Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SR520 Dissapointment

I am very dissapointed with Ciscos release of the SR520. I was excited at first having a good software feature set and rack mountable (about the only ADSL router I have found that doesnt need a shelf). My dissapointment was with the CCA config software (using the latest 2.0.1 version). Having used CCA with the UC500, I was pleased with it (although I have moved away from CCA for my own system due to lack of support for EM, I will be sticking to it as much as possible for out UC500 installs to customers). However I came across the following major problems:

- ADSLoPOTS setup... the UK (and alot of europe as far as I know) use PPPoA for ADSL connections. There is no support for this within CCA

- VPN setup... trying to create a VPN tunnel between this and a Watchguard.... no support for IPSEC tunnels within CCA

- Firewall setup.... trying to create a basic firewall... no real options from the basic Low, Medium, High. I needed to allow Pings from a certain address range.

The dissapointment then continued even further when I couldnt even fall back to SDM to configure the device!!!

At this point I gave up and configured the entire thing by CLI, which resulted in the installation taking a whole day instead of a few hours.

I have since changed all our orders/quotes the include an SR520 and gone back to the 800 series. Furthermore, this is a major blow for us to move from Watchguard devices to Cisco devices (not every engineer is trained for CLI commands and we need a product with a easy but robust GUI)

I was wondering if anyone else has any comments on the SR520 outside the US? Any comments from Cisco? Is there something I have fundamentally missed with this? With CCA well into its 2.0 release I would have expected basic features like ADSL setup to be straight off the mark.

Can anyone from the UK tell me their experiences with the SR520?

Everyone's tags (6)
32 REPLIES
New Member

Re: SR520 Dissapointment

Hi Chris,

Thanks for this feedback. I have forwarded your comments to the SR520 Product Management team.

Marcos

New Member

Re: SR520 Dissapointment

Hello

I seem to have fallen into the same trap purchased an sr520 and cannot get it to connect using the cca to the uk adsl.

I understand it can be done using the cli

Could someone explain as simply as possible how do do it

Thanks

Andrew

Re: SR520 Dissapointment

New Member

Re: SR520 Dissapointment

Hello

Thankyou for pointing me in the right direction.

I think im almost there but not quite.

If someone could look at the atached files and advice what else i need to do i would be gratefull.

all im trying to do is atach the sr520 to the uc 520with the sr520 as the gateway to the internet

or have i got it all completely wrong !!

I think it would have been a lot easier if i could have used the cca to conect to the internet with pppoatm

Thankyou

Re: SR520 Dissapointment

Hi Andrew,

The debug looking good as far as the SR520 is concerned, my comments are in blue. Just  a few comments on a bit of the PPP debug you captured. Sure looks good.

Aug  9 20:49:34.627: Vi2 PPP: Phase is UP    Point to Point protocol is up and IP negotiation is about to start
Aug  9 20:49:34.627: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10
Aug  9 20:49:34.627: Vi2 IPCP:    Address 81.130.215.177 (0x03065182D7B1)
Aug  9 20:49:34.627: Vi2 CDPCP: O CONFREQ [Closed] id 1 len 4
Aug  9 20:49:34.627: Vi2 PPP: Process pending ncp packets
Aug  9 20:49:34.627: Vi2 IPCP: Redirect packet to Vi2
Aug  9 20:49:34.627: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10
Aug  9 20:49:34.627: Vi2 IPCP:    Address 81.134.96.1 (0x030651866001)
Aug  9 20:49:34.631: Vi2 IPCP: O CONFACK [REQsent] id 1 len 10
Aug  9 20:49:34.631: Vi2 IPCP:    Address 81.134.96.1 (0x030651866001)
Aug  9 20:49:34.675: Vi2 IPCP: I CONFACK [ACKsent] id 1 len 10
Aug  9 20:49:34.675: Vi2 IPCP:    Address 81.130.215.177 (0x03065182D7B1)
Aug  9 20:49:34.675: Vi2 IPCP: State is Open
Aug  9 20:49:34.675: Di1 IPCP: Install route to 81.134.96.1
Aug  9 20:49:34.679: Vi2 LCP: I PROTREJ [Open] id 2 len 10 protocol CDPCP (0x820
701010006)
Aug  9 20:49:34.679: Vi2 CDPCP: State is Closed
Aug  9 20:49:34.679: Vi2 CDPCP: State is Listen
Aug  9 20:49:34.679: Vi2 IPCP: Add link info for cef entry 81.134.96.1 Looks like IP Control Protocol (IPCP)has successfully negotiated as well so at this point you should be able to ping IP devices on the Internet from the SR520 command line
Aug  9 20:49:35.627:
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

Look like you configured the atm interface rather well,  should be able to ping at this point devices on the Internet from the SR520 command line.  But the firewall does not seem to be active on the  WAN dialer interface.

