Platform
Q. What are the Cisco
® Catalyst
® 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms are the evolution of the Cisco 4300 series Integrated Services Router (ISR) and are designed for Secure Access Service Edge (SASE), Security Service Edge (SSE) Software-Defined WAN (SD-WAN), and 5G-based architectures. The Catalyst 8200 Series Edge Platforms consists of two 1 rack unit models, Catalyst 8200 and 8200L, powered by a programmable software stack. These are cloud edge platform purpose-built for high performance, supporting high availability and advanced SD-WAN capabilities with full-feature parity and module portability with other ISRs.
In C8200, capabilities include 5G support, embedded security, integrated enhanced Layer 2 switching, and improved analytics with Deep Packet Inspection (DPI) with application optimization. The platform provides edge computing with an existing container architecture, as on the ISRs.
C8200L, provides the same feature capabilities as C8200, but with the difference that C8200L doesn’t provide edge computing and container based applications. The C8200L platform is a good fit for the lean branch requiring cloud-delivered security services using SASE model without requirement for container based, on-prem security services.
The Catalyst 8200 Series Edge Platforms can be positioned across customer locations, at both the enterprise branch and enterprise access edge.
Q. What are the models of the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms includes the following models:
C8200-1N-4T: Catalyst 8200 with 1 Network Interface Module (NIM) slot, 1 Pluggable Interface Module (PIM) slot, and 2x 1 Gigabit Ethernet WAN RJ45 copper ports plus 2x 1 Gigabit Ethernet WAN Small-Form-Factor Pluggable (SFP) ports.
C8200L-1N-4T: Catalyst 8200 with 1 Network Interface Module (NIM) slot, 1 Pluggable Interface Module (PIM) slot, and 2x 1 Gigabit Ethernet WAN RJ45 copper ports plus 2x 1 Gigabit Ethernet WAN Small-Form-Factor Pluggable (SFP) ports.
Note: The Catalyst 8200L Edge Platforms supports only ThousandEyes as container based application.
Q. What are the key differences between the 4300 Series ISRs and the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms offer the following key benefits:
● Higher IPsec performance and scale.
● Higher built-in WAN port density.
● Attractive and versatile form factor with only 12-inch depth.
● Improved backplane connectivity with high-speed connections.
● Dedicated PIM slot for up to Cat18 LTE and 5G support.
● 8-GB default DRAM to support higher control plane capacity and embedded applications (4 GB default DRAM on C8200L).
● Enhanced and flexible storage through pluggable M.2 USB and M.2 Nonvolatile Memory Express (NVMe) modular storage entities.
For more details, refer to the Catalyst 8200 Series data sheet: https://salesconnect.cisco.com/open.html?c=7e1dc503-a7fa-4bd1-9cfa-5ccf0989266e.
Q. What are the key capabilities of the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series offers:
● SD-WAN capabilities.
● Support for Kernel Virtual Machine (KVM)-based containers, providing support for integrated applications.
● Support for applications, including Snort® intrusion detection and prevention systems (IDS/IPS), URL-F, Advanced Malware Protection (AMP), Cisco Secure Malware Analytics (formerly Threat Grid), SSL Proxy, and TCP optimization.
● Open API programmability using NETCONF and YANG.
● Zero-Touch Provisioning (ZTP).
● Multiple options for WAN, LAN, voice, and storage modules.
● Support for border node and control plane node functionalities in Cisco Software-Defined Access (SD-Access).
● Application Quality of Experience (AppQoE), TCP optimization, Data Redundancy Elimination (DRE), Forward Error Correction (FEC), and packet duplication.
● Unified communications (voice).
● Comprehensive options for wireless WAN through LTE Cat4, Cat6, Cat18, and 5G.
Note: The Catalyst 8200L Edge Platforms supports only ThousandEyes as container based application.
Q. What is the naming convention for the Catalyst 8200 Series Edge Platforms?
A. Each part of the product ID is outlined as follows:
● C = Standard Product ID (PID) prefix. In this case, “C” for Catalyst.
● 8200 = Platform series.
● L= Low-end.
● 1N = Number of NIM slots.
● 4T = Number of 1G ports; 4T indicates 4x 1G ports.
Q. Where do I position the Catalyst 8200 Series Edge Platforms in comparison to the Catalyst 8300 Series Edge Platforms?
A. The Catalyst 8300 Series Edge Platforms provide hardware-based encryption, QoS, and Cisco Express Forwarding performance up to 18.8 Gbps with IPsec performance up to 8.6 Gbps. The 8300 Series is positioned for medium-sized to large enterprise branch locations or as regional headend platforms.
The Catalyst 8200 Series Edge Platforms are positioned for small and medium-sized branch offices, with an aggregated performance requirement up to 3.8 Gbps for unencrypted Cisco Express Forwarding traffic or IPsec performance between 500 Mbps and 1 Gbps with services. The 8200 Series provides for a rich set of branch-optimized services that encompass security, voice, WAN optimization, application hosting (KVM/LXC containers) and edge compute.
Q. Are the Cisco ASR 1000 Series Shared Port Adapter (SPA) cards supported on the Catalyst 8200 or 8300 Series Edge Platforms?
A. No. SPA cards are not compatible with the Catalyst 8200 or 8300 Series Edge Platforms.
Q. Can I use the enhanced high-speed WAN interface cards (EHWICs) available on the Cisco 1900, 2900, and 3900 Series ISRs on the Catalyst 8200 Series Edge Platforms?
A. No. EHWICs, based on older technologies available on the Cisco ISR Generation 2 (ISR G2) routers are not supported on the Catalyst 8200 Series Edge Platforms. The Catalyst 8300 Series Edge Platforms support the newer NIM architecture, allowing for faster, more capable modules on a high-end platform capable of delivering higher bandwidth and greater application performance.
