Platform
Q. What is the Cisco
® Catalyst
® 8200 Series Edge uCPE?
A. The Cisco Catalyst 8200 Series Edge uCPE is an evolution of the Cisco 5100 Enterprise Network Compute System (ENCS 5100), designed for Secure Access Service Edge (SASE), Software-Defined WAN (SD-WAN), and 5G-based architectures. It is a hybrid platform that combines the best attributes of a traditional router and a traditional server while offering the same functionality with a smaller infrastructure footprint. Offered with the Cisco Catalyst 8000V Edge Software and Cisco Enterprise NFV Infrastructure Software (NFVIS) as the hosting layer, the platform offers a complete solution for a simplified deployment. It also accelerates some functions in hardware such as inter-VM traffic flows, IP Security (IPsec) crypto, and SSD storage. New capabilities include a Pluggable Interface Module (PIM) for cellular connectivity and Nonvolatile Memory Express (NVMe) storage. This platform delivers a new standard of software-defined flexibility and offers a lower Total Cost of Ownership (TCO).
Q. What is the model number of the Cisco Catalyst 8200 Edge uCPE?
A. C8200-uCPE-
1N8: Catalyst 8200 uCPE with 8 cores, 1 NIM slot, 4x 1G ports and 2x 1G SFP ports.
Q. What are the key differences between the ENCS 5100 and Catalyst 8200 Series Edge uCPE?
A. The Catalyst 8200 Series Edge uCPE offers the following key benefits:
● Eight x86 CPU cores with Single-Root I/O virtualization (SR-IOV)-capable Network Interface Cards (NICs) for maximizing throughput
● Dedicated PIM slot for CAT18 LTE support and future 5G readiness
● NIM can be used for additional LTE or other types of WAN/LAN connections
● 16 to 64 GB of DRAM to host two or three VNFs
● Pluggable NVMe storage up to 2 TB and Small-Form-Factor (SFF) 2.5-inch pluggable storage up to 4 TB that allows for hosting caching and storage-intensive applications
Q. What are the key capabilities of the Catalyst 8200 Series Edge uCPE?
A. The Catalyst 8200 Series Edge uCPE offers SD-WAN capabilities along with the ability to service-chain other rich network and security services such as firewall, WAN optimization, wireless LAN controller, and other applications. With eight CPU cores, two to three services can be hosted on the platform, allowing for a converged SD-Branch.
Q. What is the naming convention for the Cisco Catalyst 8200 Series Edge uCPE?
A. Each part of the product ID is outlined as follows:
C = standard Product ID (PID) prefix
8200 = platform series
uCPE = Universal Customer Premises Equipment (uCPE)
1N8 = number of NIM slots and CPU cores supported. 1N8 supports one NIM on an 8-core platform.
Q. Where do I position the Catalyst 8200 Series Edge uCPE in comparison to the Cisco 5400 ENCS (ENCS 5400) platform?
A. The Catalyst 8200 Series Edge uCPE is positioned for lean and small enterprise branch offices with an aggregate performance requirement of up to 250 Mbps bidirectional (500 Mbps aggregate) IPsec performance. It supports a rich set of branch-optimized services that encompass routing, security, application hosting, and edge compute.
The ENCS 5400 platforms offer up to 12 cores that allow for hosting more applications at a higher performance, suited for medium-sized branches.
Q. What are the available onboard Ethernet options (front panel Gigabit Ethernet)?
A. The onboard Ethernet options are outlined in the following table:
| Platform |
Gigabit Ethernet (RJ-45) |
Gigabit Ethernet (SFP) |
10 Gigabit Ethernet SFP+ |
| C8200-UCPE-1N8 |
4 |
2 |
0 |
Q. What are the different NIM hardware configuration options for the Catalyst 8200 Series Edge uCPE?
A. PIM and NIM hardware configuration options are shown in the following table:
| Platform |
Single-wide SM |
Double-wide SM |
NIM |
PIM |
| C8200-UCPE-1N8 |
0 |
0 |
1 |
1 |
Q. Is medium dependent interface crossover (MDI crossover or MDI-X) supported on the four onboard RJ-45 Ethernet interfaces?
