Cisco Catalyst Series Switches

Mauricio Martínez Systems Engineer, CCIE 17838

Cisco ® Catalyst ® Switches Overview

Cisco Catalyst 500, 2960, 3560-E, 3750-E

Intelligent Services

Summary

Protected … and Do All That Collaborative with Limited Staff and Budget? How do I How Can Protect We be More My Assets? Productive ?

How Can I How Can I Be Increase My More Adaptive ? Profitability ?

Connected Responsive

Simplicity and ease-of-use Increase network security Network transparency— make technology easier to deploy and control Pressure to reduce total cost of network ownership –Manage more with less Peace of Mind— (or individually) “The Networking Infrastructure Will Always –Future-proofed for the Be Available and Will next technology wave Always Work” –Expandable for future growth

Safe, Secure and Reliable Wired/Wireless Connections Connectivity

Networked Reliable and Efficient Application Delivery Organization Access to That’s Easy to Deploy Applications

Cost Savings in Terms of Time, Staff and Network Budget Convergence

Distribution/Core

Catalyst 6500

Catalyst 4500

Datacenter Access Catalyst 6500

Catalyst 4948

Blade Switches Wiring Closet Catalyst 6500 Catalyst 4500 Catalyst 3750-E Catalyst 3560-E and Catalyst 3750 Catalyst 2960 and Catalyst 3560 Catalyst Express Features, Scalability, Longevity Scalability, Features, Catalyst 2960

Small Medium-sized Large

Number of Employees/Density

Full Layer 3 Routing Cisco Catalyst 4948 10/100/1000 + 2 10GE wire speed switching Rack-optimized server switching Jumbo frame support Dual, hot swappable, internal power supplies Hot swappable fan tray Cisco Catalyst 3750-E and Catalyst 3750 Stackable 10/100 and GE configurations + 2 10GE Cisco StackWise™ Plus and StackWise technology Enterprise-class intelligent Layer 3/4 services Modular power supply with 3750-E PoE configurations with up to 15.4W on all 48 ports Cisco Catalyst 3560-E and Catalyst 3560 10/100 and GE configurations + 2 10GE Enterprise-class intelligent Layer 3/4 services Modular power supply with 3560-E PoE configurations with up to 15.4W on all 48 ports Layer 2 Intelligent Services Cisco Catalyst 2960 10/100 and 10/100/1000 Layer 2 switching Price-Performance 8, 24, and 48 port configurations with dual-purpose Gig uplinks PoE configurations with up to 15.4W up to 24 ports Entry level LAN Lite IOS and enhanced LAN Base IOS for intelligent services GUI-Managed Cisco Catalyst Express 500 Low-density, standalone, managed 10/100 switching Tailored for businesses with up to 250 users

Function, Flexibility, Scalability

Cisco ® Catalyst ® Switches Overview

Cisco Catalyst 500, 2960, 3560-E, 3750-E

Intelligent Services

Summary

Smart Future proof network with Cisco Technology and Power over Ethernet Ready for innovative technologies such as IP Telephony and Wireless LAN Integrated intelligence to detect network issues before they become problems

Simple Eliminate complexity with Cisco Network Assistant Easy to use Diagnostics via Troubleshooting Advisor Ease of deployment and management with Cisco Smartports Multiple Configurations Suited to SMB Needs (10/100, 10/100 Secure Easily customize network access level PoE or 10/100/1000) with Security Policy Slider Securely attach and install WLAN Access Points Encrypted Management

Catalyst Express 500-24TT Catalyst Express 500-24LC

• 24 10/100 ports • 20 10/100 ports • 2 10/100/1000Base-T ports • 4 10/100 PoE ports • 2 10/100/1000BT or SFP ports • 62W IEEE 802.3af / Cisco prestandard PoE

Catalyst Express 500-24PC Catalyst Express 500G-12TC

• 24 10/100 PoE ports • 8 10/100/1000BT ports • 2 10/100/1000BT/SFP ports • 4 10/100/1000BT or SFP ports • 370W IEEE 802.3af / Cisco pre-standard PoE

