Cisco Catalyst Switch Guide - DePaul University

Intelligent Switching for the Evolving NetworkMODUL AR SWITCHESF I X E D - C O N F I G U R AT I O N S W I T C H E SCisco Catalyst 6500 SeriesCisco Catalyst 4500 SeriesCisco Catalyst 4900 SeriesCisco Catalyst 3750-E SeriesCisco Catalyst 3750 SeriesCisco Catalyst 3560-E SeriesOptimized for secure, convergedvoice, video, and data networks, theCatalyst 6500 offers industry-leadingscalability (32 Gbps to 720 Gbps),multi-gigabit application intelligence,operational manageability, andvirtualization to meet the needsof enterprises, medium-sizedbusinesses, and service providers.Midrange modular platform offeringLayer 2 – 4 switching intelligentnetwork services up to 136 Gbps,and added investment protection forenterprises, small- to medium-sizedbusinesses, and service providers.Fixed-configuration switches offeringhigh-performance and highest availabilityin a 1-RU configuration, optimized for datacenter top of rack server aggregation.Stackable switches offering multilayerswitching and the enhanced Cisco StackWise Plus technology for enterprise branch officesand mid-market organizations.Stackable switches offering multilayerswitching and Cisco StackWise technology for enterprise branch officesand mid-market organizations.Fixed-configuration switches combiningGigabit Ethernet connectivity and PoE forenterprise LAN access and branch offices. Standalone fixed-configuration forlow-latency and wire-speed switching Stackable fixed-configuration switchesfeaturing Cisco StackWise Plus technology,a 64 Gbps interconnect for a unified, resilientsystem of up to nine switches (including CiscoCatalyst 3750 Series switches) Stackable fixed-configuration switchesfeaturing Cisco StackWise technology,a 32 Gbps interconnect for a unified,resilient system of up to nine switches Flexible Options: Modular 3-, 4-, 6-,9-, and 13-slot chassis all supportredundant supervisors; LAN/WANservice modules; modular Powerover Ethernet (PoE) up to 420IEEE 802.3af Class 3 (15.4W) PoEdevices, and forwarding engines Stateful Application Intelligence:Hardware accelerated NetworkBased Application Recognition (NBAR) Highest Availability: Cisco IOSSoftware Modularity featuringsubsystem In Service SoftwareUpgrades (ISSUs); Generic OnlineDiagnostics (GOLD) Comprehensive Security:H/W accelerated Flexible PacketMatching, H/W-based Control PlanePolicing (CoPP); integrated H/WNetFlow; 802.1x enhancements;firewall; intrusion prevention andanomaly detection modules Enhanced Manageability:Subsystem ISSU with IOSmodularity; integrated TDR;Encapsulated Remote Span(ERSPAN); Embedded EventManager (EEM); Network AnalysisModule (NAM); CiscoWorks; CNA Highest Port Densities: Up to 115210/100 ports, 577 10/100/1000ports, 410 SFP Gigabit Ethernetports, or 64 10 Gigabit Ethernet(10GbE) ports IP Communications: Highestintegrated PoE density; TDM/Analog gateway and mediaservices; industry-leadingscalability and quality for voiceand video applications Integrated Service Modules:Accelerated IT performancewith simplified architectures andintegrated wireless technologies WAN Aggregation: Extensivechoice of WAN interfaces fromDSO to OC-192, FE, GbE and10GbE; MPLS; VPLS; H-VPLS4From edge to core, Cisco Catalyst switches provide the performance, high availability,comprehensive security, delivery optimization, and enhanced manageability needed to getthe most out of your network for years to come. Investment Protection:Evolutionary centralized modulararchitecture with functionallytransparent line cards allow foreasy upgrade of all system portsto higher level functions with asupervisor upgrade Flexible