Q. Will the Catalyst 8200 Series Edge Platforms provide 100% module parity with the 4300 Series ISRs?
A. No. The Catalyst 8200 Series doesn’t support service modules, Packet Voice DSP Modules (PVDM) on the motherboard, or 4000 Series ISR (ISR4000) storage modules. Nor does the Catalyst 8000 Series support NIM-based Ethernet WAN modules from the ISR4000 series. These are replaced by equivalent WAN modules on the Catalyst 8300/8200 Series. NIM-based DSP voice modules are also supported on the Catalyst 8200 Series Edge Platforms.
Q. What are the available onboard Ethernet WAN port options?
A. The onboard Ethernet WAN port options are outlined in the following table:
| Platform |
Gigabit Ethernet RJ-45 |
Gigabit Ethernet SFP |
| C8200-1N-4T |
2 |
2 |
| C8200L-1N-4T |
2 |
2 |
Q. What are the service module and NIM hardware configuration options for the Catalyst 8200 Series Edge Platforms?
A. No service module support is available. The NIM hardware configuration options are shown in the following table:
| Platform |
Gigabit Ethernet RJ-45 |
Gigabit Ethernet SFP |
| C8200-1N-4T |
1 |
1 |
| C8200L-1N-4T |
1 |
1 |
Q. Is Medium Dependent Interface crossover (MDI crossover or MDI-X) supported on the four onboard RJ-45 Ethernet interfaces?
A. Yes.
Q. What are the different memory configuration options for the Catalyst 8200 Series Edge Platforms?
A. As on the ISR4000, data plane DRAM is fixed for the Catalyst 8200 Series Edge Platforms. Only the control plane DRAM can be upgraded. Memory configuration options are shown in the following table:
| Platform |
Total default DRAM |
Data plane DRAM* |
Memory upgrade options |
| C8200-1N-4T |
8 GB |
2 GB |
16 or 32 GB |
| C8200L-1N-4T |
4 GB |
2 GB |
8, 16 or 32 GB |
*Data plane DRAM allocation is fixed.
Note: A single Dual Inline Memory Module (DIMM) configuration is supported. The upgrade options available are 1x 8GB, 1x 16GB and 1x 32GB.
Q. What is the flash memory available on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms come with a default, soldered-down 8 GB flash memory on C8200-1N-4T and C8200L-1N-4T platforms. Flash memory cannot be upgraded.
Q. What additional storage options are available on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms are equipped with M.2 USB default storage. The upgradable options are 16GB M.2 USB, 32GB M.2 USB and 600GB M.2 NVMe SSD depending on platform. C8200-1N-4T ships default with 16GB M.2 USB whereas on C8200L-1N-4T, the 16GB M.2 USB storage is offered as an option.
Q. Can I upgrade the DRAM and flash memory on the Catalyst 8200 Series Edge Platforms?
A. The DRAM can be upgraded to 16 GB or 32 GB on C8200-1N-4T and to 8GB or 16GB or 32GB on C8200L-1N-4T. The Flash memory is fixed at 8GB on both C8200 platforms and cannot be upgraded.
Q. Do the Catalyst 8200 Series Edge Platforms contain fans?
A. Yes. The 8200 Series contains two internal, fixed, fans.
Q. Is a rack-mount kit available for the Catalyst 8200 Series Edge Platforms? How do I order it?
A. Yes. A rack-mount kit is part of the default accessory kit and is shipped with the Catalyst 8200 Series Edge Platforms. The platforms will ship with the standard 19-inch rack mount kit. A wall-mount rack-mount kit is also available.
Q. How can I calculate the Mean Time Between Failures (MTBF) for the Catalyst 8200 Series Edge Platforms with the plugged-in modules?
A. The MTBF for the 8200 Series is 692, 577 hours.
Q. Is there an out-of-band GigabitEthernet0 management interface on the Catalyst 8200 Series Edge Platforms?
A. No. The Catalyst 8200 Series Edge Platforms do not have an out-of-band management interface.
Q. What does the default accessory kit include?
A. The default accessory kit includes:
● Mechanical ground lug, 90 feet per screw kit.
● 19-inch rack-mount kit.
● Regulatory Compliance and Safety Information (RCSI) roadmap document.
● Plastic bag.
● Shipping label.
● Document pointer card for Cisco router.
Q. What different types of modules are supported on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms support one Network Interface Module (NIM/C-NIM) for general network connectivity and one Pruggable Interface Module (PIM) for cellular connectivity.
Q. Is Online Insertion and Removal (OIR) supported on the Catalyst 8200 Series Edge Platforms?
A. Yes, OIR is supported on the Catalyst 8200 Series Edge Platforms for the following scenarios:
● Unexpected insertion or removal of any NIM in any of the NIM slots.
● Unexpected insertion or removal of a PIM Cellular module.
Q. Is a console port available on the Catalyst 8200 Series Edge Platforms?
A. Yes, the Catalyst 8200 Series Edge Platforms include the option of a regular RJ-45 console port.
Q. Is a USB port available on the Catalyst 8200 Series Edge Platforms?
A. Yes, a Type-A USB 3.0 port for external temporary storage is available on the front panel.
Q. Is an RFID tag available on the Catalyst 8200 Series Edge Platforms?
A. Yes. An RFID tag is available on the right side of the front panel on these platforms for externally collecting the inventory (PID and serial number) without requiring someone to log in to the device. These inventories can be used by customers to prepopulate the devices in the back-end system for zero-touch provisioning. They can also be used by nontechnical staff to collect the inventory offsite. The RFID tag is included by default, but customers can choose to have the tag removed during the ordering process if they prefer not to have it on the system.
Q. Is a QR code available on the Catalyst 8200 Series Edge Platforms?
A. Yes, a QR code is printed on the label tray for all Catalyst 8200 Series Edge Platforms. The same QR code label will be printed on the shipping box label as well for easy access to the platform details, without the need to open the shipping box.
The QR code gives the following information for the platform.
