Cisco Catalyst® 3560 Product Presentation

CiscoCatalyst3560 SeriesSwitches
C9737874300
2006CiscoSystems,Inc.Allrightsreserved.
CiscoConfidential
Agenda
Agenda
Catalyst SwitchesOverview Cisco
Catalyst3560ProductOverview PoweroverEthernet IntelligentServices CiscoNetworkAssistant DeploymentExamples ServiceandSupport

C9737874300 2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
CatalystSwitchingPortfolio
Features,Scalability,Longevity
Distribution/Core
Catalyst6500 Catalyst4500
DatacenterAccess
Catalyst6500 Catalyst4948 BladeSwitches
WiringCloset
Catalyst6500 Catalyst4500 Catalyst3750E andCatalyst3750
Catalyst2960/2950
Catalyst3560E andCatalyst3560
Small
Mediumsized
Large
NumberofEmployees/Density
MostCompleteLineofFixed ConfigurationLANProducts
FullLayer3Routing
CiscoCatalyst4948 10/100/1000+210GEwirespeedswitching Rackoptimizedserverswitching Jumboframesupport Dual,hotswappable,internalpowersupplies Hotswappablefantray
PricePerformance
CiscoCatalyst3750EandCatalyst3750 Stackable10/100andGEconfigurations 210GEX2uplinkswithGEmigrationusingCiscoTwinGig CiscoStackWisePlusandStackWisetechnology EnterpriseclassintelligentLayer3/4services Modularpowersupplywith3750E PoEconfigurationswithupto15.4Wonall48ports CiscoCatalyst3560EandCatalyst3560 10/100andGEconfigurations 210GEX2uplinkswithGEmigrationusingCiscoTwinGig EnterpriseclassintelligentLayer3/4services Modularpowersupplywith3560E PoEconfigurationswithupto15.4Wonall48ports
Layer2IntelligentServices
CiscoCatalyst2950andCatalyst2960 10/100and10/100/1000Layer2switching FixeduplinkandGBICbasedgigabitconnectivity Basicthroughadvancedintelligentservices
GUIManaged
CiscoCatalystExpress500 Lowdensity,standalone,managed10/100switching Tailoredforbusinesseswithupto250users
Function,Flexibility,Scalability
Agenda
Agenda

CiscoCatalyst3560SeriesSwitches
Positioning
Enterpriseclass,fixedconfiguration,multilayerswitchinglineoptimizedfor prestandard accesslayerdeploymentsrequiringIEEE802.3aforCisco PoweroverEthernet
FastEthernetandGigabittothedesktopconfigurations Idealforsmallenterprisewiringclosetsandbranchofficeenvironments
Enablesthedeploymentofnetworkwideintelligentservices
Availability Enhancedsecurity Advancedqualityofservice(QoS)
IntelligentpowermanagementfeaturesenhancePoEcapabilities NewExpressSetupandCiscoNetworkAssistantsoftwaresupportseasy deploymentandconfiguration

Software FamiliarCiscoIOS
UsesCiscoASICsforsuperiorhardwareandsoftwareintegration,and innovativefeatures
Catalyst3560Series
ProductOverview
Enterpriseclassservices
Availability:IPRouting,HSRP,STPenhancements,802.1s/w,IGMPsnooping Security:ACLs,portsecurity,802.1x(IBNS),SSH,SNMPv3,ACLs,RADIUS/TACACS+, DHCPsnooping,DynamicARPinspection,IPsourceGuard AdvancedQoS:L2L4QoSwithCoS/DSCP,ShapedRoundRobin,StrictPriorityQueuing, AutoQoSforVoIP IPv6hardwarecapability GE&FEconfigurationsPerformanceupto38.7Mppsrouting&switching
PoweroverEthernet
AbilitytosupportbothCiscoprestandardPoEandIEEE802.3af Intelligentpowermanagementfeaturesmaximizeandprioritizeavailablepower
Easeofdeploymentandmanagement
WebbasedExpressSetupsimplifiesinitialconfiguration CiscoNetworkAssistantconfigurationwizardssimplifyconfigurationofLayer3/4services BootsasatraditionalLayer2Catalystswitch,configurableforLayer3routingandservices AutoconfigurationthroughDHCP
Smallformfactorpluggable(SFP)uplinks
SX,LX,ZX,1000BaseT,CWDMoptions
CiscoCatalyst3560SeriesModel Overview
Catalyst35608PC Catalyst356024TS Catalyst356048TS
Catalyst3560G24PS
810/100+1dualpurpose 10/100/1000&SFPport 124WPoE 2410/100+2SFPports 4810/100+4SFPports
Catalyst356024PS
Catalyst356048PS
Catalyst3560G24PS
ThreeSoftwareLicenses IPBaseSoftwareLicense Enterpriseclassintelligent services:advancedQoS, enhancedsecurity,RIP,and staticIProuting IPServicesSoftwareLicense IPBasefeaturesetplus: dynamicIPunicastrouting, smartmulticastrouting,and PBR AdvancedIPServicesLicense AddsIPv6routingandACLs
C9737874300 2006CiscoSystems,Inc.Allrightsreserved.
Catalyst3560G48PS
4810/100+4SFPports 370WPoE
2410/100+2SFPports 370WPoE
Catalyst3560G24TS
Catalyst3560G48TS
2410/100/1000+4SFP
4810/100/1000+4SFP
Catalyst3560G24PS
Catalyst3560G48PS
Catalyst3560G24PS
2410/100/1000+4SFP 370WPoE
Catalyst3560G48PS
4810/100/1000+4SFP 370WPoE
CiscoConfidential
Agenda
Agenda

WhatisPoweroverEthernet?
PoweroverEthernet(PoE) istheabilitytodeliver regulated48VDCpower overastandardcopper Ethernetnetworkcable Thispowerisutilizedby connecteddevicesfortheir operation
C9737874300
CiscoConfidential
10
ExtendingtheVersatilityofEthernet
TheBenefitsofPoweringDeviceswithEthernet Powerover Ethernet extendsthe value,simplicity andflexibilityof Ethernetto enablenew usesforthe network network
ACFreeDeployments MobilityandSimplicity Safety OperationalResiliency SimplifiedManageability ReducedCapexandOpex
11
AGlimpseintotheFuture
TheEthernetPoweredOrganization
WirelessAccessPoints IPIntegratedVideo FireProtection Surveillance
PoweroverEthernet(PoE) Delivers48VDCPowerover aStandardCopperEthernet Cable
Resilient,AvailableIP NetworkwithScalable PowerDelivery
PoweredIP Telephone
Building Access Control
ThePowerandNetworkIs UsedbytheConnected DevicesforTheirOperation

