Cisco Catalyst IE3200, IE3300, and IE3400 Series ......Embedded IoT ESS, ESR Edge computing Iox, IC...
Transcript of Cisco Catalyst IE3200, IE3300, and IE3400 Series ......Embedded IoT ESS, ESR Edge computing Iox, IC...
Cisco Catalyst IE3200, IE3300, and IE3400 Series Industrial Ethernet Switches
Mikkel BrodersenSystems EngineerMarch 2020
Cisco Danmark – Up-To-Speed
Why Catalyst IE3x00 Rugged Series?Digital Transformation begins with High speed connectivity
Barriers Requirements
Legacy networks Gigabit speeds for rich real-time data
Security concerns End-to-end security architecture
Lack of IT resources Centralized automation and scale !
Downtime/predictability concerns Redundancy and compliance
Siloed Operations Integration and segmentation
Industrial switching
IE 1000, 2000, 3x00, 4000, 5000, CGS
IoT gateways
819-MNA, IR807, IR809, IR829
Industrial routing
ASR 902/903,CGR 1000, CGR 2000
Cisco® resilient mesh
IR 500, DevNet
Low power
wide area wireless
LoRaWAN, IXM Gateway
Industrial wireless
AP1552, IW3702
Industrial security
ISA 3000
Embedded IoT
ESS, ESR
Edge computing
Iox, IC 3000
Management and
automation
Field Network DirectorIndustrial Network Direct
Industrial IoT Networking portfolio
Industrial Data Center
(IDC)
Industrial
Distribution
Frame (IDF)
IDF
Physical or Virtualized Servers• FactoryTalk® Application Servers and
Services Platform• Network & Security Services – DNS,
AD, DHCP, Identity Services (AAA)• Storage Array
FactoryTalk®
Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server
DistributionSwitch Stack
Cell/Area Zone - Levels 0–2Redundant Star Topology - Flex Links Resiliency
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
Cell/Area Zone - Levels 0–2Linear/Bus/Star Topology
Autonomous Wireless LAN(Lines, Machines, Skids, Equipment)
IndustrialDemilitarized Zone
(IDMZ)
Enterprise ZoneLevels 4-5
Industrial ZoneLevels 0–3
(Plant-wide Network)
CoreSwitches
Phone
Controller
Camera
Safety Controller
Cell/Area Zone - Levels 0–2Ring Topology - Device Level Ring (DLR) Protocol
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
Plant Firewalls• Active/Standby• Inter-zone traffic segmentation• ACLs, IPS and IDS• VPN Services• Portal and Remote Desktop Services proxy
Level 3 - Site Operations(Control Room)
HMI
Active
AP
SSID
5 GHzWGB
SafetyI/O
Controller
WGB
LWAP
SSID
5 GHzWGB
LWAP
Controller
LWAP
SSID
2.4 GHz
Standby
Wireless
LAN Controller
(WLC)
Cell/Area Zone
Levels 0–2
Cell/Area Zone
Levels 0–2
Drive
DistributionSwitch Stack
Wide Area Network (WAN)
Data Center - Virtualized Servers• ERP - Business Systems
• Email, Web Services
• Security Services - Active Directory (AD), Identity Services (AAA)
• Network Services – DNS, DHCP
• Call Manager
Enterprise
Identity Services
Identity Services
External DMZ/ Firewall
AccessSwitches
AccessSwitches
IFW
IFW
Drive I/O Drive I/O
I/O I/O I/O RobotServoDrive
Internet
Cloud
Cloud
Cloud
Thin Client Thin Client
Connected Plantwide Ethernet Architectures
Built on Industry Standards
Remote Gateway Services
Patch Management AV Server
Application Mirror Web Services Operations ApplicationServer
EnterpriseSecurity Zone
IndustrialDMZ
Firewall
ISA95/Purdue Reference Model
5
Batch
Control
Cell/Area Zone
Discrete
Control
Drive
Control
Continuous
Process
Control
Safety
Control
Sensors Drives Actuators Robots
FactoryTalkClient
Operator Interface
FactoryTalkClient
Engineering Workstation
Operator Interface
FactoryTalkApplication
Server
FactoryTalkDirectory
Engineering Workstation
Remote Access Server
IndustrialZone
Firewall
Site Operationsand Control
Area Supervisory
Control
Basic Control
Process
Enterprise Network
Site Business Planning and Logistics NetworkE-Mail, Intranet, etc.
