Cisco Part Number Reference
Cisco Systems, Inc., is a manufacturer of high-quality networking and network security hardware, software, and services. They are also known for having a meticulous part numbering system but terrible descriptions of their products in their pre-sales documentation. IT professionals know that decoding the part numbers is the key to knowing the features and capabilities of a given product.
This reference will cover the most common questions, for quick reference.
Encryption: K8 or K9
Encryption capabilities, used primarily for secure remote access, are described by the designation K8 or K9 at the end of a file name or part number.
|Code||Description||Cryptographic Algorithms Supported|
|K7 or NPE||No encryption||None|
|K8||Base encryption||DES, 56-bit RC4|
|K9||Strong encryption||3DES, 128-bit RC4, AES, and all stronger ciphers|
This code may appear on hardware part numbers and software image file names. For hardware, this represents the level of encryption the hardware will support. Some hardware, such as the Cisco Adaptive Security Appliance (ASA), can be upgraded from K8 to K9 by entering a Strong Encryption license key, tied to the hardware serial number. The hardware and its software are otherwise exactly the same.
For software images to be installed on Cisco hardware, the code may represent the minimum licensing required of the hardware, not the capabilities of the software itself. For example, the software images for the Cisco ASA all have K8 in the file name, and there are no K9 files to be found. IT managers may think if they have an ASA running strong encryption (K9), they'll reduce their encryption level if they upgrade the software with a K8 image. This is not the case; upgrading the software does not change the hardware's licenses. After you install a new software image with K8 in the name onto an ASA licensed for K9, you can verify that your ASA is still using strong encryption by typing show version in user EXEC mode.
For IOS-based Cisco routers, however, the software images themselves are what enable or disable the encryption level, and are labeled K8 or K9.
Encryption levels in Cisco's catalog were developed for compliance with laws and treaties restricting sales of equipment capable of strong encryption to certain countries, individuals, or entities (export restrictions). The purpose of these laws is to keep high-encryption technology, which we are unable to crack, out of the hands of our enemies. These rules are somewhat complicated. However, if you are a non-government customer in the United States who hasn't ever broken any laws relating to technology exports, you are eligible to purchase and download K9 products.
If you see = at the end of a Cisco part number, this means it is intended to be sold as a replacement part or upgrade. This part number is used by Cisco technical support representatives, and you'll see it when looking for upgrade modules or memory. The same part number without the = is used when a Cisco pre-sales engineer is putting together components to plan your network configuration and give you a price quote. The Cisco ordering systems will implement checks to confirm compatibility amongst the components he chooses, and might flag any problems it finds. These checks are skipped for parts with an equals sign.
The parts themselves are the same, and the price should be the same, regardless of the presence of an equals sign in the part number.
Cisco is known for its Smart Net Total Care (SNTC) service contracts (formerly known as SMARTnet), which get you in touch with some of the most highly-trained and skilled technical support representatives in the world, and offer advance hardware replacement. The contract order numbers are generally comprised of three sections:
- CON, for "contract"
- A code for the service level, such as OSP, covered extensively in the tables below
- An allocation code, which is either the hardware or device it applies to (such as AS5B50K9 for an ASA 5505 with a 50-user license) or a generic code SMS, depending on how it is ordered
All SNTC contracts provide:
- The right to open a support case with the Cisco Technical Assistance Center (TAC), at any time, which includes remote diagnostics and configuration assistance. Response time to begin diagnostics depends on severity of the outage, and is not related to your hardware delivery time. If you have a severe impact outage, the TAC will respond promptly late at night on a weekend even if you have only an 8x5xNBD contract.
- Advance replacement of hardware and components within a specified time, regardless of the factory warranty status.
Here are some of the more common codes you'll encounter to designate the level of service offered by a given contract.