A. Yes.
Q. What are the different memory configuration options for the Catalyst 8200 Series Edge uCPE?
A. NFVIS uses 4 GB of DRAM in the Catalyst 8200 Series Edge uCPE. The remaining memory can be allocated to Virtual Network Functions (VNF) services. Memory configuration options are shown in the following table:
| Platform |
Total default DRAM |
NFVIS system RAM |
Memory upgrade options |
| C8200-uCPE-1N8 |
16 GB |
4 GB |
Upgrades to 32 GB, 64 GB |
Q. What are the external storage options available on the Catalyst 8200 Series Edge uCPE?
A. There is one M.2 storage slot on the Catalyst 8200 Series Edge uCPE that supports an M.2 USB or M.2 NVMe SSD card. In addition, there is an SFF drive slot where SSD or SATA drives can be used, providing up to 4 TB of storage.
Q. Is the Catalyst 8200 Series Edge uCPE fanless?
A. No, the Catalyst 8200 Series Edge uCPE has two fans.
Q. Can the Catalyst 8200 Series Edge uCPE handle the failure of a fan?
A. No, both fans are expected to be functional for proper ventilation and airflow.
Q. Is a rack-mount kit available for the Catalyst 8200 Series Edge uCPE? How do I order it?
A. A rack-mounting bracket is part of the default accessory kit and ships with the Catalyst 8200 Series Edge uCPE.
Q. How can I calculate the Mean Time Between Failures (MTBF) information for the Catalyst 8200 Series Edge uCPE with the PIMs?
A. The MTBF for the C8200-uCPE-1N8 is 671,696 hours.
Q. Is there an out-of-band GigabitEthernet0 management interface on the Catalyst 8200 Series Edge uCPE?
A. Yes. One of the six Gigabit Ethernet ports can be used as an out-of-band management interface.
Q. What does the default accessory kit include?
A. The default accessory kit includes:
● Mechanical ground lug, 90 feet per screw kit
● Rack-mounting bracket kit
● Shipping label
● Document pointer card for Cisco router
Q. Is Online Insertion and Removal (OIR) supported on the Catalyst 8200 Series Edge uCPE?
A. Yes, OIR is supported on the Catalyst 8200 Series Edge uCPE for the following scenarios:
● Surprise insertion or removal of any NIM in the NIM slot
● Surprise insertion or removal of a PIM LTE module
Q. Is a console port available on the Catalyst 8200 Series Edge uCPE?
A. The Catalyst 8200 Series Edge uCPE includes a regular RJ-45 console port.
Q. Is an RFID tag available on the Catalyst 8200 Series Edge uCPE?
A. No. The Catalyst 8200 Series Edge uCPE includes a label tray with a QR code.
Q. What different types of modules are supported on the Catalyst 8200 Series Edge uCPE?
A. All the NIMs supported on the ENCS 5400 are supported. Analog and TDM voice termination is not supported; Catalyst 8300 Series Edge Platforms would be suitable for secure WAN edge and voice integration.
PIMs such as the CAT4, CAT6, and CAT18 are supported. Refer to the Catalyst 8200 Series Edge uCPE data sheet for a complete list of modules.
Q. Is a QR code available on the Catalyst 8200 Series Edge uCPE?
A. Yes, a QR code is printed on the label tray for all the Catalyst 8200 Series Edge uCPE. The same QR code label will be printed on the shipping box label as well for easy access to the platform details without the need to open the shipping box.
Q. Is the Catalyst 8200 Series Edge uCPE Network Equipment Building System (NEBS) certified?
A. No, because there is no support for a DC power supply.
Power
Q. What power cables work with the Catalyst 8200 Series Edge uCPE?
A. All power-supply options for the Catalyst 8200 Series Edge uCPE use a standard IEC C13 connector.
Q. Are the power supplies in the Catalyst 8200 Series Edge uCPE Field-Replaceable Units (FRUs)?
A. No. The single power supply for the Catalyst 8200 Series Edge uCPE is fixed to the chassis and upon failure an RMA would be the option.
Q. What ports are PoE-capable on the Catalyst 8200 Series Edge uCPE?
A. NIM-ES2-8-P supports PoE-capable ports on the Catalyst 8200 Series Edge uCPE.
Q. Does the Catalyst 8200 Series Edge uCPE support an external power supply?
A. Yes, the Power over Ethernet (PoE) power supply is an external adapter. However, the integrated power supply must be used in conjunction with the external PoE adapter. The external PoE adapter cannot be used alone.
Q. Are the PoE interfaces PoE+ and Universal PoE (Cisco UPOE
®)?