● Device family
● Base Product ID (PID)
● Device MAC address
● Vendor
● Serial number
● Hardware version ID (PID VID)
Q. Are the Catalyst 8200 Series Edge Platforms Network Equipment Building System (NEBS) certified?
A. No. The Catalyst 8200 Series Edge Platforms are not certified for NEBS.
Power
Q. What power supply is used with Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms come with an internal fixed power supply.
Q. Do the Catalyst 8200 Series Edge Platforms support redundant power supplies?
A. No. The 8200 Series uses a single fixed internal power supply.
Q. What power cables work with the Catalyst 8200 Series Edge Platforms?
A. The AC power supply on the Catalyst 8200 Series Edge Platforms uses a standard IEC C13 connector.
Q. Is the power supply in the Catalyst 8200 Series Edge Platforms a Field-Replaceable Unit (FRU)?
A. No. The power supply for the Catalyst 8200 Series Edge Platforms is fixed and not field replaceable.
Q. What are the power supply options for the Catalyst 8200 Series Edge Platforms?
A. The available power supply options are detailed in the following table:
| Platform |
Type of PSU |
Dual AC |
Dual DC |
AC/DC HV |
NEBS DC |
PoE adapter required |
| C8200-1N-4T |
Fixed internal |
No |
No |
AC only |
No |
No |
| C8200L-1N-4T |
Fixed Internal |
No |
No |
AC only |
No |
No |
Q. Does the internal power supply provide PoE?
A. No. For enabling PoE an optional external power supply is required. This external power supply provides 54V DC to PoE- supporting modules.
Q. Can the Catalyst 8200 Series Edge Platforms be powered from the external power supply?
A. No. The external power supply will provide 54V PoE power to switch ports, but it will not provide 12V to power the platform.
Q. What ports are capable of Power of Ethernet (PoE) on the Catalyst 8200 Series Edge Platforms?
A. The following table outlines the PoE-capable ports on the 8200 Series.
| Platform |
PoE-capable embedded ports |
PoE-capable NIMs |
| C8200-1N-4T |
No |
C-NIM-8M C-NIM-1M NIM-ES2-8-P |
| C8200L-1N-4T |
No |
C-NIM-8M C-NIM-1M NIM-ES2-8-P |
Note: The C-NIM-8M will be available in 2HCY23.
Q. What PoE standards can be provided with the supported modules?
A. With the optional external PoE Power supply installed, module ports providing up to 802.1bt (uPoE) can be supported.
Interfaces and modules
Q. Is there a channelized solution on the Catalyst 8200 Series Edge Platforms?
A. Yes. The Catalyst 8200 Series Edge Platforms support channelized T1/E1 modules.
Q. What are the NIM-16A and NIM-24A modules used for on the Catalyst 8200 Series Edge Platforms?
A. The two modules, when used on the Catalyst 8200 Series Edge Platforms, are for terminal services use only. They do not provide asynchronous routing support on the router. Eight-port octal cables need to be purchased with the module for connectivity.
Q. Are SSDs supported on the Catalyst 8200 Series Edge Platforms?
A. Yes, 600-GB M2 NVMe SSDs are supported on the Catalyst 8200 Series Edge Platforms for container-based application hosting services and for general storage purposes.
Q. Is the SSD card field-upgradable or replaceable?
A. Yes The 600GB M.2 NVMe SSD card is field-replaceable. The M.2 is an external slot that is accessible without having to unrack the platform or open the chassis.
Q. Is Online Insertion and Removal (OIR) possible on the M.2 USB and in NVMe SSD storage?
A. Yes, OIR is supported for the M.2 storage.
Q. What is the maximum number of storage options that can be present in the Catalyst 8200 Series Edge Platforms?
A. There is only one M.2 storage slot on the Catalyst 8200 Series Edge Platforms that supports an M.2 USB (16 or 32GB) or an M.2 NVMe (600GB) SSD card. The platform also includes 8GB onboard flash by default; it is used for system files, logs, and core dumps.
Q. Do the Catalyst 8200 Series Edge Platforms support modules for 10Gbps?
A. No. The Catalyst 8200 Series Edge Platforms do not support 10Gbps modules. 10Gbps modules are only supported by the Catalyst 8300 Series Edge Platforms.
Q. Is LTE supported?
A. Yes. The CAT6 LTE NIMs supported on the ISR4000 are compatible with the Catalyst 8200 Series Edge Platforms. Also, a Pluggable Interface Module, PIM, slot enables support for cellular LTE CAT4, CAT6, CAT7 and CAT18. In addition, Catalyst Cellular Gateways are supported by these platforms, providing deployment flexibility.
Q. Is LTE Advanced supported?
A. Yes, the Catalyst 8200 Series Edge Platforms support NIM-LTEA-EA and NIM-LTEA-LA. The theoretical speeds are 300 Mbps downlink and 50 Mbps uplink.
Q. Is LTE Advanced Pro supported?
A. Yes, the Catalyst 8200 Series Edge Platforms support a P-LTEAP18-GL-pluggable LTE module. Also, the Catalyst cellular gateway can be directly connected to these platforms for CAT18 support. The theoretical speeds are 1200 Mbps downlink and 150 Mbps uplink.
Q. Is 5G Cellular WAN supported?
A. Yes, the Catalyst 8200 Series Edge Platforms support 5G pluggable modules.
Q. Do the Catalyst 8200 Series Edge Platforms support dual SIMs?
A. Yes. The NIM and PIM modules support dual SIMs in active-standby mode. (The exception is the CAT4 Verizon Pluggable module, which has a single SIM slot.)