In terms of what to do next Marcos Hernandez produced a brief guide with a number a scenarios;

https://www.myciscocommunity.com/docs/DOC-5869

But, if you are a Value Added Reseller or Cisco partner, you should open a case with the folks at the Cisco's  Planning Design Implementation (PDI) group to pose the question on how to lay out the hardware topology that you want.  This is a free service to SMB "select" Cisco partners or VARs.  You still need to do some configuration to get the firewall working properly (if you want).

But feel free to open a case with the PDI, they are there to help with your Planning design and implementation  and make your installs successful.  But check out their website, the link to it is below;

http://www.cisco.com/web/partners/tools/helponline/pdi/index.html

I have no idea where you live, but if you need some guidance or someone to help facilitate support for you, have a word to your local pre-sales cisco Systems Engineer or the support Staff at your distributor. 

regards Dave

New Member

Re: SR520 Dissapointment

AFter resting the sr520 to facory I found by altering the config as per the atached file everything seems to work fine.

Perhaps others may find this usefull.

For some reason it doea seem to mess up the cca on the uc520 the outgoing dial plan will only show sip trunk not isdn and the incoming did wont show what was previously configured.

New Member

Re: SR520 Dissapointment

Hi Marcos,

I reported the same issues a couple of months ago (along with a bunch of other CCA complaints and bugs).

Do you know if product management intends to do anything about these issues?

Eljakim

New Member

Re: SR520 Dissapointment

Hi Eljakim,


These problems have been escalated and reported. I will update this thread when I hear back from the respective product owners.


Thanks,


Marcos

New Member

Re: SR520 Dissapointment

Has the SR520 improved since this experience?  I'm not sure about trying this product for the first time and would rather stick with the ASA5500.  Any experience with creating a VPN from the SPA525G to the SR520 and/or ASA5500?

New Member

Re: SR520 Dissapointment

So far I don't think any of our issues have been resolved.

We moved away from the SR520 as ADSL connection point because it just is

too much of a hassle to work from the CLI.

I don't really think the Cisco engineers really understand the problem; it's

been a long time, and any in depth response has never arrived.

It's a shame really; I spent a long time writing down all kinds of bugs

and issues with the CCA, but only received a response from Cisco

after begging for it, and then the response was 'it's been sent on'.

Too bad, this CiscoCommunity forum seemed like a way to communicate

back with Cisco, but I don't think they see it as such. It feels more like

a marketing gimmick that is just a basic forum with the extra addition

of Cisco staff also roaming around and being identifiable.

Sorry if I sound skeptical or stole your threat with this comment, but

it is truely annoying.

New Member

Re: SR520 Dissapointment

looking at the length of time passed since weve been waiting for an update and there has been updates to cca. with nothing to address the ppp over a issue ?

New Member

Re: SR520 Dissapointment

Correct. It has not been addressed, nor has a timeframe to address it been given.

Basically the SR500 series is not aimed at small businesses in Europe.

Eljakim

New Member

Re: SR520 Dissapointment

:( Well, after 6 months since my first post and no progress, the SR520 is destined to become eBay material and is to be replaced by a Draytek Vigor 2820 with a rack kit (at way under half the price too). Whilst I have myself the ability to configure these devices by hand, other engineers in the company do not therefore it is not an option to keep it without having a GUI. Would have been nice to at least see SDM support enabled for it, even as an unsupported thing.... I can't imagine it would be that much different from a 800 series router.

New Member

Re: SR520 Dissapointment

All,


I have asked the Product Manager for the SR500 to explain our plans and clarify positioning.

I will say that I respectfully disagree with the post that claims this Community is a marketing fad. A lot of people put their time and effort in trying to answer questions and help our resellers and customers, even when a support contract does not exist. We also use this community to gather feedback, conduct beta programs and deliver training, all that without moderation or censorship, unless the content becomes a risk and could be used maliciously.