12
C9737874300
CiscoConfidential
EvolutionoftheIEEE802.3af PoEStandard
CiscowastheindustrysfirsttoprovidePower overEthernet(inlinepower)inaLANswitch
Catalyst6500andCatalyst4006first chassisswitcheswithPoEsupportand havebeen802.3afPoEreadysinceinception Catalyst3524PWRXL,shippedinMay2000 wasfirststackabletosupportPoE Todaytherearewellover18Million CiscoprestandardPoEportsdeployed
Ciscowasdeeplyinvolvedintheevolution ofPoEinnovationandthroughouttheIEEE standardsprocess P802.3af,DTEPowerviaMDI,wasapproved bytheIEEEStandardsBoardandhasbeen publishedas802.3af2003standard
C9737874300
CiscoConfidential
13
HowtoDeployPoweroverEthernet(PoE)
TherearetwoprimarycomponentsofaPoEdeployment:
PowerSourcingEquipment (PSE)(suchasaCisco CatalystLANSwitchPort) Insertspoweroverthe Ethernetcable
PoweredDevice(PD) Acceptsandutilizesdelivered inlinepower
C9737874300
CiscoConfidential
14
IEEEPowerClassification
OptionalFeature
IEEE802.3afhasanoptionalPower Classificationfeatureandshouldbea minimumrequirementforanyPoE deployment LANSwitch(PSE)reservesrequired powerbaseduponattacheddevices class Significantlyreducespowercapacity requirements
WithPowerClassification switchidentifiespowerneedsand onlyreservespowerbaseduponclass WithoutPowerClassification unclassifieddevicestreatedat defaultwithfull15.4Wperport
Class Number 0 (Default) 1 2 3 4
MaxPoweratoutput ofPSEperport 15.4wattsreserved (actualdevicerequirement canbemuchless) 4watts 7watts 15.4watts FutureExpansion
CiscosIntelligentPower managementextendsIEEE PowerClassificationformore granularcontrol
AllCisco802.3afCatalystSwitches(PSE) devicessupporttheoptionalPower Classificationfeature

15
CiscoCatalystIntelligentPower
ManagementCapabilities
EnablingOptimizationofPowerDelivery ExtendIEEEPowerClassificationwith moregranularpowermanagement Setpredefined,perportpower allocationtolimithighpower devicesandminimizepowerdraw Restrictpowerdeliveryfromspecific portsandidentifyportswherepower isnotbeingusedtoreallocatepower CiscoCatalyst Switchesoffer IntelligentPower Management CapabilitiesThat ExtendtheOptional IEEEPower Classification FeatureandEnable Intelligent,granular ManagementofAll PoEPorts
C9737874300
CiscoConfidential
16
CiscoIntelligentPowerManagement
MoreGranularthanIEEEPowerClassification
IntelligentPowerManagementenablesCiscoCatalystswitchestoidentifyprecisepower requirementsforcompatiblePoweredDevices Precisepowerdeliveryoptimizespowerdeliveryby
Reducingtheneedforlargerpowersupplies EnablinghighernumbersofPoweredDevicestobesupported
CatalystswitchinitiallyusestheIEEEClassstructuretodetermineinitialpowerrequirements, thenafterstartup,IntelligentPowerManagementisusedtofurtherrefinePowerallocationfor compatibledevices
Cisco AP1200 802.11b/g 6.2Watts 0Watts
CiscoIPPhone 7970G10.25 Watts 15.4Watts

RangeofIEEE802.3afPower
Class1 4Watts
Class2 7Watts
Class0/3 15.4Watts
17
Agenda
Agenda

18
IncreasingDemandsPlacedonNetworks
Desktopcomputingpowerincreasing
Actingasservers Gigabitconnections Floodingnetworkwithtraffic
Multipletypesofaccessdevices
Voiceanddatatrafficatthedesktop Trafficclassificationneeds
New,advancedapplicationswith lesspredictabletrafficpatterns
Greaterrelianceonservers New,lesspredictabletrafficpatterns
Strongernetworksecurity
Increasedflowofsensitive infoonthenetwork Internalandexternalthreats
19
CiscoCatalystIntelligent SwitchingInfrastructure
IntelligentSwitchingisaCommonFoundationof Catalyst Switches CapabilitiesacrossCisco
Performance,Availability Wirespeed forwarding Noperformance effectwithall servicesenabled
QoS Layer2,3,4 classification Policingandshaping Multiplequeues Granularcontrol
Security Layer2,3,4 accesscontrol Identitybased authentication Managementsecurity
Manageability Endtoend manageability forcentralized administration Webbasedor commandline interface(CLI) Analysisand planningtools
C9737874300
CiscoConfidential
20
IntelligenceThrough MoreCapableASICs
*NottoScale
MACDA
MACSA
802.1Q/1p Length
IP Header Info
TOS
IPSA
IPDA
TCP/UDP Header
DATA
Layer2Info
Layer3Info
Layer4Info
Layer2switchesarelimitedtotheprocessingandforwardingofLayer2 information. Multilayerswitchescanlookdeeperintotheframe=>intelligentdecisions basedonLayer3orLayer4information. Examplesofwhythisscenarioisuseful:

PreservebandwidthbylimitingtrafficbasedonausersIPaddress. PreservebandwidthbylimitingtrafficbasedonapplicationsusingaconstantTCP/UDP portnumberWebbrowsing,enterpriseresourceplanning(ERP)applications,etc. PreventaccesstonetworkresourcesbasedonusersIPaddress. ClassifyandmarktrafficbasedonLayer3QoS(DSCP).
innovativeASICswithCiscoIOS Softwareintegrationenablesuperior Cisco intelligentservicesthatwillnotbottleneckthenetwork.
21
IntelligentSwitching
Features Layer2,3,4trafficclassification Shaping,sharing,andpolicing AdvancedQoS Security Availability Manageability Granularcontrol Wirespeedperformance Benefits Managebandwidthtomeet businesspriorities Maintainperformancefor timesensitiveapplications BettermeetdefinedSLAs Noperformancedegradation withservicesenabled
22
WhereCongestionExists, QoSisRequired
Aggregation SpeedMismatch LANtoWAN
10Mbps 10Mbps
1000Mbps
64kbps
Pointsofaggregation Linksandbuffers Pointsofsubstantialspeedmismatch Transmitbufferstendtofill(TCPwindowing) Bufferingreducesloss,introducesdelay

