Juergen Braun Consulting Systems Engineer...*Software roadmap – within 18 months after FCS 2.4 Ghz...
Transcript of Juergen Braun Consulting Systems Engineer...*Software roadmap – within 18 months after FCS 2.4 Ghz...
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Juergen Braun
Consulting Systems Engineer
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
• Industry Trends and Unified Access
• Catalyst 3850 Advantages– Converged Access– Distributed Services
• Product Info• Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Deliver an Uncompromised User Experience
on Any Workspace
I T R e q u i r e m e n tMegatrends
Mobility• Seamless roaming• Optimal client performance• Cloud access/VXI
Video• Multicast streaming• Video conferencing• Reliable performance
BYOD• Secure access• Customized experience• Guest access
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Early 2000 2002 2004 2006 2008 2010 2012 2014 …
CL
IEN
TS
/ B
AN
DW
IDT
H
Media Rich ApplicationsPervasive Mission CriticalNice to Have
10Gbps
11Mbps
802.11n450 Mbps
802.11a, 802.11b11 Mbps
802.11g54 Mbps
802.11ac-11 Gbps
802.11ac-23.5 Gbps
Future
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Is Your Network Ready?
Can I offer secure, mission critical wired/wireless access services?2
Am I investing in an architecture future-proofed for scale?3
1 How do I manage complexity to reduce costs?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Uncompromised User Experience on Any Workspace
U n i f i e d A c c e s sOne Policy
One ManagementOne Network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Wireless ControlSystem
Access ControlServer
LAN MgmtSolution
Identity Mgmt
NACProfiler
GuestServer
Cisco WirelessLAN Controller
InternalResources
Cisco FirewallCisco Access Point
Catalyst Switch
Corporate Network Internet
One ManagementPrime
One PolicyISE
Converged Access Mode• Integrated wireless controller• Distributed wired/wireless
data plane (CAPWAP termination on switch)
One Network
Catalyst 3850
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Bu i l t on C isco ’s Innova t i ve “UADP” ASICThe In te l l i gen t Sw i tch fo r the Wor ld Connec ted
* Roadmap
Wireless CAPWAP TerminationUp to 2000
Clients per Stack
40 Gbps Uplink Bandwidth
Line Rate on All Ports
FRU Fans, Power Supplies
Granular QoS/Flexible NetFlow
Up to 50 APs/2000 clients per stack, and 40G per switch
480 Gbps StackingBandwidth
Stackpower
SGT/SGACL*
Full POE+
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
TraditionalWorkspace
U n i f i e d W o r k s p a c e
• Scale & Performance
• Security
• Lower TCO
Catalyst 2960-S
VoiceData
MobilityBYOD Video
Catalyst 4500E
* - Shipping on Catalyst 3850, Roadmap on Catalyst 4500E
Catalyst 3850
Catalyst 3kSeries
S c a l e & P e r f o r m a n c e
T r u s t S e c
A p p l i c a t i o n V i s i b i l i t y
E n e r g y M a n a g e m e n t a n d G r e e n
L o w e r T C O
Catalyst 3750-X
C O N V E R G E D A C C E S S *
D is t r ibu ted In te l l igen t Access Serv ices
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 10
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Scale with distributed wired
and wirelessdata plane
480G stack bandwidth; 40G wireless/switch;
efficient multicast
Maximumresiliency with
fast statefulrecovery
Layered network high availability design with
stateful switchover
Singleplatform for wired and wireless
Common IOS, same administration point,
one release
Un i f ied Access - One Po l i cy | One Management | One Network
Network wide visibility for
fastertroubleshooting
Wired and wirelesstraffic visible at
every hop
Consistent security and
quality of service controlHierarchical bandwidth
management and distributed policy
enforcement
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
B e n e f i t s• Built on UADP ASIC – Cisco’s Innovative
Flexparser ASIC technology• Eliminates operational complexity• Single Operating System for
wired and wireless
• 802.11n• CleanAir• VideoStream• Radio Resource Management (RRM)
• Wireless Intrusion Prevention System (WiPS)
• 802.11ac Ready
Features:• Stacking• Stackpower• Flexible Netflow• Granular QoS• Trustsec*/Identity• AVC/Medianet*• Smart Operations*• EnergyWise*
Features:
20+ Years of IOS Richness – Now on Wire less
WIRELESS WIRED
Note: All features may not be available on new platforms at introduction but are expected to be added within 12-18 months
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
C o m p l e t e V i s i b i l i t y i n t o W i r e d + W i r e l e s s T r a f f i c a t t h e A c c e s s
• FNF for the first time on Wireless • Consistent Configuration for Wired+Wireless
– Single flow monitor can be applied to wired ports and SSID
• Natively available in the UADP ASIC– No additional hardware required
• Can monitor East-West (peer-to-peer) and North-South flows– 48k flows on the 48 port model.
