Posts with #c tag
How to choose your untypical IT equipment? Why you should choose an untypical network device? Here, we will share a new featured product for you: the Cisco Industrial Ethernet 4000 Series Switches.
Cisco IE4010 Series Switches offer 24 Gigabit PoE/PoE+ capable ports, making them an ideal choice for use as access switches in industrial environments to connect high definition IP cameras, Access Points and IP phones. These switches provide high-bandwidth switching (Layer 2) and proven Cisco IOS Software-based routing (Layer 3) capabilities to improve uptime, performance, and safety of industrial systems and equipment.
- Superior bandwidth and capacity-56-Gbps non-blocking switching capacity with 28-Gigabit-Ethernet (GE) ports
- High-density, industrial Power over Ethernet (PoE) or PoE Plus (PoE+) support for in-line power to up to 24 devices
- Cisco IOS Software features for smooth IT integration and policy consistency
- Robust resiliency enabled by a dual-ring design with 4x Gigabit Ethernet uplink ports, Resilient Ethernet Protocol (REP), Parallel Redundancy Protocol (PRP), EtherChannel, and Flex Links support
- Easy deployment, with zero-touch discovery using DHCP and an express setup with a swappable SD flash card
Industrial environments can be tough on any equipment, but especially on networking hardware. Your typical IT equipment was never designed to withstand the poundings, dirt, and grime found in most industrial environments. Plus, these pieces of equipment require significant reconfiguring to serve the computing and technology needs of industrial manufacturers and utilities.
The Cisco Industrial Ethernet 4010 (IE4010) Series Switches are flexible and scalable industrial Ethernet switches. They were developed specifically to withstand rugged industrial environments meeting industrial customers’ needs. With 24 Gigabit PoE/PoE+ capable ports, it’s suitable to connect high definition IP cameras, Access Points, or IP Phones.
The ruggedized Cisco IE4010 Series forms the foundation of a wide array of technology solutions for multiple industries, such as:
• Factory automation
• Smart cities
• Substation automation
• Intelligent transportation systems
Benefits-The New Cisco IE 4010 Series Switches
• Reduced downtime through highavailability technology to facilitate networkwide resilience and increased IP network availability
• Lower operating costs with inline power for PoE/PoE+ devices, allowing easy installation and updates without an overhaul of the electrical layout
• Improved security with integration of security policy enforcement within the switch without creating traffic bottlenecks
• Investment protection from software licensing, which offers new improved software features without requiring hardware upgrades
• Improved efficiency of your internal IT and operations teams using a single, standardized platform
• Increased speed and flexibility needed to bring products to market and adapt to changing business challenges
How It Works
The Cisco IE4010 Series complements other Cisco IE product families, delivering high performance, rich feature sets, and extensive and scalable Power over Ethernet (PoE)/PoE+ options.
The switches can be set up and operated easily by your internal IT and operations staff, helping you automate industrial processes much more quickly. The embedded Cisco IOS Software also allows you to quickly integrate new switches and connect all your industrial endpoints for greater visibility, control, and access and can automatically detect new endpoints whenever they’re brought online. Plus, with the built-in Cisco SmartPorts technology, your staff can assign the correct quality-of-service (QoS) functions for a desired connection quickly and easily.
An embedded web-based Device Manager provides real-time visibility of your switch configuration and performance. The color-coded displays and animated indicators of the application help simplify management and monitoring tasks. It also has alert functions that help you identify and solve networking problems when they arise.
Designed Tough and Built for Industrial Use
The Cisco IE4010 Series Switches were built to withstand and even thrive in harsh operating environments and temperatures ranging from –40 to 75°C. With no moving parts, the switches come enclosed in tough casings designed for serious protection from dust, dirt, grime, high humidity, electromagnetic fields, and extreme vibrations. They support network standards and protocols such as Ethernet/IP, CIP, and Profinet so you can set up and connect industrial equipment and automation applications quickly and easily.
Use Case Examples
• Increase solution redundancy and connect high-speed automation devices in connected factories and electrical substations by using uplinks to form redundant ring topology and provide multiple Gigabit Ethernet connectivity.
