Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Converged Access & 
Catalyst portfolio for Access 
Alexey Zaytsev 
ENG Product Manager / Converged Access 
RUSSIA 2014 
Cu...
Software services, 
innovations and Roadmaps 
on Cisco Access switching portfolio 
© 2013-2014 Cisco and/or its affiliates...
High Availability 
Protect Business Continuity 
Stateful Switchover 
(SS0) 
Sub-Second Failover 
• Stackable Support: 
365...
Availability-Service Software Upgrade (ISSU) / Cat4500 
Software Upgrades— w/o Service Interruption 
• Comprehensive, non-...
Network as a Sensor 
End-to-end Monitoring and Control for Real-Time Traffic using Flexible NetFlow, Performance 
Monitor ...
Network-wide Visibility 
with Flexible Netflow for Wired/Wireless 
Monitoring/ 
Security 
• Detect network anomalies – Ide...
Network As A Sensor 
Flexible NetFlow – Defend Against Emerging Threats (Cyber Security) 
Lancope 
StealthWatch 
Catalyst ...
Lancope StealthWatch – 90 Days Free Trial 
Network As A Sensor 
§ Free! 90 Days Full Trial License of Lancope StealthWatc...
Troubleshooting with Wireshark – Wired/Wireless 
CLI Packet Capture 
Switch# show monitor capture file bootflash:nflow.pca...
mDNS based technology 
Customer Challenges: 
• Apple Bonjour® and Zeroconf compliant devices are 
designed for a single LA...
SDG, Policy Example for Education 
Teacher 
Service Policy 
AirPrint AirPlay File 
Share 
Teacher Network 
Services Discov...
Device Sensor 
Automated Device Classification Using Cisco Infrastructure 
Access Point 
Printer Policy 
[place on VLAN X]...
AVC service implementation 
Cisco MC 
Catalyst 
3850/3650 
(CA switch) 
Wireless 
APs 
Wired Network: 
Cisco Catalyst 
300...
Ease of Operations & Lower TCO 
APIC EM 
Access Switches 
Sleep Sleep Sleep 
Zero Touch Deployments 
and Maintenance 
NG P...
3 
NG Plug-N-Play 
Simplified Day 0/Day 1 Provisioning 
PnP 
Agent 
PnP Server 
PnP 
Agent PnP 
Agent 
2 
© 20U13n-2s01k4 ...
Interface Templates are Flexible 
IOS-XE 3.6 
3750X# configure term 
3750X(config)# template APPLE_TV_INTF_TEMPLATE 
3750X...
Addressing Customer 
Choices 
160 Gbps 
/ stack 
25 AP WLC 
Redundant PSUs 
Stateful Switchover 
Flexible NetFlow 
Wiresha...
Thank you.
Upcoming SlideShare
Loading in …5
×

Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутаторов уровня доступа Catalyst. Часть 4

1,019 views

Published on

Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутаторов уровня доступа Catalyst

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутаторов уровня доступа Catalyst. Часть 4