Options: Modular 3- and6-slot single supervisor chassisand 7- and 10-slot redundantsupervisor chassis supportingnumerous connectivity andservice configurations Layer 2 – 4 switching and intelligentservices with dynamic IP routing and IPv6 Up to 48 10/100/1000 ports with four SFPports or 48 10/100/1000 ports with two10GbE ports Dual, hot-swappable internal AC or DCpower supplies Hot-swappable fan trays Comprehensive Management:CiscoWorks; CNA; RSPAN; TDRand NetFlow High Port Density: Up to 384 FastEthernet or Gigabit Ethernet portsavailable in copper or fiber with10 Gigabit uplinks; PoE (Ciscopre-standard and IEEE 802.3af) Gigabit Ethernet and upgradeable GigabitEthernet to 10GbE connectivity Up to 48 10/100/1000 ports plus two 10GbEX2 ports per stackable switch or four GbEports Integrated PoE (Cisco pre-standard andIEEE 802.3af); up to 48 ports with 15.4 watts Highest Availability: Redundantsupervisor engines with InService Software Upgrade(ISSU), Non-stop Forwarding/Stateful Switchover (NSF/SSO)offering 50ms failover; redundantpower supplies with power circuitredundancy; hot-swappable fantrays with redundant fans Comprehensive Security:Integrated Network AdmissionControl (NAC) and 802.1x,H/W-based Control Plane Policing(CoPP); integrated man-in-themiddle and DoS attack mitigation;NetFlow; access control lists andSSH Layer 2–4 switching and intelligent serviceswith dynamic IP routing and IPv6 AC power supply failure protection withexternal power system Layer 2 – 4 switching and intelligentservices with dynamic IP routing andIPv6 Fast Ethernet, Gigabit Ethernet and10GbE connectivity Up to 48 10/100/1000 ports plusfour SFP ports per stackable switch Integrated PoE (Cisco pre-standardand IEEE 802.3af); up to 24 ports with15.4 watts or 48 ports with 7.3 watts AC power supply failure protectionwith external power supply Standalone fixed-configurationswitches Layer 2 – 4 switching and intelligentservices with dynamic IP routing andIPv6 Gigabit Ethernet and upgradableGigabit Ethernet to 10GbE uplinks Up to 48 10/100/1000 ports plus two10GbE X2 ports per stackable switch or4 Gigabit Ethernet ports Integrated full PoE (Cisco pre-standardand IEEE 802.3af); up to 48 ports with15.4 watts AC power supply failure protection withexternal power systemCisco Catalyst 3560 SeriesCisco Catalyst 2960 SeriesCisco Catalyst 2950 SeriesCisco Catalyst 2940 SeriesFixed-configuration switches combiningGigabit Ethernet connectivity and PoE forenterprise LAN access and branch offices.Fixed-configuration switches offering FastEthernet and Gigabit Ethernet connectivitywith enhanced LAN services for mid-marketand branch office networks.Fixed-configuration switches offering FastEthernet and Gigabit Ethernet connectivityfor branch offices, small wiring closets, andindustrial deployments.Compact fixed-configuration switches withFast Ethernet connectivity for workgroups,conference rooms, and classrooms. Standalone fixed-configuration switches Standalone fixed-configuration switches Standalone fixed-configuration Layer 2switches with no fan Layer 2 switching with intelligentLayer 2 – 4 services Layer 2 switching with intelligent Layer2 – 4 services Fast Ethernet connectivity with GigabitEthernet Uplinks Fast Ethernet and Gigabit Ethernetconnectivity Fast Ethernet connectivity with GigabitEthernet Uplinks Up to 48 10/100 ports or 10/100/1000ports Up to 48 10/100 ports Standalone fixed-configuration switches Layer 2 – 4 switching and intelligentservices with dynamic IP routing and IPv6 Fast Ethernet and Gigabit Ethernetconnectivity Up to 48 10/100/1000 ports plusfour SFP ports Integrated PoE (Cisco