Cisco Catalyst 4500-E Innovations


Published on

Published in: Technology, Education

Comments are closed

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • KEY MESSAGE:We are seeing the vision of the Borderless Networks come to life, with more and more employees demanding flexibility in the way they work, when and where they work and on what devices they work.Addressing BYOD is only the first step – allowing users to bring their own devices securely into the network.But companies must move beyond basic BYOD connectivitytoprovide an uncompromised experience in any workspace.Companies need to address the increased network usage, increased video usage, virtual desktops, etc. SOUND BITE: Therules of the game are changing, and companies mustmove beyond the basic first step of BYOD connectivity to meet employee expectationsCisco’s own CIO Rebecca Jacobi said that the challenge is more than just getting users on the network, it’s about what users can do once they are on the network.On March 20th Cisco is introducing a set of capabilities across the broad wireless infrastructure, security and policy, network management, and more to address these expectations.We are firing on all cylinders enhancing every aspect in the overall solution…
  • Technologies802.1X, ProfilingSolution ComponentsCisco Switches + WLCsISENCS PrimeCisco How (or Why) we implement or why we are better…High-performance 802.11n WLAN solutions by Cisco provide a foundation for enabling collaboration and deploying business-transformative applications that can’t be matched by pure-play vendors or other integrated network solution vendors.Cisco switches offer differentiated features such as monitor mode, FlexAuth and Security Group Access (SGA) enabling IT to enforce the business policy requirements for a secure BYOD deploymentCisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. A first-of-its-kind platform, Cisco Prime NCS is the only solution to deliver comprehensive visibility to wired, wireless, and policy metrics in a single, unified view, providing faster troubleshooting and more efficient network operations. This unified view is critical for any BYOD deployment as more devices are introduced to the network at an increasing rate. It also provides complete visibility into endpoint connectivity, regardless of device, network, or location.
  • Device Profiling + Device sensorSolution Components – ISE (Identity Services Engine) and Switch sensor (IOS SW that resides on 3k)Steps : Collection: A device (for example – a printer) gets plugged into a port on a switchSwitch detects a new device has been plugged inSwitch collects data related to the device (DHCP, LLDP, CDP, and MAC OUI data) by snooping on the traffic sent by the deviceSwitch sends collected data to ISE to aid ISE in device classification Classification :ISE uses rules engine to classify that device to be a printerISE provides a report of devices with  device types : device MAC addr, device IP addr, switch port, device type etc Authorization:If IT has defined a policy for that device type - “Printer”, ISE executes the policyIf Policy says  – put printer in a VLAN X, ISE tells the switch to place printer on VLAN XIf Policy says – don’t allow printer on the network, ISE tells the switch to block the portIf Policy says – provide restricted access to printer and limit it to ONLY talk to a Print server, ISE will ask the switch to enforce an ACL per the policyISE – can also collect “netflow” information from switchIf ISE notices that HP Printer is trying to talk to Internet (based on netflow data), it raises an alaram, as Printers are meant to be used for intranet usage only.  This eliminates data spoofing & improves security
  • With the built-in traffic simulator in the switch In general:- We show the switches generating traffic across the network- Customers no longer need traffic generation equipment and can ensure the network is ready for various types of video applications before it is deployed. With the built-in traffic simulator in the switch all network readiness testing can be done remotely. It includes a scheduler to run periodic test over extended durationsIn this example we show:- How the Cat3K provide network assessment for a pair of Telepresence deployed across the country- Travel time savings- The scalability benefits of having the built-in simulator in the switch vs. externally:Built-in traffic simulator with a variety of traffic profilesManage with LMSCalibrate network performance before rolling out new applicationsRecreate traffic scenarios for troubleshooting or fine tuningA custom profile tool available to allow creating profiles for any kind of traffic in your networkRun periodic tests with scheduler
  • Automated monitoring and troubleshootingIn this example:A call between two locations is established and has poor qualityMediatrace can trace the path the video stream has taken and collect statistics along the pathThis helps the network operator isolate the point of problemThis eliminates the need for: external sniffer collectors and hop by hop logging into the network devices to do forensic analysis after the problem has occurred. The customer will save time and resources ($$)
  • Historic view of PoE. How has PoE changed landscape.
  • Cisco Catalyst 4500-E Innovations