Fast Ethernet and Gigabit Ethernet in 8, 24, and 48 Fast Ethernet in 24 and 48 port configurations port configurations for entry-level enterprise and mid-market customers for small branch offices and wiring closets PoE configurations with up to 15.4W up to 24 ports Offers standard Layer 2 services with entry- Offers enhanced Layer 2+ intelligent LAN services: level availability, security, and QoS – Availability – Scalable and secure network management – Enhanced security Simplified management and troubleshooting – Advanced quality of service (QoS) for lower total cost of ownership Simplified management and troubleshooting for lower total cost of ownership Cisco Network Assistant and Cisco Cisco Network Assistant and Cisco Smartports Smartports Limited lifetime hardware warranty and software Limited lifetime hardware warranty and updates at no additional charge software updates at no additional charge

Uses Cisco ASICs for superior quality and hardware and software integration

C97-373923-01 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11 Cisco Catalyst 2960 LAN Base Series — Model Overview Catalyst ® 2960-24PC-L Catalyst 2960-24LT-L Catalyst 2960PD-8TT-L New New New 8 10/100/1000 ports 24 10/100 PoE ports 24 10/100 ports (8 PoE ports) 1 10/100/1000 PoE Input port 2 dual-purpose uplink ports 2 10/100/1000 uplink ports Compact form-factor with no fan Catalyst ® 2960G-24TC-L Catalyst 2960G-48TC-L Catalyst 2960G-8TC-L

7 10/100/1000 ports 20 10/100/1000 ports 44 10/100/1000 ports 1 dual-purpose uplink port 4 dual-purpose uplink ports 4 dual-purpose uplink ports Compact form-factor with no fan Catalyst 2960-24TC-L Catalyst 2960-48TC-L Catalyst 2960-8TC-L

8 10/100 ports 24 10/100 ports 48 10/100 ports 1 dual-purpose uplink port 2 dual-purpose uplink ports 2 dual-purpose uplink ports Compact form-factor with no fan

Catalyst 2960-24TT-L Catalyst 2960-48TT-L Software LAN Base Image Enterprise-class intelligent 24 10/100 ports 48 10/100 ports services: Advanced QoS, 2 10/100/1000 uplink ports 2 10/100/1000 uplink ports enhanced security, high availability

Only one port either SFP or 10/100/1000 Copper will be SFP A C active at any time. Copper B D Users can manually select the media type using “media-type [sfp] or [rj45] ” interface command Dual Purpose Uplink Validity or leave it to auto-select. Combination A B No SFP always gets the preference A C Yes on switch boot-up or when the A D Yes interface is enabled (shut/no shut). In all other cases which B C Yes ever media linkup first will be B D Yes selected as active media. C D No

Catalyst 2960 Catalyst 2960 SFP Transceiver LAN Base LAN Lite GLC-LH-SM Yes Yes

GLC-SX-MM Yes Yes

GLC-ZX-SM Yes No

GLC-T Yes* Yes

GLC-BX-D Yes No SFP GLC-BX-U

GLC-GE-100FX Yes* Yes GLC-FE-100FX

GLC-FE-100LX Yes No

GLC-FE-100BX-D Yes No GLC-FE-100BX-U LC Connectors 8 CWDM SFPs Yes No

*GLC-T and GLC-GE-100FX are not supported on the Catalyst 2960 Compact switches. For 100BASE-FX connectivity, use the GLC-FE-100FX instead.

Catalyst 2960-24TC-S Catalyst 2960-48TC-S

24 10/100 ports 48 10/100 ports 2 dual-purpose uplink ports 2 dual-purpose uplink ports

Catalyst 2960-24-S Software New LAN Lite Image

24 10/100 ports Entry level QoS, security, and availability with a focus on ease-of- use and lower total cost of ownership

Note: Catalyst 2960 Switches cannot be upgraded or downgraded between LAN Base and LAN Lite software.