A. The PoE adapter is PoE+ only. Also, the NIM supports only PoE+.
Q. Does the Catalyst 8200 Series Edge uCPE support redundant power supplies?
A. No, the Catalyst 8200 Series Edge uCPE has a single integrated AC power supply. Use of the internal power supply is required at all times.
Interfaces and modules
Q. What is the maximum number of storage options that can be present in the Catalyst 8200 Series Edge uCPE?
A. There is one M.2 storage slot on the Catalyst 8200 Series Edge uCPE that supports an M.2 USB or M.2 NVMe SSD card. In addition, there is an SFF drive slot where SSD or SATA drives can be used.
Q. Are SSDs supported on the Cisco Catalyst 8200 Series Edge uCPE?
A. Yes, 600-GB and 2-TB M2 NVMe SSDs are supported. In addition, 480-GB, 960-GB, and 4-TB SSDs are supported in the SFF drive slot. The SFF storage drive can be configured as a backup for the VNFs provisioned in NVMe storage.
Q. Is the SSD card field-upgradable or replaceable?
A. Yes, the NVMe and the SFF drive slot SSD card are field-replaceable. The M.2 is an external slot that is accessible without having to unrack the platform or open the chassis.
Q. Is Online Insertion and Removal (OIR) possible on the M.2 USB and in NVMe SSD storage?
A. Yes, OIR is supported for the M.2 storage.
Q. Is there a module that supports 10G ports?
A. 10G is not supported in the Catalyst 8200 Series Edge uCPE.
Q. Is LTE supported?
A. The CAT6 LTE NIMs supported on the 4000 Series ISRs are compatible with the Catalyst 8200 Series Edge uCPE. Also, a PIM slot can enable cellular support for LTE CAT6/CAT18. In addition, new Catalyst cellular gateway devices will be supported on these platforms, providing deployment flexibility.
NIM access is enabled by the Catalyst 8000V. Currently, the PIM LTE module is used for day-0 configuration.
Q. Is LTE Advanced supported?
A. Yes, the Catalyst 8200 Series Edge uCPE supports NIM-LTEA-EA and NIM-LTEA-LA. The theoretical speeds are 300 Mbps downlink and 50 Mbps uplink.
Q. Is LTE Advanced Pro supported?
A. Yes, the Catalyst 8200 Series Edge uCPE supports a P-LTEAP18-GL-pluggable LTE module. Also, the Cisco Catalyst cellular gateway can be directly connected to these platforms for CAT18 support. The theoretical speeds are 1200 Mbps downlink and 150 Mbps uplink.
Q. Can the Catalyst 8200 Edge uCPE support dual SIMs?
A. Yes, the NIM and PIM modules support dual SIMs, but they can work only in active-standby mode. (The exception is the CAT4 Verizon Pluggable module, which has a single SIM slot.)
Q. Can the Catalyst 8200 Series Edge uCPE support dual radios?
A. No, the Catalyst 8200 Series Edge uCPE supports only one pluggable LTE module.
Q. Can the Catalyst 8200 Series Edge uCPE support older 3G/4G standards?
A. Yes, the Catalyst 8200 Series Edge uCPE supports 3G and is able to fall back from LTE to 3G.
Q. What broadband technologies are supported?
A. We have NIMs that support multimode VDSL2/ADSL/2/2+ NIM Annex A, B, and M.
Q. What Small Form-Factor Pluggable (SFP) interfaces are used with the Catalyst 8200 Series Edge uCPE?
A. All the SFPs supported on the ENCS 5400 are compatible with the Catalyst 8200 Series Edge uCPE.
NFVIS
Q. What are the key capabilities of the host OS on the Catalyst 8200 Series Edge uCPE?
A. NFVIS is the Linux/KVM-based host OS. In addition to hypervisor capabilities, NFVIS offers network-appliance-like lifecycle management. Key capabilities include:
● Zero-touch deployment, Plug and Play (PnP), Secure Overlay, Datagram Transport Layer Security (DTLS)
● VNF lifecycle management, snapshot backup and restore for faster service restoration
● Open vSwitch (OVS) with Data Plane Development Kit (DPDK) and SR-IOV to accelerate network traffic
● Role-based access control
● Infrastructure security, access security, VNF resource segmentation and security
● Software upgrade and rollback
● Streaming telemetry for management; Simple Network Management Protocol (SNMP) v2 and v3 are also supported
Q. What is the minimum version of NFVIS supported on the Catalyst 8200 Series Edge uCPE?
A. NFVIS4.4.1FC2 is the minimum NFVIS release required with the Catalyst 8200 Series Edge uCPE.
Q. Are third-party VNFs supported in the Catalyst 8200 Series Edge uCPE?
A. Yes, third-party VNFs that are proven to work in a KVM environment can be supported on the Catalyst 8200 Series Edge uCPE. There is a third-party VNF certification program that helps with solution-level TAC support.
