logging in or signing up prova mdedominicis Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 403 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: May 11, 2009 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Catalyst 3750-E Catalyst 3560-E Catalyst 2960 Overview : Catalyst 3750-E Catalyst 3560-E Catalyst 2960 Overview Most Complete Line of Fixed Configuration LAN Products : Full Layer 3 Routing Layer 2 Intelligent Services GUI-Managed Most Complete Line of Fixed Configuration LAN Products Function, Flexibility, Scalability Price-Performance Cisco Catalyst 3560-E and Catalyst 3560 10/100 and GE configurations + 2 10GE Enterprise-class intelligent Layer 3/4 services Modular power supply with 3560-E PoE configurations with up to 15.4W on all 48 ports Cisco Catalyst 2960 10/100 and 10/100/1000 Layer 2 switching 8, 24, and 48 port configurations with dual-purpose Gig uplinks PoE configurations with up to 15.4W up to 24 ports Entry level LAN Lite IOS and enhanced LAN Base IOS for intelligent services Cisco Catalyst 3750-E and Catalyst 3750 Stackable 10/100 and GE configurations + 2 10GE Cisco StackWise™ Plus and StackWise technology Enterprise-class intelligent Layer 3/4 services Modular power supply with 3750-E PoE configurations with up to 15.4W on all 48 ports Cisco Catalyst 4948 10/100/1000 + 2 10GE wire speed switching Rack-optimized server switching Jumbo frame support Dual, hot swappable, internal power supplies Hot swappable fan tray Cisco Catalyst Express 500 Low-density, standalone, managed 10/100 switching Tailored for businesses with up to 250 users Introducing The Catalyst 3750-E : Introducing The Catalyst 3750-E The next generation complement to the Catalyst 3750 24 or 48 GE ports with 2x10 GE uplinks Wire-speed performance Transition to 10GE with the TwinGig adapter, a 10GE module that accepts two GE SFPs StackWise Plus Supports original StackWise features Double the speed of original StackWise Backwards compatible with the Catalyst 3750 Power Modular power supply and fan blower Different power supply sizes 48 ports of full IEEE POE in a single rack unit New and improved redundant power supply Cisco Catalyst 2960 Series Switches : Cisco Catalyst 2960 Series Switches Fast Ethernet and Gigabit Ethernet in 8, 24, and 48 port configurations for entry-level enterprise and mid-market customers PoE configurations with up to 15.4W up to 24 ports Offers enhanced Layer 2+ intelligent LAN services: Availability Enhanced security Advanced quality of service (QoS) Simplified management and troubleshooting for lower total cost of ownership Cisco Network Assistant and Cisco Smartports Limited lifetime hardware warranty and software updates at no additional charge Fast Ethernet in 24 and 48 port configurations for small branch offices and wiring closets Offers standard Layer 2 services with entry-level availability, security, and QoS Scalable and secure network management Simplified management and troubleshooting for lower total cost of ownership Cisco Network Assistant and Cisco Smartports Limited lifetime hardware warranty and software updates at no additional charge Catalyst 2960 LAN Base Series Catalyst 2960 LAN Lite Series Uses Cisco ASICs for superior quality and hardware and software integration Cisco Catalyst 2960 LAN Base Series — Model Overview : Cisco Catalyst 2960 LAN Base Series — Model Overview Enterprise-class intelligent services: Advanced QoS, enhanced security, high availability 48 10/100 ports 2 10/100/1000 uplink ports 24 10/100 ports 2 10/100/1000 uplink ports Catalyst 2960-24TT-L Catalyst 2960-48TT-L 24 10/100 ports 2 dual-purpose uplink ports Catalyst 2960-24TC-L Catalyst 2960-48TC-L 48 10/100 ports 2 dual-purpose uplink ports 20 10/100/1000 ports 4 dual-purpose uplink ports Catalyst® 2960G-24TC-L Catalyst 2960G-48TC-L 44 10/100/1000 ports 4 dual-purpose uplink ports 8 10/100 ports 1 dual-purpose uplink port Compact form-factor with no fan Catalyst 2960-8TC-L 7 10/100/1000 ports 1 dual-purpose uplink port Compact form-factor with no fan Catalyst 2960G-8TC-L Software LAN Base Image 24 10/100 PoE ports 2 dual-purpose uplink ports Catalyst® 2960-24PC-L Catalyst 2960-24LT-L 24 10/100 ports (8 PoE ports) 2 10/100/1000 uplink ports 8 10/100/1000 ports 1 10/100/1000 PoE Input port Compact form-factor with no fan Catalyst 2960PD-8TT-L Cisco Catalyst 2960 LAN Lite Series — Model Overview : Cisco Catalyst 2960 LAN Lite Series — Model Overview Software LAN Lite Image 24 10/100 ports Catalyst 2960-24-S 24 10/100 ports 2 dual-purpose uplink ports Catalyst 2960-24TC-S Catalyst 2960-48TC-S 48 10/100 ports 2 