Level 0
Level 1
Level 2
Level 3
Level 4
Level 5
Converged Plantwide Ethernet (CPwE)
Physical or Virtualized Servers• FactoryTalk Application Servers and
Services Platform• Network & Security Services – DNS,
AD, DHCP, Identity Services (AAA)• Storage Array
Remote AccessServer
Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server
DistributionSwitch Stack
HMI
Cell/Area Zone - Levels 0–2Redundant Star Topology - Flex Links Resiliency
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
Cell/Area Zone - Levels 0–2Linear/Bus/Star Topology
Autonomous Wireless LAN(Lines, Machines, Skids, Equipment)
IndustrialDemilitarized Zone
(IDMZ)
Enterprise ZoneLevels 4-5
Industrial Ethernet Switch
Industrial ZoneLevels 0–3
(Plant-wide Network)
Controller
Safety Controller
Robot
Soft Starter
Cell/Area Zone - Levels 0–2Ring Topology - Resilient Ethernet Protocol (REP)
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
I/O
Plant Firewalls• Active/Standby• Inter-zone traffic segmentation• ACLs, IPS and IDS• VPN Services• Portal and Remote Desktop Services proxy
SafetyI/O
ServoDrive
Instrumentation
Level 3 - Site Operations(Control Room)
HMI
Active
AP
SSID
5 GHz
WGB
SafetyI/O
Controller
LWAP
SSID
5 GHzWGB
LWAP
Controller
LWAP
SSID
2.4 GHz
Standby
Wireless
LAN Controller
(WLC)
Cell/Area Zone
Levels 0–2
Cell/Area Zone
Levels 0–2
Drive
DistributionSwitch Stack
Wide Area Network (WAN)
Data Center - Virtualized Servers• ERP - Business Systems
• Email, Web Services
• Security Services - Active Directory (AD),
Identity Services (AAA)
• Network Services – DNS, DHCP
• Call Manager
Enterprise
Identity Services
Identity Services
External DMZ/ Firewall
Internet
AccessSwitches
AccessSwitches
Reference Architecture
ASA 5500
Core
ASA 5500
IFWIFW
IFW
Phone
Camera
WGB
Converged Plantwide Ethernet (CPwE)
Physical or Virtualized Servers• FactoryTalk Application Servers and
Services Platform• Network & Security Services – DNS,
AD, DHCP, Identity Services (AAA)• Storage Array
Remote AccessServer
Physical or Virtualized Servers• Patch Management• AV Server• Application Mirror• Remote Desktop Gateway Server
DistributionSwitch Stack
HMI
Cell/Area Zone - Levels 0–2Redundant Star Topology - Flex Links Resiliency
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
Cell/Area Zone - Levels 0–2Linear/Bus/Star Topology
Autonomous Wireless LAN(Lines, Machines, Skids, Equipment)
IndustrialDemilitarized Zone
(IDMZ)
Enterprise ZoneLevels 4-5
Industrial Ethernet Switch
Industrial ZoneLevels 0–3
(Plant-wide Network)
Phone
Controller
Camera
Safety Controller
Robot
Soft Starter
Cell/Area Zone - Levels 0–2Ring Topology - Resilient Ethernet Protocol (REP)
Unified Wireless LAN(Lines, Machines, Skids, Equipment)
I/O
Plant Firewalls• Active/Standby• Inter-zone traffic segmentation• ACLs, IPS and IDS• VPN Services• Portal and Remote Desktop Services proxy
SafetyI/O
ServoDrive
Instrumentation
Level 3 - Site Operations(Control Room)
HMI
Active
AP
SSID
5 GHz
WGB
SafetyI/O
Controller
WGB
LWAP
SSID
5 GHzWGB
LWAP