Q. Is Docker supported in the Catalyst 8200 Series Edge uCPE?
A. No, Docker applications are not natively supported in the Catalyst 8200 Series Edge uCPE. Docker containers can be hosted in a Linux VM provisioned on NFVIS.
Q. Does the Catalyst 8200 Series Edge uCPE support Python programmability?
A. No, NFVIS does not expose a guest shell for programmability. Command-Line Interface (CLI), local UI, NETCONF, and REST API are programming methods, while the orchestrators use NETCONF or REST APIs for provisioning and management.
Q. What are the considerations to maximize throughput in the VNF service chain?
A. The NFVIS software layer is tuned for maximizing performance. In addition, the following are some considerations to maximize performance in the VNF services deployed:
● Choice of platform (CPU, memory specs, and the hardware architecture)
● CPU, memory, and storage resources allocated to the VNF (two vCPUs vs. four vCPUs, dedicated vs. shared)
● Method of service chain OVS, OVS DPDK vs. SR-IOV
● Level of tuning within the VNF itself
Catalyst 8000V Edge Software
Q. What Cisco IOS
® Software is available for the Cisco Catalyst 8200 Series Edge uCPE?
A. Catalyst 8000V is supported on the Catalyst 8200 Series Edge uCPE. Catalyst 8000V is a single Cisco IOS XE binary file that can operate in autonomous mode (Cisco IOS XE) or controller mode (XE SD-WAN).
Q. Does Catalyst 8000V on the Catalyst 8200 Series Edge uCPE have feature parity with the 4000 Series ISRs?
A. Yes, except for the unified collaboration/voice media termination features.
Q. Does Catalyst 8000V on the Catalyst 8200 Series Edge uCPE support Cisco Umbrella
®?
A. Yes, Catalyst 8000V supports Cisco Umbrella on the Catalyst 8200 Series Edge uCPE.
Q. Is Wide Area Application Services (WAAS) supported on the Catalyst 8200 Series Edge uCPE?
A. vWAAS is supported as a VNF in the service chain.
Q. Do Cisco routers support NETCONF and YANG?
A. Yes, Catalyst 8000V on the Catalyst 8200 Series Edge uCPE supports NETCONF operations and YANG modeling using a combination of industrywide common models and Cisco specific models.
Q. Is Suite-B or Next-Generation Encryption (NGE) support available on the Catalyst 8200 Series Edge uCPE?
A. Yes, Suite-B and NGE support is available on Catalyst 8000V with the Catalyst 8200 Series Edge uCPE as part of the initial release.
Q. Is Cisco Encrypted Traffic Analytics (ETA) supported on the Catalyst 8200 Series Edge uCPE?
A. Yes, ETA is supported on Catalyst 8000V with the Catalyst 8200 Series Edge uCPE.
Q. Is Quality of Service (QoS) supported on the Catalyst 8200 Series Edge uCPE?
A. Yes, comprehensive and flexible QoS models are supported on Catalyst 8000V for traffic classification, shaping and policing, marking, queueing, and scheduling on both egress and ingress. NFVIS does not have support for QoS natively.
Q. Does the Catalyst 8200 Series Edge uCPE have certifications such as Common Criteria and Evaluation Assurance (EAL)?
A. Common Criteria and EAL certification are present for the Catalyst 8200 Series Edge uCPE.
Q. Does the Catalyst 8200 Series Edge uCPE have certifications such as Federal Information Processing Standards (FIPS)?
A. The Catalyst 8200 Series Edge uCPE supports FIPS 140-2 Level 1 for both the hardware and software.
Q. How can I order Cisco Catalyst SD-WAN support on the Catalyst 8200 Series Edge uCPE?
A. SD-WAN support on the Catalyst 8200 Series Edge uCPE is available with Catalyst 8000V and a Cisco DNA subscription. Subscription options are available in 3-year and 5-year terms. Feature support may be provided for the Essentials, Advantage, and Premier licensing levels with two deployment models: on-premises or in the cloud.