dual-purpose uplink ports Note: Catalyst 2960 Switches cannot be upgraded or downgraded between LAN Base and LAN Lite software. Entry level QoS, security, and availability with a focus on ease-of-use and lower total cost of ownership Catalyst 2960 Compact Switches : Small size (H x W x D) 4.4cm x 27cm x 16-23cm Flexible wall and under the desk mounting Durable metal shell Cable guard Internal power supply and right angle power cord Passive cooling (no fan) Magnet included Security locking slot 19 inch rack mount option Catalyst 2960 Compact Switches Meeting unique physical requirements of the office workspace, conference rooms, and classrooms, and micro branch offices Services and Warranty for The Cisco Catalyst 2960 Series : Services and Warranty for The Cisco Catalyst 2960 Series Limited lifetime hardware warranty Advance Replacement shipping within 10 business days Guest access to Cisco.com Ongoing Cisco IOS Software updates at no additional cost Cisco SMARTnet® and SMARTnet Onsite Support Around-the-clock, global access to the Cisco Technical Assistance Center (TAC) Access to the extensive Cisco.com knowledgebase and tools Next-business-day advance hardware replacement (premium options available for business-critical devices, such as 2-hour replacement and onsite parts replacement and installation) Cisco Smart Foundation Service (formerly SMB Support Assistant) Cisco Foundation Technology Optimization Service Catalyst 3750-E Models : Catalyst 3750-E Models PoE and data only options Any 3750-E model can be connected with another through StackWise Plus 3750-E models can be combined in a stack with existing 3750 models in a mixed stack 48 10/100/1000T Ports w/POE + 2x 10GE 24 10/100/1000T Ports w/POE + 2x 10GE 48 10/100/1000T Ports + 2x 10GE 24 10/100/1000T Ports + 2x 10GE Catalyst 3560-E Models : Catalyst 3560-E Models The 3560-E is for standalone deployments Similar features to the 3750-E, but StackWise is removed Same software features Same PoE options 48 10/100/1000T Ports w/POE + 2x 10GE 24 10/100/1000T Ports w/POE + 2x 10GE 48 10/100/1000T Ports + 2x 10GE 24 10/100/1000T Ports + 2x 10GE StackWise Plus : StackWise Plus Speed improved to 64Gbps* Supports local switching Local packets do not traverse the stack Intelligently forwards traffic over the StackWise connection Load Balancing Quality of Service Traffic Optimization Backward compatible with the original StackWise Fault-tolerant, Bi-directional 64-Gbps stack interconnection Automated Configuration & Management Single network instance (IP, SNMP, CLI, Spanning-Tree Protocol , VLAN) Master/secondary architecture with master failover Cross-Stack EtherChannel®, cross-stack QoS * For typical traffic patterns, actual performance may be higher or lower StackWise Plus Architecture : StackWise Plus Architecture Local Switching StackWise Plus 1 2 3 4 StackWise Plus Ring 10 Gigabit Ethernet : 10 Gigabit Ethernet Two 10GE uplink interfaces Wire rate forwarding performance Supported X2 Transceivers LX4 (MMF - 300m SMF - 10km) LR (SMF 10km) SR (MMF) CX4 (Copper) ER (SMF 40km) TwinGig Adapter converts an X2 interface into dual SFP interfaces All SFPs supported on 3750 platform are supported with the TwinGig Adapter TwinGig Adapters are hot swappable with X2 modules Out of Band Management : Out of Band Management Two management ports RS-232 serial console port 10/100BASE-TX Ethernet port Out-of-band management supports Telnet, TFTP, and SSHv2 One interface can manage the entire stack of switches If multiple out-of-band ports are connected to different switches in a stack, one is selected for active use Slide 15: Power Field Replaceable Power Supplies : Field Replaceable Power Supplies Wide variety of power supply options 48 port POE, 24 port POE, and data only options DC power available in every model for data only With the RPS 2300, a power supply can be replaced without powering down the switch AC Supply DC Supply Switch with 1225WAC Supply Redundant Power Supply – RPS 2300 : Redundant Power Supply – RPS 2300 Seamless failover from switch to RPS when PS fails Automatic back-off to switch when its power supply returns RPS and switches support dual AC power circuits Connect up to six switches Two switches can be actively backed up Dual modular power supplies allow the RPS to match the switches’ supplies Field replaceable blower module Backwards Compatible Switches: 2950, 2960, 2970, 3550, 3560, and 3750 Routers: 2811, 2821, 2851, and 3825 Slide 18: Operations IOS Software Feature Sets : IOS Software Feature Sets Three IOS feature sets IP Base Layer 2 Forwarding Base IPv6 Services