Benefits Prepare the network for IP Telephony and Wireless access Eliminate the need for separate electrical wiring Protect your investment and avoid a costly upgrade Cisco pre-standard POE and 802.3af are fully supported Cisco IOS provides intelligent power management with granular control Wide selection of standards-based IEEE 802.3af powered devices –IP Phones –Wireless Access Points –Surveillance cameras –Access Card Readers

Meeting unique physical requirements of the office workspace, conference rooms, and classrooms, and micro branch offices

• Small size (H x W x D) 4.4cm x 27cm x 16-23cm • Flexible wall and under the desk mounting • Durable metal shell • Cable guard • Internal power supply and right angle power cord • Passive cooling (no fan) • Magnet included • Security locking slot • 19 inch rack mount option

Benefits Increases network availability Seamlessly provides backup power to network devices Modular power supplies and fan for flexibility and increased availability Management and configuration capabilities allow users to define and implement the failover policy Easier to Use Six RPS connectors—Up to 2 switches actively backed up Seamless failover to RPS 2300 when switch power supply fails RPS 2300 and switch can have separate AC sources Greater Modularity Uses the same 1150W and 750W power supplies as the Cisco Catalyst 3750E and 3560E switches Replaceable fan module

Note: The Catalyst 2960 LAN Lite Switches and Catalyst 2960 Compact Switches do not have RPS support. The Catalyst 2960 PoE switches require CAB-2300-E= which allows users to manage C97-373923-01RPS via© 2007 the Cisco Systems,switch. Inc. All rights reserved. Cisco Confidential 18 Catalyst 3750-E and 3560-E Series Switches Innovative Stacking 24 or 48 10/100/1000 ports with 2 Sets New Standards wire speed 10 Gigabit uplinks for Resiliency and 10 second 10 Gigabit upgrade Management Full Class 3 (15.4W) Power over Ethernet support on all 48 ports StackWise Plus: Backwards compatible, 64 Gbps and local switching Field replaceable power supply and fan Redundant power system support High performance IP routing

PoE and data only options Any 3750-E model can be connected with another through 24 10/100/1000T Ports + 2x 10GE StackWise Plus 3750-E models can be combined in a stack with existing 3750 48 10/100/1000T Ports + 2x 10GE models in a mixed stack

24 10/100/1000T Ports w/POE + 2x 10GE

48 10/100/1000T Ports w/POE + 2x 10GE

The 3560-E is for standalone deployments Similar features to the 3750-E, but 24 10/100/1000T Ports + 2x 10GE StackWise is removed –Same software features

–Same PoE options 48 10/100/1000T Ports + 2x 10GE

24 10/100/1000T Ports w/POE + 2x 10GE

48 10/100/1000T Ports w/POE + 2x 10GE

New

12-port 10 Gigabit Ethernet Aggregation switch 10 GE X2 Transceiver support: SR, LR, ER, CX4, LX4, LRM TwinGig Converter Module for mixed GE/10GE uplinks 60 Gbps; 90 Mpps 1 Rack Unit Front to back cooling Dynamic routing– EIGRP, OSPF, BGPv4 3 software license types

New Jan 2008

12 Gig SFP ports and 2 X2 10 GE ports Dual redundant FRU power supplies, with a DC option Redundant FRU fans Transceiver support –TwinGig Converter Module –10GE X2: SR, LR, ER, CX4, LX4, LRM Catalyst 3560-E IOS feature set

• 64Gbps Stacking Throughput* Unified Stacking, • Local switching Behaving As a Single Unit • Intelligently traffic forwarding • Backward compatible with the original StackWise • Fault-tolerant, Bi-directional stack interconnection • Automated Configuration & Management • Single network instance (IP, SNMP, CLI, STPProtocol , VLAN) • Master/secondary architecture with master failover • Cross-Stack EtherChannel®, cross-stack QoS

* For typical traffic patterns, actual performance may be higher or lower

Two 10GE uplink interfaces Wire rate forwarding performance Supported X2 Transceivers –SR (MMF) –LR (SMF 10km) –ER (SMF 40km) –CX4 (Copper) –LX4 (MMF - 300m SMF - 10km)

TwinGig Adapter converts an X2 interface into dual SFP interfaces All SFPs supported on 3750 platform are supported with the TwinGig Adapter TwinGig Adapters are hot swappable with X2 modules

Local Switching C E F D

24 or 48 ports wire speed 1 No packets traverse StackWise connections 2 4 StackWise Plus StackWise3 Plus Ring

2 Ingress Policing 1 Egress queuing and 3 load balancing

Destination switch 4 removes packets and A B delivers them

Cisco ® Catalyst ® Switches Overview

Cisco Catalyst 500, 2960, 3560-E, 3750-E

Intelligent Services

Summary

Intelligent Switching is a Common Foundation of Capabilities across Cisco ® Catalyst ® Switches

