KEY MESSAGE:We are seeing the vision of the Borderless Networks come to life, with more and more employees demanding flexibility in the way they work, when and where they work and on what devices they work.Addressing BYOD is only the first step – allowing users to bring their own devices securely into the network.But companies must move beyond basic BYOD connectivitytoprovide an uncompromised experience in any workspace.Companies need to address the increased network usage, increased video usage, virtual desktops, etc. SOUND BITE: Therules of the game are changing, and companies mustmove beyond the basic first step of BYOD connectivity to meet employee expectationsCisco’s own CIO Rebecca Jacobi said that the challenge is more than just getting users on the network, it’s about what users can do once they are on the network.On March 20th Cisco is introducing a set of capabilities across the broad wireless infrastructure, security and policy, network management, and more to address these expectations.We are firing on all cylinders enhancing every aspect in the overall solution…
Technologies802.1X, ProfilingSolution ComponentsCisco Switches + WLCsISENCS PrimeCisco How (or Why) we implement or why we are better…High-performance 802.11n WLAN solutions by Cisco provide a foundation for enabling collaboration and deploying business-transformative applications that can’t be matched by pure-play vendors or other integrated network solution vendors.Cisco switches offer differentiated features such as monitor mode, FlexAuth and Security Group Access (SGA) enabling IT to enforce the business policy requirements for a secure BYOD deploymentCisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. A first-of-its-kind platform, Cisco Prime NCS is the only solution to deliver comprehensive visibility to wired, wireless, and policy metrics in a single, unified view, providing faster troubleshooting and more efficient network operations. This unified view is critical for any BYOD deployment as more devices are introduced to the network at an increasing rate. It also provides complete visibility into endpoint connectivity, regardless of device, network, or location.
Device Profiling + Device sensorSolution Components – ISE (Identity Services Engine) and Switch sensor (IOS SW that resides on 3k)Steps : Collection: A device (for example – a printer) gets plugged into a port on a switchSwitch detects a new device has been plugged inSwitch collects data related to the device (DHCP, LLDP, CDP, and MAC OUI data) by snooping on the traffic sent by the deviceSwitch sends collected data to ISE to aid ISE in device classification Classification :ISE uses rules engine to classify that device to be a printerISE provides a report of devices with device types : device MAC addr, device IP addr, switch port, device type etc Authorization:If IT has defined a policy for that device type - “Printer”, ISE executes the policyIf Policy says – put printer in a VLAN X, ISE tells the switch to place printer on VLAN XIf Policy says – don’t allow printer on the network, ISE tells the switch to block the portIf Policy says – provide restricted access to printer and limit it to ONLY talk to a Print server, ISE will ask the switch to enforce an ACL per the policyISE – can also collect “netflow” information from switchIf ISE notices that HP Printer is trying to talk to Internet (based on netflow data), it raises an alaram, as Printers are meant to be used for intranet usage only. This eliminates data spoofing & improves security
With the built-in traffic simulator in the switch In general:- We show the switches generating traffic across the network- Customers no longer need traffic generation equipment and can ensure the network is ready for various types of video applications before it is deployed. With the built-in traffic simulator in the switch all network readiness testing can be done remotely. It includes a scheduler to run periodic test over extended durationsIn this example we show:- How the Cat3K provide network assessment for a pair of Telepresence deployed across the country- Travel time savings- The scalability benefits of having the built-in simulator in the switch vs. externally:Built-in traffic simulator with a variety of traffic profilesManage with LMSCalibrate network performance before rolling out new applicationsRecreate traffic scenarios for troubleshooting or fine tuningA custom profile tool available to allow creating profiles for any kind of traffic in your networkRun periodic tests with scheduler
Automated monitoring and troubleshootingIn this example:A call between two locations is established and has poor qualityMediatrace can trace the path the video stream has taken and collect statistics along the pathThis helps the network operator isolate the point of problemThis eliminates the need for: external sniffer collectors and hop by hop logging into the network devices to do forensic analysis after the problem has occurred. The customer will save time and resources ($$)
Historic view of PoE. How has PoE changed landscape.