Basic Routing Security IP Services Full EIGRP and OSPF Routing Multicast Routing Policy Based Routing Advanced IP Services IPv6 Routing Cisco Catalyst Intelligent Switching Infrastructure : Cisco Catalyst Intelligent Switching Infrastructure Performance, Availability QoS Security Manageability Intelligent Switching is a Common Foundation of Capabilities across Cisco® Catalyst® Switches Wire-speed forwarding No performanceeffect with all services enabled Layer 2, 3, 4 classification Policing and shaping Multiple queues Granular control Layer 2, 3, 4 access control Identity-based authentication Management security Admission control End-to-end manageability for centralized administration Web-based or command-line interface (CLI) Analysis and planning tools Where Congestion Exists, QoS is Required : Aggregation Speed Mismatch 10 Mbps 1000 Mbps LAN to WAN 10 Mbps 64 kbps Where Congestion Exists, QoS is Required Points of aggregation Links and buffers Points of substantial speed mismatch Transmit buffers tend to fill (TCP windowing) Buffering reduces loss, introduces delay Cisco Catalyst Series Extensive QoS Features : Cisco Catalyst Series Extensive QoS Features RX Queue 1 Queue 2 Queue 3 Queue 4 Ingress Police Classify TX IngressQueuing/ Scheduling CongestionControl Mark S2 Traffic Classification and Marking for Differentiated Services Per-Port or Individual/Aggregate Flow Classification and Rewriting of MAC Address, 802.1p CoS/DSCP, IP Address, and TCP/UDP Port EgressQueuing/ Scheduling CongestionControl Auto QoS : Auto QoS One Command per Interface to Enable and Configure QoS. Modify Global and Interface Settings to Make QoS for VoIP Work. Cisco® CallManager Cisco Unity® Software Voice Applications VoiceGateways Campus QoS ConsiderationsTrust Boundary Extension and Operation : Phone VLAN = 110 Campus QoS ConsiderationsTrust Boundary Extension and Operation PC VLAN = 10 Mitigating Unauthorized Devices : Unauthorized Switch Enterprise Server Unauthorized Switch Cisco® Secure ACS Enterprise Server Mitigating Unauthorized Devices Problem: Well-intentioned users place unauthorized network devices on the network, possibly causing instability. Solution: Cisco Catalyst® Switches support rogue BPDU filtering: BPDU Guard, Root Guard Incorrect STP Info BPDU Guard Network Instability Authorized Switch Authorized Switch Root Guard Protecting Against Well-Intentioned Users Secure Connectivity : Secure Connectivity Secure Shell (SSH) Protocol SSH encrypts administration traffic during Telnet sessions while configuring or troubleshooting switches. Secure Sockets Layer (SSL) SSL encrypts network management traffic, allowingthe secure use of tools such as the Cisco® Network Assistant. SNMPv3 (with crypto support) SNMPv3 provides network security by encrypting administrator traffic during SNMP session to configure or troubleshoot switches. Kerberos Kerberos authenticates users and network services using a trusted third party to perform secure verification. Secure Copy SCP provides a secure and authenticated method for copying switch configurations or switch image files. SCP relies on SSH. Securing Layer 2 from Surveillance AttacksCutting Off MAC-Based Attacks : Securing Layer 2 from Surveillance AttacksCutting Off MAC-Based Attacks Problem: “Script Kiddie” Hacking Tools Enable Attackers’ Flood Switch CAM Tables with Bogus MAC Addresses, Turning the VLAN into a “Hub” and Eliminating Privacy Switch CAM Table Limit Is Finite Number of MAC Addresses Solution: Port Security Limits MAC Flooding Attack and Locks Down Port and Sends an SNMP Trap 00:0e:00:aa:aa:aa 00:0e:00:bb:bb:bb Only 3 MAC Addresses Allowed on the Port: Shutdown 250,000 Bogus MAC addresses per Second switchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity Voice (VLAN) aware Port Security : Voice (VLAN) aware Port Security Scenario – IP phone + host on same switch port Port security & STP violations are now VLAN/voice aware Violations for the host only affect “data” VLAN Only affected VLAN is placed in error disable state Voice VLAN remains unaffected Improves network availability DHCP Spoofing Attack : DHCP Spoofing Attack Problem: Malicious user pretends to be the network DHCP server. Misconfigured user starts up a DHCP server incorrectly. Malicious user can send out bogus address, deplete the address space, or spoof the default gateway. Solution Do not trust user ports so only DHCP requests can be sent. Snoop DHCP information for integrity. Rogue DHCP Offer IP: 10.1.1.20/24 GW: 10.1.1.1 DNS: 192.168.1.122 DHCP Discovery Broadcast Victim DHCP Server User PortsUntrusted DHCP Server v DHCP Snooping : DHCP Client DHCP Server Rogue Server Trusted DHCP Snooping Enabled DHCP Request X DHCP ACK Untrusted v DHCP Snooping What It Does: Switch forwards only DHCP requests from untrusted access ports, and drops all other types of DHCP traffic. DHCP snooping allows only designated DHCP ports or uplink ports trusted to relay DHCP messages. It builds a DHCP binding table containing client IP address, client MAC address, port, and VLAN number. Benefit: DHCP snooping eliminates rogue devices from behaving as the DHCP server. Slide 31: FlexLinks—L2 Redundancy Achieve Layer 2 redundancy without requiring STP (Spanning Tree Protocol) Access switches with backup links to Distribution switches—deployed as Flex link pair Fast convergence upon forwarding link failover Sub 100msec cut over Convergence time independent of number of VLANs and MAC-addresses FlexLinks—L2 Redundancy : Catalyst 2960 Cat6K Cat6K FlexLinks—L2 Redundancy 1. Primary link down detected (24msec poll) 2. Backup link becomes the active link X v Active Link Backup Link Flexlink VLAN load balancing : Cat2960 Flexlink VLAN load balancing Primary link down detected Backup carries VLANs 60, 50, 20 X Primary Link - Carries VLANs 60, 50 Backup Link - carries VLAN 20 gi2/0/8 gi2/0/6 Integrated Time Domain Reflectometer (TDR) : Integrated Time Domain Reflectometer (TDR) Layer1 Troubleshooting tool TDR helps to determine: The length of a cable Whether the cable is correctly wired internally (pin-to-pin wire mapping) Whether the cable contains a short circuit (wires touching each other through damaged or missing insulation) Whether the cable contains a broken wire (called an “open”) Whether the cable suffers from electrical cross talk (interference). CISCO-CABLE-DIAG-MIB UniDirectional Link Detection (UDLD)Protecting Against One Way Communication : UniDirectional Link Detection (UDLD)Protecting Against One Way Communication Highly available networks require UDLD to protect against one way communication or partially failed links and the effect that they could have on protocols like STP and RSTP Primarily used on fiber optic links where patch panel errors could cause link up/up with miss matched transmit/receive pairs Neighboring ports should see their own device/port ID (echo) in the packets received from the other side Failing to receive this information indicates misconfiguration and the port is error-disabled. CiscoWorks LAN Management Solution (LMS) : CiscoWorks LAN Management Solution (LMS) Simplifies and automates tasks associated with day-to-day management—Taking inventory, configuration, IOS software deployment and troubleshooting. Breadth of device support (over 400 Cisco device types) provides a single application suite for managing most Cisco-labeled devices. Provides detailed visibility of users, ports and network connectivity—topology services, user tracking, inventory. Automates the change management process quickly identifying hardware, software and configuration changes—change audit reports. LMS is a suite of applications designed to simplify and augment the daily tasks required to manage a Cisco end-to-end network—reducing total cost of ownership and improving network availability. Management Interfaces : Management Interfaces Manages a single device Web-based—HTML Router, switch, IP phone, wireless… Web-based—Java Cisco Catalyst Device Manager Cisco Network Assistant Manages a 40-device network Express Setup : Express Setup Power up the switch and hold the mode button for a few seconds until all the mode LEDs are green. Connect the PC into the Ethernet port and launch the browser. Launch the Express Setup page by entering the IP address of 10.0.0.1 in the browser. Assign the switch IP address and management VLAN; enable the secret password, (optional) Telnet password, and SNMP configuration. Cisco Catalyst Device Manager : Cisco Catalyst Device Manager Embedded in the switch View and configure a single switch using a web browser Display switch trends, status, and port statistics Integrated Smart Ports for simple port configuration Cisco Network Assistant Release 5.0 : Cisco Network Assistant Release 5.0 Multi-product, multi-technology management tool Supports up to 40 devices Switches, Routers and Firewalls and unlimited IP Phones and Access points Interactive topology and front panel views Configuration, Monitoring, Troubleshooting & Network Optimization Highlight your VLANs, Telnet to devices, Drag-n-Drop IOS upgrades Localized in French, Italian, German, Spanish, Chinese and Japanese Free download www.cisco.com/go/cna You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