Please keep using this community to get support and voice your opinion. Your comments are always welcome.

Marcos Hernandez

Technical Marketing Engineer

Cisco Systems, Inc.

Cisco Employee

Re: SR520 Dissapointment

All,

Firstly, thank you very much for both your feedback and comments regarding the SR520.  Also, thanks Marcos for bringing this to our attention.

There have certainly been some challenges with the positioning and configuration of this product since it was launched – as you know we’ve been working hard to build a broad portfolio of products specifically for the Small Business market and in our efforts to do this, we seem to have overlooked a number of aspects that would make the SR520 a great product for you to position and sell.

Looking forward, we hope to continue to offer you the best products for your customers.

a)      The ISR870 and ISR880 series of routers will continue to offer market leading feature support and flexibility when you need it.

b)      We will continue to offer and support the SR520 as a component of the SBCS solution for the time being.  A new SmartDesign guide is about to be published to help with deployment and configuration.

c)       In April, we will bring to market a new range of Cisco Small Business devices in this space – the SRP500.  Unlike the ISR800 and SR520, these products will be Linux based and will have their own integrated GUI (no CLI).  ADSL2+ and Ethernet variants of this product will be made available in small and mid-sized versions and all will offer 802.11n wireless.  These products will be aggressively priced in comparison to the SR520 and ISR800 and will have a place as both a standalone device and as part of the SBCS solution.

If I might respond specifically to one of the points raised in this thread – I used CCA v2.2.1 and a factory default SR520 to connect to my BT ADSL service in the UK this evening without any issue.  CCA uses pppoe-client configuration on the ATM interface, but this seems to be perfectly functional (for me at least).

Please keep the feedback coming.  Myself, Maulik and Jayesh from the Product Management team will keep a track of this thread if you have any further comments.

Best Regards

Andy Hickman

New Member

Re: SR520 Dissapointment

Hello

when i set up the sr520 to connect to my bt adsl connection it would not connect via cca using pppoe. By using cli it did connect using pppoa. Are you sujesting that it should work through pppoe if so i will give it a go again

Andrew

New Member

Re: SR520 Dissapointment

I have the exact same issue.

PPPoE: not supported by provider, but supported by CCA

PPPoA: only supported by provider, have to do this from the CLI

Can you at least give us a timeframe for the following issues:

* When will we be able to program PPTP server from the CCA (currently only CLI)

* When will we be able to program PPPoA from the CCA

And, lastly:

Are you planning on giving more granular firewall control from the CCA?

Eljakim

Cisco Employee

Re: SR520 Dissapointment

Hi Eljakim,

I understand that PPPoA is generally what is used by ADSL access devices (as it is the simplest implementation), but are you saying that your provider categorically does not support PPPoE?  Which ISP are you using out of interest?

Using a PPPoE client bound to the DSL interface on the SR520, ought to emulate PPPoA pretty closely.

Could you try the configuration process that I just posted for Andrew on this thread and let me know how you get on?

To your questions:

* When will we be able to program PPTP server from the CCA (currently only CLI)

It's unlikely that we will support PPTP specifically in the SBCS solution.  Our goal for SBCS is to try to make deployment as straight forward as possible for Select Partners and Small Businesses and in so doing, we have not exposed many features that could just cause confusion.  For example, for VPN we have chosen to use the IOS EZVPN feature: This is somewhat academic to most users as they just want VPN access that can be set up as easily as possible.

Of course, you have seen that you can use this feature through CLI - it is also well covered by the ISRs and SDM if you need extended flexibility.

* When will we be able to program PPPoA from the CCA

There are no immediate plans to support this - I would be interested in your feedback from above to help me see how best we could move forward on this one.

Are you planning on giving more granular firewall control from the CCA?

We often hear this request and I do appreciate that the settings are somewhat high level currently.  Many firewall settings are configured transparently by CCA based on what has been configured under features like NAT port forwarding and DMZ.  This approach trades the flexibility that you might be used to in IOS with ease of deployment and makes the solution easier to support.

Can you give me some examples of the firewall features that you would like to be able to configure?  I'll take these to the CCA Product Manager as see how we can move this forward.

Thanks again for your feedback,

Andy

New Member

Re: SR520 Dissapointment

PPPoA: ISP = xs4all

Here is the relevant bit from our configuration. Believe me when I tell

you that we tried everything from the CCA before moving to the CLI.