23
C9737874300
CiscoConfidential
NotAllTrafficIsCreatedEqual
Voice Lowto Moderate Low Video Moderateto High Low Data (BestEffort) Moderateto High High MissionCritical Data Lowto Moderate High Moderateto High Lowto Moderate
Bandwidth Random DropSensitivity Delay Sensitivity JitterSensitivity
High
High
Low
High
High
Low
C9737874300
CiscoConfidential
24
CiscoCatalyst3560Series ExtensiveQoSFeatures
TrafficClassificationandMarkingforDifferentiatedServices
Perportorindividual/aggregateflowclassificationandrewrite MACaddress,802.1pCoS/DSCP,IPaddress,TCP/UDPport
RX
Classify
Ingress Police
Mark
Ingress Queuing/ Scheduling Congestion Control
Queue1 Queue2 Queue3 Queue4
Egress Queuing/ Scheduling Congestion Control
TX
AdmissionControl
PreventNetworkCongestion InputandOutputPolicingperPort
AdvancedTrafficShapingandScheduling
FourQueuesperPort ShapedRoundRobin StrictPriorityQueuing
25
C9737874300
CiscoConfidential
AutoQoS
OneCommandperInterfacetoEnableandConfigureQoS ModifyGlobalandInterfaceSettingstoMakeQoSforVoIPWork
WAN

Cisco CallManager CiscoUnity Software

Voice Gateways Voice Applications
C9737874300
CiscoConfidential
26
Features Identitybasedauthentication AdvancedQoS Security Availability Manageability Wirespeedaccess controllists Controlledaccesstosystem maintenance Integratedsecurityservices Benefits Authenticateandcontrolaccess baseduponuseridentity Protectcriticalbusinessassets Preventdowntime Preventnetworkattacksfromwithin
27
CatalystIntegratedSecurityStrategy
ThreatDefense DefendtheEdge:
IntegratedNetworkFW+IDS DetectsandPreventsExternalAttacks
Internet
Intranet
ProtecttheInterior:
CatalystIntegratedSecurity ProtectsAgainstInternalAttacks
GuardtheEndpoints:
CiscoSecurityAgent(CSA) ProtectsHostsAgainstInfection
TrustandIdentity GuardingNetworkAccess
IdentityBasedNetworking ControlWho/WhatHasAccess
Si
Si Si
SecureCommunication SecuretheTransport:
IPSecVPN ProtectsData/VoiceConfidentiality
28
SecureConnectivity
SecureShell(SSH) SSHencryptsadministrationtrafficduring Telnetsessionswhileconfiguringor troubleshootingswitches SecureSocketsLayer(SSL) SSLencryptsnetworkmanagementtraffic allowingthesecureuseoftoolssuchasthe CiscoNetworkAssistant SNMPv3(withcryptosupport) Providesnetworksecuritybyencrypting administratortrafficduringSNMPsession toconfigureortroubleshootswitches Kerberos Authenticatesusersandnetworkservices usingatrustedthirdpartytoperformsecure verification
Encrypteddata
29
ProtectingAgainstWorms
HowItWorks: TheACLprovidesamechanismtoprotectservers,users,and applicationsagainstwormsbydeterminingwhattrafficstreams oruserscanaccesswhatports.
Port1434
Internal Network
UsingACLs,thevirus orwormisnotableto replicatefromitshosts.
C9737874300
CiscoConfidential
30
TypicalInternalAttacks
IPSourceGuard Attack DynamicARPInspection DHCPSnooping PortSecurity DHCPRogueServer forDefaultGateway Interception ARPSpoofingor ARPPoisoning IPSpoofing NoYoure Not! Email Server CatalystFeature DHCPSnooping MACAddressFlooding PortSecurity
DynamicARP Inspection IPSourceGuard
InnocentUser
ImYour EmailServer
ImThe User
C9737874300
CiscoConfidential
31
MACAddressFloodingAttacks
CuttingoffMACBasedAttacks
00:0e:00:aa:aa:aa 00:0e:00:bb:bb:bb 132,000Bogus MACaddresses perSecond Only3MAC Addresses Allowedon thePort: Shutdown
Problem: ScriptKiddieHackingTools EnableAttackersFloodSwitch CAMTableswithBogusMAC Addresses,TurningtheVLAN intoaHubandEliminatingPrivacy SwitchCAMTableLimitof32K MacAddresses

Solution: PortSecurityLimitsMACFloodingAttack andLocksDownPortandSendsanSNMP Trap
32
PortSecurity
WhatItDoes: LimitsthenumberofMACaddressesthatareabletoconnecttoaswitch andensuresonlyapprovedMACaddressesareabletoaccesstheswitch. Benefit: Ensuresonlyapproveduserscanlogontothenetwork.
1MACAddress

X
AdditionalMAC Address
33
DHCPSpoofingAttack
DHCP Server
RogueDHCPOffer
IP:10.1.1.20/24 GW:10.1.1.1 DNS:192.168.1.122
DHCP Server

UserPorts Untrusted
DHCP Discovery Broadcast

Victim
Problem: Malicioususerpretends tobethenetworkDHCP server. Misconfigureduser startsupaDHCP serverincorrectly. Malicioususer cansendoutbogus address,depletethe addressspace,orspoof thedefaultgateway.
CiscoConfidential
Solution Donottrustuserportsso onlyDHCPrequestscan besent. SnoopDHCPinformation forintegrity.
C9737874300
34
DHCPSnooping
DHCPSnoopingEnabled WhatItDoes:
Si Si
Trusted
DHCP Server
CK DH
DHCP Client
Untrusted
X X
SwitchforwardsonlyDHCP requestsfromuntrustedaccess ports,anddropsallothertypes ofDHCPtraffic.DHCPsnooping allowsonlydesignatedDHCP portsoruplinkportstrustedto relayDHCPmessages.Itbuilds aDHCPbindingtablecontaining clientIPaddress,clientMAC address,port,andVLANnumber. Benefit: DHCPsnoopingeliminates roguedevicesfrombehaving astheDHCPserver.
35
eq
ue s
CP
RogueServer
C9737874300
CiscoConfidential
ARPSpoofingAttack TheManintheMiddle
RealDefault Gateway10.1.1.1
Attackeronlyneedstobeattached onsamesubnetasonevictim sendsGratuitiousARPontosubnet. IP/ARPbindingsincorrectlysetat innocentendstation
GratuitousARP (ARPReply)Im 10.1.1.1
ToolsEasilyDownloadableandis simplerthanmostvideogames (GUIorCLI)
Snoops Data
ARPsfordefault gateway
C9737874300
CiscoConfidential
36
ASimpleTool,SomeDangerous Consequences
Stealing Passwords
EmailServer
Neitherthevictimnorthe defaultgatewayisaware oftheattack Passwordscanbesnooped Client,employeeor companyconfidential informationcanbe compromised

