Documente Academic
Documente Profesional
Documente Cultură
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
Agenda
Agenda
CatalystSwitchingPortfolio
Features,Scalability,Longevity
Distribution/Core
Catalyst6500 Catalyst4500
DatacenterAccess
Catalyst6500 Catalyst4948 BladeSwitches
WiringCloset
Catalyst6500 Catalyst4500 Catalyst3750E andCatalyst3750
Catalyst2960/2950
Catalyst3560E andCatalyst3560
Small
Mediumsized
Large
NumberofEmployees/Density
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
MostCompleteLineofFixed ConfigurationLANProducts
FullLayer3Routing
PricePerformance
CiscoCatalyst3750EandCatalyst3750 Stackable10/100andGEconfigurations 210GEX2uplinkswithGEmigrationusingCiscoTwinGig CiscoStackWisePlusandStackWisetechnology EnterpriseclassintelligentLayer3/4services Modularpowersupplywith3750E PoEconfigurationswithupto15.4Wonall48ports CiscoCatalyst3560EandCatalyst3560 10/100andGEconfigurations 210GEX2uplinkswithGEmigrationusingCiscoTwinGig EnterpriseclassintelligentLayer3/4services Modularpowersupplywith3560E PoEconfigurationswithupto15.4Wonall48ports
Layer2IntelligentServices
CiscoCatalyst2950andCatalyst2960 10/100and10/100/1000Layer2switching FixeduplinkandGBICbasedgigabitconnectivity Basicthroughadvancedintelligentservices
GUIManaged
CiscoCatalystExpress500 Lowdensity,standalone,managed10/100switching Tailoredforbusinesseswithupto250users
Function,Flexibility,Scalability
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
Agenda
Agenda
CiscoCatalyst3560SeriesSwitches
Positioning
Enterpriseclass,fixedconfiguration,multilayerswitchinglineoptimizedfor prestandard accesslayerdeploymentsrequiringIEEE802.3aforCisco PoweroverEthernet
FastEthernetandGigabittothedesktopconfigurations Idealforsmallenterprisewiringclosetsandbranchofficeenvironments
Enablesthedeploymentofnetworkwideintelligentservices
Availability Enhancedsecurity Advancedqualityofservice(QoS)
UsesCiscoASICsforsuperiorhardwareandsoftwareintegration,and innovativefeatures
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
Catalyst3560Series
ProductOverview
Enterpriseclassservices
Availability:IPRouting,HSRP,STPenhancements,802.1s/w,IGMPsnooping Security:ACLs,portsecurity,802.1x(IBNS),SSH,SNMPv3,ACLs,RADIUS/TACACS+, DHCPsnooping,DynamicARPinspection,IPsourceGuard AdvancedQoS:L2L4QoSwithCoS/DSCP,ShapedRoundRobin,StrictPriorityQueuing, AutoQoSforVoIP IPv6hardwarecapability GE&FEconfigurationsPerformanceupto38.7Mppsrouting&switching
PoweroverEthernet
AbilitytosupportbothCiscoprestandardPoEandIEEE802.3af Intelligentpowermanagementfeaturesmaximizeandprioritizeavailablepower
Easeofdeploymentandmanagement
WebbasedExpressSetupsimplifiesinitialconfiguration CiscoNetworkAssistantconfigurationwizardssimplifyconfigurationofLayer3/4services BootsasatraditionalLayer2Catalystswitch,configurableforLayer3routingandservices AutoconfigurationthroughDHCP
Smallformfactorpluggable(SFP)uplinks
SX,LX,ZX,1000BaseT,CWDMoptions
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
CiscoCatalyst3560SeriesModel Overview
Catalyst35608PC Catalyst356024TS Catalyst356048TS
Catalyst3560G24PS
810/100+1dualpurpose 10/100/1000&SFPport 124WPoE 2410/100+2SFPports 4810/100+4SFPports
Catalyst356024PS
Catalyst356048PS
Catalyst3560G24PS
ThreeSoftwareLicenses IPBaseSoftwareLicense Enterpriseclassintelligent services:advancedQoS, enhancedsecurity,RIP,and staticIProuting IPServicesSoftwareLicense IPBasefeaturesetplus: dynamicIPunicastrouting, smartmulticastrouting,and PBR AdvancedIPServicesLicense AddsIPv6routingandACLs
C9737874300 2006CiscoSystems,Inc.Allrightsreserved.
Catalyst3560G48PS
4810/100+4SFPports 370WPoE
2410/100+2SFPports 370WPoE
Catalyst3560G24TS
Catalyst3560G48TS
2410/100/1000+4SFP
4810/100/1000+4SFP
Catalyst3560G24PS
Catalyst3560G48PS
Catalyst3560G24PS
2410/100/1000+4SFP 370WPoE
Catalyst3560G48PS
4810/100/1000+4SFP 370WPoE
CiscoConfidential
Agenda
Agenda
WhatisPoweroverEthernet?
PoweroverEthernet(PoE) istheabilitytodeliver regulated48VDCpower overastandardcopper Ethernetnetworkcable Thispowerisutilizedby connecteddevicesfortheir operation
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
10
ExtendingtheVersatilityofEthernet
TheBenefitsofPoweringDeviceswithEthernet Powerover Ethernet extendsthe value,simplicity andflexibilityof Ethernetto enablenew usesforthe network network
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
11
AGlimpseintotheFuture
TheEthernetPoweredOrganization
WirelessAccessPoints IPIntegratedVideo FireProtection Surveillance
PoweredIP Telephone
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
EvolutionoftheIEEE802.3af PoEStandard
CiscowastheindustrysfirsttoprovidePower overEthernet(inlinepower)inaLANswitch
Catalyst6500andCatalyst4006first chassisswitcheswithPoEsupportand havebeen802.3afPoEreadysinceinception Catalyst3524PWRXL,shippedinMay2000 wasfirststackabletosupportPoE Todaytherearewellover18Million CiscoprestandardPoEportsdeployed
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
13
HowtoDeployPoweroverEthernet(PoE)
TherearetwoprimarycomponentsofaPoEdeployment:
PowerSourcingEquipment (PSE)(suchasaCisco CatalystLANSwitchPort) Insertspoweroverthe Ethernetcable
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
14
IEEEPowerClassification
OptionalFeature
IEEE802.3afhasanoptionalPower Classificationfeatureandshouldbea minimumrequirementforanyPoE deployment LANSwitch(PSE)reservesrequired powerbaseduponattacheddevices class Significantlyreducespowercapacity requirements
WithPowerClassification switchidentifiespowerneedsand onlyreservespowerbaseduponclass WithoutPowerClassification unclassifieddevicestreatedat defaultwithfull15.4Wperport
15
CiscoCatalystIntelligentPower
ManagementCapabilities
EnablingOptimizationofPowerDelivery ExtendIEEEPowerClassificationwith moregranularpowermanagement Setpredefined,perportpower allocationtolimithighpower devicesandminimizepowerdraw Restrictpowerdeliveryfromspecific portsandidentifyportswherepower isnotbeingusedtoreallocatepower CiscoCatalyst Switchesoffer IntelligentPower Management CapabilitiesThat ExtendtheOptional IEEEPower Classification FeatureandEnable Intelligent,granular ManagementofAll PoEPorts
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
16
CiscoIntelligentPowerManagement
MoreGranularthanIEEEPowerClassification
IntelligentPowerManagementenablesCiscoCatalystswitchestoidentifyprecisepower requirementsforcompatiblePoweredDevices Precisepowerdeliveryoptimizespowerdeliveryby
Reducingtheneedforlargerpowersupplies EnablinghighernumbersofPoweredDevicestobesupported
Class1 4Watts
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
Class2 7Watts
Class0/3 15.4Watts
17
Agenda
Agenda
18
IncreasingDemandsPlacedonNetworks
Desktopcomputingpowerincreasing
Actingasservers Gigabitconnections Floodingnetworkwithtraffic
Multipletypesofaccessdevices
Voiceanddatatrafficatthedesktop Trafficclassificationneeds
New,advancedapplicationswith lesspredictabletrafficpatterns
Greaterrelianceonservers New,lesspredictabletrafficpatterns
Strongernetworksecurity
Increasedflowofsensitive infoonthenetwork Internalandexternalthreats
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
19
CiscoCatalystIntelligent SwitchingInfrastructure
IntelligentSwitchingisaCommonFoundationof Catalyst Switches CapabilitiesacrossCisco
Manageability Endtoend manageability forcentralized administration Webbasedor commandline interface(CLI) Analysisand planningtools
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
20
IntelligenceThrough MoreCapableASICs
*NottoScale
MACDA
MACSA
802.1Q/1p Length
IP Header Info
TOS
IPSA
IPDA
TCP/UDP Header
DATA
Layer2Info
Layer3Info
Layer4Info
21
CiscoCatalystIntelligent SwitchingInfrastructure
IntelligentSwitching
Features Layer2,3,4trafficclassification Shaping,sharing,andpolicing AdvancedQoS Security Availability Manageability Granularcontrol Wirespeedperformance Benefits Managebandwidthtomeet businesspriorities Maintainperformancefor timesensitiveapplications BettermeetdefinedSLAs Noperformancedegradation withservicesenabled
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
22
WhereCongestionExists, QoSisRequired
Aggregation SpeedMismatch LANtoWAN
10Mbps 10Mbps
1000Mbps
64kbps
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
NotAllTrafficIsCreatedEqual
Voice Lowto Moderate Low Video Moderateto High Low Data (BestEffort) Moderateto High High MissionCritical Data Lowto Moderate High Moderateto High Lowto Moderate
High
High
Low
High
High
Low
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
24
CiscoCatalyst3560Series ExtensiveQoSFeatures
TrafficClassificationandMarkingforDifferentiatedServices
Perportorindividual/aggregateflowclassificationandrewrite MACaddress,802.1pCoS/DSCP,IPaddress,TCP/UDPport
RX
Classify
Ingress Police
Mark
TX
AdmissionControl
PreventNetworkCongestion InputandOutputPolicingperPort
AdvancedTrafficShapingandScheduling
FourQueuesperPort ShapedRoundRobin StrictPriorityQueuing
25
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
AutoQoS
OneCommandperInterfacetoEnableandConfigureQoS ModifyGlobalandInterfaceSettingstoMakeQoSforVoIPWork
WAN
Cisco CallManager CiscoUnity Software
Voice Gateways Voice Applications
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
26
CiscoCatalystIntelligent SwitchingInfrastructure
Features Identitybasedauthentication AdvancedQoS Security Availability Manageability Wirespeedaccess controllists Controlledaccesstosystem maintenance Integratedsecurityservices Benefits Authenticateandcontrolaccess baseduponuseridentity Protectcriticalbusinessassets Preventdowntime Preventnetworkattacksfromwithin
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
27
CatalystIntegratedSecurityStrategy
ThreatDefense DefendtheEdge:
IntegratedNetworkFW+IDS DetectsandPreventsExternalAttacks
Internet
Intranet
ProtecttheInterior:
CatalystIntegratedSecurity ProtectsAgainstInternalAttacks
GuardtheEndpoints:
CiscoSecurityAgent(CSA) ProtectsHostsAgainstInfection
TrustandIdentity GuardingNetworkAccess
IdentityBasedNetworking ControlWho/WhatHasAccess
Si
Si Si
SecureCommunication SecuretheTransport:
IPSecVPN ProtectsData/VoiceConfidentiality
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
28
SecureConnectivity
SecureShell(SSH) SSHencryptsadministrationtrafficduring Telnetsessionswhileconfiguringor troubleshootingswitches SecureSocketsLayer(SSL) SSLencryptsnetworkmanagementtraffic allowingthesecureuseoftoolssuchasthe CiscoNetworkAssistant SNMPv3(withcryptosupport) Providesnetworksecuritybyencrypting administratortrafficduringSNMPsession toconfigureortroubleshootswitches Kerberos Authenticatesusersandnetworkservices usingatrustedthirdpartytoperformsecure verification
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
Encrypteddata
29
ProtectingAgainstWorms
HowItWorks: TheACLprovidesamechanismtoprotectservers,users,and applicationsagainstwormsbydeterminingwhattrafficstreams oruserscanaccesswhatports.
Port1434
Internal Network
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
30
TypicalInternalAttacks
IPSourceGuard Attack DynamicARPInspection DHCPSnooping PortSecurity DHCPRogueServer forDefaultGateway Interception ARPSpoofingor ARPPoisoning IPSpoofing NoYoure Not! Email Server CatalystFeature DHCPSnooping MACAddressFlooding PortSecurity
InnocentUser
ImYour EmailServer
ImThe User
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
31
MACAddressFloodingAttacks
CuttingoffMACBasedAttacks
00:0e:00:aa:aa:aa 00:0e:00:bb:bb:bb 132,000Bogus MACaddresses perSecond Only3MAC Addresses Allowedon thePort: Shutdown
32
PortSecurity
WhatItDoes: LimitsthenumberofMACaddressesthatareabletoconnecttoaswitch andensuresonlyapprovedMACaddressesareabletoaccesstheswitch. Benefit: Ensuresonlyapproveduserscanlogontothenetwork.
1MACAddress
X
AdditionalMAC Address
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
33
DHCPSpoofingAttack
DHCP Server
RogueDHCPOffer
IP:10.1.1.20/24 GW:10.1.1.1 DNS:192.168.1.122
DHCP Server
UserPorts Untrusted
Problem: Malicioususerpretends tobethenetworkDHCP server. Misconfigureduser startsupaDHCP serverincorrectly. Malicioususer cansendoutbogus address,depletethe addressspace,orspoof thedefaultgateway.
CiscoConfidential
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
34
DHCPSnooping
DHCPSnoopingEnabled WhatItDoes:
Si Si
Trusted
DHCP Server
CK DH
DHCP Client
Untrusted
X X
SwitchforwardsonlyDHCP requestsfromuntrustedaccess ports,anddropsallothertypes ofDHCPtraffic.DHCPsnooping allowsonlydesignatedDHCP portsoruplinkportstrustedto relayDHCPmessages.Itbuilds aDHCPbindingtablecontaining clientIPaddress,clientMAC address,port,andVLANnumber. Benefit: DHCPsnoopingeliminates roguedevicesfrombehaving astheDHCPserver.
35
eq
ue s
CP
RogueServer
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
ARPSpoofingAttack TheManintheMiddle
RealDefault Gateway10.1.1.1
Snoops Data
ARPsfordefault gateway
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
36
ASimpleTool,SomeDangerous Consequences
Stealing Passwords
EmailServer
Si Si
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
37
DynamicARPInspection
IP:10.1.1.1 MAC:0000.0000.0001
NotbyMy BindingTable MyGWIs 10.1.1.1 10.1.1.1
10.1.1.2
I mYour mYour I GW:10.1.1.1 GratuitousARPtoChangeEnd DeviceMACtoARPTables
38
IPSpoofingAttack
No,yourenot!
ImassignedIP address10.2.2.15
Imgoingtosteal address10.2.2.15
ImassignedIP address10.2.2.15
Imgoingtosteal address10.2.2.15
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
39
IPSourceGuard
NotbyMy PortACL IP:10.1.1.1 10.1.1.2
I m m I Sourcing 10.1.1.2 10.1.1.2 ManuallyChangingIPAddressor UsingProgramstoCreateIP SpoofedTraffic I mreally mreally I 10.1.1.2
40
IdentityBasedNetworkServices
WhatItDoes: Usingthe802.1xprotocol withciscoenhancements, thenetworkgrantsprivileges basedonuserlogoninformation, regardlessoftheuserslocation ordevice Benefits: Allowsdifferentpeopletouse thesamepcandhavedifferent capabilities Ensuresthatusersonlygettheir designatedprivileges,nomatter howtheyareloggedontothe network Reportsunauthorizedaccess
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
41
IdentityBasedNetworkServices
HowItWorks: Alluserstryingtoenterthenetworkmustreceiveauthorization basedontheirpersonalusernameandpassword
ValidUsername ValidPassword RADIUS Server
Yes Yes
TACACS+or RADIUS
No
InvalidUsername InvalidPassword
2006CiscoSystems,Inc.Allrightsreserved.
42
802.1xEnhancements
AllowtofunctionconcurrentlywithPortSecurity VLANassignment
TheuserwillbeassignedtoaVLANbasedontheresponsefromtheRADIUSservertothe catalystswitch
802.1xwithVVIDsupport
802.1xwillsupportinteroperabilitywiththeIPphonehandsets
ApplyExtendedACLs
EnablesconfigurationofextendedACLstoprovidenetworksecuritybasedon802.1x authenticatedusers
MACbasedauthentication
MACbasedauthenticationfornonsupplicantcapableuser
Webbasedproxysupplicantauthentication
Nonsupplicantuserisrecognizedbyswitch Usergivenscreentoenterusernameandpasswordsimulatessupplicant
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
43
TheNextStep: CiscoNetworkAdmissionControl(NAC)
Ciscoled,MultipartnerProgram
Limitsdamagefromvirusesandworms Coalitionofmarketleadingvendors
RestrictsandControlsNetworkAccess
Endpointdeviceinterrogatedforpolicy compliance Networkdeterminesappropriateadmission enforcement:permit,deny,quarantine,restrict
ACiscoSelfDefendingNetworkInitiative
Dramaticallyimprovesnetworksabilityto identify,prevent,andadapttothreats
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
44
WhyNetworkAdmissionControl?
1.Noncompliantendpoint attemptsconnection
BranchorCampus
2.Connectionallowed
3.Infectionspreads endpointsexposed
Campus
CorporateNet
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
45
CiscoNetworkAdmissionControl:
WhatItDoes
1.Noncompliantendpoint attemptsconnection
BranchorCampus
2.Noncompliant statusdetermined
3.Infectioncontained endpointssecured
Campus
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
46
HowitWorks NetworkAdmissionControl
Network Admission Device
SecurityApp Plugins Posture Agent
Nonresponsive AuditServer
CTA
CTA
CTA
AAAServer
AVServer
CTAAPI
CiscoTrust Agent
NetworkAccess Device
Nonresponsive process
AAA Server
NRP API
HCAP API
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
CiscoCatalystIntelligent SwitchingInfrastructure
Features Wirespeedforwarding AdvancedQoS Security Availability Manageability Noperformance effectwithallservicesenabled Loadbalancing Redundancy Benefits Networkremainsoperable despitefailures AbilitytomeetdefinedSLAs Businessresiliency Reducedmaintenancecost
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
48
HigherAvailabilitywiththeCisco RedundantPowerSystem675
Internalpowersupplyredundancy
RPS675sensesfailure Cisco anddeliversuninterruptedpower todevice
SupportsuptosixCisco networkingdevicesincluding 3750,3560, allCiscoCatalyst 3550,2970,and2950switches Smallformfactor1RU 675W(300W12Vsystempower, 375W48Vinlinepower) CiscoRPS675automatically resetsintostandbymodewhen thefailedunitisreplacedwitha newunit
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
CiscoRPS675
49
WireSpeedServices
35Mpps
Hardware Services SoftwareBased Services
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
50
IEEE802.1s/w
802.1sand802.1wenable loopfreeLayer2network
Usesasfewspanningtree instancesaspossible
Multiplespanningtreesystemallows forlargerLayer2topologies
Rapidlyacceleratesconvergence ineventofafailure
SavesCPUcyclesandis interoperableacrossmultiplevendors
implementationenables Cisco smoothmigrationtoMultipleSpanning TreefromPerVLANSpanningTree Plus(PVST+)whilepreservingfull standardscompliance
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
51
CiscoCatalyst3560MulticastSupport
MulticastServers(Source)
GroupManagement Cisco Protocol(CGMP),IGMPsnooping isusedforthemanaginggroup membershipinformation
LAN
CiscoCatalyst 3560
Hosts(ReceiversorGroups)
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
52
IGMPSnooping
DefaultbehaviorofaLayer2switchistofloodmulticast packetstoportsintheingressVLAN ThisbehaviorisnotdesirableIGMPsnooping resolvesthisissue Implementedinhardware
SnoopsorinterceptsIGMPJoinsandLeavesreceivedon interfacesfromhosts EnableordisableonaglobalorperVLANbasis IngressportparsespacketandsendstoCPUforprocessing, CPUsuppressesredundantIGMPjoins,andsendsoneproxy reporttorouter OverridesforwardingorfloodinginVLAN
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
53
CiscoCatalystIntelligent SwitchingInfrastructure
Features Endtoendmanageability throughcommonsetof managementtools Centralizedadministration andsoftwareupgrades Webbasedaccess Benefits Simplifyimplementation, troubleshooting,andupgrades Reduceoperationalcosts Simplifyintelligentservice implementation Reducedmaintenancecost
54
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
BroadestRangeofNetwork ManagementProducts
WANManager
Tensofthousands ofdevices Serviceprovisioning GlobalWANs Cisco IGX, BPX ,andMGX Switchesonly
PricePerformance
CiscoWorksSNMS*
40devices Networkresourcemanagement
CiscoNetworkAssistant
Free
Upto250networkusers Oneswitch,initialsetuponly
ExpressWebSetup
FunctionandFlexibility
Smalland MediumBusiness
C9737874300 2006CiscoSystems,Inc.Allrightsreserved.
Enterprise
ServiceProvider
*SmallNetworkManagementSolution(SNMS)
CiscoConfidential
55
CiscoWorks
Configuration SingleConsoleLogin Telnet IOSconfigurationmanagement NetworkManagement SingleIPaddresstomanagesystem RMON1,RMON2,HCRMON: comprehensivefaultdiagnostics andperformancetuninginformation 4RMONIgroups:stats,history, alarm,events SNMPv1,v2,v3andStandardMIB support NetworkAnalysis SPAN:portmonitoringofoneor multipleswitchports 4egress,2ingresssessions VLANtrunkfiltering
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
56
ExpressSetup
1. Powerupswitchandholdthe modebuttonforafewseconds untilallthemodeLEDsare green 2. ConnectthePCintotheEthernet portandlaunchbrowser 3. LaunchExpresssetuppageby enteringIPaddressof10.0.0.1in browser 4. AssignswitchIPaddress, managementVLAN,enable secretpassword,(thefollowingis optional)telnetpasswordand SNMPconfiguration
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
57
SmartportsMacros
AddressingComplexityandConsistencyofOperationwithinARole
ExampleAccessSwitchinCampus
AccessSwitch
1
BreaksaRoledowntotheportlevel
1. 2. 3. 4. IPPhone+StandardDesktop StandardDesktop InterSwitch SwitchtoRouterUplink
2 3
Access L2+
C9737874300
58
SmartportsExampleforCampus
NarrowstheDeploymentOptionsforCustomers
6500 4500 3750
1 2
Products
GlobalCommandsforAccessSwitchRole
3
Access L2+ L2+
!Enabledynamicporterrorrecoveryforlink statefailures. errdisablerecoverycauselinkflap errdisablerecoverycause udld errdisablerecoveryinterval60 !VTPrequiresTransparentmodeforfuture 802.1xGuestVLAN !andcurrentBestPractice vtp domain[smartports] vtp modetransparent !EnableaggressivemodeUDLDonallfiber uplinks udld aggressive !EnableRapidPVST+and Loopguard spanningtreemoderapidpvst spanningtreeloopguard default spanningtreeextendsystemid
!Enabledynamicporterrorrecoveryforlink statefailures. errdisablerecoverycauselinkflap errdisablerecoverycause udld errdisablerecoveryinterval60 !VTPrequiresTransparentmodeforfuture 802.1xGuestVLAN !andcurrentBestPractice vtp domain[smartports] vtp modetransparent !EnableaggressivemodeUDLDonallfiber uplinks udld aggressive !EnableRapidPVST+and Loopguard spanningtreemoderapidpvst spanningtreeloopguard default spanningtreeextendsystemid