• Connect access points and provide high-speed Wi-Fi coverage along oil/gas pipelines and mining fields in remote locations.
• Provide bandwidth and large amounts of PoE ports required to support citywide surveillance IP camera infrastructure.
• Connect mass transportation to provide voice, video, and data services to passengers.
Easy to Deploy and Manage
Cisco IE4010 Series Switches use the same Cisco IOS Software with which you’re already familiar, so switch integration and connecting endpoints are simple. Out-of-the-box configuration enables you to set a switch up with one click. It also contains line-rate, low-latency forwarding with advanced hardware assist features—for example, Network Address Translation (NAT), Multilayer Traffic Prioritization, Multicast, IEEE 1588, and support for multiple traffic protection technologies including Cisco REP and PROFINET MRP and more—to make interoperability and management tasks easier and more efficient.
The solution supports all of the security features you expect in a Cisco switch, including 802.1x port security, dynamic port-based authentication, encrypted administrative traffic, IEEE 802.1AE MACsec encryption, FIPS compliance, centralized authentication, and more.
Industrial Power over Ethernet
With PoE, you can connect and power devices using a single cable. These switches support high-density, industrial PoE/PoE+ support for up to 24 devices, including IP cameras and phones, badge readers, wireless access points, and more. PoE helps you reduce complexity in your warehouse or factory, lower costs of necessary wiring and other equipment, and enjoy the flexibility and freedom of ready-to-use devices.
The Cisco Unified IP Conference Phone 8831 has been updated, more new features are here. What are new features include? Let’s read the latest data sheet of Cisco Unified IP Conference Phone 8831.
The Cisco Unified IP Conference Phone 8831 offers many improvements. New features include:
● Superior wideband acoustics with the first two-element speaker in a conference phone; this feature allows the phone to capture the full voice spectrum without having to compromise with a single-element speaker
● Expanded room coverage with support for daisy chaining two units
● Support for optional DECT wireless extension microphone: sold separately
● Session Initiation Protocol (SIP) signaling
● Device authentication and signaling encryption using Transport Layer Security (TLS) with Advanced Encryption Standard 128 (AES-128)
● Media encryption using Secure Real-Time Transport Protocol (SRTP) with AES-128
The Cisco Unified IP Conference Phone 8831 requires an Enhanced User Connect License (UCL) on Cisco UCM Versions 9.0 and later. For supported Cisco UCM versions before 9.0, a public space license is required.
More the newest info of Cisco Unified IP Conference Phone 8831, such as the Product Specifications (System Specifications, Temperature, Safety and EMC), Ordering Information (including Cisco Call Control, Non-Cisco SIP Based Call Control, 8831 Accessories, Power Cords) you can read the full data sheet:
The Cisco Unified IP Conference Phone 8831 enhances people-centric communications, combining superior high‑definition (HD) audio performance and 360-degree coverage for all sizes of conference rooms and executive offices. It provides an audiophile sound experience with a full-duplex two-way wideband (G.722) audio hands-free speaker.
The IP Conference Phone 8831 is a simple, scalable solution that meets the challenges of the most diverse rooms. It provides flexible deployment options and expansion by using optional extension microphones that can be wired or wireless (Digital Equipment Cordless Telephone [DECT]) with a daisy-chain configuration of two units.
The IP Conference Phone 8831 has an industrial design with enhanced ergonomics that puts the user first. It offers a detached control panel so that the display may be easily viewed without having to move the entire unit. It also provides easy view of device mute status from all sides.
Supported on Cisco Unified Communications Manager and Business Edition systems, the IP Conference Phone 8831 delivers a more productive, acoustically pleasing, and secure communications experience across sites and participants.
More Cisco IP Phone Topics
What’s new? The network is an informational highway of intelligence, but today’s static infrastructure can’t see the intelligence. The first step in addressing this issue is increasing visibility into the network with insights and analytics. Next is automating network services to make it easy to deploy, manage and maintain.
Cisco’s new network innovations address both challenges, and include:
Insights and Experiences:
- Cisco Connected Mobile Experience (CMX) 10.2.2 – a software update with new features and enhancements for better customer engagement, operations and streamlined guest experiences
- Cisco Aironet 1560 Series Outdoor Access Point – Cisco’s first outdoor Access Point that extends 802.11ac Wave 2 Wi-Fi to high-density environments, the foundation to enable CMX for your outdoor environments.
- Cisco Catalyst 3650 Multigigabit Switch – a new Catalyst Multigigabit technology (based on NBASE-T standards) switch with up to 48 ports (12 MGig) and UPOE up to 60w for voice, video, and data performance assurance
Automation and Assurance:
- ASR 1001-HX and ASR 1002-HX– new fixed –HX chassis that offer WAN edge high availability and resiliency with Service Level Agreement (SLA) assurance in a small form factor.
- Cisco Unified Compute Services (UCS) E-Series – new 6-core single-wide compute blade for ISR 4000 with enhanced processing, memory and storage for 2x more app hosting.
- 3rd Party App Hosting on ISR 4000 & ASR 1000 – Cisco now supports KVM-based application hosted as container on Cisco Enterprise Routers, providing more choices and openness support for 3rd party or custom application.
What are the challenges Cisco is helping you overcome?
The roadmap to a digital network may seem simple, but there are significant challenges that must be overcome. With these new network innovations customers can tackle:
- WAN Edge Challenges–The WAN is the fabric that connects users to apps and things. It also is the central point between the enterprise core and its edges—from the core to campus/HQ, branches, cloud and fog or among enterprise private data centers. The WAN edge must balance between performance, visibility, and security to ensure the best user experience (i.e. quality of voice, video, and data).
- Branch Challenges–The branch is the first node of connection for users and guests to apps and things, as well as the first line of defense to nullify a threat. Given its small IT footprint and often remote locations, the branch challenges include application experience, connectivity, management and automation, threat detection and defense.
- Customer Experience Challenges–To deliver a personalized customer experience, two integral steps must happen in tandem: (i) ubiquitous and robust connection, indoors and outdoors, and (ii) user, app, and device intelligence.
How will the new innovations help customers?
This is always a question we ask ourselves when rolling out any new technology. Focusing on real business outcomes for your enterprise, Cisco and our DNA approach is built on three design principles.
- Services-centric to give enterprises the freedom to run services and applications when, where, and how they want it across the WAN and branch. Outcome: Faster service delivery.
- Software-driven by virtualizing and optimizing applications and network functions for effective deployment on any platform: physic, virtual, or a mix of both. Outcome: Freedom of choice.
- Automation of devices, apps and services for greater agility. Outcome: Less human errors.
Cisco DNA is the future of the network. These innovations allow you to reach greater network agility and achieve real business outcomes.
Reference from http://blogs.cisco.com/enterprise/ignite-your-enterprise-digital-journey-in-three-steps
Who are the COOL 2960-CX 8 Port Gigabit Switches? They are:
- Layer 2 compact switches with 8 ports optimized for 1 Gb services
- Up to 124 Watts of Power over Ethernet Plus (PoE+) power budget per switch
- Fan-less compact design for quiet and efficient operation; flexible mounting options
Yes! The Catalyst 2960-CX Series Switches are fan-less, small form-factor, Gigabit Ethernet switches and are ideal for high-speed data connectivity, Wi-Fi backhaul, and Power over Ethernet (PoE) connectivity in places where space is at a premium.
Freedom to Connect Devices Anywhere
When you have a tight space, bigger is not always better. So start compact with the 2960-CX 8 port gigabit switch. And expand your network as your company grows. Gain the enterprise features of a larger Cisco switch without using a lot of physical space. Our Catalyst switches bring wired and wireless together through unified access, so you gain scale, security, and mobility.
Features and Capabilities
Created for organizations where space is tight, the compact 2960-CX switch is a powerful 8 port gigabit switch. Because it’s small, you can place it outside the wiring closet. It has a quiet, fan-less design so it’s silent. And it has flexible mounting options.
With a setup that allows for shorter cable runs from the switch, new devices can easily join the network. Shorter cables reduce the need for expensive and inflexible cabling.
