Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

Cisco Catalyst LAN Lite Switches Overview

February 24 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco Catalyst LAN Lite Switches was designed for entry-level enterprise, midmarket and small branch office networks. The LAN Lite Cisco IOS Software provides entry-level security, quality of service (QoS), and availability capabilities. What are the Catalyst LAN Lite switches?

The Cisco Catalyst 2960-S LAN Lite Series Switches have the following main capabilities:

  1. • 24 and 48 ports of Gigabit Ethernet (GbE) 10/100/1000 desktop connectivity
  2. • 1 GbE Small Form-Factor Pluggable (SFP) uplinks
  3. • USB storage interface for file backup, distribution, and simplified operations
  4. • Enhanced troubleshooting for problem solving, including link connectivity and cable diagnostics
  5. • Single IP address management for up to 16 switches
  6. • A wide range of software features to provide ease of operation, secure business operations, sustainability and borderless networking experience
  7. • Limited lifetime hardware warranty, including next-business-day replacement with 90-day service and support


Cisco Catalyst LAN Lite Switches, Part Numbers, Description

Product Name (Part Number)


Cisco Catalyst 2960-24-S Switch (WS-C2960-24-S)

• 24 Ethernet 10/100 ports

• 1-RU, fixed-configuration switch

• LAN Lite image installed

Cisco Catalyst 2960-24TC-S Switch (WS-C2960-24TC-S)

• 24 Ethernet 10/100 ports and two dual-purpose uplinks (10/100/1000BASE-T or Small Form-Factor Pluggable [SFP])

• 1-RU, fixed-configuration switch

• LAN Lite image installed

Cisco Catalyst 2960-48TC-S Switch (WS-C2960-48TC-S)

• 48 Ethernet 10/100 ports and two dual-purpose uplinks (10/100/1000BASE-T or Small Form-Factor Pluggable [SFP])

• 1-RU, fixed-configuration switch

• LAN Lite image installed


Switch Configurations-Cisco Catalyst 2960-S and 2960 Series Switches with LAN Lite Software

Switch Model



Catalyst 2960-S Switches with 1 Gigabit Uplinks and 10/100/1000 Ethernet Connectivity

Cisco Catalyst 2960S-48TS-S

48 Ethernet 10/100/1000

2 1 GbE ports

Cisco Catalyst 2960S-24TS-S

24 Ethernet 10/100/1000

2 1 GbE SFP ports

Catalyst 2960 Switches with 1 Gigabit Uplinks and 10/100 Ethernet Connectivity

Cisco Catalyst 2960-48PST-S

48 Ethernet 10/100 PoE ports (370W capacity)

2 fixed 10/100/1000 ports and 2 SFP ports

Cisco Catalyst 2960-24PC-S

24 Ethernet 10/100 PoE ports (370W capacity)

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-24LC-S

24 Ethernet 10/100 and 8 10/100 PoE ports (123W capacity)

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-48TC-S

48 Ethernet 10/100

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-48TT-S

48 Ethernet 10/100

2 fixed 10/100/1000 ports

Cisco Catalyst 2960-24TC-S

24 Ethernet 10/100

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-24-S

24 Ethernet 10/100


Compact Switches

Cisco Catalyst 2960-8TC-S

8 Ethernet 10/100 compact size with no fan

1 dual-purpose port (10/100/1000 or SFP)

 More Cisco 2960 Reviews and News:

Cisco Catalyst 2960-24TC-L Review

Compare Cisco 2960 Models

Cisco Catalyst 2960 LAN Base Series & Catalyst 2960 LAN Lite Series

What is Exact Cisco Catalyst 2960-S FlexStack?

Read more

The New Cisco ISR-AX Routers Review

February 17 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Routers

CiscoApplication Experience (AX) Router family is a part of the Cisco ISR family of routers.

The ISR-AX is a new brand of branch routers based on Cisco's popular ISR-G2 hardware, but it ships with a package of advanced services that typically require additional license activations. Cisco ISR-AX includes a security package with firewall, intrusion prevention and Secure Sockets Layer VPN functions.


It directly integrate Cisco Wide Area Application Services (WAAS), Application Visibility and Control (AVC), Data/IPBase and Security services into a platform that is simple to order, configure, and deploy for secure, optimized cloud connectivity and branch-office routing.  The Cisco ISR G2 and ISR-AX Routers are based on the same hardware and software that you know and love and are deploying today.