  1. 1. Converged Access & Catalyst portfolio for Access Alexey Zaytsev ENG Product Manager / Converged Access RUSSIA 2014 Customer version under NDA С вопросами по теме Converged Access и коммутаторов Catalyst в регионе РФ и СНГ обращайтесь к: - Андрею Денисову: adenisov@cisco.com - Константину Григорьеву: kgrigori@cisco.com
  2. 2. Software services, innovations and Roadmaps on Cisco Access switching portfolio © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  3. 3. High Availability Protect Business Continuity Stateful Switchover (SS0) Sub-Second Failover • Stackable Support: 3650 and 3850 • Intra-chassis support: 4500, 6500 and 6800; Sup2T in VSS • Inter-Chassis support: with VSS Non-Stop Forwarding (NSF) / Non-Stop Routing (NSR) Resilient L3 Topologies • NSF support for OSPF, EIGRP, ISIS, BGP • NSF reduces forwarding table churn • NSR only for Cat 6K • NSR only for OSPF; others to be added In-Service Software upgrade (ISSU) / Enhanced Fast Software Upgrade (EFSU) Minimize Upgrade Downtime • Catalyst 4500 support ISSU for hitless software upgrade • Catalyst 6500 / 6800 support EFSU for minimal disruption during software upgrade Virtual Switching System (VSS) Infrastructure Resilience • Multi-chassis EtherChannel (MEC) provides hardware-based failover • Quad-Sup SSO with Sup2T (Cat 6K) • Support in 4K and 6K Physical Redundancy Redundant Hardware © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases • Redundant Power Supplies • StackPower with 3850 • Redundant Fan Trays for Chassis Systems • Redundant Supervisors for Chassis Systems StackPower Stateful SwitchOver Virtual Switching System
  4. 4. Availability-Service Software Upgrade (ISSU) / Cat4500 Software Upgrades— w/o Service Interruption • Comprehensive, non-intrusive software upgrade solution • Transparent to end users — no loss of user sessions • Upgrades at anytime — even during business hours! • Image Roll-Back < 200ms Line Card Line Card Line Card Redundant Supervisors ACTIVE ACTIVE “Instead of having to prepare for two weeks for a planned outage, software updates with the Cisco Catalyst 4500 ISSU features in the new emergency department are absolutely transparent. We no longer have any downtime at all.” © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. Network as a Sensor End-to-end Monitoring and Control for Real-Time Traffic using Flexible NetFlow, Performance Monitor and Packet Capture Performance Monitor Real-Time Monitoring • Uses NetFlow information • NetFlow V9 export format • Monitor media metrics, i.e. jitter, loss • Real-time monitoring of voice and video across network Media Service Interface (MSI) and Media Service Proxy (MSP) Control with Flow Metadata • MSI provides endpoint information such as device or application name • MSP uses NetFlow and MSI information to allow for better QoS control Packet Capture Technologies Improved Troubleshooting • AVC / Wireless • WiresharK for Cat 4K and 3K families • Mini-Protocol Analyzer (MPA) for Cat 6K • Capture, display and export operations Flexible NetFlow What’s in my Network ? • Supported across all Catalyst families • No performance impact • Redundant Fan Trays for Chassis Systems • Redundant Supervisors for Chassis Systems Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Network-wide Visibility with Flexible Netflow for Wired/Wireless Monitoring/ Security • Detect network anomalies – Identify and mitigate network attacks • Forensics and Incident investigation • Network Acceptable Use Usage/ Billing • Develop billing strategies based on data, video and voice usage per port • Bill users for data usage on a per port basis • Enforce policies to limit usage Capacity Planning • Identify the top talkers in the LAN • Identify traffic patterns and data usage trends over a time period • Identify types of applications in different parts of the network © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Network As A Sensor Flexible NetFlow – Defend Against Emerging Threats (Cyber Security) Lancope StealthWatch Catalyst 3650, 3850, or 4500E User connects laptop that is infected with a virus. Virus spreads to another user. Catalyst switch is running Flexible NetFlow. It sends user id, application id, traffic volume & more to Lancope. Lancope alerts IT about security breach. IT quarantines affected devices for remediation. IT prevents the virus from spreading to other devices. © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Lancope StealthWatch – 90 Days Free Trial Network As A Sensor § Free! 90 Days Full Trial License of Lancope StealthWatch § 2,000 flows per second § StealthWatch Management Console & Flow Collector § Available for new purchases of Cisco Catalyst 3650, 3850 & 4500E Series Ordering Process: Choose Activate NetFlow SKU FNF-LC when ordering Catalyst switch Customer receives order information with switch Customer registers on partners website www.lancope. com/cisco Partner helps customer with installation and training After trial period, customer buys Lancope subscription for $7,495 to $21,995 per year © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. Troubleshooting with Wireshark – Wired/Wireless CLI Packet Capture Switch# show monitor capture file bootflash:nflow.pcap detailed Frame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal <..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits) <..SNIP..