The Cisco® 870 Series Integrated Services Routers extend the high-performance Cisco Integrated Services Router capabilities of running secure concurrent services, including firewall, VPNs, and WLANs, at broadband speeds to small offices. Easy deployment and centralized management features enable the Cisco 870 Series to be deployed in small office or teleworker sites as part of an enterprise network, by small to medium business customers for secure WAN and WLAN connectivity, or used by service providers to offer business-class broadband and WLAN services.
Cisco 870 Series of integrated services routers are fixed-configuration routers that support multiple types of DSL technologies, broadband cable, and Metro Ethernet connections in small offices (Figures 1 and 2). They provide the performance needed to run concurrent services, including firewall, intrusion prevention, and encryption for VPNs; optional 802.11b/g for WLAN networking; and quality of service (QoS) features for optimizing voice and video applications. In addition, the Cisco Router and Security Device Manager (SDM) Web-based configuration tool simplifies setup and deployment (Figure 3), and centralized management capabilities give network managers visibility and control of the network configurations at the remote site.
Cisco 870 Series integrated services routers offer:
• High performance for broadband access in small offices
• Enhanced security, including:
– Stateful Inspection Firewall
– IP Security (IPSec) VPNs (Triple Data Encryption Standard [3DES] or Advanced Encryption Standard [AES])
– Intrusion prevention system (IPS)
– Antivirus support through Network Admission Control (NAC) and enforcement of secure access policies
• 4-port 10/100 managed switch with VLAN support
• Secure WLAN 802.11b/g option with use of multiple antennas
• Easy setup, deployment, and remote management capabilities through Web-based tools and Cisco IOS® Software
Figure 1. Cisco 871 Integrated Services Router
Table 1 lists the routers that currently make up the Cisco 870 Series.
Table 1. Cisco 870 Series Models
Integrated ISDN Dial Backup
10/100 Mbps Fast Ethernet
4-port 10/100 Mbps managed switch
Yes (Cisco 871W)
Asymmetric DSL (ADSL) over ISDN
4-port 10/100 Mbps managed switch
Yes (Cisco 876W)
ADSL over POTS
4-port 10/100 Mbps managed switch
Yes (Cisco 877W)
4-port 10/100 Mbps managed switch
Yes (Cisco 878W)
The Cisco 870 Series is ideal for small remote offices and teleworkers that need to be connected to larger enterprise networks. When extending corporate networks to numerous remote sites, network resources must remain secure while giving users access to the same applications found in a corporate office. This applies to both data and voice applications, where IP phones can be used to extend a corporate voice extension to the remote office. When users require WLAN access, visibility and control of network security is even more critical at the remote site. The Cisco 870 Series meets this need with a single device that combines integrated 802.11b/g capabilities with security features such as Wi-Fi Protected Access (WPA), including authentication with IEEE 802.1X with Cisco Extensible Authentication Protocol (LEAP) and Protected EAP (PEAP), and encryption with WPA Temporal Key Integrity Protocol (TKIP). (See Wireless Solution overview and Security Data Sheet for more information).
Service providers and value-added resellers can take advantage of the Cisco 870 Series to provide a true business-class broadband service. Business customers are using broadband access to connect to the Internet or to connect offices together, and require a platform that incorporates security without sacrificing performance. Many of these customers are connecting computers in offices through WLANs; having a single device for both WAN and WLAN access provides a new option for managed services. These customers also require a higher level of support to keep their networks up and running. Services with these customers should be simple to set up, while allowing a level of remote management and troubleshooting to quickly address support inquiries. The Cisco 870 Series meets the requirements of small offices and managed services providers.
Figure 2. Deployment Scenarios
The Cisco 870 Series is ideally suited to be deployed where a small office is going to be connected to a larger network, most often with a secure VPN connection. These types of offices can include the following:
• Small Remote Office: Connects users in a small remote office, such as insurance agents, lawyer offices, or sales offices. When connecting to the main office, VPN encryption and integrated security such as firewall, and intrusion prevention protect the network at every perimeter. IT managers can centrally manage the remote site to quickly troubleshoot any network issues. For added reliability, customers can also use dial backup, through an external modem, should the primary broadband link fail. Integrated secure WLAN connectivity simplifies the number of devices that need to be managed at the remote site.
• Teleworking: The Cisco 870 Series is ideal for corporate teleworkers who may have a mix of broadband connection types to choose from. A platform such as the Cisco 870 Series gives IT managers a standard platform to manage at the employee's home office. QoS features in the Cisco 870 Series allow an IP phone to be connected to the router, giving voice traffic precedence over data applications. Integrated WLAN support in the Cisco 870 Series helps ensure that if wireless connectivity is to be used, it can be done securely. (See Cisco Business Ready Teleworker Solutions for more information.)
• Remote Call Center Agent: Similar to teleworking applications, this solution extends the Cisco IP Contact Center solution for telephone call center agents to remote sites. With a high-quality, secure connection through the Cisco 870 Series, the call center agent can be dispersed away from costly call center facilities while maintaining secure and productive voice and data access in their home. (See Cisco Call Center Solutions for more information.)