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no atm ilmi-keepalive

pvc 8/48

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 199 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname cisco
ppp chap password 7 BLAAAT
ppp pap sent-username BLAAAT password 7 BLAAT
ppp ipcp dns request
Cisco Employee

Re: SR520 Dissapointment

Believe me when I tell you that we tried everything from the CCA before moving to the CLI.

Thanks for the detail - I believe you :)

New Member

Re: SR520 Dissapointment

PPTP

The reason we like PPTP is that it is so well supported and you don't need any special client software.

We just installed another SR520 model where we used the VPN options that come out of the box. The client does not like the extra client software that has to be installed and is asking 'why can't we just use the Microsoft client'.

Am I completely mistaken here?

Cisco Employee

Re: SR520 Dissapointment

Am I completely mistaken here?

Not at all.  This really comes back to the point I made earlier about trying to have a common approach.  When developing the SBCS solution, the Cisco VPN client had pretty good client / OS coverage, so it made sense to standardise on that.

New Member

Firewall

I think the firewall issue comes down to the fact that it sometimes appears that random things are happening.

We had some Cisco staff fiddle with our firewall rules (under the smartnet contract) and they could not figure out what they wanted to do.

I can pm you our entire config so you can see what they have done, and you can then say whether it makes sense or not. Just send me your e-mail and I'll send you the config.

Cisco Employee

Re: Firewall

Thanks again for the feedback.

It is true that there have been some issues with firewall ACL management with CCA.  Those are defects that we treat seriously and continue to address - it's a shame that you were impacted by this.

That shouldn't distract however from the general provisioning approach that we have taken with CCA (and our new SRP500 devices for that matter).

Please feel free to send me your config via private message on this community.

I'd still be interested to hear what functionality you would like to see added to the firewall.  I'm really interested in your high level views - nothing IOS specific.

Andy

New Member

Re: Firewall

It may very well be the case that the firewall issues stem from the CLI configuration of PPTP. I just remember that your support people had major problems with it. (but they also said that the zone-based security was new to them)

You know, even if you don't build it into the CCA, it may make sense to have a conf analyzer tool that tells you what rules are in the system. Or are there any third party tools that help with this?

New Member

Re: Firewall

Hello

After a bit of experimenting a few resets to factory and so on everything seems to be working pppoe with a standard UK bt adsl connection.

It seemed everytime I set some nat port forwarding on the sr 520 no internet traffic from the uc500 would get passed the sr520 ? However setting the nat i required and then rebooting the sr520 seemed to solve the problem.

Happy now !

Cisco Employee

Re: SR520 Dissapointment

Hi Andrew,

That's right.  I have a standard BT Business Broadband service.

Using a factory default router configuration and CCA2.2.1, I just entered the standard VPI/VCI (0/38) for BT and used my PPP username and password.

Having committed the configuration, I renewed the DHCP lease on my PC (to get the DNS server IP provided by BT over the DSL connection) and it worked.

For your information, this is the configuration that CCA created for me:

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
  pppoe-client dial-pool-number 1
!
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname @hg43.btclick.com
ppp chap password
ppp pap sent-username @hg43.btclick.com password
ppp ipcp dns request

Let me know how it goes for you.

Cheers

Andy

New Member

Re: SR520 Dissapointment

Hello

Well how strange i reset sr520 to factory settings and managed to get it to connect as you suggested.

Frustaing thing is it would not hold the connection for more than half an hour !!

After much trying to find the problem no success so I reverted back to my original ppoa via the cli and works fine again ?

Would be nice to know why it wont work if anyone could shed some light for me

Regards

Andrew

New Member

Re: SR520 Dissapointment

I am using SR520-ADSL-K9 in Mauritius where we only have access to PPPoA 8/35 and i have tried set it up via CCA but it only give you PPPoE!!!! as I have a smartnet, i have call TAC and they realized that their was a problem with my router itself, so we have asked for an RMA, which toke me 7 days to get a new one (even if I have a NBD contract!!!) + the new one which came too have the same problem!!! so now I need to wait another week hoping that I will get another one and that TAC can finally set my PPPoA!!!!

I think the product should be review!!! 2 units faulty + can't setup from CCA!!!!

10306
Views
0
Helpful
32
Replies