Unified Access Switching- CLLE

Local Edition

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public

Local Edition

Vaibhav Katkade, Product Manager

UAG Product Management

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3

World’s most comprehensive portfolio

Catalyst 3850

Catalyst 4500

Catalyst 2960-S


M odu l a r QoS

B u i l t - i n F l e x i b l e N e t F l ow

3 r d Pa r t y A pp l i c a t i o n Ena b l e d

Wi r e d / Wi r e l e s s I n t e gr a t i o n

SDN r e a dy

B a s e d on U A D P A S I C a nd I OS - X E


• Wi r e d / Wi r e l e s s C onv e r g e nc e

• R e s i l i e n t w i t h I n Se r v i c e So f t wa r e U pgr a de ( I SSU )

• U npr e c e de n t e d POE s c a l e w i t h 6 0 W o f P o E ( U PO E)

• Ea s e o f Mgmt w i t h V i r t ua l Swi t c h i ng Sys t e m

• Sys t e m s c a l e w i t h 4 8 G / s l o t 3 8 4 por t s

• Swi t c h i ng c a pa c i t y o f 9 2 8 Gbps


4 0 G S t a c k i n g

L o w P o w e r C o n s u m p t i o n

P o E + S u p p o r t

I P v 6 S e c u r i t y E n a b l e d

S m a r t O p e r a t i o n s


F a n l e s s & S i l e n t O p e r a t i o n

F l e x i b l e M o u n t i n g O p t i o n s

U P O E / P o E P o w e r e d O p t i o n s

P o E + M o d e l s

S m a r t O p e r a t i o n s

R u n s I O S S W


Deliver an Uncompromised User

Experience on Any Workspace

I T R e q u i r e m e n t

Megatrends

Mobility • Seamless roaming

• Optimal client performance

• Cloud access/VXI

Video • Multicast streaming

• Video conferencing

• Reliable performance

BYOD • Secure access

• Customized experience

• Guest access


Early 2000 2002 2004 2006 2008 2010 2012 2014 …

CL

IEN

TS

/ B

AN

DW

IDT

H

Media Rich Applications

Pervasive Mission Critical Nice to Have

10Gbps

11Mbps

802.11n

450 Mbps

802.11a, 802.11b

11 Mbps

802.11g

54 Mbps

802.11ac-1

1 Gbps

802.11ac-2

3.5 Gbps

Future


Wired

Wired and Wireless

• Business Policy

• Single Pane of Glass

• User/Device Centric

• Fewer Administration Points

• Reducing TCO


Uncompromised User Exper ience

U n i f i e d A c c e s s One Policy

One Management

One Network


Al l in One Enterpr ise Class network access contro l product .

C o m p r e h e n s i v e U s e r V i s i b i l i t y

IP


Cisco Prime Assurance Manager

Cisco Prime Lan

Management System

Cisco Prime Network Control System

Cisco Prime Infrastructure

Prime

© 2012 Cisco and/or its affiliates. All rights reserved. N. Cisco Confidential 15

Please share under NDA only

Wireless Control

System

Access Control

Server

LAN Mgmt

Solution

Identity

Mgmt

NAC

Profiler

Guest

Server

Cisco Wireless LAN Controller

Internal Resources

Cisco Firewall Cisco Access Point

Catalyst Switch

Corporate

Network Internet

One Management

Prime

One Policy

ISE

Converged Access Mode

• Integrated wireless controller

• Distributed wired/wireless data plane (CAPWAP termination on switch)

One Network

Catalyst 3850 Cat4500 Sup8E


Bui l t on C isco ’s Innovat ive “UADP” ASIC

The In te l l i gen t Swi tch fo r the Wor ld Connec ted

* Roadmap

Wireless CAPWAP Termination Up to 2000

Clients per Stack

40 Gbps Uplink Bandwidth

Line Rate on All Ports

FRU Fans, Power Supplies

Granular QoS/Flexible

NetFlow

Up to 50 APs/2000 clients per stack, and 40G per switch

480 Gbps Stacking Bandwidth

Stackpower

SGT/SGACL*

Full POE+


P e r f o r m a n c e & S c a l e

Works in all existing 4500-E chassis

Up to 50APs 2000 Clients

8 SFP+ 10G/1G Uplinks

LiSP Ready 928G total capacity

Wireless integration

Faster CPU

A p p V i s i b i l i t y

L o w e r T C O

S c a l e

• Investment Protection to UA Arch

• In Service Software Upgrade

• Life Cycle

• Flexible NetFlow Wireless

• NBARLite for Application Visibility

• IOS XE Open Application Platform

• 20G Wireless Termination

• 100% more Uplink Bandwidth

• Programmable Uplink FPGA (LISP)


Scale with distributed wired

and wireless data plane

480G stack bandwidth; 40G wireless/switch;

efficient multicast

Maximum resiliency with

fast stateful recovery

Layered network high availability design with

stateful switchover

Single platform for wired and wireless

Common IOS, same administration point,

one release

Uni f ied Access - One Po l icy | One Management | One Network

Network wide visibility for

faster troubleshooting

Wired and wireless

traffic visible at every hop

Consistent security and

quality of service control

Hierarchical bandwidth

management and distributed policy

enforcement



B e n e f i t s

• Built on Unified Access Data Plane (UADP) ASIC – Cisco’s Innovative Flexparser ASIC technology

• Eliminates operational complexity

• Single Operating System for wired and wireless

• 802.11n

• CleanAir

• VideoStream

• Radio Resource Management (RRM)

• Wireless Intrusion Prevention System (WiPS)

• 802.11ac Ready

Features:

• Stacking

• Stackpower

• Trustsec*/Identity

• AVC/Medianet*

• Flexible Netflow

• Granular QoS

• Smart Operations

• EnergyWise*

Features:

20+ Years of IOS Richness – Now on Wire less

WIRELESS WIRED

Note: All features may not be available on

new platforms at introduction. Features

marked with * are expected to be added

within 12-18 months



Converged Access Deployment

AP AP

Device Identification - Device Profiling*

Employee iPhone

connected

• App level visibility – Flexible Netflow, Wireshark*

• Media Troubleshooting – Medianet*

Employee joins webex call on

iPhone

Benefits

• Track applications at every hop - CAPWAP Tunnel terminated at the access switch

• Root cause issues quickly

AP CAPWAP Tunnel * - Software Roadmap - within 12-18 months after FCS



Per AP

Per Radio

Per SSID

Per Client

Per Application*

Hierarchical Bandwidth Management S e c u r i t y

• Identity

• Device Profiling*

• SGT/SGACL*

• Control Plane Policing

• MACSec Ready*

• Port Security

• DHCP Snooping and IP Source Guard

• Wireless Intrusion Prevention System (WiPS)

Support for Mission Critical Apps

*Based on L3/4, L4-7 within 9 months after FCS

2.4GHz 5GHz

SSID

1

SSID

2

SSID

1

SSID

2

Jabber

* Software Roadmap – within 9-18 months after FCS

U n p r e c e d e n t e d


Traditional Deployments Guest SSID can hog the bandwidth

per SSID Bandwidth

Guest Enterprise

BW allocation

AP

Guest

Enterprise

Single user can hog bandwidth

Enterprise

BW allocation

AP

Heavy Hitter

Fair Sharing

Heavy Hitter

(BW hog)

Usage based fair bandwidth allocation

Enterprise

Fair BW allocation

Heavy Hitter

Heavy Hitter

(BW hog)

Converged Access Deterministic SSID bandwidth

Enterprise

BW allocation

Guest

Enterprise

Guest

10% min BW 90% min BW



Tbps Gbps

Small Campus or Branch (192 users)

Total Wireless Bandwidth (Gbps)

Number of Switches: 4

Cat 3850

23 Employee Guest

Total Wireless Bandwidth (Tbps)

Campus (3840 users)

Number of Switches: 80

Future Proof ing your Network for 802.11ac and beyond

40G on Every Switch 40G on Every Switch


Catalyst 3750

5508 or WISM2 with SW Upgrade or new 5760

New Catalyst 3850

LARGE CAMPUS

EXTERNAL MOBILITY COORDINATOR NEEDED

UP TO 72,000 ACCESS POINTS UP TO 864,000 CLIENTS LARGEST LAYER 3 ROAMING DOMAINS

Access Points

ISE Prime

Access Points

New Catalyst 3850

New Catalyst 3850

DMZ

UA 3850

24 Employee Guest

INTEGRATED CONTROLLER OPTIONS

BRANCH SMALL/MEDIUM CAMPUS

UP TO 50 ACCESS POINTS UP TO 2,000 CLIENTS ALL WAN SERVICES AVAILABLE

UP TO 250 ACCESS POINTS UP TO 16,000 CLIENTS VISIBILITY, CONTROL, RESILIENCY

WAN

AP CAPWAP Tunnels

Mobility

Coordinator

Mobility

Coordinator

Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller

INTEGRATED

CONTROLLER

INTEGRATED

CONTROLLER

Mobility Agent

INTEGRATED

CONTROLLER

ISE Prime

ISE Prime

G i g a b i t E t h e r n e t

C a t a l y s t 2 9 6 0 - S

10G/1G SFP Uplinks

FlexStack

Full PoE, PoE+

E-LLW

C i s c o Q u a l i t y a t C o m p e t i t i v e P r i c e

EASE-OF-USE 300M+

PORTS

8M+

UNITS

ENERGY

EFFICIENCY LOWER

TCO

C a t a l y s t 2 9 6 0

1G Uplinks

PoE

LLW

F a s t E t h e r n e t

Advanced Layer 2

STACKABLE

F a s t E t h e r n e t

C a t a l y s t 2 9 6 0 - S F

1G SFP Uplinks

FlexStack

Full PoE, PoE+

E-LLW

Basic Layer 2

Non STACKABLE

2960 2960-SF 2960-S

Launch FCS 2005 FCS 2012 FCS 2010

Downlinks 10/100 Mbps 10/100 Mbps 10/100/1000 Mbps

Uplinks 1000BASE-T

1G SFP 1G SFP

1G SFP

10G SFP+

Stacking No FlexStack (20Gbps)

PoE POE (15.4W)

124 or 370W

PoE / PoE+ (30W) 370W or 740W

IPv6 Limited IPv6 host capable

IPv6 first-hop security

PoE+, Stacking, IPv6 Gigabit Ethernet

Trusted Wi-Fi

• Authenticate user

• Fingerprint device

• Apply corporate config

• Enterprise apps

Pol icy Based On:

• Device type

• User

• Location

• Application

• Topology Independent Segmentation

• Layer 3 Segmentation

Segmentation Contextual Onboarding

Personal Devices

Trader Voice

Corporate Desktop

Guest Laptops

Video Surveillance

Corporate VDI

Corporate Voice

Handheld

Trusted Wi-Fi Trusted Wi-Fi

Telepresence Units

Authentication Features

Cisco Catalyst Switch

Network

Device

IP Phones Authorized Users

Guests Tablets

802.1X MAB WebAuth

Identity Differentiators

Monitor Mode

• Unobstructed access

• No impact on productivity

• Gain visibility

Flexible Authentication Sequence

• Enables single configuration for most use cases

• Flexible fallback mechanism and policies

Rich and Robust 802.1X

IP Telephony Support for Virtual Desktop Environments

• Single host mode

• Multihost mode

• Multiauth mode

• Multidomain authentication

Critical Data/Voice Authentication

• Business continuity in case of failure


• Built-in packet sniffer for remote troubleshooting

• Real-time capture and decode on Sup7-E

• Capture and Display Data and Control Packets

• Storage options SD card or USB.

• Various display options

• Lightweight Text version “T-Shark”

S I M P L I F I E D T R O U B L E S H O O T I N G

Switch# show monitor capture file bootflash:nflow.pcap detailed

Frame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040

bits)

Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal

<..SNIP..>

Frame Number: 2

Frame Length: 880 bytes (7040 bits)

Capture Length: 880 bytes (7040 bits)

<..SNIP..>

[Protocols in frame: eth:ip:udp:data]

Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst:

e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)

Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)

Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)

Features Components

Wireshark

Hosted Apps IOSd

Common Infrastructure / HA

Management Interface

Module Drivers

Kernel


Non-Cisco Catalyst 4500E/3850

$50

$12

76%

Per Port Cost of Collector Application Solution with Leading NetFlow

Collectors


Director

Access Switches

Increase Productivity, Lower TCO

Sleep Sleep Sleep

Zero Touch Deployments and Maintenance

New Switch Connected

• Software image downloaded;

• Wired + Wireless Configuration automatically applied

• On-going Image Update and Configuration Back-up

Smart Install

New Device Attached

• Port Configuration: Applied

• QoS Policy: Enforced

• Security Policy: Enforced

Plug and Play for End Devices

Auto Smart Ports

Anomaly Detected

• Packet Capture for Wired and Wireless

• Proactive diagnostics

• Real time Alerts

• Web-based reports

• Routed to TAC team

Monitor & Troubleshoot

Smart Call Home IPSLA, WireShark

• Ability to take custom actions based on syslogs/triggers

• Enhanced Flexibility and control

Control Your Network

EEM, XML Programmability

• EEE ready

• Energywise – Time of the day policy based on/off of access devices

• 0 $ SKUs for energy management

Reduced Energy Consumption

Energywise and EEE

Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases


*Where next business day delivery is available, Cisco will use commercially reasonable efforts to ship a replacement for next business day delivery provided Cisco’s determination of the hardware failure has been made before 3 p.m. depot time. If a request is made after 3 p.m. depot time, Cisco will ship the advance replacement on next business day. Actual delivery times may vary depending on Customer location.

** Retroactive to all 2K, 3K and 4K swiches regardless of when the switch was purchased and up to 5 years after EOS ***LAN Base and IP Base IOS receive unlimited updates, bug fixes and maintenance support to original customer – 1 year after End of Sale (EOS) for critical bugs and 3 years after EOS for security bugs. IP services

and Enterprise IOS requires a service contract for unlimited updates

Service Element Enhanced Limited

Lifetime Warranty

Duration of Coverage

Business hours

access for 90-days only

Cisco Technical Assistance

Center (TAC) Support

Unregistered access only Online Support/ Web Access

Catalyst 3850, 3K-X, 2K-S, 2K-SF,

3560C, 2960C Products

Lifetime for switches- As long as the

original customer owns the product

Award

Winning

Limited Lifetime Warranty

Lifetime for switches- As long as the

original customer owns the product

No

Unregistered access only

Catalyst 4K, 3K FE, 2K FE, 3K-E

NEW! - Lifetime for fans & power

supplies for new and existing switches

NEW! - Lifetime for fans and power

supplies for new and existing switches

Next business day* Advance Hardware

Replacement 10 Business Days

Retroactive**

Software Updates*** are FREE for every 2K, 3K and 4K

Summary

Traditional

Workspace

U n i f i e d W o r k s p a c e

• Scale & Performance

• Security

• Lower TCO

Catalyst 2960-S

Voice Data

Mobility BYOD Video

Catalyst 4500E

* - Shipping on Catalyst 3850, Roadmap on Catalyst 4500E

Catalyst 3850

Catalyst 3k Series

S c a l e & P e r f o r m a n c e

T r u s t S e c

A p p l i c a t i o n V i s i b i l i t y

E n e r g y M a n a g e m e n t a n d G r e e n

L o w e r T C O

Catalyst 3750-X

C O N V E R G E D A C C E S S *

Dis t r ibu ted In te l l igen t Access Serv ices

Unified Access Switching- CLLE

Technology

Transcript of Unified Access Switching- CLLE