Q. Is Catalyst 8200 Series Edge uCPE supported on Cisco DNA Center?
A. No. Cisco SD-WAN Manager and MSX are the orchestration and management systems for the Catalyst 8200 Series Edge uCPE.
Q. Is wireless LAN supported on the Catalyst 8200 Series Edge uCPE?
A. No, wireless LAN hardware is not supported on the Catalyst 8200 Series Edge uCPE. Cisco Catalyst 9800-CL Wireless Controller for Cloud can be hosted as a network service.
Security
Q. What features from the Cisco trustworthy solutions are offered on the Catalyst 8200 Series Edge uCPE?
A. The security features of trustworthy solutions include:
● Secure Boot with signed images and hardware anchoring with Secure Unique Device Identifier (SUDI)
● Secure storage
● Run-time defenses
● Authentication and integrity verification
● Recovery mechanisms
● Management plane protections
Q. Does the Catalyst 8200 Series Edge uCPE have separate hardware to accelerate VPN operations?
A. Yes, this platform has a dedicated Intel
® QuickAssist Technology (QAT) chip to offload the crypto processing in the data plane. All the encryption and decryption of the crypto packet with Catalyst 8000V happens in the QAT chip. NFVIS Secure Overlay does not use QAT.
Q. What VPN technologies are supported on the Catalyst 8200 Series Edge uCPE?
A. The Catalyst 8200 Series Edge uCPE supports IPsec secure overlay for out-of-band management of the platform. There is integration with Border Gateway Protocol (BGP) routing in NFVIS for ease of underlay vs. overlay routing.
In addition, Catalyst 8000V will provide the following VPN technologies for protecting user data traffic: FlexVPN, Dynamic Multipoint VPN (DMVPN), Group Encrypted Transport VPN (GETVPN), and EasyVPN Server.
Q. Is WAN MACsec supported in the Catalyst 8200 Series Edge uCPE on Ethernet ports?
A. No, WAN MACsec is not supported in the onboard Gigabit Ethernet interfaces. The next-generation Layer 3 NIM is required to support WAN MACsec.
Q. Is Cisco Intrusion Prevention System (IPS) supported on the Catalyst 8200 Series Edge uCPE?
A. Yes, signature-based IPS is supported on the Catalyst 8200 Series Edge uCPE through Catalyst 8000V and the Snort
® engine. The Catalyst 8200 Series Edge uCPE supports Next-Generation IPS (NGIPS) through Cisco Firepower
® hosted as a VNF instance.
Q. What is Cisco Snort IPS for Catalyst 8000V on the Catalyst 8200 Series Edge uCPE?
A. Cisco Snort IPS for Catalyst 8000V offers a lightweight threat defense solution that uses industry-recognized Snort open-source IPS technology. It is perfect for customers looking for a cost-effective solution that provides one box for both advanced routing capabilities and integrated threat defense security to help comply with regulatory requirements. Snort provides term-based subscription rule sets to keep current with the latest threats.
Q. What container-based security solutions are supported on the Catalyst 8200 Series Edge uCPE?
A. Catalyst 8000V on the Catalyst 8200 Series Edge uCPE offers Snort IDS/IPS, URL Filtering, Advanced Malware Protection (AMP), Threat Grid, and SSL Proxy security solutions, to be deployed inside the service containers.
Q. What security solutions are offered on the Catalyst 8200 Series Edge uCPE embedded within the Cisco IOS XE/XE SD-WAN code (not as containers)?
A. Catalyst 8000V supports Enterprise Firewall with Application Awareness and DNS web layer security using Cisco Umbrella. They are embedded security features in Catalyst 8000V hosted on the Catalyst 8200 Series Edge uCPE.