Q. Do the Catalyst 8200 Series Edge Platforms support eSIM technology?
A. Yes. Support for eSIM technology providing Global Day-0 Connectivity is targeted for 2HCY23.
Q. Do the Catalyst 8200 Series Edge Platforms support dual radios?
A. Yes. They support dual radios through PIM- and NIM-based LTE combinations.
Q. Do the Catalyst 8200 Series Edge Platforms support 3G/4G standards?
A. Yes. The LTE solutions are able to fall back to 4G/3G.
Q. What LTE bands are supported in different regions?
Q. What broadband technologies are supported?
A. The Catalyst 8200 Series Edge Platforms support NIMs for multimode VDSL2/ADSL/2/2+ NIM Annex A, B, and M.
Q. What Small-Form-Factor Pluggable (SFP) interfaces are used with the Catalyst 8200 Series Edge Platforms?
A. All the SFPs supported on the ISR4000 are compatible with the Catalyst 8200 Series Edge Platforms, except the 100-Mbps SFPs. For a detailed list of SFP support, refer to the platform data sheet at:
https://tmgmatrix.cisco.com/?si=C8200.
Software
Q. Are the Catalyst 8200 Series Edge Platforms SD-WAN-capable?
A. Yes. These platforms natively support SD-WAN.
Q. How many VLANs can the Catalyst 8200 Series Edge Platforms support?
A. The Catalyst 8200 Series Edge Platforms support configuration of 64 local VLANs with NIM-ES2 switch modules.
Q. Do the Catalyst 8200 Series Edge Platforms have feature parity with the ISR4000?
A. Yes. The Catalyst 8200 Series Edge Platforms have feature parity with the ISR4000, apart from the following feature:
● Cisco Wide Area Application Services (WAAS)
Note: The Catalyst 8200L Edge Platforms does not support container based applications, besides Thousand Eyes (TE)
Q. Do the Catalyst 8200 Series Edge Platforms support the SASE cloud-based security framework?
A. Yes. The Catalyst 8200 Series Edge Platforms support SASE cloud-based security through the Cisco Umbrella
® solution.
Q. Is WAAS supported on the Catalyst 8200 Series Edge Platforms?
A. No. vWAAS is not supported on the Catalyst 8200 Series Edge Platforms. For customers who require vWAAS solutions at the branch, please evaluate migration to AppQoE-based support.
Q. Is Multiprotocol Label Switching (MPLS) supported on the Catalyst 8200 Series Edge Platforms?
A. Yes. MPLS features are supported with a Cisco DNA Advantage license and higher.
Q. What Cisco IOS
® Software is available for the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms run on a single-image Cisco IOS XE, which is a multi-persona binary file that can operate in either autonomous mode (Cisco IOS XE) or controller mode (XE SD-WAN). Minimum IOS-XE release for C8200-1N-4T is IOS 17.4.1 and IOS 17.5.1 for C8200L-1N-4T.
Q. Do the Catalyst 8200 Series Edge Platforms support NETCONF and YANG?
A. Yes. The Catalyst 8200 Series Edge Platforms provide support for NETCONF operations and YANG modeling using a combination of industrywide common models and Cisco specific models.
Q. Is the Cisco Locator/ID Separation Protocol (LISP) supported on the Catalyst 8200 Series Edge Platforms?
A. Yes. LISP is supported on the Catalyst 8200 Series Edge Platforms.
Q. Is In-Service Software Upgrade (ISSU) supported on the Catalyst 8200 Series Edge Platforms?
A. No. ISSU is not supported on the Catalyst 8200 Series Edge Platforms.
Q. Is Suite-B or Next-Generation Encryption (NGE) support available on the Catalyst 8200 Series Edge Platforms?
A. Yes. Suite-B and NGE support are available on the Catalyst 8200 Series Edge Platforms from 17.13 XE release.
Q. Is Cisco Encrypted Traffic Analytics (ETA) supported on the Catalyst 8200 Series Edge Platforms?
A. Yes. ETA is supported on the Catalyst 8200 Series Edge Platforms.
Q. Is Flexible NetFlow (FNF) supported on the Catalyst 8200 Series Edge Platforms?
A. Yes. FNF is supported for IPv4 and IPv6 in both egress and ingress directions. Cisco Express Forwarding is required to be enabled to run FNF on the Catalyst 8200 Series Edge Platforms.
Q. The Catalyst 8200 Series Edge Platforms already support a wide range of security capabilities. What does the Cisco Umbrella Branch solution offer?
A. Cisco Umbrella Branch, the cloud-delivered security service, complements the existing security offerings on the Catalyst 8200 Series Edge Platforms by adding simple, easy-to-manage DNS-layer cloud security and content filtering that can be up and running in minutes. Cisco Umbrella Branch prevents branch users from accessing inappropriate content and known malicious sites that might contain malware and other security risks. It offers security protection for guests and employee users alike.
Q. Do the Catalyst 8200 Series Edge Platforms have certifications such as Common Criteria and Evaluation Assurance (EAL)?
A. Common Criteria and EAL certification are present for the Catalyst 8200 Series Edge Platforms. The 8200 Series claims conformance to Protection Profile for Network Devices with an extended package VPN gateway.
Q. Do the Catalyst 8200 Series Edge Platforms have certifications such as Federal Information Processing Standards (FIPS)?
A. The Catalyst 8200 Series Edge Platforms support FIPS 140-2 Level 1 both for the hardware and software.
Q. How can I order Cisco SD-WAN support on the Catalyst 8200 Series Edge Platforms?
A. SD-WAN support on the Catalyst 8200 Series Edge Platforms is available with a Cisco DNA subscription by default. Subscription options are available in 3-year and 5-year terms. Feature support may be provided for Essentials, Advantage, and Premier licensing levels with two deployment models: on-premises or in the cloud.
Q. How can I receive support for Cisco DNA Center on the Catalyst 8200 Series Edge Platforms?
A. Support for Cisco DNA Center on the Catalyst 8200 Series Edge Platforms is achieved through one of the Cisco DNA subscription options. Subscription options are available in 3-year and 5-year terms. Feature support may be provided for Essentials, Advantage, and Premier licensing levels with two deployment models: on-premises or in the cloud.
Q. Can I use the same Cisco IOS XE Software image for classic routing requirements and SD-WAN capabilities?
A. Yes. The single-image Cisco IOS-XE is compatible to run on both Cisco IOS XE and XE SD-WAN capabilities. The minimum supported version of the software on the Catalyst 8200 Series platforms is version 17.4.1 and 17.5.1 for C8200L.