Cisco ISR-AX adds to the rich breadth of services available on the ISRs.

Similar to the other routers in the ISR portfolio, the ISR-AX Routers consist of three product families:  the Cisco 3900-AX, 2900-AX, and 1900-AX Series Routers. 

From the Cisco 1921-AX through the Cisco 3945E-AX, the portfolio provides increasing performance and module slot density, and each router comes equipped and ready to deploy. 

All ISR AX platforms include all required Application Experience (AX) licenses including:  IP Base, Data, Security, WAAS and AVC licenses. In addition, you can configure each platform for additional features, modules, interfaces, and equipment (for example, Cisco Unified Communications Manager Express [Unified CME]) to match the needs of diverse branch offices running varying degrees of rich services.

Cisco WAAS (Wide Area Application Services)

Cisco ISR AX provides router-integrated, on-demand WAN optimization for branch offices. The Cisco Services-Ready Engine (SRE) Modules to enable WAAS and UCS-Express (UCS-E) modules to enable vWAAS (virtual WAAS) can be equipped on ISR 2911-AX platforms and higher, this decouples software services from the underlying hardware and can deliver WAN optimization as an on-demand service as required by business objectives and IT budget. This approach makes better use of existing investments while offering business agility.

Cisco WAAS Express which is a Cisco IOS® Software solution integrated into Cisco ISR-AX platforms to offer bandwidth optimization capabilities. Cisco WAAS Express increases remote user productivity, reduces WAN bandwidth costs, and interoperates with existing Cisco WAAS infrastructure. Each ISR-AX router includes WAAS Express with the Cisco 3900-AX also including a Right-to-Use (RTU) license for 2500 WAAS or vWAAS connections and a RTU license for 1300 WAAS or vWAAS connections for the Cisco 2911-AX Series platforms and later.

Cisco AVC (Application Visibility and Control) provides a powerful and pervasive integrated solution for application visibility and control based on stateful deep packet inspection (DPI). With the Cisco AVC solution, ISR-AX Routers can identify applications within the traffic flow using DPI technology. They can collect various application performance metrics such as bandwidth use, response time, and latency. Then, using Cisco industry-leading quality of service (QoS), these routers can reprioritize critical applications or enforce application bandwidth use.  

Security enables standard encryption (VPN payload and secure voice) on the ISR-AX platforms. The ISR-AX security license is designed to comply with both local and U.S. export requirements for global distribution to all countries. This license enforces a curtailment on the maximum number of encrypted tunnels and the maximum encrypted throughput on the ISR-AX platforms.

The security license limits the number of concurrent encrypted sessions and maximum encrypted throughput per device.  This limit helps ensure that the ISR-AX complies with U. S. government export restrictions regardless of the final destination country. 

The security license limits all encrypted tunnel counts to a maximum 225 tunnels for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions. All threat defense and VPN features that are supported and available for configuration with the security license.

By packaging ISR-AX routers with Routing, Data, WAAS, AVC and Security, we have changed the economics to enable customers to easily and quickly deploy rich application services at scale across their enterprises from an integrated branch router.  This will simplify application delivery to users, further enable branch office consolidation and help speed transition to cloud based services and really change the game! 

Cisco's ISR-AX series will be cheaper than the ISR-G2 devices. The 3900-AX is priced from $16,200 to $24,700. The 2900-AX is priced from $3,595 to $12,900, and the 1900-AX costs from $2,945 to $2,995.

More about Cisco ISR-AX Ordering Guide you can visit:


More Cisco ISR Router Reviews:

Cisco ISR-AX: Cheaper Branch Router with Bundled Layer 4-7 Services

Cisco ISR 4451-X, Prepared for Future Branch Network Needs

WAYS to Help You Set Up Your Small, Medium and Large Networks

Check Cisco Routers and Switches Using the IOS Environment Command

Read more

Cisco Access Control Lists (ACLs)

February 13 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Access control lists (ACLs) can be used for two purposes on Cisco devices: to filter traffic and to identify traffic.

Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a router.

You can configure access lists at your router to control access to a network: access lists can prevent certain traffic from entering or exiting a network.

Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. Your router examines each packet to determine whether to forward or drop the packet, on the basis of the criteria you specified within the access lists.

Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information.

Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required.

Why do you need to configure Cisco ACLs? For example, you can use access lists to restrict contents of routing updates or to provide traffic flow control. One of the most important reasons to configure access lists is to provide security for your network.

You should use access lists to provide a basic level of security for accessing your network. If you do not configure access lists on your router, all packets passing through the router could be allowed onto all parts of your network.

Access lists can allow one host to access a part of your network and prevent another host from accessing the same area. In the follow-up figure, host A is allowed to access the Human Resources network, and host B is prevented from accessing the Human Resources network.


You can also use access lists to decide which types of traffic are forwarded or blocked at the router interfaces. For example, you can permit e-mail traffic to be routed, but at the same time block all Telnet traffic.

Access lists should be used in "firewall" routers, which are often positioned between your internal network and an external network such as the Internet. You can also use access lists on a router positioned between two parts of your network, to control traffic entering or exiting a specific part of your internal network.

To provide the security benefits of access lists, you should at a minimum configure access lists on border routers—routers situated at the edges of your networks. This provides a basic buffer from the outside network, or from a less controlled area of your own network into a more sensitive area of your network.

On these routers, you should configure access lists for each network protocol configured on the router interfaces. You can configure access lists so that inbound traffic or outbound traffic or both are filtered on an interface.

Access lists must be defined on a per-protocol basis. In other words, you should define access lists for every protocol enabled on an interface if you want to control traffic flow for that protocol.

Full Guide of Cisco Access Lists from http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html

More Related Cisco ACLs Topics:

Cisco ACL In and Out Questions

Read more

Layer-3 Switch, More than a Router?

February 10 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Do you think that layer-3 switches perform bridging and routing, while routers do only routing? “I thought IP L3 switching includes switching within subnet based on IP address, routing is between subnets only.” --- Simon Gordon in twitter

Layer-3 switches and routers definitely have to perform some intra-subnet layer-3 functions, but they’re usually not performing any intra-subnet L3 forwarding.

Here we start with the intra-subnet functions the layer-3 forwarding devices do:

  • Dynamic neighbor discovery through ARP/ND for packets sent to hosts in directly attached subnets (glean adjacencies in CEF terminology);
  • Generation of host routes based on ARP/ND results (cached adjacencies in CEF terminology);
  • Forwarding of IP packet to directly attached IP hosts based on ARP/ND-generated host routes.

However, if a layer-3 forwarding device performs MAC-based forwarding in combination with IP-based forwarding, it usually uses the destination MAC address to figure out which forwarding method to use:

  • Layer-2 frames sent to router’s own MAC address are passed up the protocol stack into the IP forwarding code (and if the IP packet is sent to router’s IP address, the packet is sent to the control plane for further processing);
  • Layer-2 frames sent to other destination MAC addresses are passed to MAC forwarding code, which performs MAC address table (or TCAM) lookup and forwards, floods or drops the packet.

Tips: There’s no difference in intra-subnet (intra-VLAN) forwarding between a router (layer-3 switch) and a simple bridge (layer-2 switch). However, an IP-aware device (even a more sophisticated layer-2 switch) might support IP-based port access lists or DSCP- or ACL-based QoS.

Layer-2 and Layer-3 interfaces

Some switches have physical layer-2 and layer-3 interfaces. Layer-2 interfaces behave as I described above, with the internal router being connected with one of its interfaces (example: VLAN or SVI interface) to the internal bridge:

A layer-3 switch routing between two VLAN/SVI/BVI interfaces


Physical layer-3 interfaces connect directly to the internal router. If a physical layer-3 interface receives an Ethernet frame sent to a third party MAC address, the frame is dropped.

A layer-3 switch with routed (layer-3) physical interface


Notes: Some switches (example: Catalyst 6500) use hidden VLANs to implement layer-3 interfaces. You might think that detail doesn’t matter ... until you run out of VLANs.

Some devices have layer-3 sub interfaces. These interfaces modify the frame forwarding rules on per-VLAN basis: if the parent physical interface receives an Ethernet frame belonging to the sub interface VLAN, the router uses the IP forwarding path (and drops the Ethernet frame on destination MAC mismatch), whereas the destination MAC address selects the forwarding method (L2 or L3) used for frames belonging to other VLANs.

Reference from: http://blog.ipspace.net/2012/08/is-layer-3-switch-more-than-router.html

More Related Layer 3 Switch Topics:

Router vs. Layer 3 Switches

Routers vs. Network Switches

Read more