pre-standard andIEEE 802.3af); up to 24 ports with 15.4 wattsor 48 ports with 7.3 watts AC power supply failure protection withexternal power supply Compact Fast Ethernet PoE with no fan AC power supply failure protection withexternal power supply Compact Fast Ethernet and GigabitEthernet switches with no fan AC power supply failure protectionwith external power supply; DC poweroption available Up to eight 10/100 portsCisco Catalyst Express 500 SeriesCisco-class switches that simplifyadvanced services and IP Communicationsfor businesses with 20 to 250 employees. Standalone fixed-configurationLayer 2 switches Fast Ethernet and Gigabit Ethernetconnectivity Up to 24 10/100 ports with optional PoEor 12 10/100/1000 ports5

TECHNOLOGY SPOTLIGHTThe architectural foundation of ServicesOriented Network Architecture.Cisco Systems offers the industry’s most complete range ofswitching solutions, supporting a wide variety of deploymentCisco Catalyst switches provide an architectural foundation for the intelligentservices that enable new applications and uses for the network. Key elements include:requirements in networks of every size. Yet Cisco CatalystHardware Integrationswitches are much more than a collection of point products toAt the core of Cisco’s hardware integration isapplication-specific integrated circuit (ASIC)innovation. Cisco has developed more than onehundred ASICs for the Cisco Catalyst switchingfamily since 1995, with each generationincluding more capabilities. For example,Cisco was the first vendor to integrate Layer 3switching into hardware, and has gone on tointegrate security access control lists (ACLs),quality of service (QoS) classification, andqueuing across the entire Cisco Catalyst line.Cisco is also the only switching vendor to offerhardware-based services modules, whichintegrate key functions such as firewalling,content networking, and network analysisdirectly into Catalyst 6500 switches.meet isolated IT needs; they are part of an integrated approachto the broader goals of protecting, optimizing, and growingnetworks for years to come.Predictable Performance6YkVcXZY IZX]cdad\n Hdaji dch ciZaa \Zci HZgk XZh 6gX] iZXijgVa ;djcYVi dc 6YkVcXZY IZX]cdad\n Hdaji dch ciZaa \ZciHZgk XZh66gX] iZXijgVa ;djcYVi dc E 8dbbjc XVi dch ciZ\gViZY HZXjg in L gZaZhh BdW a in 6kV aVW a in GZh a ZcXn VgYlVgZ ciZ\gVi dc \VW i &% \VW i :i]ZgcZi E 8dbbjc XVi dch ciZ\gViZY HZXjg in 9Za kZgn Dei b oVi dc VgYlVgZ ciZ\gVi dc \VW i &% \VW i :i]ZgcZi :c]VcXZY BVcV\ZVW a in EgZY XiVWaZ EZg[dgbVcXZ ciZ\gViZY EdlZg dkZg :i]ZgcZi Ed: L gZaZhh BdW a in 6kV aVW a in GZh a ZcXn 9ViV HZgk XZh VcY HidgV\Z 9Za kZgn Dei b oVi dc 9ViV HZgk XZh VcY HidgV\Z :c]VcXZY BVcV\ZVW a in EgZY XiVWaZ EZg[dgbVcXZ ciZ\gViZY EdlZg dkZg :i]ZgcZi Ed: Cisco offers among the highest performancemodular and stackable switches in theindustry, but throughput alone is not enough.Organizations need to be assured of predictableperformance, regardless of variables likecongestion, traffic type, or the use of softwareor hardware-enabled services. That’s whyall Cisco Catalyst switches are designed tomaintain predictable performance through aunique combination of mechanisms, includingCisco Express Forwarding (CEF), TernaryContent Addressable Memory (TCAM), buffering,and congestion management. This ensures thatnetwork managers can enable complex featureswithout fear of losing speed in their networks.Unified Network ServicesScaling rich media applications, voice, video,and data on a single network requires acomprehensive approach to network services.The Catalyst portfolio leads the industry inGigabit and 10 Gigabit Ethernet (10GbE) portdensity. Desktop Gigabit Ethernet, also called10/100/1000, provides investment protectionfor future connectivity needs while alsomaking use of the “free” LAN-on-motherboardsolutions shipping on most new desktop andlaptop computers. Similarly, 10GbE is beingrapidly adopted in many enterprise networks,particularly in the network core, distribution,and in data center networks. Another keyconsideration is Power over Ethernet (PoE),which simplifies the deployment of devicessuch as IP phones and wireless accesspoints. PoE eliminates the need for additionalpower cabling. Cisco drove the 802.3afpower standard through IEEE and today offersextensions to the IEEE standard through the useof intelligent power management. In keepingwith Cisco’s evolutionary approach, the CiscoCatalyst line includes switches that supportboth pre-standard inline power as well asIEEE 802.3af-compliant devices, enabling ourcustomers to deploy new technology whilecontinuing to make the most of past investments.Cisco offers the highest density of IEEE 802.3afPoE devices (up to 420) in a single chassis withfull power redundancy.VirtualizationCisco Catalyst Series switches offer a widevariety of technologies that enable the scalingof a single physical network into multiple, logicalnetworks. Identity services such as 802.1x andNetwork Admission Control (NAC) ensure usersare able to access appropriate resources. Pathisolation technologies provide a means fortraffic isolation. These include Generic RouteEncapsulation (GRE), Virtual Route Forwarding(VRF) and Multiprotocol Label Switching (MPLS).Additionally, service modules such as theApplication Control Engine (ACE) for the Catalyst6500 can be virtualized to offer up to 256different instances.7

TECHNOLOGY SPOTLIGHTEnd-to-end intelligent switchingfor today’s converged network services.The LAN switching infrastructure connects users, applications,and communications systems together. That basic task has becomemuch more challenging as the variety and complexity of networkuses have increased. Cisco Catalyst switches provide the intelligent6YkVcXZY IZX]cdad\n 9ViV HZgk XZh VcY HidgV\Z servicesrequired E 8dbbjc XVi dch to create secure,L gZaZhh BdW a in resilient networksthat optimizeHdaji dch the deliveryof disparateeasy to configure, ciZaa \Zci ciZ\gViZY services, 6kV aVW a in yet remain9Za kZgn :c]VcXZY HZgk XZh HZXjg in manage, and troubleshoot.6gX] iZXijgVa ;djcYVi dc 6YkVcXZY IZX]cdad\n Hdaji dch ciZaa \ZciHZgk XZh6gX] iZXijgVa ;djcYVi dc 8GZh a ZcXn VgYlVgZ ciZ\gVi dc \VW i &% \VW i :i]ZgcZi E 8dbbjc XVi dch ciZ\gViZY HZXjg in Dei b oVi dc EgZY XiVWaZ EZg[dgbVcXZ ciZ\gViZY EdlZg dkZg :i]ZgcZi Ed: L gZaZhh BdW a in 6kV aVW a in GZh a ZcXn VgYlVgZ ciZ\gVi dc \VW i &% \VW i :i]ZgcZi BVcV\ZVW a in 9Za kZgn Dei b oVi dc 9ViV HZgk XZh VcY HidgV\Z :c]VcXZY BVcV\ZVW a in EgZY XiVWaZ EZg[dgbVcXZ ciZ\gViZY EdlZg dkZg :i]ZgcZi Ed: Cisco Catalyst switches support today’s technology trends and business goalsthrough a unique combination of intelligent capabilities. Major advantages include:Integrated SecurityApplication IntelligenceCisco Catalyst switches help make networksself-defending. Encrypted passwords, multilevelaccount privileges, and authentication protocolsprevent unauthorized network access—aproblem exacerbated by the rapid adoptionof wireless networking. The switches canalso prevent devices from connecting if theyfail to meet certain criteria, such as havingthe latest antivirus software. Users can beseparated into private subnets to permit varyinglevels of access. Other features enable theswitches to protect themselves from wormsand denial-of-service (DoS) attacks, preventrouting and spanning tree information from beingspoofed, and ensure malicious users can’t stealconfidential information, either from the companyor from other employees. Flexible PacketMatching (FPM) also provides protection againstnotable worms and viruses and day zero attacks.Today’s networks must be intelligent andadaptable enough to meet the varyingrequirements of converged data, voice, video,and storage traffic. Cisco Catalyst switchesoptimize the delivery of disparate traffictypes using four key technologies: statefulapplication intelligence (SAI), quality of service(QoS), multicast, and content switching. SAIprovides IT managers with visibility intoapplication bandwidth requirements on thenetwork. SAI also gives IT managers the powerto take control of application performance byprioritizing, deprioritizing, limiting or blockingtraffic based on application type. QoS allowsnetwork managers to prioritize traffic andensure low-latency traffic, such as voice, getshandled accordingly. Multicast makes it muchmore efficient to deliver video or music on-holdto multiple points on the network, reducingthe burden on servers. The Cisco Catalyst6500 Series Content Switching Module addsadvanced Layer 4–7 load balancing to theCatalyst line’s existing Layer 2 and 3 features,further optimizing service delivery.Non-Stop CommunicationsCisco Catalyst switches help maintain thehighest levels of network availability andresiliency. Each switch is designed to protectitself from hardware, software, power, orconnection failures—or at the very least,minimize recovery times by enabling redundantbackup systems and protocols to take over inas little as a millisecond. The switches arealso designed to increase resiliency on anetwork-wide level, utilizing an array of Ciscoinnovations to recover from device, link, orprotocol failures and maintain uninterruptedaccess. Integrated security features also playa role in preserving availability in the event ofincidents like DoS attacks. Conversely, resilientdesigns help networks recover faster fromsecurity breaches, or even nullify their impact.Operational ManageabilityAll Cisco Catalyst switches offer enhancedcapabilities that make them much easier toconfigure, manage, and troubleshoot. Theseinclude wizards that automatically configureswitches, integrated Web-based managementtools, device discovery and intelligent powermanagement features for PoE equipment suchas IP phones and wireless access points, andan array of data collection and analysis tools.The benefits are real-time visibility, fasterresponse and repair times, more adaptive policymanagement, and reduced cost and complexity.In the case of the Cisco Catalyst 6500 Series,optional Network Analysis Modules (NAMs)embed a rich set of management features on asingle blade, providing volumes of performanceinformation without burdening the switch itself.9

Cisco Catalyst Switches: FEATURE COMPARISONMODUL AR SWITCHESF I X E D - C O N F I G U R AT I O N S W I T C H E SCatalyst 6500Catalyst 4500Catalyst 4900Catalyst3750-ECatalyst 3750Catalyst3650-EEtherChannel /802.3ad Jumbo Frames—Gigabit Ethernet on Copper 6-port card only L2 only L2 onlyL2 onlyJumbo Frames—Gigabit Ethernet on Fiber All non-blockingports L2 only L2 onlyL2 onlyBroadcast Suppression Multicast Suppression Unicast Flood Suppression Flexible Packet Matching Catalyst 3560 Catalyst 2960 Catalyst 2950 Catalyst 2940CatalystExpress 500L A N S W I T C H I N G F E AT U R E SConnectivity and Filtering Layer 2ISL/802.1Q 802.1Q only802.1Q only802.1Q only Transparentmode onlyPrivate VLAN Edge Private VLAN Voice VLAN VLAN Trunking Protocol (VTP) GVRP GARP URT/VMPS VTP v3 VTP Bomb Protection VMPS Server 802.1Q onlyNumber of Active VLANs4096409620481005100510051005255128 (SI), 250 (EI)12832Number of VLAN IDs40964096409640964096409640964096409640961005 IP ServicesIP ServicesIP ServicesIP SevicesIP BaseIP BaseIP BaseIP BaseLayer 3H/W-based MPLS/EoMPLS EIGRP EIGRP Stub10VPLS/H-VPLS MPLS L3 VPNs MPLS Traffic Engineering (TE) OSPF IP ServicesIP ServicesIP ServicesIP ServicesBGP IP ServicesIP ServicesIP ServicesIP ServicesEqual Cost Load Balancing 11