Victim
Si Si
C9737874300
CiscoConfidential
37
DynamicARPInspection
IP:10.1.1.1 MAC:0000.0000.0001
NotbyMy BindingTable MyGWIs 10.1.1.1 10.1.1.1
10.1.1.2
I mYour mYour I GW:10.1.1.1 GratuitousARPtoChangeEnd DeviceMACtoARPTables
WhatItDoes MaintainsabindingtablecontainingIPandMACaddress associationsdynamicallypopulatedusingDHCPSnooping Benefit Ensuresintegrityofuseranddefaultgatewayinformationsuch thattrafficcannotbecaptured

38
IPSpoofingAttack
No,yourenot!
ImassignedIP address10.2.2.15
Imgoingtosteal address10.2.2.15
ImassignedIP address10.2.2.15
Imgoingtosteal address10.2.2.15
Problem: Userschangetheirassigned IPaddresseitherdueto:

Innocentreasons Awaytohideanattackby bypassingACLs,appearingtobe onadifferentsubnetorlaunch anonymousDoSattacks
Solution: Discardingattackerspacketswith spoofedsourceIPaddressby bindingclientIPaddress,client MACaddress,port,VLANnumber
C9737874300
CiscoConfidential
39
IPSourceGuard
NotbyMy PortACL IP:10.1.1.1 10.1.1.2
I m m I Sourcing 10.1.1.2 10.1.1.2 ManuallyChangingIPAddressor UsingProgramstoCreateIP SpoofedTraffic I mreally mreally I 10.1.1.2
WhatItDoes: AutomaticallyconfiguresaPortACLforIPaddressandadds MACaddresstoportsecuritylistfortheport.DHCPSnoopingallows learningandbindingofIPaddressandMACaddressbytheswitch RemovesACLandMACentrywhenleaseexpires Benefit: Preventssnoopingofdataoranonymouslaunchingofattacks

40
IdentityBasedNetworkServices
WhatItDoes: Usingthe802.1xprotocol withciscoenhancements, thenetworkgrantsprivileges basedonuserlogoninformation, regardlessoftheuserslocation ordevice Benefits: Allowsdifferentpeopletouse thesamepcandhavedifferent capabilities Ensuresthatusersonlygettheir designatedprivileges,nomatter howtheyareloggedontothe network Reportsunauthorizedaccess
41
IdentityBasedNetworkServices
HowItWorks: Alluserstryingtoenterthenetworkmustreceiveauthorization basedontheirpersonalusernameandpassword
ValidUsername ValidPassword RADIUS Server
Yes Yes
TACACS+or RADIUS
No
InvalidUsername InvalidPassword
Client Accessing Switch

C9737874300
Equivalenttoplacingasecurityguardat eachswitchport. Onlyauthorizeduserscangetnetworkaccess Unauthorizeduserscanbelockedoutorplacedinto guestVLANs PreventsunauthorizedorRogueAPs

CiscoConfidential
42
802.1xEnhancements
AllowtofunctionconcurrentlywithPortSecurity VLANassignment
TheuserwillbeassignedtoaVLANbasedontheresponsefromtheRADIUSservertothe catalystswitch
802.1xwithVVIDsupport
802.1xwillsupportinteroperabilitywiththeIPphonehandsets
ApplyExtendedACLs
EnablesconfigurationofextendedACLstoprovidenetworksecuritybasedon802.1x authenticatedusers
MACbasedauthentication
MACbasedauthenticationfornonsupplicantcapableuser
Webbasedproxysupplicantauthentication
Nonsupplicantuserisrecognizedbyswitch Usergivenscreentoenterusernameandpasswordsimulatessupplicant
43
TheNextStep: CiscoNetworkAdmissionControl(NAC)
Ciscoled,MultipartnerProgram
Limitsdamagefromvirusesandworms Coalitionofmarketleadingvendors
RestrictsandControlsNetworkAccess
Endpointdeviceinterrogatedforpolicy compliance Networkdeterminesappropriateadmission enforcement:permit,deny,quarantine,restrict
ACiscoSelfDefendingNetworkInitiative
Dramaticallyimprovesnetworksabilityto identify,prevent,andadapttothreats
C9737874300
CiscoConfidential
44
WhyNetworkAdmissionControl?
1.Noncompliantendpoint attemptsconnection
BranchorCampus
2.Connectionallowed
3.Infectionspreads endpointsexposed
Campus
CorporateNet
C9737874300
CiscoConfidential
45
CiscoNetworkAdmissionControl:
WhatItDoes
1.Noncompliantendpoint attemptsconnection
BranchorCampus
2.Noncompliant statusdetermined
3.Infectioncontained endpointssecured
Campus
AccessDenied Remediation Cisco Trust Agent Quarantine
C9737874300
CiscoConfidential
46
HowitWorks NetworkAdmissionControl
Network Admission Device
SecurityApp Plugins Posture Agent
Nonresponsive AuditServer
CTA
CTA
CTA
AAAServer
AVServer
CTAAPI
CiscoTrust Agent
NetworkAccess Device
Nonresponsive process
AAA Server
NRP API
HCAP API
1. NewL2orL3connection detectedbysmartCiscodevice 2. Smartdeviceacquires AVPosture(802.1x, IPsec,LEAP/PEAP,etc)
3. ACSSvr(AAARADIUS)receives AVpostureandsendsaccess action(OK,Deny,Quarantine) mayinvolveVendorSvr 4. Smartdevicesenforce accessactions

47
C9737874300
CiscoConfidential
Features Wirespeedforwarding AdvancedQoS Security Availability Manageability Noperformance effectwithallservicesenabled Loadbalancing Redundancy Benefits Networkremainsoperable despitefailures AbilitytomeetdefinedSLAs Businessresiliency Reducedmaintenancecost
48
HigherAvailabilitywiththeCisco RedundantPowerSystem675
Internalpowersupplyredundancy
RPS675sensesfailure Cisco anddeliversuninterruptedpower todevice
SupportsuptosixCisco networkingdevicesincluding 3750,3560, allCiscoCatalyst 3550,2970,and2950switches Smallformfactor1RU 675W(300W12Vsystempower, 375W48Vinlinepower) CiscoRPS675automatically resetsintostandbymodewhen thefailedunitisreplacedwitha newunit
CiscoRPS675
49
WireSpeedServices
Wirespeed,hightouch serviceswithno performancehit:

512QoSpolicies 1024securitypolicies 64policers 4queuesperport
35Mpps
Hardware Services SoftwareBased Services
PacketDrop,Cache Misses,CPUOverload ServicesLoad,forExample,ACLs,QoS,andMulticast
C9737874300
CiscoConfidential
50
IEEE802.1s/w
802.1sand802.1wenable loopfreeLayer2network
Usesasfewspanningtree instancesaspossible
Multiplespanningtreesystemallows forlargerLayer2topologies
Rapidlyacceleratesconvergence ineventofafailure
SavesCPUcyclesandis interoperableacrossmultiplevendors
implementationenables Cisco smoothmigrationtoMultipleSpanning TreefromPerVLANSpanningTree Plus(PVST+)whilepreservingfull standardscompliance
Ciscoextendedthe802.1s/wstandards byautomaticallyrunningthespanning tree802.1wwhen802.1sisconfigured.
C9737874300
CiscoConfidential
51
CiscoCatalyst3560MulticastSupport
MulticastServers(Source)
GroupManagement Cisco Protocol(CGMP),IGMPsnooping isusedforthemanaginggroup membershipinformation
LAN
Perportbroadcast,multicast, andunicaststormcontrol MulticastVLANregistration VirtualTrunkingProtocolpruning
CiscoCatalyst 3560
Hosts(ReceiversorGroups)
C9737874300
CiscoConfidential
52
IGMPSnooping
DefaultbehaviorofaLayer2switchistofloodmulticast packetstoportsintheingressVLAN ThisbehaviorisnotdesirableIGMPsnooping resolvesthisissue Implementedinhardware
SnoopsorinterceptsIGMPJoinsandLeavesreceivedon interfacesfromhosts EnableordisableonaglobalorperVLANbasis IngressportparsespacketandsendstoCPUforprocessing, CPUsuppressesredundantIGMPjoins,andsendsoneproxy reporttorouter OverridesforwardingorfloodinginVLAN
53
Features Endtoendmanageability throughcommonsetof managementtools Centralizedadministration andsoftwareupgrades Webbasedaccess Benefits Simplifyimplementation, troubleshooting,andupgrades Reduceoperationalcosts Simplifyintelligentservice implementation Reducedmaintenancecost
54
AdvancedQoS Security Availability Manageability
C9737874300
CiscoConfidential
BroadestRangeofNetwork ManagementProducts
WANManager
Tensofthousands ofdevices Serviceprovisioning GlobalWANs Cisco IGX, BPX ,andMGX Switchesonly
PricePerformance
CiscoWorks LANManagement Solution(LMS)
Thousands ofdevices Servicemanagement WANsandLANs
CiscoWorksSNMS*
40devices Networkresourcemanagement
CiscoNetworkAssistant
Free
Upto250networkusers Oneswitch,initialsetuponly
ExpressWebSetup
FunctionandFlexibility
Smalland MediumBusiness
C9737874300 2006CiscoSystems,Inc.Allrightsreserved.
Enterprise
ServiceProvider
*SmallNetworkManagementSolution(SNMS)
CiscoConfidential
55
CiscoWorks
Configuration SingleConsoleLogin Telnet IOSconfigurationmanagement NetworkManagement SingleIPaddresstomanagesystem RMON1,RMON2,HCRMON: comprehensivefaultdiagnostics andperformancetuninginformation 4RMONIgroups:stats,history, alarm,events SNMPv1,v2,v3andStandardMIB support NetworkAnalysis SPAN:portmonitoringofoneor multipleswitchports 4egress,2ingresssessions VLANtrunkfiltering
C9737874300
CiscoConfidential
56
ExpressSetup
1. Powerupswitchandholdthe modebuttonforafewseconds untilallthemodeLEDsare green 2. ConnectthePCintotheEthernet portandlaunchbrowser 3. LaunchExpresssetuppageby enteringIPaddressof10.0.0.1in browser 4. AssignswitchIPaddress, managementVLAN,enable secretpassword,(thefollowingis optional)telnetpasswordand SNMPconfiguration
C9737874300
CiscoConfidential
57
SmartportsMacros
AddressingComplexityandConsistencyofOperationwithinARole
ExampleAccessSwitchinCampus
AccessSwitch
1
BreaksaRoledowntotheportlevel
1. 2. 3. 4. IPPhone+StandardDesktop StandardDesktop InterSwitch SwitchtoRouterUplink
2 3
Access L2+
StandardtemplatescanbeappliedforProductsonaperRolebasis ApplysophisticatedLayer2andLayer3Features ProvideSecretSaucethatrepresentsCiscoBestPractices SMARTPORTSTemplatesforthis

2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential
C9737874300
58
SmartportsExampleforCampus
NarrowstheDeploymentOptionsforCustomers
6500 4500 3750
1 2
Products
GlobalCommandsforAccessSwitchRole
3
Access L2+ L2+
!Enabledynamicporterrorrecoveryforlink statefailures. errdisablerecoverycauselinkflap errdisablerecoverycause udld errdisablerecoveryinterval60 !VTPrequiresTransparentmodeforfuture 802.1xGuestVLAN !andcurrentBestPractice vtp domain[smartports] vtp modetransparent !EnableaggressivemodeUDLDonallfiber uplinks udld aggressive !EnableRapidPVST+and Loopguard spanningtreemoderapidpvst spanningtreeloopguard default spanningtreeextendsystemid
!Enabledynamicporterrorrecoveryforlink statefailures. errdisablerecoverycauselinkflap errdisablerecoverycause udld errdisablerecoveryinterval60 !VTPrequiresTransparentmodeforfuture 802.1xGuestVLAN !andcurrentBestPractice vtp domain[smartports] vtp modetransparent !EnableaggressivemodeUDLDonallfiber uplinks udld aggressive !EnableRapidPVST+and Loopguard spanningtreemoderapidpvst spanningtreeloopguard default spanningtreeextendsystemid
!Enabledynamicporterrorrecoveryforlink state !failureserrdisablerecoverycauselinkflap errdisablerecoverycause udld errdisablerecoveryinterval60 !VTPrequiresTransparentmodeforfuture 802.1xGuestVLAN !andcurrentBestPractice vtp domain[smartports] vtp modetransparent !EnableaggressivemodeUDLDonallfiber uplinks udld aggressive !EnableRapidPVST+and Loopguard spanningtreemoderapidpvst spanningtreeloopguard default spanningtreeextendsystemid
AccessSwitch inCampusRole
ConsistentShortform MacrosacrossProducts Consistentoperation forallProducts
InterfaceCommandsforPortTypebyRole
interfacerangeFastEthernet0/[1 48] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] !Enableportsecuritylimitingportto3MAC addresses.Ensureageis !greaterthanoneminuteanduseinactivity timer switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity !Enableautoqostoextendtrusttoattached Ciscophone autoqos voip ciscophone !Configureportasanedgenetworkport spanningtree portfast spanningtree bpduguard enable interfacerangeFastEthernet0/[1 48] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] !Enableportsecuritylimitingportto3MAC addresses.Ensureageis !greaterthanoneminuteanduseinactivity timer switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity !Enableautoqostoextendtrusttoattached Ciscophone autoqos voip ciscophone !Configureportasanedgenetworkport spanningtree portfast spanningtree bpduguard enable !Resetallendstationinterfacestodefault configuration(globalcommand) defaultinterfacerangeFastEthernet[1]/0/[1 48] !VoIPenabledinterface Enablevoice(VVID) anddataVLAN interfacerangeFastEthernet[1]/0/[1 48] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] !Enableportsecuritylimitingportto3MAC addresses.Ensureageis !greaterthanoneminuteanduseinactivity timer switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity !Enableautoqostoextendtrusttoattached Ciscophone autoqos voip ciscophone !Configureportasanedgenetworkport !Ensurethatanotherswitchcannotbecome activeonthisinterface spanningtree portfast spanningtree bpduguard enable
C9737874300
CiscoConfidential
59
CiscoCatalyst3560Series IntelligentFeaturesSummary
Availability IPUnicastRouting
Static,RIPv1/v2,OSPF, IGRP,EIGRP,BGPv4
Security IBNSthrough802.1x AccessControlLists UnicastMACfiltering SSH,Kerberos,SNMPv3 PrivateVLANEdge DHCPinterfacetracker DHCPSnoopingOption82 CMSsecuritywizard PrivateVLANedge Portsecurity MACaddressnotification
QualityofService Queueservicing:
Shapedroundrobinand strictpriorityqueuing Weightedtaildrop Ingresstrafficpolicing Egresstrafficshaping
IPMulticastRouting
PIM,DVMRPtunneling
HotStandbyRouterProtocol(HSRP) WebCacheComm.Protocol(WCCP) PolicyBasedRouting(PBR) SpanningTreeProtocolenhancements

UplinkFast,BackboneFast,PortFast 802.1s/w
802.1pCoSandDSCP Congestionavoidance
Granularratelimiting AutoQoS
Manageability Autoconfiguration CiscoIntelligentPowerManagement CiscoCMSSoftware CiscoWorks CiscoExpressSetup VoiceVLAN DynamicVLAN SmartPorts DHCPServer
PortGrouping
EtherChannel(Gigabit,Fast) 802.3ad PortAggregationProtocol(PAgP) LinkAgg.ControlProtocol(LACP)
Layer2loadbalancing(PVST) Layer3loadbalancing(ECR)
Cisco ExpressForwarding
RedundantPowerSupply(RPS675)
C9737874300
CiscoConfidential
60
CiscoCatalyst3560SeriesSwitches IPv6CapableRoutinginHardware
WithmillionsofnewdevicesbecomingIPaware, theneedforincreasedaddressingandplugandplay networkingisonlymetwiththeimplementationofIPv6
IPv6
Moretocome Wireless Ethernet E E Power Power Storage Channel Optical P PS SDN DN CATV xDSL xDSL
NEW
Catalyst 3560 Cisco

61
Agenda
Agenda

62
CiscoNetworkAssistant
Automaticnetworkdiscovery Frontpanelview DynamicApplicationUpdate Smartports Crosslaunchdevicemanagers Noadditionalcost!
C9737874300
CiscoConfidential
63
SinglePointofManagement
devices: AutodiscoveryofCisco Switches,Routers,AccessPoints, andIPPhones
Displayedphysicalnetwork topologyalongwithnetwork elementsdetailssuchas:

Name IPaddress MACaddress Stateofthenetworkelement
Linksbetweennetworkelement arealsorepresentedwith:
Linkspeed Linkstatus
Allowsadministratortoviewlivenetwork information,Includingthestatusofswitches andnetworkconnection
C9737874300
CiscoConfidential
64
FrontPanelView
FrontPanelViewgivethe administratorarapidviewof thestatusofhisswitches. Eachinterfaces(ports)are depictedusingdifferentcolor todepictitstate(speed, duplex,up,down,disable) Alsoallowstheusertosimply usetheirmousetoselectports inordertoconfiguresucha thinglikeVLANsacross multipleswitches
C9737874300
CiscoConfidential
65
Monitor,AnalyzeandTroubleshoot
TheNetworkAssistant offersawidearrayof toolsthatallowusersto: Monitorbandwidth utilization,power consumption Analyzeport/QoS/ACL statistics Examinelink performances TestusingPingand Trace
C9737874300
CiscoConfidential
66
Reports
C9737874300
CiscoConfidential
67
Smartports
FromThis:
GlobalCommands
failureserrdisablerecoverycauselinkflap errdisablerecoverycauseudld errdisablerecoveryinterval60 vtpdomain[smartports] vtpmodetransparent udldaggressive spanningtreemoderapidpvst spanningtreeloopguarddefault spanningtreeextendsystemid
ToThis:
InterfaceCommands
defaultinterfacerangeFastEthernet[1]/0/[148] interfacerangeFastEthernet[1]/0/[148] switchportaccessvlan[data] switchportmodeaccess switchportvoicevlan[voice] switchportportsecurity switchportportsecuritymaximum3 switchportportsecurityviolationrestrict switchportportsecurityagingtime2 switchportportsecurityagingtypeinactivity autoqos voipciscophone spanningtreeportfast spanningtreebpduguardenable
C9737874300
CiscoConfidential
68
AutomaticApplicationUpdate
TheNetworkAssistant automaticallyupdateitselfvia Cisco.com Userswillbeabletousethe mostcurrentandupdated versionwithouthavingtowait foranewversionsoftobe released.
C9737874300
CiscoConfidential
69
DownloadNetworkAssistant
Freedownload GuestLogin
NoCAcontractrequirements Answerafewquestions
http://www.cisco.com/go/NetworkAssistant
70
Agenda
Agenda

71
EnterpriseBranchOffice
Catalyst3560SwitchesAggregatedbyaCatalyst3750
DistributionLayer Catalyst3750G24T NetworkCore
Si Si
VLAN5
VLAN10
Cisco 1700/2600/3700 Catalyst3560s PoEenabledswitchportsfor IPphones,accesspoints,video cameras,etc. InterVLANroutingin thedistributionlayer Layer3QoSandsecurityviaDSCP supportandACLsintheaccesslayer
VLAN15 CiscoCallManager Centralized
2600/3700SeriesforWAN Cisco accesstobranchoffices(viaVPN)
ServerFarm
Manybranchofficeshavelimitedport densityrequirements=>thedistribution layermaynotbenecessary

72
EnterpriseWiringCloset:
CiscoCatalyst3560/4500/6500IntegratedCampus
Catalyst6500 CampusBackbone Catalyst3750 or3560 Servers
Cisco 7xxx WANAggregation
PoEenabledswitchports Call forIPphones,accesspoints, Processing cameras,etc. Layer2uplinkstothe backboneloadsharing throughPVST+
Catalyst4500 WiringCloset CacheEngine (Optional)
IPPhones
Optionforrouteduplinks tothebackboneforfaster failoverloadsharing throughequalcostrouting Layer3QoSandsecurityvia DSCPsupportandACLsin theaccesslayer

73
Layer2orLayer3WiringClosetUplinks
C9737874300
CiscoConfidential
Agenda
Agenda

74
ServicesandWarrantyforthe CiscoCatalyst3650SeriesSwitch
Limitedlifetimehardwarewarranty
AdvanceReplacementshippingwithin 10businessdays GuestaccesstoCisco.com
TotalImplementationSolutions(TIS) Cisco
Projectmanagementandtraining Installation,test,andcutover Majormoves,adds,andchanges Designreviewandproductstaging
Configurationandverificationservicesthateasedeploymentof networkwideintelligentservicesQoSandmulticastmanagement andSMARTnetOnsite CiscoSMARTnet

24houraccesstotechnicalsupportthroughtheWeb,email,andphone AdvanceReplacementofhardwarepartsinaslittleas2hours Onsitefieldengineer(CiscoSMARTnetOnsite)toassistinhardware replacements
C9737874300
CiscoConfidential
75
OperationalTechnicalSupportServices
24hr/day,7days/wk,2hrresponse
OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS
la NC BD s si c
ranty x4 24x7 8x5 x 4 x4 x2 NBD 8x5 x 4 SAS U 24x7 24x7 24x7 SAS x2
76
Onsite Services
24hr/day,7days/wk,4hrresponse 8hr/day,5days/wk,4hrresponse 8hr/day,5days/wk,nextbusinessday 24hr/day,7days/wk,2hrresponse
Advance Replacement ofHardware
24hr/day,7days/wk,4hrresponse 8hr/day,5days/wk,4hrresponse 8hr/day,5days/wk,nextbusinessday 10businessdayreplacement

TACaccess 24hr/day,7days/wkCisco
Diagnostics Technology Refresh
RegisteredCisco.comaccess Softwareupdates Softwaremaintenance
W ar
SMARTnet
SMARTnetOnsite
C9737874300
CiscoConfidential
CiscoisYourPartnerfor DeliveringIntelligentNetworks
Morethan1600supportengineers, certification 40percentwithCCIE Average15yearsexperience 80percentissuesresolvedonline Multipleawardsforservice
Technical 30,000Cisco AssistanceCentercasespermonth
5000+partnersworldwidedeliver directandsubcontractedservices forCiscotechnology 1200+partneremployedCCIE professionals

77
Summary
prestandardPoEfixedconfigurationswitch IEEE802.3afandCisco offerings
IntegratedASICtechnologyallowsbothPoEimplementationsonthesame switch CiscointelligentpowermanagementfeaturesthatenhancePoEmanagement capabilities
Enablesthedeploymentofnetworkwideintelligentservices
Softwarefeaturesforadvanced ComprehensivesetofCiscoIOS functionsandcontrol
Lowersoperatingexpensesbyeasingdeploymentandmanagement
78
C9737874300
CiscoConfidential
79

Cisco Catalyst® 3560 Product Presentation

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cisco Catalyst® 3560 Product Presentation

Încărcat de

Drepturi de autor:

Formate disponibile

CiscoCatalyst3560 SeriesSwitches

Catalyst SwitchesOverview Cisco

Catalyst3560ProductOverview PoweroverEthernet IntelligentServices CiscoNetworkAssistant DeploymentExamples ServiceandSupport

CiscoCatalyst4948 10/100/1000+210GEwirespeedswitching Rackoptimizedserverswitching Jumboframesupport Dual,hotswappable,internalpowersupplies Hotswappablefantray

Catalyst SwitchesOverview Cisco

Catalyst3560ProductOverview PoweroverEthernet IntelligentServices CiscoNetworkAssistant DeploymentExamples ServiceandSupport

IntelligentpowermanagementfeaturesenhancePoEcapabilities NewExpressSetupandCiscoNetworkAssistantsoftwaresupportseasy deploymentandconfiguration

Catalyst SwitchesOverview Cisco

Catalyst3560ProductOverview PoweroverEthernet IntelligentServices CiscoNetworkAssistant DeploymentExamples ServiceandSupport

ACFreeDeployments MobilityandSimplicity Safety OperationalResiliency SimplifiedManageability ReducedCapexandOpex

PoweroverEthernet(PoE) Delivers48VDCPowerover aStandardCopperEthernet Cable

Resilient,AvailableIP NetworkwithScalable PowerDelivery

Building Access Control

ThePowerandNetworkIs UsedbytheConnected DevicesforTheirOperation

Ciscowasdeeplyinvolvedintheevolution ofPoEinnovationandthroughouttheIEEE standardsprocess P802.3af,DTEPowerviaMDI,wasapproved bytheIEEEStandardsBoardandhasbeen publishedas802.3af2003standard

PoweredDevice(PD) Acceptsandutilizesdelivered inlinepower

Class Number 0 (Default) 1 2 3 4

MaxPoweratoutput ofPSEperport 15.4wattsreserved (actualdevicerequirement canbemuchless) 4watts 7watts 15.4watts FutureExpansion

CiscosIntelligentPower managementextendsIEEE PowerClassificationformore granularcontrol

AllCisco802.3afCatalystSwitches(PSE) devicessupporttheoptionalPower Classificationfeature

CatalystswitchinitiallyusestheIEEEClassstructuretodetermineinitialpowerrequirements, thenafterstartup,IntelligentPowerManagementisusedtofurtherrefinePowerallocationfor compatibledevices

Cisco AP1200 802.11b/g 6.2Watts 0Watts

CiscoIPPhone 7970G10.25 Watts 15.4Watts

Catalyst SwitchesOverview Cisco

Catalyst3560ProductOverview PoweroverEthernet IntelligentServices CiscoNetworkAssistant DeploymentExamples ServiceandSupport

Performance,Availability Wirespeed forwarding Noperformance effectwithall servicesenabled

QoS Layer2,3,4 classification Policingandshaping Multiplequeues Granularcontrol

Security Layer2,3,4 accesscontrol Identitybased authentication Managementsecurity

Layer2switchesarelimitedtotheprocessingandforwardingofLayer2 information. Multilayerswitchescanlookdeeperintotheframe=>intelligentdecisions basedonLayer3orLayer4information. Examplesofwhythisscenarioisuseful:

Pointsofaggregation Linksandbuffers Pointsofsubstantialspeedmismatch Transmitbufferstendtofill(TCPwindowing) Bufferingreducesloss,introducesdelay

Bandwidth Random DropSensitivity Delay Sensitivity JitterSensitivity

Ingress Queuing/ Scheduling Congestion Control

Queue1 Queue2 Queue3 Queue4

Egress Queuing/ Scheduling Congestion Control

UsingACLs,thevirus orwormisnotableto replicatefromitshosts.

DynamicARP Inspection IPSourceGuard

Problem: ScriptKiddieHackingTools EnableAttackersFloodSwitch CAMTableswithBogusMAC Addresses,TurningtheVLAN intoaHubandEliminatingPrivacy SwitchCAMTableLimitof32K MacAddresses

Solution: PortSecurityLimitsMACFloodingAttack andLocksDownPortandSendsanSNMP Trap

DHCP Discovery Broadcast

Solution Donottrustuserportsso onlyDHCPrequestscan besent. SnoopDHCPinformation forintegrity.

Attackeronlyneedstobeattached onsamesubnetasonevictim sendsGratuitiousARPontosubnet. IP/ARPbindingsincorrectlysetat innocentendstation

GratuitousARP (ARPReply)Im 10.1.1.1

ToolsEasilyDownloadableandis simplerthanmostvideogames (GUIorCLI)

Neitherthevictimnorthe defaultgatewayisaware oftheattack Passwordscanbesnooped Client,employeeor companyconfidential informationcanbe compromised

WhatItDoes MaintainsabindingtablecontainingIPandMACaddress associationsdynamicallypopulatedusingDHCPSnooping Benefit Ensuresintegrityofuseranddefaultgatewayinformationsuch thattrafficcannotbecaptured

Problem: Userschangetheirassigned IPaddresseitherdueto:

Solution: Discardingattackerspacketswith spoofedsourceIPaddressby bindingclientIPaddress,client MACaddress,port,VLANnumber

WhatItDoes: AutomaticallyconfiguresaPortACLforIPaddressandadds MACaddresstoportsecuritylistfortheport.DHCPSnoopingallows learningandbindingofIPaddressandMACaddressbytheswitch RemovesACLandMACentrywhenleaseexpires Benefit: Preventssnoopingofdataoranonymouslaunchingofattacks

Client Accessing Switch

Equivalenttoplacingasecurityguardat eachswitchport. Onlyauthorizeduserscangetnetworkaccess Unauthorizeduserscanbelockedoutorplacedinto guestVLANs PreventsunauthorizedorRogueAPs

AccessDenied Remediation Cisco Trust Agent Quarantine

1. NewL2orL3connection detectedbysmartCiscodevice 2. Smartdeviceacquires AVPosture(802.1x, IPsec,LEAP/PEAP,etc)

3. ACSSvr(AAARADIUS)receives AVpostureandsendsaccess action(OK,Deny,Quarantine) mayinvolveVendorSvr 4. Smartdevicesenforce accessactions

Wirespeed,hightouch serviceswithno performancehit:

PacketDrop,Cache Misses,CPUOverload ServicesLoad,forExample,ACLs,QoS,andMulticast

Ciscoextendedthe802.1s/wstandards byautomaticallyrunningthespanning tree802.1wwhen802.1sisconfigured.

Perportbroadcast,multicast, andunicaststormcontrol MulticastVLANregistration VirtualTrunkingProtocolpruning

AdvancedQoS Security Availability Manageability

CiscoWorks LANManagement Solution(LMS)

Thousands ofdevices Servicemanagement WANsandLANs

StandardtemplatescanbeappliedforProductsonaperRolebasis ApplysophisticatedLayer2andLayer3Features ProvideSecretSaucethatrepresentsCiscoBestPractices SMARTPORTSTemplatesforthis

ConsistentShortform MacrosacrossProducts Consistentoperation forallProducts

HotStandbyRouterProtocol(HSRP) WebCacheComm.Protocol(WCCP) PolicyBasedRouting(PBR) SpanningTreeProtocolenhancements

WithmillionsofnewdevicesbecomingIPaware, theneedforincreasedaddressingandplugandplay networkingisonlymetwiththeimplementationofIPv6