• Retail VPN: Retail stores migrating from dialup connections for point of sales transactions can use the Cisco 870 Series to take advantage of low-cost broadband access with the required security to effectively use these public networks. Multiple devices and applications can then be added to the store network to take advantage of the increased bandwidth and also incorporate optional WLAN support to enable secure mobility and enhance productivity.
• Managed Services: Service providers and value-added resellers can use the Cisco 870 Series as a platform to offer differentiated business class security and WLAN services for small to medium business customers.
• Integrated Stateful Inspection Firewall for network perimeter security, high-speed IPSec 3DES and AES encryption for data privacy over the Internet, IPS, and antivirus support through NAC to enforce security policy in a larger enterprise or service provider network
4-Port 10/100 Mbps Managed Switch
• Allows multiple devices to be connected in a small office, with the ability to designate a port as network DMZ
• Optional external PoE adapter for powering IP phones, to avoid individual power supplies or power injectors
• VLANs allow for secure segmentation of network resources
Optional 802.11b/g WLANs with Support for Multiple Antennas
• Broadband router with secure WLAN in a single device
• Diversity antennas for optimizing coverage in a small office
• Options for replaceable external antennas, to get wireless coverage in areas away from where the router is located
Cisco SDM and Cisco IOS Software for Remote Management
• Using smart wizards and task-based tutorials, Cisco SDM helps resellers and customers quickly and easily deploy, configure, and monitor a Cisco access router without requiring knowledge of the Cisco IOS® Software command-line interface (CLI)
• Dial backup and out-of-band management allow IT managers to remotely manage the router at small office and teleworker sites
• Cisco Configuration Express Service supports factory-loaded configurations for high-volume deployments
• Support for the Cisco Configuration Engine enables plug-and-play installations with centralized configuration management
1Depending on IOS Feature Set selected below in Tables 3, 5, and 6
Figure 3. Cisco SDM
Cisco 870 Series integrated service routers combine increased network performance with advanced security to allow small office customers to get the most from their broadband connections. With models supporting different broadband technologies such as DSL, cable, and Metro Ethernet, the Cisco 870 Series can be deployed at any small office location. Optional integrated 802.11b/g wireless capabilities provide true business-class WAN and WLAN access in a single solution. With Cisco 870 Series enterprise IT managers and service providers can take advantage of a solution that can be easily set up at the remote site and then be centrally managed to reduce ongoing operational costs.
Tables 3-8 list software and hardware features of Cisco 870 Series routers.
Table 3. Cisco IOS Software Features on Cisco 870 Series Routers-Advanced Security Feature Set (Default)
Routing Protocols and General Router Features
• Routing Information Protocol (RIPv1 and RIPv2)
• Layer 2 Tunneling Protocol (L2TP)
• Cisco Express Forwarding (CEF) Port Address Translation (PAT)
• RFC 1483/2684
• Point-to-Point Protocol over ATM (PPoA) (DSL models only)
• PPP over Ethernet (PPPoE)
• 802.1d Spanning Tree Protocol (STP)
• Dynamic Host Control Protocol (DHCP) server/relay/client
• Access control lists (ACLs)
• Generic routing encapsulation (GRE)
• Dynamic DNS Support for Cisco IOS
Recommended Number of Users
DSL and ATM Features (DSL Models Only)
• ATM Variable Bit Rate/real-time (VBR-rt)
• ATM Unspecified Bit Rate (UBR), Constant Bit Rate (CBR), and Variable Bit Rate/non-real-time (VBR-nrt)
• ATM Operation, Administration, and Maintenance (OAM) Support for F5 Continuity Check; segment and end-to-end loopback; and Interim Local Management Interface (ILMI) support
• User database for survivable local authentication using LEAP & EAP-FAST
• Configurable limit to the number of wireless clients
• Configurable RADIUS accounting for wireless clients
• PSK (Pre Shared Keys) (WPA-SOHO)
Encrypted Wireless VLANs
Cisco IOS Software Advanced IP Services Feature Set (Optional Software Upgrade)
The Advanced IP Services software image has all the features of the Advanced Security software image, with the addition of the following features. The Advanced IP Services software image requires an additional 4MB of Flash memory. Cisco 870 series routers that are ordered with the Advanced IP Services image will ship with the extra 4MB of Flash by default at no additional cost.
Table 5. Cisco IOS Software Features on Cisco 870 Series Routers-Advanced IP Services Feature Set (Optional Software Upgrade)
The Advanced Enterprise software image has all the features of Advanced IP Services and Advanced Security software images, with the addition of the below features.