Q. Are any other security solutions offered on the Catalyst 8200 Series Edge uCPE?
A. Catalyst 8000V on the Catalyst 8200 Series Edge uCPE supports:
● Zone-based firewall
● Network Address Translation (NAT)
● Virtual Route Forwarding (VRF)-aware security
● Anomaly detection and machine learning
● Cisco TrustSec®
● Identity-based networking (802.1X)
● Access Control Lists (ACLs)
● Control plane protection (CoPP)
● Role-based CLI access
● Source-based Remotely Triggered Black Hole (RTBH) filtering
● Secure Shell (SSH) v2
● Unicast Reverse Path Forwarding (RPF)
Collaboration
Q. Does the Catalyst 8200 Series Edge uCPE support unified communications in XE SD-WAN mode?
A. No, the Catalyst 8200 Series Edge uCPE does not support unified communications in XE SD-WAN mode.
Cisco Catalyst SD-WAN
Q. Does the Catalyst 8200 Series Edge uCPE support XE SD-WAN?
A. Yes, the Catalyst 8200 Series Edge uCPE supports XE SD-WAN and vEdge Cloud.
| Platform |
Minimum XE SD-WAN version |
Minimum vEdge Cloud version |
| C8200-uCPE-1N8 |
17.4.1 |
20.4.1 |
Q. Is Cisco Firepower a supported service on the Catalyst 8200 Series Edge uCPE running XE SD-WAN?
A. Yes, a service chain can be created with Catalyst 8000V and Cisco Firepower Threat Defense Virtual (FTDv).
Q. Is application hosting supported with XE SD-WAN?
A. No. Third-party applications are not supported with XE SD-WAN. XE SD-WAN supports Snort IPS, URL Filtering, AMP, Threat Grid, and SSL Proxy as containers within the XE SD-WAN code.
Q. Is a High Security (HSEC) license required with XE SD-WAN?
A. No, the highest encrypted throughput supported on the Catalyst 8200 Series Edge uCPE is 250 Mbps bidirectional (500 Mbps aggregate) with a Tier 2 license. Therefore, an HSEC license won’t be required.
Q. Is Smart Licensing supported with XE SD-WAN?
A. Smart Licensing will be the only supported call-home feature on Catalyst 8000V Cisco IOS XE (autonomous mode) or XE SD-WAN (controller mode).
Q. Is Network-Based Application Recognition (NBAR) supported with XE SD-WAN?
A. Yes, NBAR is supported.
Q. Which XE SD-WAN features use services cores?
A. IPS/IDS, URL Filtering, AMP, Threat Grid, SSL Proxy, and TCP optimization use the services cores in the Catalyst 8000 Series Edge uCPE.
Licensing
Q. What is the software packaging and traditional licensing model for Catalyst 8000V on the Catalyst 8200 Series Edge uCPE?
A. One of the following Cisco DNA license packages must be chosen with Catalyst 8000V on the Catalyst 8200 Series Edge uCPE:
● Cisco DNA Essentials with Perpetual Network Essentials
● Cisco DNA Advantage with Perpetual Network Advantage
● Cisco DNA Premier with Perpetual Network Advantage
Q. Is the Catalyst 8000V software packaging on the Catalyst 8200 Series Edge uCPE similar to that for the 4000 Series ISRs, which is Right-To-Use (RTU)-based?
A. No, Catalyst 8000V on the Catalyst 8200 Series Edge uCPE supports only Cisco DNA subscription-based licensing. The 4000 Series ISRs have RTU and enforcement-based software packaging (known as honor-based) and support both perpetual and Cisco DNA subscription-based licensing.
Q. What about export and import requirements for strong encryption?
A. The strong enforcement of encryption capabilities provided by Cisco software activation satisfies requirements for the export of encryption capabilities, so non-k9 images are no longer needed. However, some countries have import requirements that require the release of the source code for strong payload (VPN) encryption features. To satisfy the import requirements of those countries, a universal image that lacks strong payload encryption is available. This image is identified by the “universalk9_npe” designation in the image name. The universal image with strong payload encryption is recognized by the “universalk9” tag. This image satisfies both import and export requirements for virtually all countries.
Q. How is the throughput of the Catalyst 8200 Series Edge uCPE defined? Can the throughput of the platform vary based on the services that I run on the router?
A. Catalyst 8000V supports pay-as-you-grow throughput. The platform comes with a default throughput. The Cisco DNA bandwidth tier licensing increases the throughput to a higher level. Up to 250 Mbps bidirectional (500 Mbps aggregate) throughput is supported with Tier 2 licensing.
Q. Are performance and boost licenses available with Catalyst 8000V on the Catalyst 8200 Series Edge uCPE?
A. No, the performance is truly based on Cisco DNA subscription bandwidth tiers.
Q. Is an HSEC license offered on the Catalyst 8200 Series Edge uCPE to achieve greater cryptographic tunnel count and throughput?