Q. Is wireless LAN supported on the Catalyst 8200 Series Edge Platforms?
A. No. Wireless LAN is not supported on the Catalyst 8200 Series Edge Platforms.
Q. Can I use the Catalyst 8200 Series Edge Platforms with a Software-Defined Access (SD-Access) solution?
A. Yes, the Catalyst 8200 Series Edge Platforms can be used as SD-Access control plane and border node functionalities.
Security
Q. Do the Catalyst 8200 Series Edge Platforms have dedicated hardware for accelerating VPN operations?
A. Yes. These platforms are using dedicated HW with Intel
® QuickAssist Technology (QAT) to offload the crypto processing for encryption and decryption.
Q. Is SSL VPN supported on the Catalyst 8200 Series Edge Platforms?
A. No. SSL VPN is not supported on the Catalyst 8200 Series Edge Platforms. The alternative solution would be to use Cisco FlexVPN for remote access solutions.
Q. Is the Cisco Easy VPN client supported on the Catalyst 8200 Series Edge Platforms?
A. No. The Easy VPN client is not supported on the Catalyst 8200 Series Edge Platforms. The alternative solution is to use Cisco FlexVPN for remote access solutions.
Q. What VPN technologies are supported on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms support the following VPN technologies: FlexVPN, Dynamic Multipoint VPN (DMVPN), Group Encrypted Transport VPN (GETVPN), and Easy VPN Server.
Q. Is WAN MACsec supported in the Catalyst 8200 Series Edge Platforms?
A. MACsec is not supported on the onboard Ethernet ports but 256bit WAN MACsec is available on supported NIM modules C-NIM-2T, C-NIM-8T & C-NIM-8M. 128bit LAN MAC is also available on C-NIM-8T & C-NIM-8M modules for ports in L2 mode.
Q. Is Cisco Encrypted Traffic Analytics (ETA) available on the Catalyst 8200 Series Edge Platforms?
A. Yes. The Catalyst 8200 Series Edge Platforms support ETA.
Q. Is Cisco Intrusion Prevention System (IPS) supported on the Catalyst 8200 Series Edge Platforms?
A. Yes. Signature-based IPS is supported through a Snort-based containerized application on C8200-1N-4T model.
Q. What is Cisco Snort IPS for the Catalyst 8200 Series Edge Platforms?
A. Cisco Snort IPS for the Catalyst 8200 Series Edge Platforms offers a lightweight threat defense solution that uses industry-recognized Snort open-source IPS technology. It is perfect for customers looking for a cost-effective solution that provides one box for both advanced routing capabilities and integrated threat defense security to help comply with regulatory requirements. Snort provides term-based subscription rule sets to keep current with the latest threats.
Q. Is content filtering supported on the Catalyst 8200 Series Edge Platforms?
A. Yes. Content filtering is supported on the Catalyst 8200 Series Edge Platforms using Cisco Umbrella Branch/Cisco Open DNS.
Q. What container-based security solutions are supported on the Catalyst 8200 Series Edge Platforms?
A. The C8200-1N-4T model offers Snort IDS/IPS, URL filtering, AMP, Secure Malware Analytics (formerly Threat Grid), and SSL proxy security solutions, to be deployed on service containers. Container-based security is not supported on the C8200L-1N-4T.
Q. What Layer 2 tunneling mechanisms are available on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms support Layer 2 Tunneling Protocol versions 2 and 3, Ethernet VPN (EVPN), and Virtual Private LAN Service (VPLS) as Layer 2 tunneling mechanisms.
Q. Do the Catalyst 8200 Series Edge Platforms support L2TPv3 and VPN over LTE connections?
A. Yes, deploying L2TPv3 and VPN over LTE connections is supported.
Q. What security solutions are offered within the Cisco IOS XE/XE SD-WAN code (not as containers) on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms support:
● Enterprise Firewall with Application Awareness.
● DNS web-layer security agent using Cisco Umbrella.
● Zone-based firewall.
● Network Address Translation (NAT).
● Cisco Umbrella Secure Internet Gateway (SIG) integration for SASE.
● Virtual Route Forwarding (VRF)-aware security.
● Anomaly detection and machine learning.
● Cisco TrustSec®.
● Identity-based networking (802.1X).
● Access Control Lists (ACLs).
● Control plane protection (CoPP).
● Role-based Command-Line Interface (CLI) access.
● Source-based Remotely Triggered Black Hole (RTBH) filtering.
● Secure Shell (SSH) v2.
● Unicast Reverse Path Forwarding (RPF).
Q. What features from the Cisco trustworthy solutions are offered on the Catalyst 8200 Series Edge Platforms?
A. The security features of trustworthy solutions include:
● Secure Boot with signed images and hardware anchoring with Secure Unique Device Identifier (SUDI).
● Secure storage.
● Run-time defenses.
● Authentication and integrity verification.
● Recovery mechanisms.
● Management plane protections.
Collaboration
Q. Do the Catalyst 8200 Series Edge Platforms support unified communications in XE SD-WAN mode?
A. Yes. The Catalyst 8200 Series Edge Platforms support unified communications in XE SD-WAN mode. For a list of supported features, refer to the XE SD-WAN release notes.
Q. Are older FXS analog NIMs supported on the Catalyst 8200 Series Edge Platforms?
A. No. Only the newer “P” versions, based on analog FXS NIMs, are supported on the Catalyst 8200 Series Edge Platforms. The “P” version was created due to the introduction of a new hardware component into the manufacturing process. There is no change in functionality from the non-P version.
| Platform |
| NIM-2FXSP |
| NIM-2FXS/4FXOP |
| NIM-4FXSP |
Q. What are the Cisco Packet Voice DSP Module version 4 (PVDM4) options on the Catalyst 8200 Series Edge Platforms for IP media services such as transcoding, conferencing, etc.?
