no real options from the basic Low, Medium, High. I needed to allow Pings from a certain address range.
The dissapointment then continued even further when I couldnt even fall back to SDM to configure the device!!!
At this point I gave up and configured the entire thing by CLI, which resulted in the installation taking a whole day instead of a few hours.
I have since changed all our orders/quotes the include an SR520 and gone back to the 800 series. Furthermore, this is a major blow for us to move from Watchguard devices to Cisco devices (not every engineer is trained for CLI commands and we need a product with a easy but robust GUI)
I was wondering if anyone else has any comments on the SR520 outside the US? Any comments from Cisco? Is there something I have fundamentally missed with this? With CCA well into its 2.0 release I would have expected basic features like ADSL setup to be straight off the mark.
Can anyone from the UK tell me their experiences with the SR520?
01-28-2010 03:02 PM
All,
Firstly, thank you very much for both your feedback and comments regarding the SR520. Also, thanks Marcos for bringing this to our attention.
There have certainly been some challenges with the positioning and configuration of this product since it was launched – as you know we’ve been working hard to build a broad portfolio of products specifically for the Small Business market and in our efforts to do this, we seem to have overlooked a number of aspects that would make the SR520 a great product for you to position and sell.
Looking forward, we hope to continue to offer you the best products for your customers.
a) The ISR870 and ISR880 series of routers will continue to offer market leading feature support and flexibility when you need it.
b) We will continue to offer and support the SR520 as a component of the SBCS solution for the time being. A new SmartDesign guide is about to be published to help with deployment and configuration.
c) In April, we will bring to market a new range of Cisco Small Business devices in this space – the SRP500. Unlike the ISR800 and SR520, these products will be Linux based and will have their own integrated GUI (no CLI). ADSL2+ and Ethernet variants of this product will be made available in small and mid-sized versions and all will offer 802.11n wireless. These products will be aggressively priced in comparison to the SR520 and ISR800 and will have a place as both a standalone device and as part of the SBCS solution.
If I might respond specifically to one of the points raised in this thread – I used CCA v2.2.1 and a factory default SR520 to connect to my BT ADSL service in the UK this evening without any issue. CCA uses pppoe-client configuration on the ATM interface, but this seems to be perfectly functional (for me at least).
Please keep the feedback coming. Myself, Maulik and Jayesh from the Product Management team will keep a track of this thread if you have any further comments.
Best Regards
Andy Hickman
01-29-2010 05:39 AM
Hello
when i set up the sr520 to connect to my bt adsl connection it would not connect via cca using pppoe. By using cli it did connect using pppoa. Are you sujesting that it should work through pppoe if so i will give it a go again
Andrew
01-29-2010 06:07 AM
I have the exact same issue.
PPPoE: not supported by provider, but supported by CCA
PPPoA: only supported by provider, have to do this from the CLI
Can you at least give us a timeframe for the following issues:
* When will we be able to program PPTP server from the CCA (currently only CLI)
* When will we be able to program PPPoA from the CCA
And, lastly:
Are you planning on giving more granular firewall control from the CCA?
Eljakim
01-29-2010 08:29 AM
Hi Eljakim,
I understand that PPPoA is generally what is used by ADSL access devices (as it is the simplest implementation), but are you saying that your provider categorically does not support PPPoE? Which ISP are you using out of interest?
Using a PPPoE client bound to the DSL interface on the SR520, ought to emulate PPPoA pretty closely.
Could you try the configuration process that I just posted for Andrew on this thread and let me know how you get on?
To your questions:
* When will we be able to program PPTP server from the CCA (currently only CLI)
It's unlikely that we will support PPTP specifically in the SBCS solution. Our goal for SBCS is to try to make deployment as straight forward as possible for Select Partners and Small Businesses and in so doing, we have not exposed many features that could just cause confusion. For example, for VPN we have chosen to use the IOS EZVPN feature: This is somewhat academic to most users as they just want VPN access that can be set up as easily as possible.
Of course, you have seen that you can use this feature through CLI - it is also well covered by the ISRs and SDM if you need extended flexibility.
* When will we be able to program PPPoA from the CCA
There are no immediate plans to support this - I would be interested in your feedback from above to help me see how best we could move forward on this one.
Are you planning on giving more granular firewall control from the CCA?