Performance, QoS Security Manageability Availability Layer 2, 3, 4 access End-to-end manageability Layer 2, 3, 4 control for centralized Wire-speed classification forwarding Identity-based administration Policing and shaping authentication No performance Web-based or command- effect with all Multiple queues Management security line interface (CLI) services enabled Granular control Admission control Analysis and planning tools

* IP TCP/UDP MAC DA MAC SA802.1Q/1p Length Header TOS… IP SA IP DA … DATA Header Info

Layer 2 Info Layer 3 Info Layer 4 Info

Layer 2 switches are limited to the processing and forwarding of Layer 2 information. Multilayer switches can look deeper into the frame => intelligent decisions based on Layer 3 or Layer 4 information. Examples of why this scenario is useful: Preserve bandwidth by limiting traffic based on a user’s IP address. Preserve bandwidth by limiting traffic based on applications using a constant TCP/UDP port number—Web browsing, enterprise resource planning (ERP) applications, etc. Prevent access to network resources based on user’s IP address. Classify and mark traffic based on Layer 3 QoS (DSCP). Cisco ® innovative ASICs with Cisco IOS ® Software integration enable superior intelligent services that will not bottleneck the network.

Features Layer 2, 3, 4 traffic classification Shaping, sharing, and policing Granular control Advanced QoS Wire-speed performance Benefits Security Manage bandwidth to meet business priorities Availability Maintain performance for time-sensitive applications Manageability Better meet defined SLAs Suffer no performance degradation with services enabled

Aggregation Speed Mismatch LAN to WAN

10 Mbps 10 Mbps

1000 Mbps 64 kbps

Points of aggregation Links and buffers Points of substantial speed mismatch Transmit buffers tend to fill (TCP windowing) Buffering reduces loss, introduces delay

Data Mission- Voice Video (Best-Effort) Critical Data Low to Moderate to Moderate to Low to Bandwidth Moderate High High Moderate Random Drop Low Low High High Sensitivity Delay Moderate to High High Low Sensitivity High Jitter Low to High High Low Sensitivity Moderate

Traffic Classification and Marking for Differentiated Services Per-Port or Individual/Aggregate Flow Classification and Rewriting of MAC Address, 802.1p CoS/DSCP, IP Address, and TCP/UDP Port

Ingress Queue 1 Egress Queuing/ Queuing/ Ingress Queue 2 RX Classify Mark Scheduling Scheduling TX Police Congestion Queue 3 Congestion Control Queue 4 Control

Admission Control Advanced Traffic Shaping and Scheduling Prevent Network Congestion Four Queues per Port Input and Output Policing Shaped Round Robin per Port Strict Priority Queuing

“I See You’re an IP Phone, 1 So I Will Trust Your CoS” PC VLAN = 10

Phone VLAN = 110

TRUST BOUNDARY 4 2 “CoS 5 = DSCP 46 ” “Voice = 5, Signaling = 3 ” “CoS 3 = DSCP 24 ” “CoS 0 = DSCP 0 ” All PC Traffic Is Reset to CoS 0 3 PC Sets CoS to 5 for All Traffic 1 Switch and Phone Exchange CDP; Trust Boundary Is Extended to IP Phone 2 Phone Sets CoS to 5 for VoIP and to 3 for Call-Signaling Traffic 3 Phone Rewrites CoS from PC Port to 0 4 Switch Trusts CoS from Phone and Maps CoS DSCP for Output Queuing

Service Level TCP/IP VoIP Network Availability Agreements Health Monitor Performance Monitoring Assessment (SLA’s)

Measurement Metrics

Packet Network Dist. of Connection Loss Elapsed Time Latency Loss Jitter Stats (Reachability)

Operations

Jitter FTP DNS DHCP DLSW ICMP UDP TCP HTTP LDP H.323 SIP G711 G729

Defined Packet Size, Spacing COS and Protocol IP Server

Source IP SLA MIB Data Active Generated Traffic Destination to measure the network IP SLA IP SLA Catalyst 2960 Responder C97-373923-01 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35 Cisco Catalyst Intelligent Switching Infrastructure

Features Identity-based authentication Wire-speed access control lists Controlled access to system Advanced QoS maintenance Integrated security services Security Benefits Authenticate and control access Availability based upon user identity Protect critical business assets Manageability Prevent downtime Prevent network attacks from within

Secure Connectivity Threat Defense Trust and Identity

Man-in-Middle Attack Mitigation: Port Security, DHCP Snooping SSL

Scavenger-Class QoS SSH SNMPv3 Si Si Si Si Identity-Based Networking L2-4 ACLs (802.1x extensions) Private VLAN Edge Si

Quarantine VLAN (remediation) Web and MAC Based Cisco ® Trust Agent Authentication Network Admission Control

Viruses, worms, spyware, etc. still #1 cause of financial loss*. Downtime, recovery, lost productivity, credibility, legal implications.

Users routinely authenticated, but...

Endpoint devices (laptops, PCs, PDAs) are not checked for security policy compliance.

Unprotected endpoints spread infection. Required security software not installed, disabled, or out of date “Endpoint systems are vulnerable Checking for compliance is difficult and represent the most likely point of and expensive. infection from which a virus or worm can spread rapidly and cause serious disruption and economic damage. ” —Burton Group *2005 FBI/CSI Report

What It Does: Benefits: Allows or denies access Prevents unauthorized access based on the source or to servers and applications destination address Allows designated users to Restricts users to access specified servers designated areas of the Takes advantage of TCAMs, network, blocking enabling wire speed performance unauthorized access to all other applications and Forwarding performance not compromised by ACLs because information lookups are done in hardware Provides ability to access control all packets, either internally bridged within a VLAN or routed between VLANs

How It Works: The ACL provides a mechanism to protect servers, users, and applications against worms by determining what traffic streams or users can access what ports. Port 1434

Internal Network

Using ACLs, the virus or worm is not able to replicate from its hosts.

® Network Instability Unauthorized Cisco Secure ACS Unauthorized Switch Switch BPDU Guard

Incorrect Root Guard STP Info Enterprise Enterprise Server Server Authorized Authorized Switch Switch Problem: Solution: Well-intentioned users place Cisco Catalyst ® Switches support unauthorized network devices on the rogue BPDU filtering: BPDU Guard, network, possibly causing instability. Root Guard

Secure Shell (SSH) Protocol SSH encrypts administration traffic during Telnet sessions while configuring or troubleshooting switches. Secure Sockets Layer (SSL) SSL encrypts network management traffic, allowing the secure use of tools such as the Cisco ® Network Assistant. SNMPv3 (with crypto support) Encrypted Data SNMPv3 provides network security by encrypting administrator traffic during SNMP session to configure or troubleshoot switches. Kerberos Kerberos authenticates users and network services using a trusted third party to perform secure verification. Secure Copy SCP provides a secure and authenticated method for copying switch configurations or switch image files. SCP relies on SSH.

00:0e:00:aa:aa:aa Only 3 MAC 00:0e:00:bb:bb:bb Addresses Allowed on the 250,000 Bogus Port: Shutdown MAC addresses per Second

Problem: Solution: “Script Kiddie” Hacking Tools Enable Port Security Limits MAC Flooding Attackers’ Flood Switch CAM Tables Attack and Locks Down Port and with Bogus MAC Addresses, Turning Sends an SNMP Trap the VLAN into a “Hub” and Eliminating switchport port-security Privacy switchport port-security maximum 3 Switch CAM Table Limit Is Finite switchport port-security violation restrict switchport port-security aging time 2 Number of MAC Addresses switchport port-security aging type inactivity

Scenario – IP phone + host on same switch port

Port security & STP violations are Si Si now VLAN/voice aware Violations for the host only affect “data” VLAN Only affected VLAN is placed in error disable state Voice VLAN remains unaffected Improves network availability

Rogue DHCP Offer DHCP IP: 10.1.1.20/24 Server GW: 10.1.1.1 DNS: 192.168.1.122 √ DHCP Server User Ports DHCP Discovery Untrusted Broadcast Victim Problem: Solution Malicious user pretends to be the network Do not trust user ports so DHCP server. only DHCP requests can Misconfigured user starts up a DHCP server be sent. incorrectly. Snoop DHCP information Malicious user can send out bogus address, for integrity. deplete the address space, or spoof the default gateway.