A. In Cisco IOS XE mode, PVDM4 or NIM-PVDM modules can be used to support DSP Farm IP services.
In XE SD-WAN mode, only NIM-PVDM can be used for IP media services.
Q. Can I register IP phones on the Catalyst 8200 Series Edge Platforms with on-box Cisco Unified Communications Manager Express?
A. No. The Catalyst 8200 Series Edge Platforms do not support Cisco Unified Communications Manager Express on-box with Cisco IOS XE Release 17.4.1. However, they do support a Survivable Remote Site Telephony (SRST) feature that can be used to register IP phones at branch sites in case of a WAN outage.
Q. What high-density analog service modules are supported on the Catalyst 8200 Series Edge Platforms?
A. There is no high-density analog service module support.
Q. Do the Catalyst 8200 Series Edge Platforms support motherboard DSP?
A. There is no motherboard slot on the Catalyst 8200 Series Edge Platforms.
SD-WAN
Q. Do all Catalyst 8200 Series Edge Platforms support XE SD-WAN?
A. Yes. All the Catalyst 8200 Series Edge Platforms support XE SD-WAN. The following table shows the minimum version for each platform.
| Platform |
Minimum XE SD-WAN version |
| C8200-1N-4T |
17.4.1 |
| C8200L-1N-4T |
17.5.1 |
Q. What network modules are supported with XE SD-WAN?
Q. Is Cisco Firepower a supported service on the Catalyst 8200 Series Edge Platforms running XE SD-WAN?
A. No. There is no support for Cisco Firepower Threat Defense Virtual (FTDv) with Cisco IOS XE SD-WAN. An application-aware firewall, IPS/IDS, AMP, URL filtering, SSL proxy, DNS web layer, and Cisco Secure Malware Analytics (formerly Threat Grid) are the supported Cisco IOS XE SD-WAN security features integrated into the vManage dashboard.
Q. Is application hosting supported with XE SD-WAN?
A. No. Third-party applications are not supported with Cisco IOS XE SD-WAN. However, SD-WAN supports Snort IPS, URL filtering, AMP, Cisco Secure Malware Analytics (formerly Threat Grid), and SSL proxy as containers within the Cisco IOS XE SD-WAN code on the C8200-1N-4T. Container services are not supported on the C8200L-1N-4T.
Q. Is an HSEC license required with XE SD-WAN?
A. Yes. HSEC license is automatically added whenever customer selects T0 or above their Cisco DNA subscription. We have removed HSEC as a selectable option with in all C8300/C8200 HW ATOs.
Q. Is Smart Licensing supported with XE SD-WAN?
A. Yes. Smart Licensing is the only supported call-home feature on the Catalyst 8200 Series Edge Platforms running on Cisco IOS XE (autonomous mode) or XE SD-WAN (controller mode). For a more detailed overview on Cisco Licensing, go to
cisco.com/go/licensingguide.
Q. Is Network-Based Application Recognition (NBAR) supported with XE SD-WAN?
A. Yes, NBAR is supported.
Q. Which Cisco IOS XE SD-WAN features use services cores?
A. IPS/IDS, URL filtering, AMP, Cisco Secure Malware Analytics (formerly Threat Grid), SSL proxy, and TCP optimization use the services cores in the Catalyst 8200 Series (C8200-1N-4T model only).
SD-Routing
Q. Do all Catalyst 8200 Series Edge Platforms support SD-Routing?
A. Yes. All the Catalyst 8200 Series Edge Platforms support SD-Routing. The following table shows the minimum version for each platform.
| Platform |
Minimum XE SD-WAN version |
| C8200-1N-4T |
17.12.1a |
| C8200L-1N-4T |
17.12.1a |
Q. What are the software features supported in Cisco SD-WAN Manager for SD-Routing?
Application visibility
Q. How does a lack of visibility into applications impact overall IT operations?
A. Applications and users are more distributed than ever, and the internet has effectively become the new enterprise WAN. As organizations continue to embrace internet, cloud, and SaaS, network and IT teams are challenged to deliver consistent and reliable connectivity and application performance over networks and services they don’t own or directly control. Network teams often carry the burden of proving the network innocent when something goes wrong. Application issues might be assumed as network issues. Finger-pointing and cycles wasted searching for the source issues can lead to prolonged service disruptions that ultimately damage the revenue and reputation of the business.
Q. How does Cisco SD-WAN deliver greater application visibility?
A. Cisco SD-WAN is fully integrated with Cisco ThousandEyes in a turnkey solution that enables greater visibility for IT operators to drive optimal digital experience across the internet, cloud, and SaaS. With this turnkey solution, you can:
● Gain hop-by-hop visibility into network underlay, including detailed path and performance metrics.
● Measure and proactively monitor SD-WAN overlay performance and routing policy validation.
● Determine the reachability and performance of SaaS and internally owned applications.
● Establish network and application performance baselines across global regions before, during, and after deployment of SD-WAN to mitigate risk and establish/validate Key Performance Indicators (KPIs).
Q. What are the benefits of this expanded visibility?
A. With Cisco SD-WAN and ThousandEyes, IT managers can rapidly pinpoint the root cause of application and network disruptions, provide actionable insights, and accelerate resolution time.
● Lower Mean Time To Identification (MTTI) of issues: Fast root cause isolation and intuitive, easy-to-understand visualization of the entire service delivery chain.
● Eliminate wasteful finger-pointing: Correlated visibility across the application, hop-by-hop network path, underlay and overlay performance, and internet routing to immediately isolate issues to the right problem domain (network or application) and responsible party (internal team or external service).
● Enable effective escalation: Concrete proof to successfully escalate issues to providers and effectively manage Operational- Level Agreements (OLAs) and Service-Level Agreements (SLAs).
Q. What is Cisco ThousandEyes?
A. Cisco ThousandEyes enables enterprises that are increasingly dependent on internet, cloud, and SaaS to see, understand, and improve digital experiences for customers and employees. Its end-to-end visibility from any user to any application, over any network, enables enterprises to quickly pinpoint the source of issues, get to a resolution faster, and measure and manage the performance of what matters.