We often hear this request and I do appreciate that the settings are somewhat high level currently. Many firewall settings are configured transparently by CCA based on what has been configured under features like NAT port forwarding and DMZ. This approach trades the flexibility that you might be used to in IOS with ease of deployment and makes the solution easier to support.
Can you give me some examples of the firewall features that you would like to be able to configure? I'll take these to the CCA Product Manager as see how we can move this forward.
Thanks again for your feedback,
Andy
01-29-2010 08:52 AM
PPPoA: ISP = xs4all
Here is the relevant bit from our configuration. Believe me when I tell
you that we tried everything from the CCA before moving to the CLI.
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
01-29-2010 09:01 AM
Believe me when I tell you that we tried everything from the CCA before moving to the CLI.
Thanks for the detail - I believe you :)
01-29-2010 08:54 AM
PPTP
The reason we like PPTP is that it is so well supported and you don't need any special client software.
We just installed another SR520 model where we used the VPN options that come out of the box. The client does not like the extra client software that has to be installed and is asking 'why can't we just use the Microsoft client'.
Am I completely mistaken here?
01-29-2010 09:05 AM
Am I completely mistaken here?
Not at all. This really comes back to the point I made earlier about trying to have a common approach. When developing the SBCS solution, the Cisco VPN client had pretty good client / OS coverage, so it made sense to standardise on that.
01-29-2010 08:57 AM
I think the firewall issue comes down to the fact that it sometimes appears that random things are happening.
We had some Cisco staff fiddle with our firewall rules (under the smartnet contract) and they could not figure out what they wanted to do.
I can pm you our entire config so you can see what they have done, and you can then say whether it makes sense or not. Just send me your e-mail and I'll send you the config.
01-29-2010 09:16 AM
Thanks again for the feedback.
It is true that there have been some issues with firewall ACL management with CCA. Those are defects that we treat seriously and continue to address - it's a shame that you were impacted by this.
That shouldn't distract however from the general provisioning approach that we have taken with CCA (and our new SRP500 devices for that matter).
Please feel free to send me your config via private message on this community.
I'd still be interested to hear what functionality you would like to see added to the firewall. I'm really interested in your high level views - nothing IOS specific.
Andy
01-29-2010 09:51 AM
It may very well be the case that the firewall issues stem from the CLI configuration of PPTP. I just remember that your support people had major problems with it. (but they also said that the zone-based security was new to them)
You know, even if you don't build it into the CCA, it may make sense to have a conf analyzer tool that tells you what rules are in the system. Or are there any third party tools that help with this?
02-03-2010 10:36 AM
Hello
After a bit of experimenting a few resets to factory and so on everything seems to be working pppoe with a standard UK bt adsl connection.
It seemed everytime I set some nat port forwarding on the sr 520 no internet traffic from the uc500 would get passed the sr520 ? However setting the nat i required and then rebooting the sr520 seemed to solve the problem.
Happy now !
01-29-2010 07:30 AM
Hi Andrew,
That's right. I have a standard BT Business Broadband service.
Using a factory default router configuration and CCA2.2.1, I just entered the standard VPI/VCI (0/38) for BT and used my PPP username and password.
Having committed the configuration, I renewed the DHCP lease on my PC (to get the DNS server IP provided by BT over the DSL connection) and it worked.
For your information, this is the configuration that CCA created for me:
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username
ppp ipcp dns request
Let me know how it goes for you.
Cheers
Andy
01-30-2010 12:51 PM
Hello
Well how strange i reset sr520 to factory settings and managed to get it to connect as you suggested.
Frustaing thing is it would not hold the connection for more than half an hour !!
After much trying to find the problem no success so I reverted back to my original ppoa via the cli and works fine again ?
Would be nice to know why it wont work if anyone could shed some light for me
Regards
Andrew
02-20-2010 11:56 AM
I am using SR520-ADSL-K9 in Mauritius where we only have access to PPPoA 8/35 and i have tried set it up via CCA but it only give you PPPoE!!!! as I have a smartnet, i have call TAC and they realized that their was a problem with my router itself, so we have asked for an RMA, which toke me 7 days to get a new one (even if I have a NBD contract!!!) + the new one which came too have the same problem!!! so now I need to wait another week hoping that I will get another one and that TAC can finally set my PPPoA!!!!
I think the product should be review!!! 2 units faulty + can't setup from CCA!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide