Juergen Braun Consulting Systems Engineer...*Software roadmap – within 18 months after FCS 2.4 Ghz...

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Juergen Braun

Consulting Systems Engineer


• Industry Trends and Unified Access

• Catalyst 3850 Advantages– Converged Access– Distributed Services

• Product Info• Summary


Deliver an Uncompromised User Experience

on Any Workspace

I T R e q u i r e m e n tMegatrends

Mobility• Seamless roaming• Optimal client performance• Cloud access/VXI

Video• Multicast streaming• Video conferencing• Reliable performance

BYOD• Secure access• Customized experience• Guest access


Early 2000 2002 2004 2006 2008 2010 2012 2014 …

CL

IEN

TS

/ B

AN

DW

IDT

H

Media Rich ApplicationsPervasive Mission CriticalNice to Have

10Gbps

11Mbps

802.11n450 Mbps

802.11a, 802.11b11 Mbps

802.11g54 Mbps

802.11ac-11 Gbps

802.11ac-23.5 Gbps

Future


Is Your Network Ready?

Can I offer secure, mission critical wired/wireless access services?2

Am I investing in an architecture future-proofed for scale?3

1 How do I manage complexity to reduce costs?


Uncompromised User Experience on Any Workspace

U n i f i e d A c c e s sOne Policy

One ManagementOne Network


Wireless ControlSystem

Access ControlServer

LAN MgmtSolution

Identity Mgmt

NACProfiler

GuestServer

Cisco WirelessLAN Controller

InternalResources

Cisco FirewallCisco Access Point

Catalyst Switch

Corporate Network Internet

One ManagementPrime

One PolicyISE

Converged Access Mode• Integrated wireless controller• Distributed wired/wireless

data plane (CAPWAP termination on switch)

One Network

Catalyst 3850


Bu i l t on C isco ’s Innova t i ve “UADP” ASICThe In te l l i gen t Sw i tch fo r the Wor ld Connec ted

* Roadmap

Wireless CAPWAP TerminationUp to 2000

Clients per Stack

40 Gbps Uplink Bandwidth

Line Rate on All Ports

FRU Fans, Power Supplies

Granular QoS/Flexible NetFlow

Up to 50 APs/2000 clients per stack, and 40G per switch

480 Gbps StackingBandwidth

Stackpower

SGT/SGACL*

Full POE+


TraditionalWorkspace

U n i f i e d W o r k s p a c e

• Scale & Performance

• Security

• Lower TCO

Catalyst 2960-S

VoiceData

MobilityBYOD Video

Catalyst 4500E

* - Shipping on Catalyst 3850, Roadmap on Catalyst 4500E

Catalyst 3850

Catalyst 3kSeries

S c a l e & P e r f o r m a n c e

T r u s t S e c

A p p l i c a t i o n V i s i b i l i t y

E n e r g y M a n a g e m e n t a n d G r e e n

L o w e r T C O

Catalyst 3750-X

C O N V E R G E D A C C E S S *

D is t r ibu ted In te l l igen t Access Serv ices


Scale with distributed wired

and wirelessdata plane

480G stack bandwidth; 40G wireless/switch;

efficient multicast

Maximumresiliency with

fast statefulrecovery

Layered network high availability design with

stateful switchover

Singleplatform for wired and wireless

Common IOS, same administration point,

one release

Un i f ied Access - One Po l i cy | One Management | One Network

Network wide visibility for

fastertroubleshooting

Wired and wirelesstraffic visible at

every hop

Consistent security and

quality of service controlHierarchical bandwidth

management and distributed policy

enforcement


B e n e f i t s• Built on UADP ASIC – Cisco’s Innovative

Flexparser ASIC technology• Eliminates operational complexity• Single Operating System for

wired and wireless

• 802.11n• CleanAir• VideoStream• Radio Resource Management (RRM)

• Wireless Intrusion Prevention System (WiPS)

• 802.11ac Ready

Features:• Stacking• Stackpower• Flexible Netflow• Granular QoS• Trustsec*/Identity• AVC/Medianet*• Smart Operations*• EnergyWise*

Features:

20+ Years of IOS Richness – Now on Wire less

WIRELESS WIRED

Note: All features may not be available on new platforms at introduction but are expected to be added within 12-18 months


C o m p l e t e V i s i b i l i t y i n t o W i r e d + W i r e l e s s T r a f f i c a t t h e A c c e s s

• FNF for the first time on Wireless • Consistent Configuration for Wired+Wireless

– Single flow monitor can be applied to wired ports and SSID

• Natively available in the UADP ASIC– No additional hardware required

• Can monitor East-West (peer-to-peer) and North-South flows– 48k flows on the 48 port model.