ThousandEyes collects multilayer telemetry data from vantage points distributed throughout the internet, as well as in enterprise data centers and cloud, branch, and campus environments, providing detailed metrics from between those vantage points and applications and services distributed throughout the globe. The result is real insight into application experience and every underlying dependency, whether network, service, or application related.
Q. How is Cisco SD-WAN integrated with ThousandEyes?
A. Cisco SD-WAN is the only SD-WAN solution with turnkey ThousandEyes vantage points. This solution is supported on eligible Cisco Catalyst 8200 Series platforms. Existing customers can expedite ThousandEyes agent deployment with vManage integration and enable faster time to value for their IT operators.
Q. What are the minimum requirements for ThousandEyes?
A. ThousandEyes is natively integrated with eligible Cisco Catalyst 8200 Series Edge Platforms with a minimum of 8 GB DRAM and 8 GB bootflash/storage. Additional memory and storage will be necessary for concurrently running a ThousandEyes agent with containerized SD-WAN security services.
Q. How is ThousandEyes ordered?
A. Customers can leverage existing ThousandEyes subscriptions with eligible Catalyst 8200 Series Edge Platforms.
● Existing ThousandEyes customers can use their available ThousandEyes license and units toward new tests.
● New ThousandEyes customers will need to purchase a ThousandEyes license to activate the ThousandEyes agent.
Licensing
Q. What is the software packaging and traditional licensing model for the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms include the following Cisco DNA license packaging:
● Cisco DNA Premier with Perpetual Network Advantage
● Cisco DNA Advantage with Perpetual Network Advantage
● Cisco DNA Essentials with Perpetual Network Essentials
Q. Is the software packaging on the Catalyst 8200 Series Edge Platforms similar to that for the ISR4000, which is Right-To-Use (RTU)-based?
A. No. The Catalyst 8200 Series Edge Platforms support only Cisco DNA subscription-based licensing. The ISR4000 has RTU and enforcement-based software packaging (known as honor-based) and supports both perpetual and Cisco DNA subscription-based licensing.
Q. What are the export and import requirements for strong encryption?
A. The strong enforcement of encryption capabilities provided by Cisco software activation satisfies requirements for the export of encryption capabilities, so non-k9 images are no longer needed. However, some countries have import requirements that require the release of the source code for strong payload (VPN) encryption features. To satisfy the import requirements of those countries, a universal image that lacks strong payload encryption is available. This image is identified by the “universalk9_npe” designation in the image name. The universal image with strong payload encryption is recognized by the “universalk9” tag. This image satisfies both import and export requirements for virtually all countries.
Q. Are performance and boost licenses available with the Catalyst 8200 Series Edge Platforms?
A. No. The Catalyst 8200 Series Edge Platforms are not limiting technical throughput. However, to be compliant with the Cisco DNA licensed bandwidth tiers, you will choose a bandwidth tier that accurately reflects your actual WAN usage.
Q. What are the Cisco DNA license bandwidth tiers?
A. Bandwidth tiers are chosen within the Cisco DNA license subscription. The chosen tier should reflect the actual usage of the WAN connection.
Q. How do I know which bandwidth tier to choose?
A. Estimate the total aggregated usage of your WAN and divided by 2 to find the compliant bandwidth tier. However, only IPsec and SD-WAN traffic is charged by the license. Unencrypted non-SD-WAN traffic is free of charge. See more details below.
SD-WAN:
Choose a bandwidth tier based on all WAN (VPN0) traffic
Any traffic in the Transport VRF (VPN0) going to or coming from the WAN:
● IPsec between SD-WAN sites
● IPsec to zScaler, SIG, or any other non-SD-WAN IPsec
● GRE traffic (no crypto)
● Direct internet traffic (no crypto)
Traffic to and from the SD-WAN service side (LAN) is not charged by the Cisco DNA bandwidth license.
Non-SD-WAN encrypted traffic:
Choose the bandwidth tier based only on the IPsec traffic
Only encrypted traffic:
Pick a Cisco DNA license bandwidth tier only for the amount of encrypted traffic in IPsec tunnels.
Non-crypto traffic is not charged by the Cisco DNA bandwidth license.
Non-SD-WAN unencrypted traffic:
Choose the lowest bandwidth tier applicable to your platform
Unencrypted traffic is not charged by the Cisco DNA bandwidth license, but you will still have to pick a bandwidth tier.
Pick the lowest possible bandwidth tier for your platform, which is T0 for the Catalyst 8200 and 8300 Series and T3 for the Catalyst 8500 Series.
Non-crypto traffic is not charged by the license. You can run to maximum technical capacity and still be compliant.
Q. What is an HSEC license?
A. HSEC is an add-on license above the Security (SEC) technology package license that provides export controls for strong levels of encryption. HSEC is available to customers in all currently non-embargoed countries, as listed by the U.S. Department of Commerce. Without an HSEC license, SEC performance is limited to 1000 tunnels and a total of 250 Mbps of IPsec throughput in each direction. An HSEC license removes this limitation. Because of these export control requirements, the HSEC license requires installation of a license key file to activate. In other words, HSEC is not an RTU license.
Q. Is an HSEC license offered on the Catalyst 8200 Series Edge Platforms to achieve greater cryptographic tunnel count and throughput?
A. Yes, an HSEC license is required for greater cryptographic tunnel count and throughout.
Q. Is an HSEC license included in a Cisco DNA bandwidth license tier?
A. A HSEC is auto populated whenever customer selects T0 or above Tier Cisco DNA subscription.
Q. Do the Catalyst 8200 Series Edge Platforms support Smart Licensing?
A. Yes. Smart Licensing is the only mode of call-home features supported on the Catalyst 8200 Series Edge Platforms. For a more detailed overview on Cisco Licensing, go to
cisco.com/go/licensingguide.