Controller
LWAP
SSID
2.4 GHz
Standby
Wireless
LAN Controller
(WLC)
Cell/Area Zone
Levels 0–2
Cell/Area Zone
Levels 0–2
Drive
DistributionSwitch Stack
Wide Area Network (WAN)
Data Center - Virtualized Servers• ERP - Business Systems
• Email, Web Services
• Security Services - Active Directory (AD),
Identity Services (AAA)
• Network Services – DNS, DHCP
• Call Manager
Enterprise
Identity Services
Identity Services
External DMZ/ Firewall
Internet
AccessSwitches
AccessSwitches
Reference Architecture
ASA 5500
Core
ASA 5500
IFWIFW
IFW
EtherNet/IPPROFINET (Industrial Protocols)
Real–Time Control
Fast Convergence
Traffic Segmentation and Management
Ease of Use
Site Operations and Control
Multi-Service Networks
Network and Security Management
Routing
Application and Data share
Access Control
Threat Protection
Enterprise/IT Integration
Collaboration
Wireless
Application Optimization
Purpose Built for Harsh Environments
1Size weight form-factor
2Shock and vibration
3High MTBF resilient network topologies
4Din-rail or rack mounts
5Fanless - 40 – 75℃self-cooled
6Industry certifications
IoT Switching portfolio
10/100M 1G 10G
Access
Featu
res
Aggregation
IE 2000
Catalyst IE3000
IE 4000
IE 5000
IE 1000
Industrial temperature rated (-40 to 75℃) ruggedized fan-less design, self-cooledenterprise-grade switches
High MTBFCompact form-factorIndustry Certifications
New
IoT Switching portfolio
• Lightly-managed• Layer 2 only• 30 second
boot-up time • Web config tool• Up to 8
PoE/PoE+ ports
• For all industries• Layer 2 or 3
(IP service)• 4 GE uplinks• 28 total GE ports• IEEE1588 PTP
(default and power profiles)
• Layer 2 NAT• Up to 12 or 24
PoE/PoE+• Dying gasp• Cisco TrustSec®
HW-ready• MACSec HW-
ready• TSN-ready• IOx-ready• REP, PRP• Cisco DNA E/A
• For all industries• Layer 2 or 3
(IP service)• 4 GE uplinks• Up to 20 GE
ports• IEEE1588 PTP
(default and power profiles)
• Layer 2 NAT• Up to 8 PoE /
PoE+ ports• Dying gasp• Cisco® TrustSec
SGT/SGACL• MACSec, FNF• Time-Sensitive
Network (TSN) ready
• IOx• MRP, REP, PRP• Cisco DNA E/A
• Designed for all industries
• Layer 2 or 3 (IP service)
• 4 10 GE* uplinks• 24 GE downlinks• IEEE1588 PTP
(default and power profiles)
• Layer 2 NAT• Up to 12 PoE/PoE+• Dying gasp• Cisco TrustSec
SGT/SGACL• MACSec• FNF • TSN-ready• Stacking*• Conformal coating*• IOx-ready• Timing interfaces
(IRIG-B, GPS, TOD)• Cisco DNA E/A
• L2 or L3 (IP lite)• Small form factor• IP30, IP67• DLR (only Stratix)• MRP, REP • Layer 2 NAT• IEEE1588 PTP • Up to 8 PoE/PoE+• Conformal
coating*• Cisco DNA
Essentials
• L2 or L3 (IP services)
• Small form factor• PRP, REP• 1588 PTP
default and power profiles
• Up to 4 PoE/PoE+ ports
• Layer 2• 2 GE Fiber
uplinks• Up to 24 GE
ports• IEEE1588 PTP• Up to 16
PoE/PoE+• REP, Fast REP,
MRP(CLI)• FNF, L2NAT• MACSec-128,-
256, OSPF• SDA Extended
node• Cisco DNA E/A
Roadmap• Layer 3(phase II)• Profinet
• Layer 2 • 2 GE Fiber
uplinks• 8 GE downlinks• IEEE1588 PTP• Up to 8
PoE/PoE+ ports• REP,Fast REP,
MRP(CLI)• MACsec-128• Cisco DNA
