So why does everybody use Cisco?

[marsd]

Am I the only one who gets tired of cisco pushing their
cracked idea of an IOS on people, with counterintuitive
syntax(NAT), ordinally stupid access lists, unix like
'improvisations' that don't go far enough, and basically
bad attitude support.

Anybody with similar ideas or bad experiences.
I'll no longer use the junk despite holding
a CCNA, CCNP, and CCDA. It's garbage to a large
extent.

 

[999Dom999]

Blimey that bad? What do you use then?

 

[Praedor]

Problem is there is no one better, I agree with your gripes also and I also include the gripe that their archaic interface scripting is intentional since they don't want the average user to be able to configure their products. I want to be able to configure my enterprise routers via a web interface just like my little Linksys (Cisco owned now, GRRR) at home.

 

[octorian]

Actually, that makes a lot of sense, making the interface so a novice cannot use it. You see, if you make a product so any idiot can admin it, any idiot will admin it. Just look at Windows for a case example. When dealing with important infrastructure stuff, you really want someone who knows what they're doing to be the admin. While a user-friendly interface would make things easier for all of us to configure things, it would also make things easier for those we don't want to be doing the configuration.

 

[BuckWeet]

You guys gripe about their interface.. and want a web interface, thats a laugh..

In a large enterprise, that is not acceptible.. Could you imagine having to touch hundreds of devices via a web interface, hah.. This is where the CLI interface is nice.

Basically I don't see you're gripes, but hey, thats your opinion, if you don't like it don't use it.

BuckWeet

 

[octorian]

Yes, personally I like the CLI as well. Though even that could be improved a lot, but it would break the consistency with everything else.

 

[baddos]

Cisco Pros:

Unified CLI accross all their routers (well almost).

Tons of trained technicians available to hire.

Backed by a strong company that upgrades and enhances it's products.

Security focussed company, constantly addressing any possible vulnerabilities.

A company that is trying to integrate all network devices for a uniformed data center (switches, routers, firewalls, load balancing, PBX, caching servers, VPN, etc).

SmartNET w/ Fast replacement options.

Generally a good experience with all Cisco employees. (You never get a pissed off 3com employee, etc)

If you can think about it, somebody has probably already done it on a cisco.

Cons:

Weak public website

Price

Sometimes performance (mostly older models)

 

[BuckWeet]

I concurr

 

[computerhighguy]

Why not use them? They are leaders in the industry. Helped develope the tcp/ip standard. Their software can do almost anything and the hardware is extremely reliable. In fact, just about all the other companies out there strive to the like Cisco. So why not go with them. Besides, no over made a 6 figure income knowing linksys. But knowing cisco....

BTW - CLI is efficient and easy once you figure it out. Keeps the amatuer at home (or here asking us).

 

[bierhunter]

I like the CLI. I feel I have more control over my network than using a GUI. I refuse to use a GUI if I don't have to. Access lists are simple. Learn them, and you can do wonders. Marsd, you claim to be a CCNP, but have a problem with access lists? Sounds to me like you lack the experience to go with your certs, and you're frustrated. Sorry man, but that's the impression you give. A CCNP should be able to own access lists.

Also, from a job standpoint. I don't want just anyone to be able to do what I do. My family likes the paycheck. yeah...I know what some are thinking...but hey. Each one of our families come first. If networks become so easy to manage that anyone can do it, then what are we needed for?

From a professional point of view, I like Cisco because I can go into a large network using it and know exactly what to expect. I get excellent support from the SEs in our area if I need them. I even had one guy drive 4hrs at 1am just to bring us a card we needed. That's service! Cisco also is one of the entities that helps set standards on the board that creates the network standards we use. Therefore, their equipment is usually compatible with everything.

There are many good companies out there with good equipment. Cisco may not be the very best, but overall I feel they are the best choice for an environment that needs quality, performance, security, etc all in one.

My team mainly provides support for military bases where the average user count is 20,000+. Practically every base I've been to is Cisco. They've tried others, and end up with Cisco. There's a reason for that. Cisco works. It meets strict security requirements. It has good support.

For you guys that want to ignore Cisco and go work for others, I wish you the best. Personally, I don't like Microsoft either. I love Linux, and I was first a CNE. I still like Novell better than MS. But I'm MCSE, because it pays well. It pays even better as a CCNP along with it. My family needs to eat, and they like things other than Ramen noodles. Cisco is a good company and good equipment. Supporting their systems also pays well. Check the job market and see what your choices are. If we're hiring Cisco certified people, and you don't want the job, because you don't like Cisco...that's ok. We'll hire someone else.

The grass is often greener on the other side, but then reality sets in. I learned quite a while back that although I may like Novell and Linux better for OS's, I need to go where the business market says I need to go. And right now that is Cisco and Microsoft. If the market changes, I'll change with it.

Personal feelings and business decisions don't always mix. You need to face up to what the world is asking for and step up to meet those requirements if you want to make it in the IT world. It's very competitive out there, and many companies don't care what you think. They care about whether or not you can do the job and keep their customers happy.