• 0$ Collector SKUs available at FCS– Actively working with PAM and 3rd party collector
vendors for supporting key and non-key fields
Understand Bandwidth consumption by various devices and applications
Detect Anomaly in Traffic flows
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Per AP
Per Radio
Per SSID
Per Client
*Software roadmap – within 18 months after FCS
2.4 Ghz 5 GHz
SSID1
SSID2
SSID1
SSID2
MQC based CLI• Alignment with 4500E series • Class-based Queuing, Policing, Shaping, Marking
New QOS features• Hierarchical Bandwidth Management (HBM) –
Per AP-Radio-SSID-Client upstream and downstream• Approximate Fair Drop (AFD) –
Fair sharing of bandwidth• Per-user-per-application-level policing and
marking in SW roadmap
QOS by the numbers• Queues/port for Wired traffic :
8 (Up to 2P6Q3T queuing capabilities)• Queues/port for Wireless traffic : 4• Buffers - 12 MB/48 port model• 2000 Aggregate & 48k Microflow Policers
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
S e s s i o n A w a r e N e t w o r k i n g
• Single Point of Policy Enforcement for Wired and Wireless:• Session based access – simplifies on-boarding and policy application• Wired – Port based 802.1x authentication, Web auth, MAB. Flex-authsupport available for wired.
• Wireless – 802.1x, MAB, Web Auth• Wireless Intrusion Prevention System (WiPS) forprotection against wireless attacks
• Supports integration with MSE
• Control Plane Protection (Static configuration at FCS)• Roadmap for other Trustsec features – Device Sensor, MACSec,SGA (12 – 18 months after FCS)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Known Deployment Model
The Wireless LAN Controller
• Wireless is an Overlay Network• Software components within the WLC
today:
• Mobility Agent (MA) is responsible for:– AP CAPWAP termination– Maintaining client database– Policy enforcement
• Mobility Controller (MC) is responsible for:– Client Mobility – Radio Resource Management (RRM) – WiPS, Spectrum Management
Access PointsAccess Points
55085508 55085508
Inter--Controller EoIP/CAPWAP tunnelAP-Contoller CAPWAP tunnel
ISEISE PrimePrime
MCMC MAMA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
ISEISE PrimePrime
Access PointsAccess Points
Separation of MA and MC
• Traditional Controllers continue to play MA and MC
• Catalyst 3850 can play the role of both MA and MC• Valid for Branch and small-medium campus type
deployments
• Moving the MA only to the Catalyst 3850 (typically in large campus) helps with:• Improved Scalability – larger mobility domains • Increased wireless bandwidth• Uniform wired/wireless policy enforcement
AP Capwap Tunnels Mobility Tunnels
Catalyst 3750Catalyst 3750
5508 or WISM2 with SW Upgrade or new 5760
New Catalyst 3850
MCMC
MAMA
MCMC
MAMA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
ISEISE PrimePrime
Access PointsAccess Points
Wired Traffic
Catalyst 3850
Catalyst 3850
Unicast with Traditional Deployments • All wired-wireless ( and vice-versa) conversion
happens at the controller.• Leads to hair-pinning• Entire network traversed even for peer-to-peer traffic
(wired-wireless or wireless-wireless) on the same switch
Unicast Optimization with Converged Access• Wired-wireless conversion (and vice versa)
happens at the 3850 switch• Reduces the number of streams in the network and
avoids hair-pinning - Optimized
Achieved via Converged Access
Wired –wireless and vice-versa conversion happens at the access -Optimized
Wired –wireless and vice-versa conversion happens at the access -OptimizedJabber call
between laptop and Ipad
Jabber call between laptop and Ipad Wireless Traffic
Hair pinning of traffic at the controller -inefficient
Hair pinning of traffic at the controller -inefficient
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
ISEISE PrimePrime
Access PointsAccess Points
Wired Multicast Traffic
Catalyst 3850
Catalyst 3850
Multicast with Traditional Deployments ( Multicast-Multicast mode)• Wired Multicast Replication happens at the switch• Wireless Multicast Replication happens at the
Controller
Multicast Optimization with Converged Access• Wired and Wireless Multicast Replication happens
at the 3850 switch• Reduces the number of streams for the same traffic
type in the network
Multicast ServerMulticast Server
Achieved via Converged
Replication happens at the 3850 switch for all clients
Replication happens at the 3850 switch for all clients
Multicast wired and wireless receivers
Multicast wired and wireless receivers Wireless Multicast Traffic
Multiple Replications at different points for wired and wireless
Multiple Replications at different points for wired and wireless
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 22
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
ResiliencyMaximum Uptime for Mission Critical Application
Smart OpsSimplify Operations for Reduced TCO
Cisco TrustSecContext-aware Wired/Wireless Security
Application Visibility and ControlIntelligent Distributed Application Services
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Automatically Identify DevicesWith Device Sensors, Cisco Identity Service Engine
Centralize Policy DefinitionWith Cisco ISE – Define policy for access, authentication and more
Scale Personalized Policy EnforcementWith Security Group Tags, Secure Group Access Control Lists
Across the Entire Lifecycle
TrustSec
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Identi fy Central ize Pol icy Enforce
Device Sensor* automatically identifies end points
ISECisco Identity Service Engine
Switch sends Device Sensor information to ISE ISE authenticates ends points and applies security policiesEnd Points assigned to appropriate VLANs automatically Ends Points assigned appropriate QoS automatically
Catalyst 3850
Across the Entire Lifecycle: Automatically Identify Devices
TrustSec
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Another Building/ Campus/ Branch
Users moves to new locationCentralized security policies appliedNo new policy configuration on switch
Across the Entire Lifecycle: Centralize Policy Definition
Identi fy Central ize Pol icy Enforce
ISECisco Identity Service Engine
Catalyst 3850
TrustSec
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Student tries to access confidential grades databaseTraffic is tagged with user identity Switch blocks access to database due to tag mismatch with Secure Group Access Control List
SecurityGroup Tags
Across the Entire Lifecycle: Role Based Security Enforcements
Another Building/ Campus/ Branch
Identi fy Central ize Pol icy Enforce
ISECisco Identity Service Engine
Catalyst 3850Confidential Data
TrustSec
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Director - 4K, 3850
Access Switches
Increase Productivity, Lower TCOSmartOps
Sleep Sleep Sleep
Zero Touch Deployments and Maintenance
New Switch Connected• Software image
downloaded;• Wired + Wireless
Configuration automatically applied
• On-going Image Update and Configuration Back-up
Smart Install
New Device Attached• Port Configuration:
Applied• QoS Policy:
Enforced• Security Policy:
Enforced
Plug and Play for End Devices
Auto Smart Ports
Anomaly Detected• Packet Capture for Wired
and Wireless• Proactive diagnostics• Real time Alerts• Web-based reports• Routed to TAC team
Monitor & Troubleshoot
Smart Call HomeIPSLA, WireShark
• Ability to take custom actions based on syslogs/triggers
• Enhanced Flexibility and control
Control Your Network
EEM, XML Programmability
• EEE ready• Energywise – Time of
the day policy based on/off of access devices
• 0 $ SKUs for energy management
Reduced Energy Consumption
Energywise and EEE
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 3
• Improved Stack Bandwidth:• 240 Gbps bi-direction• 480 Gbps with spatial reuse
• Stateful Switch Over (SSO):• Faster Convergence (vs 3750-X) • Active-Standby model• Improved Central synchronization onActive Switch for Wired+Wireless
• Tunnel SSO ensures AP, MA-MCconnectivity during failover
• No Backward Compatibility with3750 series
Resiliency
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Delivering Unprecedented Power Availability and Flexibility
• Power Resiliency - Adaptable “pool of power” available to all stack members
• Provides “Zero-footprint” RPS i.e. power supply redundancy without an RPS
• Intelligent power shedding—turn off low priority PoE end devices in the event of a power supply failure
StackPower
Resiliency
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Built on UADP• Unified Access Data Plane • Unique and powerful Cisco innovation
• Hardware performance withsoftware flexibility
• Optimized Performance• CAPWAP encapsulation/de-capsulation,
Flexible Netflow, QoS happens in ASIC forline rate performance
• Future Proofed and Programmable• Flexparser enables new software features
(like SDN) over the product lifetime
• UADP is used across multiple platforms –Catalyst 3850, Sup 8E, WLC5760
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 35
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
License Level Description PIDs
LAN Base
Stackable 24 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-24T-LStackable 24 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-24P-LStackable 48 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-48T-LStackable 48 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-48P-LStackable 48 10/100/1000 Ethernet POE+ports, with 1100W AC power supply 1 RU WS-C3850-48F-L
IP Base
Stackable 24 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-24T-SStackable 24 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-24P-SStackable 48 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-48T-SStackable 48 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-48P-SStackable 48 10/100/1000 Ethernet POE+ports, with 1100W AC power supply 1 RU WS-C3850-48F-S
IP Services
Stackable 24 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-24T-EStackable 24 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-24P-EStackable 48 10/100/1000 Ethernet ports, with 350W AC power supply 1 RU WS-C3850-48T-EStackable 48 10/100/1000 Ethernet POE+ ports, with 715W AC power supply 1 RU WS-C3850-48P-E
Stackable 48 10/100/1000 Ethernet POE+ports, with 1100W AC power supply 1 RU WS-C3850-48F-E
BundlesCisco Catalyst 3850 24-port PoE IP Base with 5 access point license WS-C3850-24PW-S
Cisco Catalyst 3850 48-port PoE IP Base with 5 access point license WS-C3850-48PW-S
Note: Stackpower cables are sold separately on the Lan Base models
C3850-NM-4x10G(on 48 port models only) C3850-NM-4x1G C3850-NM-2x10G
Sample Power Supplies as 3750-X with new PIDs
1+1 Redundant Power Supplies
Power Supply PID350W AC PWR-C1-350WAC715W AC PWR-C1-715WAC1100W AC PWR-C1-1100WAC440W DC PWR-C1-440WDC
Catalyst 2960-S
Catalyst 3750-X
Catalyst 3850
Catalyst4K
AccessPoints
Cisco Limited Lifetime Warranty(LLW) Yes -- -- Yes Yes
Cisco Enhanced Limited Lifetime Warranty (E-LLW) -- Yes Yes -- --
Software PolicyUnlimited free IOS updates in
the same license
Unlimited free IOS updates in the same license
Unlimited free IOS updates in
the same license
Unlimited free IOS updates in
the same license
SmartNet Available.
Available.Smartnet required
for IP Services
Available.Smartnet
required for IP Services
Available.Smartnet
required for EntServices??
Required for AP adder
license??
See notes for detailed explanation of each warranty type and software policy
Catalyst2960-S
Catalyst3750-X
Catalyst3850
Catalyst4K
Lan-lite Yes No No No
Lan Base Yes Yes Yes Yes
IP Base No Yes Yes Yes
IP Services/Ent Services No Yes Yes Yes (EntServices)
RTU based licensing No Yes Yes H1CY13
OR
Customer agrees to EULA
Step1
Customer purchases the license or wants to transfer licenses between switches
Step2
Using EXEC mode CLI customer enables the purchased License mode (IP Base OR IP Services) Same CLI for RMA scenario
H o w d o e s R T U w o r k ?
License Enabled on CLI
AP licenses enabled on the Mobility Controller (MC)• MC can be on the Catalyst 3850(s), WLC5760, 5500, or WiSM2• Same AP licenses as before on the 5500/WiSM2 acting as an MC• No separate monetization for MA functionality
(i.e. CAPWAP termination on the switch)
AP license transferability• Catalyst 3850 WLC 5760• Catalyst 3850 Catalyst 3850• WLC 5760 WLC 5760
Same flat pricing per AP license for theCatalyst 3850 and WLC 5760• Fixed price for WLC5760 zero AP count hardware
Controller resiliency• Catalyst 3850 as the MC – part of the Catalyst 3850
stack functionality, no additional cost• WLC 5760 – zero AP count hardware for redundant
controller
ISEISE PrimePrime
Access PointsAccess Points
Catalyst 3750Catalyst 3750
5508 or WISM2 with SW Upgrade or new 5760
New Catalyst 3850
MC
MC
System Attributes Catalyst 2K Catalyst 3750-X Catalyst 3850 Catalyst 4500EPOE+ Partial Full Full YesUPOE No Yes Yes* (H2CY13) Yes
UplinksIntegrated
Uplinks (4x1G, 2x10G)
Modular(1x4G, 2x10G, 2x10GBaseT,
2x10G SM)Modular(1x4G, 2x10G, 4x10G) 4 x 10G
Power Supplies and Fans Fixed. Single Modular PS- twoModular fans - two
Modular PS – twoModular fans - three
Modular PSModular fan tray
Multi-core CPU No No Yes YesDRAM 256 MB 512 MB 4 GB 4 GB (2 GB default)
Flash Size 32 MB 64 MB 2 GB 2 GBOperating System IOS IOS IOS-XE IOS-XE
Converged Wired+Wireless Access
SupportNo No Yes Yes (Sup 8-E)
QOS Model MLS MLS MQC MQC
Buffers/48 port 2 MB 6 MB 12 MB
Queues per Port 4 4 8 8
“Industry’s first fully converged wired-wireless switch”
“Uncompromised user experience with
distributed intelligent services”
“Single platform powered by Cisco IOS Software and Cisco UADP ASIC”
“Future proofed –802.11ac, 40G
wireless, 480G stack”
Catalyst 3850 re-defines stackable access switching with converged wired-wireless
Benefits:• Converged Access with -Single
IOS Platform, Visibility, Control, Resiliency and Scale
• Distributed Intelligent Services – Secure Access/Trustsec, AVC and Smart Operations
• Foundation for Cisco Open Networking Environment (ONE) using Cisco’s UADP ASIC
Opportunity:• Migrate: Catalyst 3850 (higher
perf/scale, FNF, resiliency and converged access at a lower price than the EoS 3750G/E.
• Upsell: Catalyst 3850 enables BYOD, video and mobility @ 22% over Catalyst 2960-S
• Compete: Only Cisco can deliver the best wired-wireless Unified Access solution as the industry leader in both markets
Thank you.