Essentials
Roadmap• Profinet
• Layer 2• 2 GE Fiber
uplinks (IE3400 only)
• Up to 24 GE ports
• IEEE1588 PTP• REP, Fast REP,
MRP(CLI),PRP• FNF, L2NAT**• Cisco TrustSec®
SGT/SGACL• MACSec-128,-
256, OSPF• SDA Extended
node• Cisco DNA E/ARoadmap• PoE,Profinet• Layer 3(phase II)• HSR. IOX,TSN• Secure
extended Node
IE2000
IE4010IE4000
IE2000U
IE3300IE3200
IE3400/
IE3400H
IE1000
IE5000
10/100M 1G 10G
Access
‘*’ – Selected Models
‘**’ in roadmap for IE3400H
Featu
re
Best in Class
Aggregation
FCS
Jan19
High-density PoE in small form factor – Up to 16 ports of PoE+
IOx edge compute Enhanced Extended Node*
Modern Cisco® IOS –XE OS Layer 2 and Layer 3*
All Gigabit Ethernet – up to 26 ports
8 module options – Add 8-16 copper, fiber, PoE ports
Advanced security Cisco TrustSec®, MACsec, 802.1x
Advanced industrial protocols* –REP, HSR*, PRP, Profinet*, MRP
IE3300 modularIE3200 fixed IE3400 advanced modular
Catalyst IE3x00 Rugged Series Modular Switches
* In roadmap
IE3300 modular
Catalyst IE3x00 Rugged Series - At a glance
IE3200 fixed IE3400 advanced modular
IE 3x00 platform - At a glance
IE3200 fixedIE3300modular
IE3400Advancedmodular
Positioning Upsell IE 2000 to GEReplace and upsell IE 3000High-density PoE+ solution
Position for Extended Enterprise and Connected Communities InfraBuilt-in advanced security
Availablefeatures
• Layer 2• Fixed: 10 x 1GE ports• PTP, REP, Fast REP,MRP• PoE/PoE+• MACsec-128• Cisco DNA Essentials
• Layer 2• Modular – 26 x1GE ports• PTP, Netflow, REP, Fast REP, MRP,
L2NAT• PoE/PoE+• OSPF• MACsec-128,-256• Cisco DNA Essentials, Cisco DNA
Advantage• SDA Extended Node• Layer 3 (phase II)
• Layer 2• Modular –26 x 1GE ports• PTP, NetFlow, REP, Fast REP,
MRP,PRP, L2NAT• OSPF• MACsec-128,-256, • SGT/SGACL• Cisco DNA Essentials, Cisco DNA
Advantage• Layer 3• PoE/PoE• SDA Enhanced Extended Node
Roadmapfeatures
• Profinet • Profinet • Profinet, • HSR, TSN,Cisco IOx
One versatile platform - Many Industry Verticals
Catalyst IE3x00 Rugged Series – Extended EnterpriseIntent based Networking for IoT Edge to Multi-cloud
IE3200(basic)
IE3300 (flexible)
IE3400 (advanced)
Manageability
IBN – Cisco DNA Center managementand assurance
Redesigned, updated GUI – WEBUI
Stealthwatch with Netflow
Security
NG Secure Operating System IOS-XE
IBN – SDA Extended Node
IBN – SDA Enhanced Extended node *
Cisco TrustSec
Differentiators
Advanced networking - Network Advantage
Power over Ethernet - High density *
Warehouses
Distribution centers
Parking lots
Airports
* In Roadmap
IE3200(Basic)
IE3300 (Flexible)
IE3400 (Advanced)
Investment protection
Future-proof NG architecture
Port Expandability with modules
Advanced Networking - Network Advantage
Industry 4.0 features TSN*
Security and Reliability
NG Secure Operating System IOS-XE
Optimized Redundancy Protocols (Fast REP)
PTP, MACsec
Advanced Redundancy Protocols (HSR*, PRP)
Operational cost savings
Industrial Network Director with ISE integration
Low power consumption
IOx*
Factories
Utilities
