Cisco Catalyst 4500 Access Gateway Module integrates secure WAN and voice services into the Cisco Catalyst 4500 Series LAN switches.
Cisco Catalyst 4500 Series with Secure WAN and Voice Services
The Cisco® Catalyst® 4500 Access Gateway Module (AGM) enables organizations to implement integrated IP telephony and WAN services at campus and integrated branch office sites. Combining the WAN and voice infrastructure into Cisco Catalyst 4500 Series switches gives organizations the ability to reduce network complexity, enhance employee productivity, and improve network deployment times through an integrated platform while preparing for data, voice, and video convergence across the enterprise.
The Cisco Catalyst 4500 AGM can be deployed in both Cisco Catalyst 4500 Series and Catalyst 4000 Series chassis running either Catalyst OS or Cisco IOS® Software and is fully compatible with all supervisor engines. Multiple AGMs can be deployed in the chassis to support higher density requirements or provide a higher level of availability and resiliency.
- Survivable Remote Site Telephony (SRST)The Cisco CallManager can be used for centralized control of the Cisco Catalyst 4500 AGM at campus and branch sites. The AGM supports both MGCP and H.323v2 interfaces to the Cisco CallManager. SRST enables a resilient IP telephony service when connectivity to the Cisco CallManager is lost. The AGM provides SRST for up to 240 IP phones.
- Audio-conferencingThe digital signal processor (DSP) farm on the Cisco Catalyst 4500 AGM can be used to support on-demand and dedicated, reservation-less audio-conferencing services for local and remote users. Audio transcoding between G.729 and G.711 enables efficient communications between callers using different codecs (for example, campus phones using G.711 and remote site phones using G.729).
- Fax/modem/PBX voice gatewayForeign exchange station (FXS) ports on the Cisco Catalyst 4500 AGM can support up to 22 fax machines, speakerphones, modems, analog phones, and PBX lines to supplement IP phones at a campus or branch.
- Public Switched Telephone Network (PSTN) voice gatewayThe Cisco Catalyst 4500 AGM incorporates a 96-channel DSP farm with up to 6 digital (T1, E1, Primary Rate Interface [PRI], Basic Rate Interface [BRI]) or analog Foreign exchange office (FXO) interfaces with compression and echo cancellation services for connectivity to the PSTN or toll bypass with ISDN dial backup. Signaling support includes T1 channel-associated signaling (CAS), BRI signaling, ISDN PRI, Q.SIG, and R2 signaling.
- Cisco IOS Multiprotocol routingThe Cisco Catalyst 4500 AGM supports multiprotocol routing with support for IP, IPv6, Internetwork Packet Exchange (IPX), AppleTalk and System Network Architecture (SNA) as well as Web Cache Control Protocol version 2 (WCCPv2).
- WAN interfacesUp to six WAN interfaces are supported per module, including T1, E1, PRI, BRI, and serial ports.
- WAN securitySecurity options include firewall, intrusion detection system (IDS), Network Address Translation (NAT) and hardware-based IP security (IPsec) with 3DES data encryption for secure VPN or public Internet connectivity.
- Quality of service (QoS)Features such as the Resource Reservation Protocol (RSVP), Protocol Independent Multicast (PIM), traffic shaping, custom and priority queuing, Low Latency Queuing (LLQ), and Weighted Fair Queuing (WFQ) ensure a consistent QoS for data, voice, and video applications over the WAN.
The Cisco Catalyst 4500 AGM may be deployed in a range of applications where WAN connectivity or integrated IP telephony services are required. As an ideal solution for medium to large integrated branch offices, the AGM can be deployed with both WAN interfaces and IP telephony services (including voice gateway telephony services) or only with WAN connectivity and services. In the wiring closet, the AGM enables the deployment of IP telephony services at the network edge boosting scalability and enhancing availability.