What It Does: Switch forwards only DHCP DHCP Snooping Enabled requests from untrusted access ports, and drops all other types Si Trusted of DHCP traffic. DHCP t s e snooping allows only u q designated DHCP ports or e D R H DHCP P C uplink ports trusted to relay C P Server DHCP messages. It builds H Untrusted X A D X C a DHCP binding table K containing client IP address, √ client MAC address, port, and VLAN number. Benefit: DHCP DHCP snooping eliminates Client rogue devices from behaving Rogue Server as the DHCP server .

What It Does: Using the 802.1x Standard with Cisco ® Enhancements, the Network Grants Privileges Based on User Login Information, Regardless of the User’s Location or Device.

Benefits: Allows different people to use the same PC and have different capabilities. Ensures that users get only their designated privileges, no matter how they are logged into the network. Reports unauthorized access.

How It Works: All users trying to enter the network must receive authorization based on their personal username and password.

Valid Username RADIUS Valid Password Server

Yes TACACS+ or RADIUS No

Equivalent to placing a security guard at each Invalid Username switch port. Invalid Password Only authorized users can get network access. Client Unauthorized users can be locked out or Accessing placed into “guest” VLANs. Switch These services prevent unauthorized or “rogue” access points.

Restrict users to a specified RADIUS VLAN to limit their network 2. Authentication ok, access. assign VLAN3 and ACL14 to Accountant Standard 802.1X- on port5 authenticated ports are 1. User ok? assigned to a VLAN based on the username of the client connected to that port. 802.1x Switched LAN The RADIUS server database Requires maintains the username-to- Marketing Mgr: 802.1x Clients VLAN mappings. Is on Marketing VLAN, and cannot access any finance or Authentication is similar to accounting servers VMPS/VQP function, except Finance Mgr: Is on Finance VLAN it uses 802.1x/RADIUS as and can access all the authentication finance and accounting servers. mechanism. Accountant: Is on Finance VLAN but can access only accounting server.

PC Needs to Authenticate with 802.1x

Voice Traffic Allowed through Cisco Discovery Protocol

When the switch recognizes through Cisco ® Discovery Protocol that a Cisco phone is attached to the port, voice traffic is allowed onto the auxiliary VLAN without the authentication of the supplicant on the primary VLAN. The non-IP phone supplicant (PC) connected to the port is authenticated through 802.1x and uses the PVID. The IP phone has access to the VVID for its voice traffic irrespective of the authorized or unauthorized state of the port.

Cisco’s experience and leadership make 802.1x integrated and deployable through Identity Based Network Services 802.1x with Integrated Port Security 802.1x Wake on LAN 802.1x with Dynamic VLAN assignment 802.1x with Guest VLAN 802.1x with Voice VLAN ID Support 802.1x with Dynamic ACLs 802.1x MAC Auth Bypass 802.1x Auth-Fail-VLAN 802.1x AAA-Fail-Open 802.1x MIB and Accounting 802.1x Web Based Proxy 802.1x Readiness Check

Features Wire-speed forwarding No performance effect with all services enabled

Advanced QoS Load balancing Redundancy Security Benefits Network remains operable Availability despite failures Defined SLAs can be met Manageability Offers business resiliency Reduces maintenance cost

Wire-speed, high- 35 Mpps touch services with no performance hit: Hardware Services 512 QoS policies Software-Based 1024 security policies Services 64 policers Packet Drop, Cache 4 queues per port Misses, CPU Overload

Services Load, for Example, ACLs, QoS, and Multicast

Achieve Layer 2 redundancy without requiring STP (Spanning Tree Protocol) Si Si Access switches with backup links to Distribution switches—deployed as Flex link pair Si Si Fast convergence upon forwarding Distribution link failover Sub 100msec cut over Convergence time independent of number of VLANs and MAC- Access addresses

Cat6K Cat6K

1. Primary link down detected (24msec poll) 2. Backup link √ becomes the X active link Active Link Backup Link

Catalyst 2960

MSTP MSTP Flexlink Flexlink

VLANs Macs UpStrm DnStrm UpStrm DnStrm 1 2 144 143 19 31

32 1280 1033 1231 20 199

64 2560 1581 1899 45 590

128 3840 2423 3022 16 633

1000 6000 7507 8454 46 4820

(in milliseconds)