• 0$ Collector SKUs available at FCS– Actively working with PAM and 3rd party collector

vendors for supporting key and non-key fields

Understand Bandwidth consumption by various devices and applications

Detect Anomaly in Traffic flows


Per AP

Per Radio

Per SSID

Per Client

*Software roadmap – within 18 months after FCS

2.4 Ghz 5 GHz

SSID1

SSID2

SSID1

SSID2

MQC based CLI• Alignment with 4500E series • Class-based Queuing, Policing, Shaping, Marking

New QOS features• Hierarchical Bandwidth Management (HBM) –

Per AP-Radio-SSID-Client upstream and downstream• Approximate Fair Drop (AFD) –

Fair sharing of bandwidth• Per-user-per-application-level policing and

marking in SW roadmap

QOS by the numbers• Queues/port for Wired traffic :

8 (Up to 2P6Q3T queuing capabilities)• Queues/port for Wireless traffic : 4• Buffers - 12 MB/48 port model• 2000 Aggregate & 48k Microflow Policers


S e s s i o n A w a r e N e t w o r k i n g

• Single Point of Policy Enforcement for Wired and Wireless:• Session based access – simplifies on-boarding and policy application• Wired – Port based 802.1x authentication, Web auth, MAB. Flex-authsupport available for wired.

• Wireless – 802.1x, MAB, Web Auth• Wireless Intrusion Prevention System (WiPS) forprotection against wireless attacks

• Supports integration with MSE

• Control Plane Protection (Static configuration at FCS)• Roadmap for other Trustsec features – Device Sensor, MACSec,SGA (12 – 18 months after FCS)


Known Deployment Model

The Wireless LAN Controller

• Wireless is an Overlay Network• Software components within the WLC

today:

• Mobility Agent (MA) is responsible for:– AP CAPWAP termination– Maintaining client database– Policy enforcement

• Mobility Controller (MC) is responsible for:– Client Mobility – Radio Resource Management (RRM) – WiPS, Spectrum Management

Access PointsAccess Points

55085508 55085508

Inter--Controller EoIP/CAPWAP tunnelAP-Contoller CAPWAP tunnel

ISEISE PrimePrime

MCMC MAMA


ISEISE PrimePrime


Separation of MA and MC

• Traditional Controllers continue to play MA and MC

• Catalyst 3850 can play the role of both MA and MC• Valid for Branch and small-medium campus type

deployments

• Moving the MA only to the Catalyst 3850 (typically in large campus) helps with:• Improved Scalability – larger mobility domains • Increased wireless bandwidth• Uniform wired/wireless policy enforcement

AP Capwap Tunnels Mobility Tunnels

Catalyst 3750Catalyst 3750

5508 or WISM2 with SW Upgrade or new 5760

New Catalyst 3850

MCMC

MAMA

MCMC

MAMA


ISEISE PrimePrime


Wired Traffic

Catalyst 3850

Catalyst 3850

Unicast with Traditional Deployments • All wired-wireless ( and vice-versa) conversion

happens at the controller.• Leads to hair-pinning• Entire network traversed even for peer-to-peer traffic

(wired-wireless or wireless-wireless) on the same switch

Unicast Optimization with Converged Access• Wired-wireless conversion (and vice versa)

happens at the 3850 switch• Reduces the number of streams in the network and

avoids hair-pinning - Optimized

Achieved via Converged Access

Wired –wireless and vice-versa conversion happens at the access -Optimized

Wired –wireless and vice-versa conversion happens at the access -OptimizedJabber call

between laptop and Ipad

Jabber call between laptop and Ipad Wireless Traffic

Hair pinning of traffic at the controller -inefficient

Hair pinning of traffic at the controller -inefficient


ISEISE PrimePrime


Wired Multicast Traffic

Catalyst 3850

Catalyst 3850

Multicast with Traditional Deployments ( Multicast-Multicast mode)• Wired Multicast Replication happens at the switch• Wireless Multicast Replication happens at the

Controller

Multicast Optimization with Converged Access• Wired and Wireless Multicast Replication happens

at the 3850 switch• Reduces the number of streams for the same traffic

type in the network

Multicast ServerMulticast Server

Achieved via Converged

Replication happens at the 3850 switch for all clients

Replication happens at the 3850 switch for all clients

Multicast wired and wireless receivers

Multicast wired and wireless receivers Wireless Multicast Traffic

Multiple Replications at different points for wired and wireless

Multiple Replications at different points for wired and wireless


ResiliencyMaximum Uptime for Mission Critical Application

Smart OpsSimplify Operations for Reduced TCO

Cisco TrustSecContext-aware Wired/Wireless Security

Application Visibility and ControlIntelligent Distributed Application Services

Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases


Automatically Identify DevicesWith Device Sensors, Cisco Identity Service Engine

Centralize Policy DefinitionWith Cisco ISE – Define policy for access, authentication and more

Scale Personalized Policy EnforcementWith Security Group Tags, Secure Group Access Control Lists

Across the Entire Lifecycle

TrustSec



Identi fy Central ize Pol icy Enforce

Device Sensor* automatically identifies end points

ISECisco Identity Service Engine

Switch sends Device Sensor information to ISE ISE authenticates ends points and applies security policiesEnd Points assigned to appropriate VLANs automatically Ends Points assigned appropriate QoS automatically

Catalyst 3850

Across the Entire Lifecycle: Automatically Identify Devices

TrustSec



Another Building/ Campus/ Branch

Users moves to new locationCentralized security policies appliedNo new policy configuration on switch

Across the Entire Lifecycle: Centralize Policy Definition



Catalyst 3850

TrustSec



Student tries to access confidential grades databaseTraffic is tagged with user identity Switch blocks access to database due to tag mismatch with Secure Group Access Control List

SecurityGroup Tags

Across the Entire Lifecycle: Role Based Security Enforcements

Another Building/ Campus/ Branch



Catalyst 3850Confidential Data

TrustSec



Director - 4K, 3850

Access Switches

Increase Productivity, Lower TCOSmartOps

Sleep Sleep Sleep

Zero Touch Deployments and Maintenance

New Switch Connected• Software image

downloaded;• Wired + Wireless

Configuration automatically applied

• On-going Image Update and Configuration Back-up

Smart Install

New Device Attached• Port Configuration:

Applied• QoS Policy:

Enforced• Security Policy:

Enforced

Plug and Play for End Devices

Auto Smart Ports

Anomaly Detected• Packet Capture for Wired

and Wireless• Proactive diagnostics• Real time Alerts• Web-based reports• Routed to TAC team

Monitor & Troubleshoot

Smart Call HomeIPSLA, WireShark

• Ability to take custom actions based on syslogs/triggers

• Enhanced Flexibility and control

Control Your Network

EEM, XML Programmability

• EEE ready• Energywise – Time of

the day policy based on/off of access devices

• 0 $ SKUs for energy management

Reduced Energy Consumption

Energywise and EEE


© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 3

• Improved Stack Bandwidth:• 240 Gbps bi-direction• 480 Gbps with spatial reuse

• Stateful Switch Over (SSO):• Faster Convergence (vs 3750-X) • Active-Standby model• Improved Central synchronization onActive Switch for Wired+Wireless

• Tunnel SSO ensures AP, MA-MCconnectivity during failover

• No Backward Compatibility with3750 series

Resiliency



Delivering Unprecedented Power Availability and Flexibility

• Power Resiliency - Adaptable “pool of power” available to all stack members

• Provides “Zero-footprint” RPS i.e. power supply redundancy without an RPS

• Intelligent power shedding—turn off low priority PoE end devices in the event of a power supply failure

StackPower

Resiliency


Built on UADP• Unified Access Data Plane • Unique and powerful Cisco innovation

• Hardware performance withsoftware flexibility

• Optimized Performance• CAPWAP encapsulation/de-capsulation,

Flexible Netflow, QoS happens in ASIC forline rate performance

• Future Proofed and Programmable• Flexparser enables new software features

(like SDN) over the product lifetime

• UADP is used across multiple platforms –Catalyst 3850, Sup 8E, WLC5760


License Level Description PIDs

LAN Base

Stackable 24 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-24T-LStackable 24 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-24P-LStackable 48 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-48T-LStackable 48 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-48P-LStackable 48 10/100/1000 Ethernet POE+ports, with 1100W AC power supply 1 RU WS-C3850-48F-L

IP Base

Stackable 24 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-24T-SStackable 24 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-24P-SStackable 48 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-48T-SStackable 48 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-48P-SStackable 48 10/100/1000 Ethernet POE+ports, with 1100W AC power supply 1 RU WS-C3850-48F-S

IP Services

Stackable 24 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-24T-EStackable 24 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-24P-EStackable 48 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-48T-EStackable 48 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-48P-E

Stackable 48 10/100/1000 Ethernet POE+ports, with 1100W AC power supply 1 RU WS-C3850-48F-E

BundlesCisco Catalyst 3850 24-port PoE IP Base with 5 access point license WS-C3850-24PW-S

Cisco Catalyst 3850 48-port PoE IP Base with 5 access point license WS-C3850-48PW-S

Note: Stackpower cables are sold separately on the Lan Base models

C3850-NM-4x10G(on 48 port models only) C3850-NM-4x1G C3850-NM-2x10G

Sample Power Supplies as 3750-X with new PIDs

1+1 Redundant Power Supplies

Power Supply PID350W AC PWR-C1-350WAC715W AC PWR-C1-715WAC1100W AC PWR-C1-1100WAC440W DC PWR-C1-440WDC

Catalyst 2960-S

Catalyst 3750-X

Catalyst 3850

Catalyst4K

AccessPoints

Cisco Limited Lifetime Warranty(LLW) Yes -- -- Yes Yes

Cisco Enhanced Limited Lifetime Warranty (E-LLW) -- Yes Yes -- --

Software PolicyUnlimited free IOS updates in

the same license

Unlimited free IOS updates in the same license

Unlimited free IOS updates in

the same license

Unlimited free IOS updates in

the same license

SmartNet Available.