prova mdedominicis Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 403 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: May 11, 2009 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Catalyst 3750-E Catalyst 3560-E Catalyst 2960 Overview : Catalyst 3750-E Catalyst 3560-E Catalyst 2960 Overview Most Complete Line of Fixed Configuration LAN Products : Full Layer 3 Routing Layer 2 Intelligent Services GUI-Managed Most Complete Line of Fixed Configuration LAN Products Function, Flexibility, Scalability Price-Performance Cisco Catalyst 3560-E and Catalyst 3560 10/100 and GE configurations + 2 10GE Enterprise-class intelligent Layer 3/4 services Modular power supply with 3560-E PoE configurations with up to 15.4W on all 48 ports Cisco Catalyst 2960 10/100 and 10/100/1000 Layer 2 switching 8, 24, and 48 port configurations with dual-purpose Gig uplinks PoE configurations with up to 15.4W up to 24 ports Entry level LAN Lite IOS and enhanced LAN Base IOS for intelligent services Cisco Catalyst 3750-E and Catalyst 3750 Stackable 10/100 and GE configurations + 2 10GE Cisco StackWise™ Plus and StackWise technology Enterprise-class intelligent Layer 3/4 services Modular power supply with 3750-E PoE configurations with up to 15.4W on all 48 ports Cisco Catalyst 4948 10/100/1000 + 2 10GE wire speed switching Rack-optimized server switching Jumbo frame support Dual, hot swappable, internal power supplies Hot swappable fan tray Cisco Catalyst Express 500 Low-density, standalone, managed 10/100 switching Tailored for businesses with up to 250 users Introducing The Catalyst 3750-E : Introducing The Catalyst 3750-E The next generation complement to the Catalyst 3750 24 or 48 GE ports with 2x10 GE uplinks Wire-speed performance Transition to 10GE with the TwinGig adapter, a 10GE module that accepts two GE SFPs StackWise Plus Supports original StackWise features Double the speed of original StackWise Backwards compatible with the Catalyst 3750 Power Modular power supply and fan blower Different power supply sizes 48 ports of full IEEE POE in a single rack unit New and improved redundant power supply Cisco Catalyst 2960 Series Switches : Cisco Catalyst 2960 Series Switches Fast Ethernet and Gigabit Ethernet in 8, 24, and 48 port configurations for entry-level enterprise and mid-market customers PoE configurations with up to 15.4W up to 24 ports Offers enhanced Layer 2+ intelligent LAN services: Availability Enhanced security Advanced quality of service (QoS) Simplified management and troubleshooting for lower total cost of ownership Cisco Network Assistant and Cisco Smartports Limited lifetime hardware warranty and software updates at no additional charge Fast Ethernet in 24 and 48 port configurations for small branch offices and wiring closets Offers standard Layer 2 services with entry-level availability, security, and QoS Scalable and secure network management Simplified management and troubleshooting for lower total cost of ownership Cisco Network Assistant and Cisco Smartports Limited lifetime hardware warranty and software updates at no additional charge Catalyst 2960 LAN Base Series Catalyst 2960 LAN Lite Series Uses Cisco ASICs for superior quality and hardware and software integration Cisco Catalyst 2960 LAN Base Series — Model Overview : Cisco Catalyst 2960 LAN Base Series — Model Overview Enterprise-class intelligent services: Advanced QoS, enhanced security, high availability 48 10/100 ports 2 10/100/1000 uplink ports 24 10/100 ports 2 10/100/1000 uplink ports Catalyst 2960-24TT-L Catalyst 2960-48TT-L 24 10/100 ports 2 dual-purpose uplink ports Catalyst 2960-24TC-L Catalyst 2960-48TC-L 48 10/100 ports 2 dual-purpose uplink ports 20 10/100/1000 ports 4 dual-purpose uplink ports Catalyst® 2960G-24TC-L Catalyst 2960G-48TC-L 44 10/100/1000 ports 4 dual-purpose uplink ports 8 10/100 ports 1 dual-purpose uplink port Compact form-factor with no fan Catalyst 2960-8TC-L 7 10/100/1000 ports 1 dual-purpose uplink port Compact form-factor with no fan Catalyst 2960G-8TC-L Software LAN Base Image 24 10/100 PoE ports 2 dual-purpose uplink ports Catalyst® 2960-24PC-L Catalyst 2960-24LT-L 24 10/100 ports (8 PoE ports) 2 10/100/1000 uplink ports 8 10/100/1000 ports 1 10/100/1000 PoE Input port Compact form-factor with no fan Catalyst 2960PD-8TT-L Cisco Catalyst 2960 LAN Lite Series — Model Overview : Cisco Catalyst 2960 LAN Lite Series — Model Overview Software LAN Lite Image 24 10/100 ports Catalyst 2960-24-S 24 10/100 ports 2 dual-purpose uplink ports Catalyst 2960-24TC-S Catalyst 2960-48TC-S 