Primary link down detected Backup carries X VLANs 60, 50, 20 Primary Link - Backup Link - Carries VLANs 60, 50 carries VLAN 20 gi2/0/6 gi2/0/8

Cat2960

IGMP snooping used Multicast Servers (Source) for managing group membership information

Per-port broadcast, multicast, and unicast storm control LAN

Multicast VLAN registration

Virtual Trunking Protocol pruning

Hosts (Receivers or Groups)

Features End-to-end manageability through common set of management tools Centralized administration Advanced QoS and software upgrades Web-based access Security Benefits

Availability Simplify implementation, troubleshooting, and upgrades Reduce operational costs Manageability Simplify intelligent service implementation Reduce maintenance cost

Layer1 Troubleshooting tool TDR helps to determine: The length of a cable Whether the cable is correctly wired internally (pin-to-pin wire mapping) Whether the cable contains a short circuit (wires touching each other through damaged or missing insulation) Whether the cable contains a broken wire (called an “open”) Whether the cable suffers from electrical cross talk (interference). CISCO-CABLE-DIAG-MIB

P Cable P O O R R T Fault T

Tens of thousands of devices WAN Manager Service provisioning Global WANs Cisco ® IGX, BPX ®, and MGX ® Switches only

CiscoWorks LAN Thousands of devices Management Service management Solution (LMS) WANs and LANs Price-Performance Cisco Network Assistant Up to 40 switches and routers

Free Catalyst Device Manager One switch, initial setup only Function and Flexibility Small and Enterprise Service Provider Medium Business *Small Network Management Solution (SNMS) C97-373923-01 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61 Management Interfaces

Cisco Catalyst Device Manager Cisco Network Assistant

Manages a single device Manages a 40-device SMB network Web-based—HTML Router, switch, IP phone, wireless… Web-based—Java

Multi-product, multi-technology management tool Supports up to 40 devices Switches, Routers and Firewalls and unlimited IP Phones and Access points Interactive topology and front panel views Configuration, Monitoring, Troubleshooting & Network Optimization Highlight your VLANs, Telnet to devices, Drag-n-Drop IOS upgrades Localized in French, Italian, German, Spanish, Chinese and Japanese Free download www.cisco.com/go/cna

Benefits Cisco ® Smartports allows for Simple Simplified feature deployment and accurate deployment of high-value Less chance of errors network-optimizing intelligent features. Deployment consistency across the network Greater value from Internet Intranet the intelligent network through Increased feature usage What It Does Preconfigured macros enables fast and easy configuration of advanced Cisco Catalyst ®

intelligent capabilities Si Si Quickly enables QoS, security, and availability features with a single command Offers granular flexibility on a per- port basis Offers ability to create customized macros

C97-373923-01 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 64 Cisco Smartports From This: To This: Global Commands failureserrdisable recovery cause link-flap errdisable recovery cause udld errdisable recovery interval 60 vtp domain [smartports] vtp mode transparent udld aggressive spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id

Interface Commands default interface range FastEthernet[1]/0/[1–48] interface range FastEthernet[1]/0/[1–48] switchport access vlan [data] switchport mode access switchport voice vlan [voice] switchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity auto qos voip cisco-phone spanning-tree portfast spanning-tree bpduguard enable

Cisco ® Catalyst ® Switches Overview

Cisco Catalyst 2960 Product Overview

Intelligent Services

Summary

C97-373923-01 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66 Pushing the Technology Curve Cisco Technology Innovator $4 billion R&D investment annually Over 100 companies acquired 17,000 engineers in 10 global labs More than 2,300 patents in last 10 years PISA Inline Power StackWise EtherChannel GOLD Modular IOS SLA IOS Twin CDP Tag NetFlow Switching DAI DHCP Gig HSRP RSRB ISL MISTP Snooping EEM ISSU

1990 1995 2000 2005 802.1q MPLS DLSw IPFix VRRP 802.3ad LLDP 802.1s 802.af

Cisco employees chair over 20 IETF working groups and are on IEEE committees

Cisco Contributing to Standards