Tech Support > Computer Hardware > Routers > Re: CISCO Vs Consumer Grade
Re: CISCO Vs Consumer Grade
Posted by Walter Roberson on November 6th, 2005


In article <e5hqm1hp8pmsgfmoglk09m04csufqc4au6@4ax.com>,
mhaase-at-springmind.com <mhaase-at-springmind.com> wrote:
Routers and switches:

Until you get to the highest end Linksys, afaik, you won't get
a managed product -- no ability to look at error counts, no ability
to watch traffic volumes, no ability to check to see if new devices
are introduced on your network, and so on.

I don't recall that any of the Linksys devices are "wire speed" -- able
to handle all the ports at full speed.

The linksys isn't going to have policy-based routing, or any
facility for bandwidth control and not much (if any) facility
for traffic policing.


Firewalls:

The BEFSX11 supports only two Security Associations, both to the
same peer. Once to four times each day, the currently transmitting
TCP connection freezes, the security associations drop, and when
they get renegotiated the other TCP connections are fine but that
active connection is dead, never to be recoverable. (Suppose for example
you are in the middle of typing a letter on a remote system and it
freezes on you...) I'm not sure about cause and effect here: plausibly
it was a case that when the SA's were expiring normally that the active
TCP connection would die. The frequency of the freezes make this
device unsuitable for use in business where loss of a connection may
be a significant hastle.

The BEFVP41 supports more Security Associations, and more than one
peer, and only freezes the connections once a week or less
(but they still do freeze from time to time.) The BEFVP41 has trouble
recovering sometimes when the ISP changes a DHCP'd interface IP
being used for a tunnel, requiring that one go in to the GUI interface
and press the "connect" control... not so bad if you are local, but
not something you want to be dealing with on a remote system.

The PIX has *much* finer-grained control over what is allowed
through and what is not, and much finer-grained control over exactly
how IP addresses get translated.

The PIX has support for a series of protocols, to know to translate
IP addresses and port numbers embedded in the protocols (e.g., in
order to receive a file in FTP, your system has to tell the other
system which IP and port to connect to, and the PIX needs to
mediate between your internal addresses and the external ones.)
The set of protocols supported by the PIX is not as extensive as
is now supported by some of the other manufacturers... but the
Linksys simply don't document that kind of protocol support at all.

--
All is vanity. -- Ecclesiastes


Similar Posts