Catalyst IE3x00 Rugged Series – Industrial OTCompact, flexible, secure, scalable next-gen Industrial platform
* Roadmap
Outdoor connectivity – Parking lot
Connect• IP cameras, video encoders
• Wi-Fi access points
• Emergency phones
• Digital signage
• Access control
• Occupancy sensors
• Parking meters
Outcomes• Improved safety
• New customer experiences
• Theft prevention
• Smart parking enforcement
• Automated entry and exit control
• Secure connectivity
Catalyst® 9000
IE 3300
SD-Access
IE 3300
IE 3400
Warehouse and distribution center connectivity
Connect• Pick, pack, stage, ship
• Sorters, conveyors
• IP cameras
• Wi-Fi access points
• Safety and security
• Laptops
• Smartphones
• Hand-held devices
Outcomes• Reliable network operations
without air-conditioning costs
• Improved security with consistent policies
• Improved safety and productivity of staff
• Increased operational efficiency through real-time process visibility
• Improved inventory management
HMI
PLC
IW3700IE3400
ISA3000
IE3400
IE4010IW3700
Sub-Station automation
Connect• IED controllers
• Security cameras
• Programmable controllers
• Remote Terminal Units (RTUs)
• SCADA systems
Outcomes• Increased operational reliability
• Reliable network for time-sensitive and mission-critical communications
• Reduced risk from security attacks
• High availability
• Real-time visibility
Catalyst® 9000
IE 3300
SD-Access
IE 3300
IE 3400Utilities
Manufacturing plant floors –Converged Plant-Wide Ethernet
Connect• Drives, sensors, IO
• Robots
• Controllers
• HMI systems
• SCADA systems
Outcomes• Reliable network operations
without air-conditioning costs
• Improved safety and productivity of staff
• Increased operational efficiency through real-time process visibility
• Reduced OpEx – easy to configure, upgrade, replacement, maintain
• Reduced risk with secure M2M communication
Catalyst IE3x00 Rugged Series Systems & modulesHighly flexible architecture with a wide array of module choices
Fixed systems Expandable systems Expansion modules
IE-3300-8T2S-EIE-3300-8P2S-E
IEM-3300-8T=IEM-3300-8P=IEM-3400-8T=IEM-3400-8P=*
IEM-3300-6T2S=IEM-3300-16T=IEM-3300-16P= IEM-3300-142S= IEM-3300-8S= IEM-3400-8S=*
Copper fixed
POE+ fixed
1
2
Copper basic modular system
PoE+ basic modular system
Copper Advanced modular system
PoE+ Advanced modular system*
1
2
3
1
2
3
8p copper
8p PoE+
Advanced 8p copper
Advanced* 8p PoE+
5 6p copper + 2p fiber mixed
6
7 16p PoE+
8 14p copper + 2p fiber mixed
9 8p fiberAdvanced 8p fiber*
IE-3200-8T2S-EIE-3200-8P2S-E
4 4
10
*September 2019
IE-3400-8T2S-EIE-3400-8P2S-E*
16p copper
15 cm
13,5 cm
9 cm
Weight: 1,5 kg
Optimized for size, weight, and power
Next Generation Gigabit Ethernet Industrial platform
Compact form-factor GE
Sturdy die-cast modular design
Optimized to fit in space constrained environments
• Roadside cabinets, plant-floor Assembly lines, Sub-station cabinets, airport jet-ways
IP30Operating temp -40C to +75C
25% smaller volume than IE 3000 Base
• PoE model packs 8 ports of PoE in a fan-less self-cooled chassis!