Available.Smartnet required

for IP Services

Available.Smartnet

required for IP Services

Available.Smartnet

required for EntServices??

Required for AP adder

license??

See notes for detailed explanation of each warranty type and software policy

Catalyst2960-S

Catalyst3750-X

Catalyst3850

Catalyst4K

Lan-lite Yes No No No

Lan Base Yes Yes Yes Yes

IP Base No Yes Yes Yes

IP Services/Ent Services No Yes Yes Yes (EntServices)

RTU based licensing No Yes Yes H1CY13

OR

Customer agrees to EULA

Step1

Customer purchases the license or wants to transfer licenses between switches

Step2

Using EXEC mode CLI customer enables the purchased License mode (IP Base OR IP Services) Same CLI for RMA scenario

H o w d o e s R T U w o r k ?

License Enabled on CLI

AP licenses enabled on the Mobility Controller (MC)• MC can be on the Catalyst 3850(s), WLC5760, 5500, or WiSM2• Same AP licenses as before on the 5500/WiSM2 acting as an MC• No separate monetization for MA functionality

(i.e. CAPWAP termination on the switch)

AP license transferability• Catalyst 3850 WLC 5760• Catalyst 3850 Catalyst 3850• WLC 5760 WLC 5760

Same flat pricing per AP license for theCatalyst 3850 and WLC 5760• Fixed price for WLC5760 zero AP count hardware

Controller resiliency• Catalyst 3850 as the MC – part of the Catalyst 3850

stack functionality, no additional cost• WLC 5760 – zero AP count hardware for redundant

controller

ISEISE PrimePrime


Catalyst 3750Catalyst 3750

5508 or WISM2 with SW Upgrade or new 5760

New Catalyst 3850

MC

MC

System Attributes Catalyst 2K Catalyst 3750-X Catalyst 3850 Catalyst 4500EPOE+ Partial Full Full YesUPOE No Yes Yes* (H2CY13) Yes

UplinksIntegrated

Uplinks (4x1G, 2x10G)

Modular(1x4G, 2x10G, 2x10GBaseT,

2x10G SM)Modular(1x4G, 2x10G, 4x10G) 4 x 10G

Power Supplies and Fans Fixed. Single Modular PS- twoModular fans - two

Modular PS – twoModular fans - three

Modular PSModular fan tray

Multi-core CPU No No Yes YesDRAM 256 MB 512 MB 4 GB 4 GB (2 GB default)

Flash Size 32 MB 64 MB 2 GB 2 GBOperating System IOS IOS IOS-XE IOS-XE

Converged Wired+Wireless Access

SupportNo No Yes Yes (Sup 8-E)

QOS Model MLS MLS MQC MQC

Buffers/48 port 2 MB 6 MB 12 MB

Queues per Port 4 4 8 8

“Industry’s first fully converged wired-wireless switch”

“Uncompromised user experience with

distributed intelligent services”

“Single platform powered by Cisco IOS Software and Cisco UADP ASIC”

“Future proofed –802.11ac, 40G

wireless, 480G stack”

Catalyst 3850 re-defines stackable access switching with converged wired-wireless

Benefits:• Converged Access with -Single

IOS Platform, Visibility, Control, Resiliency and Scale

• Distributed Intelligent Services – Secure Access/Trustsec, AVC and Smart Operations

• Foundation for Cisco Open Networking Environment (ONE) using Cisco’s UADP ASIC

Opportunity:• Migrate: Catalyst 3850 (higher

perf/scale, FNF, resiliency and converged access at a lower price than the EoS 3750G/E.

• Upsell: Catalyst 3850 enables BYOD, video and mobility @ 22% over Catalyst 2960-S

• Compete: Only Cisco can deliver the best wired-wireless Unified Access solution as the industry leader in both markets

Thank you.

Juergen Braun Consulting Systems Engineer...*Software roadmap – within 18 months after FCS 2.4 Ghz...

Documents

Transcript of Juergen Braun Consulting Systems Engineer...*Software roadmap – within 18 months after FCS 2.4 Ghz...