Cisco Catalyst Switches: FEATURE COMPARISONMODUL AR SWITCHESF I X E D - C O N F I G U R AT I O N S W I T C H E SCatalyst 6500Catalyst 4500Catalyst 4900Catalyst3750-ECatalyst 3750Catalyst3650-ECatalyst 3560 Catalyst 2960 Catalyst 2950 Catalyst 2940CatalystExpress 500L A N S W I T C H I N G F E AT U R E S continuedLayer 3 continuedRIP, RIPv2 Static Routes IS-IS H/W-based IPv6 Routing In softwareIn software H/W-based Policy Routing IPv4 H/W-based Policy Routing IPv6 Multiprotocol Routing (IPX, AppleTalk) Cisco Express Forwarding (CEF) Up to 1,000,000Up to 128,000Up to 128,000Up to 20,000Up to 20,000Up to 11,000Up to 11,000IP ServicesIP ServicesIP ServicesIP ServicesIP ServicesIP ServicesIP ServicesH/W FIB EntriesVRF LiteI N T E G R AT E D S E C U R I T YAccess Control ListsReflexive ACL Port ACL EI onlyTime-based ACL Router ACL VLAN ACL * *Capture andLoggingCapture andLoggingCapture andLoggingCapture andLogging2000200020002000512300 ACP—EIonly VACL with Redirect/Capture/Logging of Denied Traffic Context-based Access Control H/W-based Access Control Entry (ACE) Counters Order-dependent ACL Merge Dedicated Hardware Resourcesfor Security ACLs 32,00032,00032,000ACL Scalability (ACE entries)Attack Mitigation12Flexible Packet Matching Control Plane Policing (Multiple CPU Rate Limiters) IP Source Guard DHCP Snooping/Option 82 *As part of IP ACL in VLAN MAP but not for the entire VACL.13

Cisco Catalyst Switches: FEATURE COMPARISONMODUL AR SWITCHESF I X E D - C O N F I G U R AT I O N S W I T C H E SCatalyst 6500Catalyst 4500Catalyst 4900Catalyst3750-ECatalyst 3750Catalyst3650-EDynamic ARP Inspection MAC Address Notification Port Security H/W-based uRFP Check H/W-based MAC Learning H/W-assisted MAC AgingPIM Accept Register—Rogue Multicast ServerProtectionRouting Protocol Pass Through ARP Policing H/W-based Directed Broadcast Catalyst 3560 Catalyst 2960 Catalyst 2950 Catalyst 2940CatalystExpress 500I N T E G R AT E D S E C U R I T Y continuedAttack Mitigation continued Trust and Identity Management802.1x Identity-basedNetworking Port Authentication 802.1x with VLAN assignment 802.1x with Guest VLAN 802.1x with Aux. VLAN Support 802.1x Port Description TACACS /RADIUS Web Authentication Proxy MAC Authentication Unidirectional Control Port Inaccessible Authentication RADIUS only Secure Connectivity14H/W-based NAT/PAT MD5 Route Authentication Multilevel Account Privilege 15

Cisco Catalyst Switches: FEATURE COMPARISONMODUL AR SWITCHESCatalyst 6500Catalyst 4500F I X E D - C O N F I G U R AT I O N S W I T C H E SCatalyst 4900Catalyst3750-ECatalyst 3750 Catalyst3650-ECatalyst 3560 Catalyst 2960 Catalyst 2950 Catalyst 2940CatalystExpress 500AVA I L A B I L I T Y A N D R E S I L I E N CYSwitch RedundancyIOS Software Modularity Non-stop Forwarding/Stateful Switchover (NSF/SSO) NSF-aware Redundant Power Supplies External onlyExternal onlyExternal onlyExternal onlyRedundant Fans Redundant Fan Trays Redundant Supervisors Generic Online Diagnostics (GOLD) Basic Support for GOLD

Cisco Catalyst 4900, Catalyst 3750-E, Catalyst 3750, Catalyst 3560-E, Catalyst 3560, Catalyst 2960,