Hardware Device Support
|Service Level Code||Hardware Service||Hardware Delivery Times||Software Upgrades1|
|SNT||Parts delivery only||8x5xNBD||Major releases|
|SNTE||Parts delivery only||8x5x4||Major releases|
|SNTP||Parts delivery only||24x7x4||Major releases|
|S2P||Parts delivery only||24x7x2||Major releases||CS or OS||Onsite installation||8x5xNBD||Major releases|
|C4S or OSE||Onsite installation||8x5x4||Major releases|
|C4P or OSP||Onsite installation||24x7x4||Major releases|
|C2P or PREM||Onsite installation||24x7x2||Major releases|
1 Software Upgrades here apply only to the software image that runs the device, not for any separate Cisco software applications you may have purchased. For example, upgrades for the Cisco AnyConnect Plus and Apex software, while deployed from the ASA device, are not covered by a contract on the ASA alone.
2 For SW, TAC support is limited to software issues and equipment installation only. Apart from any Smart Net contract, Cisco hardware generally comes with a 90-day factory warranty.
Software Application Support
|Service Level Code||Software Upgrades|
|SAS||Minor releases only|
Cisco Services for IPS
Cisco's Intrusion Prevention Systems (IPS) devices have their own set of service contracts. These contracts include Smart Net support for the module and the device it's installed in, plus IPS signature update subscriptions. Cisco IPS products include modules for the ASA firewall (AIP SSM and IPS SSP), modules for Catalyst 6000-series switches (IDSM-2), modules for ISR routers (AIM-IPS and NME-IPS), and 4200- and 4500-series standalone IPS appliances. Please note these are or have been superseded by the Firepower series of products, and are not generally available anymore.
|Service Level Code||Hardware Service||Hardware Delivery Times||Software Upgrades|
|SUSW||None||N/A||IPS signatures and major software releases|
|SU1||Parts delivery only||8x5xNBD||IPS signatures and major software releases|
|SU2||Parts delivery only||8x5x4||IPS signatures and major software releases|
|SU3||Parts delivery only||24x7x4||IPS signatures and major software releases|
|SU4||Parts delivery only||24x7x2||IPS signatures and major software releases|
|SUO1||Onsite installation||8x5xNBD||IPS signatures and major software releases||SUO2||Onsite installation||8x5x4||IPS signatures and major software releases||SUO3||Onsite installation||24x7x4||IPS signatures and major software releases||SUO4||Onsite installation||24x7x2||IPS signatures and major software releases|
A sample part number might be CON-S2P-1941, which is two-hour advance hardware shipment for a Cisco ISR 1941 router, 24 hours a day.
All contracts are for one year, renewable until the last date specified in any end-of-life announcement for a given product. If you see a numeral preceding the service level code, though, this means the contract is good for that many years. For example, CON-3SNT-WA571AK9 means next-business-day parts delivery and technical support for three years for a Cisco WAP571 wireless access point.
Here is some detail about what's in the above tables.
|Parts delivery only||Parts will be sent to you by a third-party courier. This is appropriate if you have onsite technicians who can install hardware.|
|Onsite installation||A Cisco-qualified engineer will visit your site to install the equipment.|
Hardware Delivery Times
|8x5xNBD||Once Cisco determines equipment has failed, the replacement hardware will ship overnight, for business-day delivery. It will go out the same day if before 3 p.m. Otherwise, it will be received on the second business day.|
|8x5x4||Once Cisco determines equipment has failed, the replacement hardware will be delivered same day if before 1 p.m. Otherwise, it will leave the delivery facility by 9 a.m. the next business day, for four-hour courier delivery.|
|24x7x4||Once Cisco determines equipment has failed, the replacement hardware will be hand-delivered by courier within four hours, any time of the day or night, every day of the year.|
|24x7x2||Once Cisco determines equipment has failed, the replacement hardware will be delivered by courier within two hours, any time of the day or night, every day of the year.|
|Major releases||Version upgrades with new features and capabilities, such as from 3.6 to 4.0.|
|Minor releases||Updates to fix bugs or add minor features only. This would include updates from version 3.5 to 3.6, but not from 3.5 to 4.0.|