!Enabledynamicporterrorrecoveryforlink state !failureserrdisablerecoverycauselinkflap errdisablerecoverycause udld errdisablerecoveryinterval60 !VTPrequiresTransparentmodeforfuture 802.1xGuestVLAN !andcurrentBestPractice vtp domain[smartports] vtp modetransparent !EnableaggressivemodeUDLDonallfiber uplinks udld aggressive !EnableRapidPVST+and Loopguard spanningtreemoderapidpvst spanningtreeloopguard default spanningtreeextendsystemid
AccessSwitch inCampusRole
InterfaceCommandsforPortTypebyRole
interfacerangeFastEthernet0/[1 48] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] !Enableportsecuritylimitingportto3MAC addresses.Ensureageis !greaterthanoneminuteanduseinactivity timer switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity !Enableautoqostoextendtrusttoattached Ciscophone autoqos voip ciscophone !Configureportasanedgenetworkport spanningtree portfast spanningtree bpduguard enable interfacerangeFastEthernet0/[1 48] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] !Enableportsecuritylimitingportto3MAC addresses.Ensureageis !greaterthanoneminuteanduseinactivity timer switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity !Enableautoqostoextendtrusttoattached Ciscophone autoqos voip ciscophone !Configureportasanedgenetworkport spanningtree portfast spanningtree bpduguard enable !Resetallendstationinterfacestodefault configuration(globalcommand) defaultinterfacerangeFastEthernet[1]/0/[1 48] !VoIPenabledinterface Enablevoice(VVID) anddataVLAN interfacerangeFastEthernet[1]/0/[1 48] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] !Enableportsecuritylimitingportto3MAC addresses.Ensureageis !greaterthanoneminuteanduseinactivity timer switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity !Enableautoqostoextendtrusttoattached Ciscophone autoqos voip ciscophone !Configureportasanedgenetworkport !Ensurethatanotherswitchcannotbecome activeonthisinterface spanningtree portfast spanningtree bpduguard enable
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
59
CiscoCatalyst3560Series IntelligentFeaturesSummary
Availability IPUnicastRouting
Static,RIPv1/v2,OSPF, IGRP,EIGRP,BGPv4
Security IBNSthrough802.1x AccessControlLists UnicastMACfiltering SSH,Kerberos,SNMPv3 PrivateVLANEdge DHCPinterfacetracker DHCPSnoopingOption82 CMSsecuritywizard PrivateVLANedge Portsecurity MACaddressnotification
QualityofService Queueservicing:
Shapedroundrobinand strictpriorityqueuing Weightedtaildrop Ingresstrafficpolicing Egresstrafficshaping
IPMulticastRouting
PIM,DVMRPtunneling
802.1pCoSandDSCP Congestionavoidance
Granularratelimiting AutoQoS
Manageability Autoconfiguration CiscoIntelligentPowerManagement CiscoCMSSoftware CiscoWorks CiscoExpressSetup VoiceVLAN DynamicVLAN SmartPorts DHCPServer
PortGrouping
EtherChannel(Gigabit,Fast) 802.3ad PortAggregationProtocol(PAgP) LinkAgg.ControlProtocol(LACP)
Layer2loadbalancing(PVST) Layer3loadbalancing(ECR)
Cisco ExpressForwarding
RedundantPowerSupply(RPS675)
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
60
CiscoCatalyst3560SeriesSwitches IPv6CapableRoutinginHardware
IPv6
Moretocome Wireless Ethernet E E Power Power Storage Channel Optical P PS SDN DN CATV xDSL xDSL
NEW
61
Agenda
Agenda
62
CiscoNetworkAssistant
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
63
SinglePointofManagement
devices: AutodiscoveryofCisco Switches,Routers,AccessPoints, andIPPhones
Linksbetweennetworkelement arealsorepresentedwith:
Linkspeed Linkstatus
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
64
FrontPanelView