That's just the way it is.

BierHunter
CNE, MCSE, CCNP

 

[supatech]

I don't see how you ever got your ccnp, the IOS is cake. if you really must have one, cisco does have a web based tool (SDM) for 12.3.

http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html

Kinda like the pix PDM

CCNA MCSE MCP NET+ A+ Security+

 

[pmesjar]

I agree to most of you guys))) Just finished my CCNP about a month ago and from my about 2 years experience I can do nothing but to totally agree with bierhunter.

I like Cisco very much because in order to do the job you also need to learn the background on how variuos stuff really works in networking. And since they are still improving their bussiness and keep adding new standards, the way of Cisco is constant self-develepment way of life - and I love it

Marsd, if you want to, you also have Web interface on any Cisco device - use "ip http server" command - I just don't use it because it is inherently insecure. Once you are logged into the device you get the full privileged user access - no privilege level beyond 15. The point with CLI is once you get used to it (which don't take long) you will do things a lot faster than with gui - I hate GUIs for configuring core system stuff...

Best regards

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[pmesjar]

One thing I forgot - as soon I have enough experience, I'll go and get myself a CCIE At least one of them for sure...

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[gconnect]

well in my opinion TCP/IP is TCP/IP no matter the platform. I work with Cisco, Linux, and whatever else will do the job. For the most part the theory stays the same throughout, just the application is different. Cisco information is pretty easy to come by. almost anything you want to figure out is on their site. I am not going to sit here and say Cisco is not a challenge because I work with everything from legacy Token Ring to IPX to the bleeding edge stuff. I personally do not waste my time with ISA Server or any crap where you have to sit a Server (or Domain Controller at that) with ports open out in the Internet. I like what Netscreen is doing with their products and in my opinion ISS and Snort can beat the hell out of Cisco when it comes to IDS's. I have a couple buddies who also swear by Enterasys. So at the end of the day, when it comes to Routers, Switches, and Firewalls you can gimme Cisco (or RedHat if money is an issue), ISS RealSecure or Snort when it comes to IDS's (i hear Enterasys Dragon is also good), and as far as Wireless goes I go with whoever has the most configurable security options and the best support.

-gC-

 

[gconnect]

p.s. Plus I like command line interfaces, PDM and ConfigMaker blow. THe Web Based Configuration (VPN Concentrator, IDM, MC, ACSNT) is OK, but when I am in a jam and need to debug out an issue, I guarentee you i'll probably have it resolved quicker than using anything else.

 

[bytehd]

Dittos

"BTW - CLI is efficient and easy once you figure it out. Keeps the amatuer at home (or here asking us)."

http://www.insyncva.com

 

[marsd]

Counterintuitive != non-grokable.

Guys..when someone complains about something
sometimes they aren't a complete idiot.
CLI? You think a linux box running kde is
the perfect router? LOL. You think I want
a web server with MS enabled tech embedded
sucking cycles on my router so I can play
with the pretty pictures and get wormed?
LOL again.

C'mon.I just find the cisco IOS interfaces
to certain functionality badly flawed, and
I pointed out where. Basically nat configuration
and acl's. It's geared towards pounding a certain
cisco syntax into your brain at the cost of making
sense and/or flexibility.
In other things, for instance wan interface
configuration or routing protocol interfaces,
the ios does a good job.

 

[BuckWeet]

I guess maybe that syntax is why its on cisco devices only?
Its cisco's syntax, so why not put it on cisco devices??

unix has its syntax, ms has theirs, avaya pbx's have theirs, nortel pbx's have theirs, etc... whoop ti-do..

And you think cisco's ACL's and NAT is flawwed?? ACL's are easy to understand..

I guess you haven't done IPTables, or whatever its called now??


BuckWeet

 

[marsd]

I am not complaining about syntax except where
the functionality itself is already flawed or
limited.
The acl method is not flexible IMO. Iptables(since
you bring it up) allows for policy based chains rather than
an implicit deny at the end of every chain. It allows the construction of multiple chains to handle certain traffic flows which is very useful. I won't go into userspace
redirection to handle anomalous traffic via any of the
utilities available or writable using libpcap, libnids,
etc..none of which is available by with the cisco
ios and even the pix fails to be as flexible in this
regard.

Don't compare the simplicity of the iptables nat
interface to the nat pool inside/outside, multiple step,
marathon of the cisco ios nat interface. It isn't even
a contest IMO.

OTOH, I miss many things about cisco hardware, but I
wouldn't ever go back to it or get another certifica
tion. Now let a dead horse lie.

 

[BuckWeet]

Well all I can say is that its a router, its not made to do NAT, can it do NAT? yes, but its not made for that..

Maybe a *nix box can do all of that in one, but who in their right might would do that?? Not me, thats putting too many eggs in one basket..

A router is made to be a router, a firewall is made to be a firewall, a load balancer is made to be a load balaner. *nix is made to be a user OS, but it does more.

Each product has its place, and is capable of doing more at times, but not doing all those things 'the best'