48 10/100 ports 2 dual-purpose uplink ports Note: Catalyst 2960 Switches cannot be upgraded or downgraded between LAN Base and LAN Lite software. Entry level QoS, security, and availability with a focus on ease-of-use and lower total cost of ownership Catalyst 2960 Compact Switches : Small size (H x W x D) 4.4cm x 27cm x 16-23cm Flexible wall and under the desk mounting Durable metal shell Cable guard Internal power supply and right angle power cord Passive cooling (no fan) Magnet included Security locking slot 19 inch rack mount option Catalyst 2960 Compact Switches Meeting unique physical requirements of the office workspace, conference rooms, and classrooms, and micro branch offices Services and Warranty for The Cisco Catalyst 2960 Series : Services and Warranty for The Cisco Catalyst 2960 Series Limited lifetime hardware warranty Advance Replacement shipping within 10 business days Guest access to Cisco.com Ongoing Cisco IOS Software updates at no additional cost Cisco SMARTnet® and SMARTnet Onsite Support Around-the-clock, global access to the Cisco Technical Assistance Center (TAC) Access to the extensive Cisco.com knowledgebase and tools Next-business-day advance hardware replacement (premium options available for business-critical devices, such as 2-hour replacement and onsite parts replacement and installation) Cisco Smart Foundation Service (formerly SMB Support Assistant) Cisco Foundation Technology Optimization Service Catalyst 3750-E Models : Catalyst 3750-E Models PoE and data only options Any 3750-E model can be connected with another through StackWise Plus 3750-E models can be combined in a stack with existing 3750 models in a mixed stack 48 10/100/1000T Ports w/POE + 2x 10GE 24 10/100/1000T Ports w/POE + 2x 10GE 48 10/100/1000T Ports + 2x 10GE 24 10/100/1000T Ports + 2x 10GE Catalyst 3560-E Models : Catalyst 3560-E Models The 3560-E is for standalone deployments Similar features to the 3750-E, but StackWise is removed Same software features Same PoE options 48 10/100/1000T Ports w/POE + 2x 10GE 24 10/100/1000T Ports w/POE + 2x 10GE 48 10/100/1000T Ports + 2x 10GE 24 10/100/1000T Ports + 2x 10GE StackWise Plus : StackWise Plus Speed improved to 64Gbps* Supports local switching Local packets do not traverse the stack Intelligently forwards traffic over the StackWise connection Load Balancing Quality of Service Traffic Optimization Backward compatible with the original StackWise Fault-tolerant, Bi-directional 64-Gbps stack interconnection Automated Configuration & Management Single network instance (IP, SNMP, CLI, Spanning-Tree Protocol , VLAN) Master/secondary architecture with master failover Cross-Stack EtherChannel®, cross-stack QoS * For typical traffic patterns, actual performance may be higher or lower StackWise Plus Architecture : StackWise Plus Architecture Local Switching StackWise Plus 1 2 3 4 StackWise Plus Ring 10 Gigabit Ethernet : 10 Gigabit Ethernet Two 10GE uplink interfaces Wire rate forwarding performance Supported X2 Transceivers LX4 (MMF - 300m SMF - 10km) LR (SMF 10km) SR (MMF) CX4 (Copper) ER (SMF 40km) TwinGig Adapter converts an X2 interface into dual SFP interfaces All SFPs supported on 3750 platform are supported with the TwinGig Adapter TwinGig Adapters are hot swappable with X2 modules Out of Band Management : Out of Band Management Two management ports RS-232 serial console port 10/100BASE-TX Ethernet port Out-of-band management supports Telnet, TFTP, and SSHv2 One interface can manage the entire stack of switches If multiple out-of-band ports are connected to different switches in a stack, one is selected for active use Slide 15: Power Field Replaceable Power Supplies : Field Replaceable Power Supplies Wide variety of power supply options 48 port POE, 24 port POE, and data only options DC power available in every model for data only With the RPS 2300, a power supply can be replaced without powering down the switch AC Supply DC Supply Switch with 1225WAC Supply Redundant Power Supply – RPS 2300 : Redundant Power Supply – RPS 2300 Seamless failover from switch to RPS when PS fails Automatic back-off to switch when its power supply returns RPS and switches support dual AC power circuits Connect up to six switches Two switches can be actively backed up Dual modular power supplies allow the RPS to match the switches’ supplies Field replaceable blower module Backwards Compatible Switches: 2950, 2960, 2970, 3550, 3560, and 3750 Routers: 2811, 2821, 2851, and 3825 Slide 18: Operations IOS Software Feature Sets : IOS Software Feature Sets Three IOS feature sets IP Base Layer 2 Forwarding