A. No, HSEC licensing is not supported on the Catalyst 8200 Series Edge uCPE because the platform supports only up to 250 Mbps bidirectional (500 Mbps aggregate) encrypted throughput.
Q. What is an HSEC license?
A. An add-on license above the security (SEC) technology package license, known as HSEC, provides export controls for strong levels of encryption. HSEC is available to customers in all currently non-embargoed countries, as listed by the U.S. Department of Commerce. Without an HSEC license, SEC performance is limited to 1000 tunnels and a total of 250 Mbps of IPsec throughput in each direction. An HSEC license removes this limitation. Because of these export control requirements, the HSEC license requires installation of a license key file to activate. In other words, HSEC is not a Right-To-Use (RTU) license.
Q. Does the Catalyst 8200 Series Edge uCPE support Smart Licensing?
A. Yes, Smart Licensing is the only mode of call-home features supported with Catalyst 8000V on the Catalyst 8200 Series Edge uCPE.
Q. What are the Cisco DNA subscription offers in SD-WAN?
A. The subscription licensing offers are Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier for SD-WAN. Similar to the subscription offers for switching and wireless, these are nested SKUs and represent good, better, and best offers. They are available as 3-year or 5-year subscriptions.
Q. What is the top-line view of the Cisco DNA subscription offers for SD-WAN and routing?
A. At a high level,
Cisco DNA Essentials offers:
● Unlimited WAN overlay
● Cisco Catalyst SD-WAN Manager for centralized management—cloud or on-premises
● Flexible topology, including hub and spoke, partial mesh, and full mesh
● Application-based policies, including application-aware routing policies
● Basic SD-WAN security services, including:
◦ Layer 3/Layer 4/Application-Aware Firewall
◦ Snort IPS/IDS with Talos® signature updates
● DNS monitoring and connector for Cisco Umbrella
● Basic path optimization capabilities, including Forward Error Correction (FEC)
● Dynamic routing protocols (Open Shortest Path First [OSPF] and BGP)
Cisco DNA Advantage adds:
● Unlimited segmentation
● Cisco Catalyst SD-WAN Analytics
● Cloud OnRamp for Infrastructure as a Service (IaaS)
● Advanced security services including:
◦ URL Filtering
◦ Cisco AMP
◦ Cisco Umbrella cloud-app discovery
For more information about specific Cisco DNA subscription features, refer to:
● SD-WAN business decision maker PowerPoint presentation
● SD-WAN technical decision maker PowerPoint presentation
● Cisco DNA Subscription Software for SD-WAN and Routing business decision maker PowerPoint presentation
Management
Q. What are the management options available for the Catalyst 8200 Series Edge uCPE for centralized orchestration, management, and monitoring?
A. The Catalyst 8200 Series Edge uCPE can be managed and monitored via either SD-WAN Manager or Cisco MSX as well as NFVIS-based local WebUI. For disaster recovery and basic bring-up, a CLI can be used.
Q. What management capabilities are available on the Cisco Catalyst 8200 Series Edge uCPE?
A. The Catalyst 8200 Series Edge uCPE supports management via:
● CLI
● SNMP
● Onboard Cisco IOS-XE software WebUI
● NETCONF, RESTCONF, and YANG models
Q. What programmability capabilities are available on the Catalyst 8200 Series Edge uCPE?
A. The Catalyst 8200 Series Edge uCPE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. The Cisco automation solution is open, standards-based, and extensible across the entire network lifecycle of a network device.
● Device provisioning: Through PnP, Zero-Touch Provisioning (ZTP), and Preboot Execution (PXE)
● Configuration: Model-driven operation through open APIs over NETCONF/RESTCONF and Python scripting
● Customization and monitoring: Streaming telemetry
Q. Can the Catalyst 8200 Series Edge uCPE be managed through Cisco Prime
® Infrastructure?
A. No, the Catalyst 8200 Series Edge uCPE cannot be managed through Cisco Prime Infrastructure.
Q. Does the Catalyst 8200 Series Edge uCPE include local management capability?
A. Yes, the Cisco IOS XE WebUI is supported on the Catalyst 8200 Series Edge uCPE. Lifecycle management of the VNF service chain can be done via local UI, suitable when dealing with a small number of devices.