- Reduced network complexityDeploying the AGM in the Cisco Catalyst 4500 Series provides a complete, integrated branch office solution combining robust intelligent LAN switching with WAN routing, and comprehensive IP telephony support. Consolidating the infrastructure for LAN switching, WAN routing, and telephony improves deployment times and reduces network complexity and administration overheads, resulting in enhanced productivity of the IT staff. Integrated voice gateway services enable VoIP toll bypass with compression over the IP WAN to reduce WAN costs, offering an economical alternative to PSTN telephony while the modular interfaces shared with the Cisco 1700/2600/3700 routers reduces the cost of sparing and network support. Centralized MGCP and H.323 call control with the Cisco CallManager and SRST reduce network administration costs.
- Employee productivityAvailability of consistent Cisco CallManager and Cisco Unity services across branch and campus sites enhances the productivity of remote employees. The built-in audio-conferencing bridge makes six party audio-conferencing available to all employees, reducing the cost of this essential business productivity application while WCCP support enables deployment of cache engines to enhance the effective WAN download speeds.
- Investment protectionThe Cisco Catalyst 4500 AGM is based on Cisco IOS Software and provides a suite of multiprotocol routing services to protect investments in IPX, AppleTalk, and SNA equipment while providing a migration path to IP or IPv6. The AGM also supports analog fax machines, speakerphones, and PBXs, providing a migration path to IP telephony.
- Enhanced WAN securityIntegrated Cisco IOS Software with firewall, IDS, NAT, as well as software and hardware accelerated VPN encryption services increase network security.
- High-availability designIntegrated SRST, ISDN dial backup, and Hot Standby Router Protocol (HSRP) support enhance the resiliency of the telephony and WAN routing services.
Cisco Catalyst 4500 Access Gateway Module
- Cisco IOS WAN routing and telephony with Cisco Catalyst 4500 Series switches and Cisco Catalyst 4000 Series switches
- One Gigabit Ethernet backplane interface supporting 802.1q with multiple virtual LANs (VLANs)
- One Fast Ethernet front-panel interface for management
- One console serial port for management
- Onboard support for the 96-channel DSP set (4x6 SIMMs)
- One Flexslot for high-density analog interface modules, including the 16-port or 8-port FXS module (RJ21)
- One slot for a VPN/Encryption Services Adapter for hardware-accelerated encryption
- Two Voice Interface Card/Multi-Flex Voice/WAN Interface Card/WAN Interface Card (VIC/VWIC/WIC) slots and one VIC/VWIC slot for selected Cisco 1700/2600/3700 series interface cards
- Cisco IOS IP routing and H.323v2 and MGCP voice-over-IP (VoIP) gateway functions
- DSP farm supporting up to 96 digital voice channels with G.711 or G.729a voice or analog voice, conferencing, and transcoding
- Fax relay, G.711 fax pass-through and modem pass-through services compatible with other Cisco IOS gateways
- Time-division multiplexing (TDM) switching between analog and digital ports enables faster connection speeds for modems and fax machines
- ConferencingEach DSP bridges up to six participants in a single on-demand or dedicated, reservation-less conference call.
- TranscodingEach DSP bridges up to two full-duplex channels from G.711 to G.729a.
- Voice gatewayEach DSP supports up to four digital voice channels or analog ports, or two channels per DSP for VIC modules.
The Cisco Catalyst 4500 16-port or 8-port (RJ-21) FXS modules for the AGM provide integrated analog ports. By providing connectivity for fax machines, analog phones, speakerphones, and dial-up modems, these modules emulate a PSTN central office (CO) or PBX. See Figure 3.
Cisco Catalyst 4500 AGM 16-Port RJ-21 FXS Module
The VPN/Encryption Service Adapter (ESA) optimizes the Cisco Catalyst 4500 AGM for VPNs. The ESA provides up to ten times the performance over software-only encryption by offloading the encryption processing from the router central processing unit (CPU). Ideal for use in branch offices to connect to the enterprise IP WAN, mobile users, partner extranets, or service provider managed-services customer premises equipment (CPE), the Cisco Catalyst 4500 AGM with the ESA delivers a rich integrated package of routing, firewall, IDS, and VPN functions. As an integral component of Cisco VPN solutions, the AGM with the ESA provides industry-standard encryption (IPsec), application-aware QoS and bandwidth management, and robust perimeter security options. See Figure 4.