Base IPv6 Services Basic Routing Security IP Services Full EIGRP and OSPF Routing Multicast Routing Policy Based Routing Advanced IP Services IPv6 Routing Cisco Catalyst Intelligent Switching Infrastructure : Cisco Catalyst Intelligent Switching Infrastructure Performance, Availability QoS Security Manageability Intelligent Switching is a Common Foundation of Capabilities across Cisco® Catalyst® Switches Wire-speed forwarding No performanceeffect with all services enabled Layer 2, 3, 4 classification Policing and shaping Multiple queues Granular control Layer 2, 3, 4 access control Identity-based authentication Management security Admission control End-to-end manageability for centralized administration Web-based or command-line interface (CLI) Analysis and planning tools Where Congestion Exists, QoS is Required : Aggregation Speed Mismatch 10 Mbps 1000 Mbps LAN to WAN 10 Mbps 64 kbps Where Congestion Exists, QoS is Required Points of aggregation Links and buffers Points of substantial speed mismatch Transmit buffers tend to fill (TCP windowing) Buffering reduces loss, introduces delay Cisco Catalyst Series Extensive QoS Features : Cisco Catalyst Series Extensive QoS Features RX Queue 1 Queue 2 Queue 3 Queue 4 Ingress Police Classify TX IngressQueuing/ Scheduling CongestionControl Mark S2 Traffic Classification and Marking for Differentiated Services Per-Port or Individual/Aggregate Flow Classification and Rewriting of MAC Address, 802.1p CoS/DSCP, IP Address, and TCP/UDP Port EgressQueuing/ Scheduling CongestionControl Auto QoS : Auto QoS One Command per Interface to Enable and Configure QoS. Modify Global and Interface Settings to Make QoS for VoIP Work. Cisco® CallManager Cisco Unity® Software Voice Applications VoiceGateways Campus QoS ConsiderationsTrust Boundary Extension and Operation : Phone VLAN = 110 Campus QoS ConsiderationsTrust Boundary Extension and Operation PC VLAN = 10 Mitigating Unauthorized Devices : Unauthorized Switch Enterprise Server Unauthorized Switch Cisco® Secure ACS Enterprise Server Mitigating Unauthorized Devices Problem: Well-intentioned users place unauthorized network devices on the network, possibly causing instability. Solution: Cisco Catalyst® Switches support rogue BPDU filtering: BPDU Guard, Root Guard Incorrect STP Info BPDU Guard Network Instability Authorized Switch Authorized Switch Root Guard Protecting Against Well-Intentioned Users Secure Connectivity : Secure Connectivity Secure Shell (SSH) Protocol SSH encrypts administration traffic during Telnet sessions while configuring or troubleshooting switches. Secure Sockets Layer (SSL) SSL encrypts network management traffic, allowingthe secure use of tools such as the Cisco® Network Assistant. SNMPv3 (with crypto support) SNMPv3 provides network security by encrypting administrator traffic during SNMP session to configure or troubleshoot switches. Kerberos Kerberos authenticates users and network services using a trusted third party to perform secure verification. Secure Copy SCP provides a secure and authenticated method for copying switch configurations or switch image files. SCP relies on SSH. Securing Layer 2 from Surveillance AttacksCutting Off MAC-Based Attacks : Securing Layer 2 from Surveillance AttacksCutting Off MAC-Based Attacks Problem: “Script Kiddie” Hacking Tools Enable Attackers’ Flood Switch CAM Tables with Bogus MAC Addresses, Turning the VLAN into a “Hub” and Eliminating Privacy Switch CAM Table Limit Is Finite Number of MAC Addresses Solution: Port Security Limits MAC Flooding Attack and Locks Down Port and Sends an SNMP Trap 00:0e:00:aa:aa:aa 00:0e:00:bb:bb:bb Only 3 MAC Addresses Allowed on the Port: Shutdown 250,000 Bogus MAC addresses per Second switchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity Voice (VLAN) aware Port Security : Voice (VLAN) aware Port Security Scenario – IP phone + host on same switch port Port security & STP violations are now VLAN/voice aware Violations for the host only affect “data” VLAN Only affected VLAN is placed in error disable state Voice VLAN remains unaffected Improves network availability DHCP Spoofing Attack : DHCP Spoofing Attack Problem: Malicious user pretends to be the network DHCP server. Misconfigured user starts up a DHCP server incorrectly. Malicious user can send out bogus address, deplete the address space, or spoof the default gateway. Solution Do not trust user ports so only DHCP requests can be sent. Snoop DHCP information for integrity. Rogue DHCP Offer IP: 10.1.1.20/24 GW: 10.1.1.1 DNS: 192.168.1.122 DHCP Discovery Broadcast Victim DHCP Server User