Table 6. Cisco IOS Software Features on Cisco 870 Series Routers-Advanced Enterprise Services Feature Set (Optional Software Upgrade on Cisco 876 Only)
• Integrated dial backup for ADSL using ISDN S/T port
• Primary ISDN WAN
• ISDN Leased Line at 128Kbps
Table 7. Hardware Specifications
Default Flash Memory
24 MB (28 MB for Advanced IP Services Feature Set)
Maximum Flash Memory
• 871: 100 MB Ethernet
• 876: ADSL over ISDN (ADSL2/ADSL2+ Annex B)
• 877: ADSL over analog telephone lines (ADSL2/ADSL2+ Annex A and Annex M (except UK Mask))
• 878: G.SHDSL (2- and 4-wire support)
• 3 Mbps IMIX aggregate performance for Cisco 878
Managed 4-port 10/100BASE-T with autosensing MDI/MDX (Media Device In/Media Device Cross Over) for autocrossover
Optional on all models
USB 2.0 Ports For Advanced Security Features Such as Security Tokens
• 2 USB 2.0 ports on Cisco 871 only
• USB 2.0 ports cannot be used for connecting external devices other than those specified for the Cisco 871
ISDN Basic Rate Interface (BRI) S/T
Only available on:
• Cisco 876 for out-of-band management and dial backup
• Cisco 878 for out-of-band management
PPP, VPN, ADSL, G.SHDSL, WLAN, LAN
External Power Supply
Universal 100 to 240 VAC
Optional external adapter for inline PoE for IP phones or external wireless access points
• ST-Microelectronics 20190 Chipset
• Supports ADSL over basic telephone service with Annex A and Annex B ITU G. 992.1 (ADSL), G.992.3 (ADSL2), and G.992.5 (ADSL2+)
• Supports ADSL over basic telephone service with Annex M (except UK Mask) (extended upstream bandwidth) G.992.3 (ADSL2) and G.992.5 (ADSL2+)
• G.994.1 ITU G.hs
• Support for Reach-extended ADSL2 (G.922.3) Annex L
• Complies with T1.413 ANSI ADSL DMT issue 2
• DSL Forum TR-067
• The chipset does not provide interoperability with carrierless amplitude modulation/phase modulation (CAP)-based ADSL lines
• Annex A and Annex B are supported starting with Cisco IOS Software Release 12.4(4)T.
• Annex M (except UK Mask) is supported starting with the special Cisco IOS Software Release 12.4(11)XJ; and requires the CISCO877-M-K9 or CISCO877W-G-E-M-K9 SKU.
• The ADSL2 standard (ITU G.992.3) adds new features and functions targeted at improving ADSL performance and interoperability. In addition, the standard adds support for new applications, services, and deployment scenarios. Among the changes are improvements in data rate and reach performance, rate adaptation, improved diagnostics, and power enhancements. The conventional ADSL standard (ITU G.992.1) provides downstream data rates of up to 8 Mbps and upstream data rates of up to 0.8 Mbps, and ADSL2 provides higher downstream rates of up to 12 Mbps and upstream data rates of up to 1 Mbps.
• The ADSL2+ standard (ITU G.992.5) doubles the bandwidth used for downstream data transmission, effectively doubling the maximum downstream data rates, and achieving downstream data rates of up to 24 Mbps and upstream data rates of up to 1.5 Mbps.
• Cisco 877-M supports ITU G.992.3 Annex M (except UK Mask), and is optimized for PSD Mask EU-64 M9. Annex M adds capabilities for extended upstream bandwidth above 2.0Mbps. This allows carriers and enterprises to cover applications traditionally served by T1, E1, G.SHDSL without overhauling the transport infrastructure. Exact data rates vary depending on the distance from the DSL access multiplexer (DSLAM), DSLAM type, line card and chipset, and firmware, noise profile, quality of copper, etc. The reach-extended ADSL2 standard (G.992.3)
• Annex L increases performance on loop lengths greater than 16,000 feet from the Central Office.
Cisco 871 Security Bundle with Advanced IP Services
Cisco 871 Ethernet to Ethernet Wireless Router; U.S./Americas
Cisco 871 Ethernet to Ethernet Wireless Router; Europe
Cisco 871 Ethernet to Ethernet Wireless Router; Japan
Cisco 876 ADSL over ISDN Router
Cisco 876 Security Bundle with Advanced IP Services
Cisco 876 Security Bundle with Advanced Enterprise Feature Set
Cisco 876 ADSL over ISDN Wireless Router
Cisco 877 ADSL Router
Cisco 877 ADSL Router with Annex M (except UK Mask)
Cisco 877 Security Bundle with Advanced IP Services
Cisco 877 ADSL Wireless Router: U.S./Americas
Cisco 877 ADSL Wireless Router; Europe
Cisco 877 ADSL Wireless Router with Annex M; Europe
Cisco 878 G.SHDSL Router
Cisco 878 Security Bundle with Advanced IP Services
Cisco 878 G.SHDSL Wireless Router; U.S./Americas
Cisco 878 G.SHDSL Wireless Router; Europe
4 port 802.3af capable Inline power module for 870 routers
Note: For Cisco 870 Series wireless router part numbers, the following letters are associated with specifications meeting wireless regulations in the following regions: A=Americas (FCC regulatory domain), E = Europe, J = Japan
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services.