> [Protocols in frame: eth:ip:udp:data] Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) • Built-in packet sniffer for remote troubleshooting • Real-time packet capture and decode for wired/wireless • Capture and Display Data and Control Packets • PCAP Storage options SD card or USB © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. mDNS based technology Customer Challenges: • Apple Bonjour® and Zeroconf compliant devices are designed for a single LAN at home • Consumers expect the same service discovery in the Enterprise/Campus – Across VLANs Benefits: • ZeroConf service discovery across VLANs • Easy to manage • Designed to scale • Transparent to consumer devices • IPv4 and IPv6 • Wireless and wired access • Integrates role-based access control Service Discovery Gateway CAP/WAP VLAN100 VLAN200 The mDNS Policy Profile is a list of allowed network applications. (i.e. AirPlay or Printing) Service Policy AirPrint AirPlay File Share Cisco solves BYOD service discovery challenges, including Apple Bonjour in the campus Network based solution for wireless and wired access © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. SDG, Policy Example for Education Teacher Service Policy AirPrint AirPlay File Share Teacher Network Services Discovery Student Network Student Service Policy AirPrint AirPlay File • Teachers are allowed to print, access the Apple TV and file shares. • Students are allowed to print and share iTunes, but not access the Apple TV, or file shares. Share iTunes Sharing © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. Device Sensor Automated Device Classification Using Cisco Infrastructure Access Point Printer Policy [place on VLAN X] Tablet Policy [BYOD QoS Policy, ACL Y] DEVICE PROFILING For wired and wireless networks POLICY Printer Tablet CDP LLDP DHCP MAC ISE CDP LLDP DHCP MAC Deployment Scenario With Cisco Device Sensors COLLECTION Switch Collects Device Related Data and Sends Report to ISE CLASSIFICATION ISE Classifies Device, Collects Flow Information and Provides Device Usage Report AUTHORIZATION ISE Executes Policy Based on User and Device, enforced in Access Switch The Solution Efficient Device Classification Leveraging Infrastructure C©is 2c01o3 -2C01o4n Cfiisdcoe anntdi/aorl i ts affiliates. All rights reserved. Cisco Confidential 12
  13. 13. AVC service implementation Cisco MC Catalyst 3850/3650 (CA switch) Wireless APs Wired Network: Cisco Catalyst 3000/4500/6500/6800 MA MA MA Web-UI on MA Applications: Bittorent: 69% Skype: 2% … NBAR2 Wireless clients & Apps Bittorent Facebook Skype per WLAN stats per Client stats Wireless only © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. Ease of Operations & Lower TCO APIC EM Access Switches Sleep Sleep Sleep Zero Touch Deployments and Maintenance NG Plug n Play & Smart Install • Software image & Configuration downloaded • Consistent for Devices & PIN • On-going Image Update and Configuration Back-up Plug and Play for End Devices Auto Smart Ports, Auto Conf & Interface Templates • Port Configuration: Applied • QoS Policy: Enforced • Security Policy: Enforced Monitor & Troubleshoot Smart Call Home IPSLA, WireShark • Packet Capture for Wired and Wireless • Proactive diagnostics • Real time Alerts • Web-based reports • Routed to TAC team Control Your Network EEM, XML Programmability • Ability to take custom actions based on syslogs/triggers • Enhanced Flexibility and control Reduced Energy Consumption Energywise and EEE • EEE ready • Energywise – Time of the day policy based on/off of access devices • 0 $ SKUs for energy management © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
  15. 15. 3 NG Plug-N-Play Simplified Day 0/Day 1 Provisioning PnP Agent PnP Server PnP Agent PnP Agent 2 © 20U13n-2s01k4 iClilsecod an d /or its affiliates. All rights reserved. Cisco Confidential 15 Installer GUI Based Consistent for devices & PIN(Campus/Branch) Secure RMA Use Case Greenfield & Brownfield Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing Network Admin 1 • Network Admin remotely monitors status of install while in progress. • Booting devices call out to PnP Server, requesting instructions Campus- Bldg-2 Smart Install Proxy PnP Agent Smart Install- Client Installer Remote Installer • Mount and cable devices • Power-on APIC EM
  16. 16. Interface Templates are Flexible IOS-XE 3.6 3750X# configure term 3750X(config)# template APPLE_TV_INTF_TEMPLATE 3750X(config-template)# switchport acces vlan 33 3750X(config-template)# spanning-tree portfast 3750X(config-template)# switchport mode access 3750X(config-template)# mls qos trust dscp 3750X(config-template)# description Apple TV 3750X(config-template)# exit 3750X# 3750X# show template brief Interface Templates =================== 3750X(config)# interface Gig 1/0/11 3750X(config-if)#source template APPLE_TV_INTF_TEMPLATE 3750X(config-if)# end 3750X# show run int gi1/0/11 Current configuration : 79 bytes ! interface GigabitEthernet1/0/11 source template APPLE_TV_INTF_TEMPLATE end Template-Name Source Bound-to-Interface ------------- ------ ------------------ APPLE_TV_INTF_TEMPLATE User No AP_INTERFACE_TEMPLATE Built-in No DMP_INTERFACE_TEMPLATE Modified-Built-in Yes IP_CAMERA_INTERFACE_TEMPLATE Built-in No Easy to Create and Modify Easy to Manage 3750X# show derived interface Gig 1/0/11 Building configuration... Derived configuration : 156 bytes ! interface GigabitEthernet1/0/11 description Apple TV switchport access vlan 33 switchport mode access mls qos trust dscp spanning-tree portfast end Result © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. Addressing Customer Choices 160 Gbps / stack 25 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark Medianet* TrustSec* TrustSec* Catalyst 3650 Stackable access, wired-wireless convergence, PoE+ Catalyst 2960-X Stackable access, PoE+ *Software Update Middle CY2014 480 Gbps / stack, 50 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec* StackPower Cisco UPOE Modular Uplinks Mixed Stacking Fiber, Copper, 10G-T ** Catalyst 3850 Stackable access, wired-wireless convergence, UPOE / PoE+ 928 Gbps 50 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec* Cisco UPOE Virtual Switching System ISSU 100 more 10G ports Catalyst 4500E Modular access, wired-wireless convergence, UPOE / PoE+ **Roadmap © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  18. 18. Thank you.

×