PortsUntrusted DHCP Server v DHCP Snooping : DHCP Client DHCP Server Rogue Server Trusted DHCP Snooping Enabled DHCP Request X DHCP ACK Untrusted v DHCP Snooping What It Does: Switch forwards only DHCP requests from untrusted access ports, and drops all other types of DHCP traffic. DHCP snooping allows only designated DHCP ports or uplink ports trusted to relay DHCP messages. It builds a DHCP binding table containing client IP address, client MAC address, port, and VLAN number. Benefit: DHCP snooping eliminates rogue devices from behaving as the DHCP server. Slide 31: FlexLinks—L2 Redundancy Achieve Layer 2 redundancy without requiring STP (Spanning Tree Protocol) Access switches with backup links to Distribution switches—deployed as Flex link pair Fast convergence upon forwarding link failover Sub 100msec cut over Convergence time independent of number of VLANs and MAC-addresses FlexLinks—L2 Redundancy : Catalyst 2960 Cat6K Cat6K FlexLinks—L2 Redundancy 1. Primary link down detected (24msec poll) 2. Backup link becomes the active link X v Active Link Backup Link Flexlink VLAN load balancing : Cat2960 Flexlink VLAN load balancing Primary link down detected Backup carries VLANs 60, 50, 20 X Primary Link - Carries VLANs 60, 50 Backup Link - carries VLAN 20 gi2/0/8 gi2/0/6 Integrated Time Domain Reflectometer (TDR) : Integrated Time Domain Reflectometer (TDR) Layer1 Troubleshooting tool TDR helps to determine: The length of a cable Whether the cable is correctly wired internally (pin-to-pin wire mapping) Whether the cable contains a short circuit (wires touching each other through damaged or missing insulation) Whether the cable contains a broken wire (called an “open”) Whether the cable suffers from electrical cross talk (interference). CISCO-CABLE-DIAG-MIB UniDirectional Link Detection (UDLD)Protecting Against One Way Communication : UniDirectional Link Detection (UDLD)Protecting Against One Way Communication Highly available networks require UDLD to protect against one way communication or partially failed links and the effect that they could have on protocols like STP and RSTP Primarily used on fiber optic links where patch panel errors could cause link up/up with miss matched transmit/receive pairs Neighboring ports should see their own device/port ID (echo) in the packets received from the other side Failing to receive this information indicates misconfiguration and the port is error-disabled. CiscoWorks LAN Management Solution (LMS) : CiscoWorks LAN Management Solution (LMS) Simplifies and automates tasks associated with day-to-day management—Taking inventory, configuration, IOS software deployment and troubleshooting. Breadth of device support (over 400 Cisco device types) provides a single application suite for managing most Cisco-labeled devices. Provides detailed visibility of users, ports and network connectivity—topology services, user tracking, inventory. Automates the change management process quickly identifying hardware, software and configuration changes—change audit reports. LMS is a suite of applications designed to simplify and augment the daily tasks required to manage a Cisco end-to-end network—reducing total cost of ownership and improving network availability. Management Interfaces : Management Interfaces Manages a single device Web-based—HTML Router, switch, IP phone, wireless… Web-based—Java Cisco Catalyst Device Manager Cisco Network Assistant Manages a 40-device network Express Setup : Express Setup Power up the switch and hold the mode button for a few seconds until all the mode LEDs are green. Connect the PC into the Ethernet port and launch the browser. Launch the Express Setup page by entering the IP address of 10.0.0.1 in the browser. Assign the switch IP address and management VLAN; enable the secret password, (optional) Telnet password, and SNMP configuration. Cisco Catalyst Device Manager : Cisco Catalyst Device Manager Embedded in the switch View and configure a single switch using a web browser Display switch trends, status, and port statistics Integrated Smart Ports for simple port configuration Cisco Network Assistant Release 5.0 : Cisco Network Assistant Release 5.0 Multi-product, multi-technology management tool Supports up to 40 devices Switches, Routers and Firewalls and unlimited IP Phones and Access points Interactive topology and front panel views Configuration, Monitoring, Troubleshooting & Network Optimization Highlight your VLANs, Telnet to devices, Drag-n-Drop IOS upgrades Localized in French, Italian, German, Spanish, Chinese and Japanese Free download www.cisco.com/go/cna