Q. What are the Cisco DNA subscription offers for SD-WAN?
A. The subscription licensing offers are Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier for SD-WAN. Similar to the subscription offers for switching and wireless, these are nested SKUs and represent good, better, and best offers. They are available as 3-year or 5-year subscriptions.
Q. Are the Cisco DNA subscriptions term based or perpetual?
A. Cisco DNA Subscription consists of two license stacks.
For SDWAN - Cisco DNA Stack: Term-based which includes all the newest/latest Cisco DNA features and controller entitlements (VMANAGE/DNACENTER). This license stack expires at the expiry of the Cisco DNA term. Upon expiry, you will lose all controller entitlements.
For Non-SDWAN - Network Stack: Perpetual, which includes all the legacy RTU licenses such as SEC, UC, APPX, AX. This license stack stays for perpetuity even after the Cisco DNA term expires. No need to renew. When configuring a C8200 series router in Non-SDWAN (AUTO) mode, choose lowest subscription term, 3Y.
Q. What is the top-line view of the Cisco DNA subscription offers for SD-WAN and routing?
A. At a high level, Cisco DNA Essentials offers:
● Unlimited WAN overlay.
● Cisco vManage for centralized management—cloud or on-premises.
● Flexible topology, including hub and spoke, partial mesh, and full mesh.
● Application-based policies, including application-aware routing policies.
● Basic SD-WAN security services, including:
◦ Layer 3/Layer 4/Application-Aware Firewall
◦ Snort IPS/IDS with Talos® signature updates
● DNS monitoring and connector for Cisco Umbrella.
● Basic path optimization capabilities, including Forward Error Correction (FEC).
● Dynamic routing protocols (Open Shortest Path First [OSPF] and Border Gateway Protocol [BGP]).
Cisco DNA Advantage adds:
● Unlimited segmentation.
● Cisco vAnalytics.
● Cloud OnRamp for Infrastructure as a Service (IaaS).
● Advanced security services including:
◦ URL Filtering
◦ Cisco AMP
◦ Cisco Umbrella cloud-app discovery
Cisco DNA Premier adds:
● Cisco Umbrella SIG Essentials
For further details on the Cisco DNA for SD-WAN and Routing subscription offers, review the SD-WAN and Routing Feature Matrix: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html.
For more information about specific Cisco DNA subscription features, refer to:
● SD-WAN business decision maker PowerPoint presentation.
● SD-WAN technical decision maker PowerPoint presentation.
● Cisco DNA Subscription Software for SD-WAN and Routing business decision maker PowerPoint presentation.
Application hosting
Q. Can my application be hosted on the bootflash?
A. No. Application hosting requires dedicated storage locations and is disabled in the bootflash.
Q. Is Docker supported in the Catalyst 8200 Series Edge Platforms?
A. No. Docker applications are not supported in the Catalyst 8200 Series Edge Platforms.
Q. Do the Catalyst 8200 Series Edge Platforms support Python programmability?
A. Yes. The Catalyst 8200 Series Edge Platforms support Python programmability in Cisco IOS XE (autonomous mode).
Python programmability provides users with the ability to control devices running the Cisco IOS XE operating system in autonomous mode by running Python code that makes use of APIs. It has multiple use cases, such as:
● Interactive Python prompts.
● Running Python scripts.
● Cisco IOS Embedded Event Manager.
● Zero-touch provisioning.
Note: Above is only supported on C8200-1N-4T.
Q. What is the minimum platform requirement for application hosting?
A. 8 GB of DRAM is required as the minimum for application hosting. The C8200-1N-4T platform is shipped with a default of 8 GB of DRAM, while the C8200L-1N-4T is shipped with a default of 4GB of DRAM. Moreover, application hosting is supported only on C8200- 1N-4T model and C8300 edge platforms.
Q. How does Zero-Touch Provisioning (ZTP) work on the Catalyst 8200 Series Edge Platforms?
A. When a Catalyst 8200 Series Edge Platform boots up and does not find the startup configuration, the device enters ZTP mode. The device locates a Dynamic Host Control Protocol (DHCP) server; bootstraps itself with its interface IP address, gateway, and DNS server IP address; and enables Guest Shell. The device then obtains the IP address or URL of a Trivial FTP (TFTP) server and downloads the Python script to configure the device.
Guest Shell provides the environment for the Python script to run. It executes the downloaded Python script and configures the device for day zero. After day-zero provisioning is complete, Guest Shell remains enabled.
Management
Q. What management options are available for the Catalyst 8200 Series Edge Platforms for centralized orchestration, management, and monitoring?
A. The Catalyst 8200 Series Edge Platforms can be managed and monitored via:
● Cisco DNA Center.
● Cisco vManage.
● Software-based local WebUI.
Q. What management capabilities are available on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms support management via:
● CLI.
● Simple Network Management Protocol (SNMP).
● Onboard Cisco IOS XE software WebUI.
● NETCONF, RESTCONF, and YANG models.
Q. What programmability capabilities are available on the Catalyst 8200 Series Edge Platforms?
A. The Catalyst 8200 Series Edge Platforms open a completely new paradigm in network configuration, operation, and monitoring through network automation. The Cisco automation solution is open, standards-based, and extensible across the entire network lifecycle of a network device.
● Device provisioning: Through Plug and Play (PnP), ZTP, and Preboot Execution (PXE).
● Configuration: Model-driven operation through open APIs over NETCONF/RESTCONF and Python scripting.
● Customization and monitoring: Streaming telemetry.
Q. Can the Catalyst 8200 Series Edge Platforms be managed through Cisco Prime
® Infrastructure?
A. C8200-1N-4T can be managed through Cisco Prime Infrastructure. C8200L-1N-4T is currently not supported on Cisco Prime Infrastructure.
Q. Do the Catalyst 8200 Series Edge Platforms include a local management capability?
A. Yes, the Cisco IOS XE WebUI is supported on the Catalyst 8200 Series Edge Platforms.