    1. 1. Catalyst 4500 InnovationsEnables BYODSachin BansalSr. Product Manager, Catalyst 4K/3K/2K12th June 2012© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
    2. 2. Uncompromised Experience for Any Workspace Device Onboarding and One One One Guest Access Policy Management NetworkBasic Connectivity Unified Access © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
    3. 3. Core NetworkOne Network – Secure Access, Uncompromised User Experience CiscoPrime Unified Management ISE Unified Policy Context-aware Application Smart Security Optimization Operations • Profile devices, • Simulate application • Plug-n-play switches identify users traffic • Develop device, user, • Locate performance • Dynamically location, role & problems configure ports application context DESKTOP/NOTEBOOKS TABLETS • Apply policy based on • Analyze directly in the • Automatically context, everywhere network diagnose and report faults SMARTPHONES GAME/PRINTER THIN/VIRTUALCLIENTS • Segment user or • Store for trending and Scalable, Resilient Access • Program event based application groups capacity planning actions Unmatched Performance for Wired and Wireless Wireless Wired Unified Network© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
    4. 4. Identity and Policy One Policy Wired, Wireless, and VPN -- Managed & BYOD assetsSINGLE BUSINESS POLICY With MDM integration Central access to authorize access based on who, what,CONTEXT-BASED CONTROL when, where – with advanced segmentation Self-service on-boarding, with lifecycle guest handlingUSER-SPECIFIC SERVICES and context-based monitoring © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
    5. 5. Core NetworkAutomated Device Profiling DEVICE CLASSIFICATION Profiling for both wired and wireless devices ISE Access Point POLICY LAPTOP Video Phone Laptop Policy Video Phone Policy [place on VLAN X] [restricted access] CDP CDP LLDP LLDP DHCP DHCP MAC MAC The Solution Deployment Scenario with Cisco Device Sensor Device Profiling Collection—Switch Classification—ISE Authorization—ISE executes + Device Sensor collects device related classifies device, collects policy based on user and data and sends report to flow information and provides device device ISE usage report© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
    6. 6. Core Network Traditional Policies using ACLs Security Group Based Policy Table Individual Users Permissions Resources Policy Matrix Doctors Intranet Email Financial Patient D1 S1 ( Portal Server Servers Records ( Patient Web File D2 Records Doctor Web IMAP No Access Web File Share Share S2 ( Finance Web IMAP Web No Access D3 Full ( IT Admin Web, SQL, SSH Access SQL SQL Finance S3 Email D4 Intranet Doctor - Patient Record ACL ( permit tcp dst eq 443 permit tcp dst eq 80 permit tcp dst eq 445 D5 permit tcp dst eq 135 IT Admins ( deny ip S4 D6 Finance ( Time Consuming permit permit tcp S1 D1 eq https tcp S1 D1 eq 8081 Simple deny ip S1 D1 Manual …… Flexible …… Error Prone permit permit tcp S4 D6 eq https tcp S4 D6 eq 8081 Business Relevant deny ip S4 D6© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
    7. 7. Core Network Si Si Si Si Remote IT Prime Scheduler (Traffic Simulator based on IPSLA) The Solution Deployment Scenario—Cisco Catalyst 3K/4K Series Switch Automate Network Traffic simulator built into IT can monitor and test Includes a scheduler to run Readiness switch; no extra appliance remotely periodic test over extended needed durations© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
    8. 8. Core Network Si ? Si ? Si Si ? ? ? ? ? IT MediaTrace Prime Diagnostics, Logs The Solution Deployment Scenario Automate Monitoring and Mediatrace Hop by hop statistics Allows easy recreation of problems Troubleshooting automatically traces collected to find the problem with built-in traffic the mediapath node; enabled remotely simulator, yielding time and resource savings© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