Flexible platform for every Industrial use case
Next Generation Gigabit Ethernet Industrial platform
8 Module options
Port density choices
• Add 8 port module for 18 GE ports
• Add 16 port modules for 26 GE ports
Media Choice
• Copper
• Fiber
Power over Ethernet optionAdvanced modular option with IE3400
(6T2S),(14T2S) mixed module for 4 fiber SFP config
IE 3300 IE 3400
Up to 16 ports of PoE+ with new power supplies
240W and 480W
• New Power Supplies
• 8 ports of PoE+
• 16 ports of PoE+
Next Generation Gigabit Ethernet Industrial platform
High Wattage Power Supplies
240W and 480W
Up to 16 ports of PoE+ with new power supplies
PWR-IE240W-PCAC-L=240W PWR-IE480W-PCAC-L=480W
NEW
240W Power Supply
• 8 ports of PoE+
480W Power Supply
• 16 ports of PoE+
Power HD IP Cameras, IP phones, wireless access points with PoE
Reduce complexity with one cable for connectivity and power
Control costs by less wiring, distribution panels, circuit breakers
Cisco IOS-XE
Secure and Modern Next-generation Operating System
Next Generation Gigabit Ethernet Industrial platform
Cisco IOS-XE
Built-in security, trust, resiliency and availability
• Secure boot, bootloader protection, Image signing,
Trust Anchor module
Programmable APIs – NETCONF, RESTCONF APIs and
IETF YANG data models
Highly available and resilient – Modular software
patches and upgrades
Optimized boot times (<90s)
Fully redesigned UX with Cisco WEBUIIE 3300 IE 3400IE 3200
Rich Security feature-set
Next Generation Gigabit Ethernet Industrial platform
Advanced security for next-gen architectures Secure IOS-XE Operating System with built-in trust
MACsec - IEEE 802.1AE – link level encryption for data confidentiality, integrity and origin authentication.
Netflow – Monitor flows and detect threats and attacks
802.1x authentication
Trustsec – Role-based security
SDA Enhanced Extended edge - Microsegmentation
Cisco IOS-XE
Secure Open APIs WEBUI GUImgmt console
Deploy , Manage and MonitorPowerful yet easy to use
Next Generation Gigabit Ethernet Industrial platform
IE 3300 IE 3400IE 3200
Fully re-designed WEBUI with modern UX and simple menus
Centralized management, policy orchestration with Cisco DNA Center
Easy zero-config replacement with Swap Drive
Industrial Network Director for OT personnel
Advanced network visibility with Stealthwatchand Netflow
Advanced features
Next Generation Gigabit Ethernet Industrial platform
Cutting-edge Industrial innovations
IE 3400
Time synchronization with PTP
Resilient Ethernet Protocol (REP)
• Fast REP – convergence time < 25ms
Full flexible Netflow (FNF)
IE3400 – Advanced features
• TSN* ready architecture
• Advanced redundancy protocols
• HSR* ready
• PRP* ready
• Iox* edge compute ready hardware
• Enhanced Extended node*
The Catalyst you know in a heavy duty design
Cisco Catalyst
IE3400 Heavy Duty Series Switch
Confidence in uptime with no-compromise security through network segmentation and real-time visibility
Simplified operations with central policy control and proactive management all the way to the IoT edge
Connectivity in the harshest environments, no cabinet, no fear of damage from water and dust
It’s a Catalyst…
Cisco DNA Center
Manage and monitor IoT network with the same tools that manage the IT
network, such as Cisco DNA Center
Simplified operations, intent-based networking all the way to the IoT edge
• IOS-XE, SDA-ready
• Central network policy control
• Proactive network management
Cisco Catalyst IE3400 Heavy Duty Series Key features
Secure connectivity for the harshest environments
* In roadmap
Enhanced network-based security, segmentation, and visibility
Up to 24 all Fast Ethernet or all Gigabit Ethernet, M12 interfaces
Cisco® DNA Center, CiscoSoftware-Defined AccessSecure Extended Node*
SD Swap Drive
IP67-ratedwater and dust protection
Powered by Cisco IOS XE OS
IOx, compute at the IoT edge*
Cisco Catalyst IE3400 Heavy Duty Series SKUs
All Gigabit or all Fast Ethernet Ports
Each SKU is available in Network Essentials (-E) and Network Advantage(-A) variants.