FrontPanelViewgivethe administratorarapidviewof thestatusofhisswitches. Eachinterfaces(ports)are depictedusingdifferentcolor todepictitstate(speed, duplex,up,down,disable) Alsoallowstheusertosimply usetheirmousetoselectports inordertoconfiguresucha thinglikeVLANsacross multipleswitches
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
65
Monitor,AnalyzeandTroubleshoot
TheNetworkAssistant offersawidearrayof toolsthatallowusersto: Monitorbandwidth utilization,power consumption Analyzeport/QoS/ACL statistics Examinelink performances TestusingPingand Trace
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
66
Reports
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
67
Smartports
FromThis:
GlobalCommands
failureserrdisablerecoverycauselinkflap errdisablerecoverycauseudld errdisablerecoveryinterval60 vtpdomain[smartports] vtpmodetransparent udldaggressive spanningtreemoderapidpvst spanningtreeloopguarddefault spanningtreeextendsystemid
ToThis:
InterfaceCommands
defaultinterfacerangeFastEthernet[1]/0/[148] interfacerangeFastEthernet[1]/0/[148] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity autoqos voipciscophone spanningtreeportfast spanningtreebpduguardenable
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
68
AutomaticApplicationUpdate
TheNetworkAssistant automaticallyupdateitselfvia Cisco.com Userswillbeabletousethe mostcurrentandupdated versionwithouthavingtowait foranewversionsoftobe released.
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
69
DownloadNetworkAssistant
Freedownload GuestLogin
NoCAcontractrequirements Answerafewquestions
http://www.cisco.com/go/NetworkAssistant
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
70
Agenda
Agenda
71
EnterpriseBranchOffice
Catalyst3560SwitchesAggregatedbyaCatalyst3750
DistributionLayer Catalyst3750G24T NetworkCore
Si Si
VLAN5
VLAN10
Cisco 1700/2600/3700 Catalyst3560s PoEenabledswitchportsfor IPphones,accesspoints,video cameras,etc. InterVLANroutingin thedistributionlayer Layer3QoSandsecurityviaDSCP supportandACLsintheaccesslayer
VLAN15 CiscoCallManager Centralized
2600/3700SeriesforWAN Cisco accesstobranchoffices(viaVPN)
ServerFarm
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
EnterpriseWiringCloset:
CiscoCatalyst3560/4500/6500IntegratedCampus
Catalyst6500 CampusBackbone Catalyst3750 or3560 Servers
Cisco 7xxx WANAggregation
IPPhones
Layer2orLayer3WiringClosetUplinks
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
Agenda
Agenda
74
ServicesandWarrantyforthe CiscoCatalyst3650SeriesSwitch
Limitedlifetimehardwarewarranty
AdvanceReplacementshippingwithin 10businessdays GuestaccesstoCisco.com
TotalImplementationSolutions(TIS) Cisco
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
75
OperationalTechnicalSupportServices
24hr/day,7days/wk,2hrresponse
OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS
la NC BD s si c
ranty x4 24x7 8x5 x 4 x4 x2 NBD 8x5 x 4 SAS U 24x7 24x7 24x7 SAS x2
76
Onsite Services
W ar
SMARTnet
SMARTnetOnsite
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
CiscoisYourPartnerfor DeliveringIntelligentNetworks
Morethan1600supportengineers, certification 40percentwithCCIE Average15yearsexperience 80percentissuesresolvedonline Multipleawardsforservice
Technical 30,000Cisco AssistanceCentercasespermonth
77
Summary
Enablesthedeploymentofnetworkwideintelligentservices
Softwarefeaturesforadvanced ComprehensivesetofCiscoIOS functionsandcontrol
Lowersoperatingexpensesbyeasingdeploymentandmanagement
C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
78
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
79