    9. 9. Core Network Day0 Attacks SLA Detect Anomaly App. M&T Control Visibility With EEM Compliance Capacity Planning Integration Catalyst 4500E Flexible NetFlow TCP L2 L2 UDP IP IP, Ports IPv6 Multicast … Flags MAC VLAN Flags Options Campus Branch Mobility, Unified Communications, Network Virtualization Collector Ecosystem Benefits Catalyst 4500E Capabilities • Lower CAPEX • Unprecedented visibility w/ new L2~7 fields • Better insight for capacity planning, network upgrade • Scalable, flexible flow monitors • Lower OPEX • Better service and user experience • On-box Customizable policy action w/ EEM • Increased IT staff productivity • Broad collector partner ecosystem© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
    10. 10. Core Network SIMPLIFIED TROUBLESHOOTING Shipping • Built-in packet sniffer for remote troubleshooting IOSd Hosted Apps • Real-time capture and decode on Sup7-E • Capture and Display Data and Control Packets Features Wireshark Components • Storage options SD card or USB. Common Infrastructure / HA • Various display options Management Interface • Lightweight Text version ―T-Shark‖ Module Drivers Switch# show monitor capture file bootflash:nflow.pcap Kernel detailed Frame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal <..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits) <..SNIP..> [Protocols in frame: eth:ip:udp:data] Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
    11. 11. Core Network ISR or 3K (―Director‖), 4K, 6K Roadmap Access Switches Smart Install Auto Smart Ports Smart Call Home Zero Touch Deployments Plug and Play for End Devices Quickly Identify and and Maintenance Resolve Network Issues New Switch is Connected New Device Attached Anomaly Detected Software image downloaded; Configuration Port Configuration: Applied Proactive diagnostics automatically applied QoS Policy: Enforced Alert created in real-time Security Policy: Enforced Web-based reports Routed to correct TAC team Remediation initiated with EEM Cost Savings: $15,000 (or 230 Hours) per 100 Switches*© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
    12. 12. MARKET LEADERSHIP INDUSTRY LEADERSHIP 100M+ Ports Sold 48G/slot 700K+ Systems Flexible Netflow 70% PoE/PoEP Port share IOS-XE (3rd Party Apps) 70% Adoption by Top Cisco In Service Software Upgrade Customers (GET, Enterprise) EEE/ Cisco UPOE Lead Modular Access Platform Price/Performance Distribution Strategic Campus Platform© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
    13. 13. Unprecedented Switching Lifecycle All Linecards Can Be Reused With Newer Supervisor Cisco Catalyst 4500 E-Series 14 Years EOS EQL Cisco Catalyst 4500 (non-E) Maintain Support 11 Years EOS EQL Cisco Catalyst 4000 Maintain Support1999 2004 2007 2010 2015 2020 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
    14. 14. 4510R+E 4507R+E 4506-E 4503-EOptimized for Large Campus Optimized for Small/Mid Size Campus848Gbps Switching Capacity 520Gbps Switching Capacity4 x SFP+/SFP uplinks 2 x 10G SFP+/SFP uplink384 10/100/1000 Ports 240 10/100/1000 Ports100 10G SFP+ 62 10G SFP+ Copper Linecards Fiber Linecards High Density WS-X4748-RJ45-E WS-X4748-UPOE+E WS-X4624-SFP-E WS-X4712-SFP+E 48G • UPOE 60W, IEEE 802.3az • SFP+/SFP • 30W/port on all 48 ports Low Density WS-X4648-RJ45-E WS-X4648-RJ45V+E WS-X4612-SFP-E WS-X4606-X2-E 24G • 30W/port on 24 ports Data PoE 1G 10G 2HCY12 PWR-C45-1300ACV PWR-C45-2800ACV PWR-C45-4200ACV PWR-C45-6000ACV PWR-C45-9000ACV © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
    15. 15. SeamlessSoftware Upgrades—w/o Service Interruption Redundant Supervisors • Comprehensive, non-intrusive software upgrade solution STANDBY STANDBY ACTIVE ACTIVE • Transparent to end users — no loss of user sessions • Upgrades can be scheduled at anytime Card Card Card Line Line Line — even during business hours! ―Instead of having to prepare for two weeks for a planned outage, software updates with the Cisco Catalyst 4500 ISSU features in the new emergency department are absolutely transparent. We no longer have any downtime at all.‖© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
    16. 16. All specifications subject to change without notice A Historical Perspective 2000 2003 2007 2009 2011 7W 15W 30W 60WInline Power (PoE) (PoE+) (UPOE) Industry Standard: Industry Standard: IEEE 802.3af IEEE 802.3at (30W (15W PoE) PoE+) Cisco Innovations Drive Industry Standards© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
    17. 17. Thank you.