Cisco Catalyst 4500 AGM VPN/Encryption Service Adapter
- IPsecIPsec uses encryption technology to provide data confidentiality, integrity, and authenticity between participating peers in a private network. Cisco provides full encapsulating security payload and authentication header support.
- IKEBased on the Internet Security Association Key Management Protocol/Oakley, or ISAKMP/Oakley, IKE provides security association management. IKE authenticates each peer in an IPsec transaction, negotiates security policy, and handles the exchange of session keys.
- Certificate managementCisco fully supports the X509.V3 certificate system for device authentication and the Simple Certificate Enrollment Protocol (SCEP), a protocol for communicating with certificate authorities. Several vendors, including VeriSign, Entrust Technologies, and Microsoft support Cisco SCEP and operate with Cisco devices.
- DES and 3DESDES or 3DES encryption is required for all packets destined for an IPsec tunnel. The Cisco Catalyst 4500 AGM VPN adapter encrypts data with DES or 3DES while freeing the main processor for other tasks.
- RSA signatures and Diffie-HellmanThese are used every time an IPsec tunnel is established to authenticate the IKE security association. RSA signatures are digital certificates. Diffie-Hellman is used to derive the shared secret encryption key for the protection of data across the IKE security association, including the negotiation of the IPsec policy to be used.
- PerformanceProcess switching, fast switching, and Cisco Express Forwarding are supported. Cisco Express Forwarding avoids the potential overhead of continuous cache churn and offers significant benefits in terms of performance, scalability, network resilience, and functions.
DES and 3DES software for the ESA is controlled by U.S. export regulations on encryption products. The adapter itself is not controlled. U.S. regulations require the recording of names and addresses of recipients of DES and 3DES software. The Cisco ordering process for DES and 3DES software enforces these requirements. For more details, see:
The Cisco Catalyst 4500 AGM is supported in the Cisco Catalyst 4500 Series and Cisco Catalyst 4000 Series chassis with any supervisor engine running at least Cisco Catalyst OS 5.5(1) or Cisco IOS Software Release 12.1(13)EW. The AGM itself runs a separate instance of Cisco IOS Software which must be at least release 12.1(5)YF to support Cisco Catalyst OS supervisor engines or release 12.2(13)T to support Cisco IOS supervisor engines.
Table 1 Data Interfaces
|Interface||Encapsulations||Minimum Cisco IOS Software Release||Comments|
Table 2 Voice Interfaces
|Interface||Encapsulations||Minimum Cisco IOS Release||Comments|
Table 3 Hardware Ordering Information
Table 4 Software Ordering Information
|FL-SRST-SMALL (=) FL-SRST-MEDIUM (=) FL-SRST-144 (=) FL-SRST-240 (=)|
- One 1000BASE-T backplane interface
- One 10/100BASE-T RJ-45 management interface
- Two VIC/VWIC/WIC slots
- One VIC/VWIC slot
- One Flexslot for high-density analog modules
- One ESA slot
- Four DSP SIMM slots for one 96-channel DSP set
- One console/auxiliary port, RJ-45 serial
- One module status indicator
- Four DSP presence indicators
- Four DSP activity indicators
- Dial Control MIB (RFC 2128) and Cisco Dial Control Management Information Base (MIB) extension to RFC 212
- CISCO-VOICE-DIAL-CONTROL-MIB Voice Dial Control MIB
- CISCO-VOICE_IF_MIB. Voice Interface MIB
- CISCO-VOICE-ANALOG-IF_MIB Voice Analog Interface MIB
- CISCO-DSP-MGMT-MIB Digital Signal Processing Management MIB
- RFC 1157 SNMP
- RFC 1643 Ethernet MIB
- RFC 1213 MIB II
- RFC 1573 MIB II interface extensions