IE-3400H-8FTIE-3400H-8T
IE-3400H-16FTIE-3400H-16T
IE-3400H-24FTIE-3400H-24T
Cisco Catalyst IE3400 Rugged SeriesvsCisco Catalyst IE3400 Heavy Duty Series
IE3400 Rugged IE3400 Heavy Duty
Feature sets
L2/L3 switching*
Security (Cisco TrustSec®) and Visibility (Flexible NetFlow)
SDA Extended Node (Cisco® DNA)
Analytics (IOx)**
Shock, vibration and extreme temperatures resistant
Industry certifications
Water and dust protection (IP67-rated)
* Both (Rugged and Heavy duty series) are powered by the same IOS XE software image ** Post-FCS
Consistent Policy Orchestration & EnforcementMacro & Micro segmentation
Real-time Visibility & Assurance
SD-Access for the Extended Enterprise
Centralized ManagementAutomated configuration and IBN management
I N T E N T C O N T E X T
Intent-based Network Infrastructure
Cisco DNA Center
AnalyticsPolicy Automation
APIC-EM
ISE NDP
DNA Controller
C
BB
EnterpriseFabric
FE FE FEFE
EEEEExtended Enterprise
Enterprise-wideSD-AccessArchitecture
APIC-EM
ISE NDP
Identity Services
Fabric Border Nodes
DNA ControllerAnalytics Engine
SD-Access Architecture for IoT Component Roles & Terminology
C
Control PlaneNodesBB
Enterprise
Fabric
▪ Control Plane Nodes – Map System that manages Endpoint to Device relationships
▪ Identity Services – External ID System(s) (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition
▪ Fabric Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric
▪ DNA Controller – Enterprise SDN Controller (e.g. DNA Center) provides GUI management and abstraction via Apps that share context
▪ Analytics Engine – External Data Collector(s) (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status
FE
Fabric Edge Nodes
▪ Fabric Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric
FE FE FE
▪ Extended Nodes – A Edge access device that connects Wired IoT Endpoints to the SDA Fabric via a Fabric Edge Node
SD-Access Extension
IE3400
IE3400
IE3400
IE3400
IE3400IE3400
Cisco Industrial Network Director – For OT users
Native industrial protocol support
Plug-and-play day-0 configuration
Dashboard for monitoring alarms, system health, and traffic statistics
APIs for integration with automation systems and security platforms
Plug-and-play server for zero-touch switch commissioning
Improved industrial asset visibility and network troubleshooting with automation context
REST APIs for integration with automation systems
OT intent-driven security workflows through ISE integration
Network management, device location, and visibility
Enabling IT-OT partnership to secure the OT network
IndustrialNetwork Director
Modbus
CIP
PROFINET
BACNet
Operational Environment
V I S I B I L I T Y
IO
PLC
DRIVE
CONTROLLER
IE Switching
NGFW
Stealthwatch
SGACL Segmentation
SGT Firewall Rules
Context based Host Groups
C O N T E X T
SXP
SGTdACL
pxGrid
C O N T E X T
C O N T E X T
ISE
pxGrid
IT / Security
REST API
Cisco Cyber VisionProtect your industrial control systems against cyber risks
Asset inventory and security platform for the Industrial IoT
ICS visibility: Know your assets & control network
• Asset Inventory
• Communication patterns
• Device vulnerabilities
Operational insights: Track your processes
• Process changes
• Asset modifications
• ICS flight recorder
Holistic threat detection: Trigger alerts
• Behavioral anomaly detection
• Signature based IDS
• OT threat intelligence
Built into your network infrastructure: Deploy at scale
Industrial
Routing
Industrial
Wi-Fi
Industrial
SwitchingIoT Gateways
Compute
Cyber Vision understands the ICS protocols you use
Cyber Vision Visibility
Dynamic Communication Map
Comprehensive Asset Inventory
▪ Automatically spot software vulnerabilities across all your industrial assets
▪ Access comprehensive information on vulnerability severities and solutions
▪ Built-in vulnerability databasealways up to date
Visibility: Instantaneous Vulnerability Identification
Enforce Cyber-Hygiene best practices
▪ Asset details
▪ Communication maps
▪ Variable accesses
Operational Insights: Views for OT Teams
Monitor the integrity of your industrial process
Why Catalyst IE3x00 Rugged Series?
Contact [email protected] for additional information
• Accelerate your digital transformation with
Gigabit Ethernet speeds
• Protect your industrial infrastructure with end-
to-end, enterprise-wide security
• Reduce OpEx and scale with simple
management and automation tools
• Future-proof and protect your investment with
the latest innovations
For more information:
IoT Networking:www.cisco.com/go/iot
IE 3x00 Switches:www.cisco.com/go/ie
Industrial Network Director:www.cisco.com/go/ind