Whether in a hospital, retail store, office, classroom, or branch location, this 8 port gigabit switch supports IP connections for devices with PoE+. You don’t need to install new electrical circuits to power your access points and other devices, such as:
- IP phones
- Wireless access points
- Surveillance cameras
- Video endpoints
Specifications at a Glance
- 8 Gigabit Ethernet ports with line-rate forwarding performance
- 2 x 1 Gigabit Ethernet copper and small form-factor pluggable (SFP) uplinks
- PoE+ support with up to 124W of PoE budget
- Advanced Layer 2 (LAN Base) support
Cisco ONE Software Includes Three Product Types: Foundation, Advanced Applications and Advanced Security
How to make you software buying simple? You may hear about the Cisco ONE Software. Cisco introduced it at Cisco Live last year. And What is the exact Cisco ONE Software? How to make you software buying simple? You may hear about the Cisco ONE Software. Cisco introduced it at Cisco Live last year. And What is the exact Cisco ONE Software?
Cisco ONE Software helps customers purchase the right software capabilities to address their business needs. These products offer a greater value to customers with more features at “better together” pricing. They provide reduced complexity, simplified buying and the peace of mind that today’s software investments today will last into the future. Cisco ONE Software is organized by domains (Data Center, WAN, and Access) and feature sets (Foundation, Advanced Applications, and Advanced Security).
Cisco ONE for Data Center provides functionality for physical and virtualized data centers, across network and compute resources, and provides secure, scalable support for private and hybrid clouds.
Cisco ONE for WAN provides complete functionality for the branch and network edge.
Cisco ONE for Access offers a comprehensive feature set for wired and wireless access.
Finally, Cisco ONE Advanced Security provides a robust set of threat defense capabilities and central policy management. Rather than piece together the features needed, these products provide crossfunctional, use-case-based software sets to enable the performance, scale, and security needed in today’s IT environments.
Cisco ONE Software Includes Three Product Types: Foundation, Advanced Applications and Advanced Security
Cisco ONE Software provides customers with four key benefits:
1. Access to ongoing innovation and new technology from Cisco through Cisco Software Support Service (SWSS)
2. Investment protection of software purchases through software services-enabled license portability
3. Software suites that address typical customer use case scenarios at an attractive price
4. Flexible licensing models to smoothly distribute customer’s software spending over time
Addressing Your Business Challenges
Customers have told us that they want more value for their money, protection for their investments, access to the latest technology, and predictable technology spend. As budgets continue to shrink, IT needs to deliver more capabilities at a lower price point. Companies are tired of “throwing money away” every time they refresh their network, by having to repurchase the software necessary to operate their environment. At the same time, only a small portion of companies are able to adopt the latest technology, either due to budget limitations or the fear of investing in unproven technology. Finally, CFOs are demanding that IT becomes more predictable and consistent with technology spend.
Cisco ONE for Data Center
Cisco ONE for Data Center enables automated, policy-based cloud computing. Reduce cost and increase IT agility by securing private and hybrid cloud deployments for both physical and virtual environments.
• The Data Center Foundation products provide functions such as automated application policy mapping, multi-tenancy support and business continuity, unified management, and infrastructure orchestration. These products support varied and demanding data center infrastructures. They are highly scalable, increasing flexibility and responsiveness to changing workloads and business conditions. And they provide extensive integration with automation and orchestration tools.
• The Data Center Advanced Applications products provide additional cloud visibility and control, storage network management, site to site encryption, and cloud infrastructure resource pooling with secure isolation. These products create an open and flexible solution that provides complete freedom in workload placement per business needs, while ensuring the same network security, quality of service (QoS), and access control policies in public cloud as in the data center.
Cisco ONE for WAN
Cisco ONE for WAN provides functions for the branch office and network edge. If you want to implement new branch-office initiatives and secure IP WAN connections, look no further.
• The Foundation for WAN product manages, secures, and optimizes your WAN to:
- Provide great user experiences with application and network performance monitoring
- Help ensure video and other media-rich application performance with application acceleration and WAN optimization
- Enhance security with network access control and encryption
- Gain energy cost savings and power management with Cisco EnergyWise energy management
- Save IT time with zero-touch deployment and protocol visibility
• The WAN Advanced Applications products provide sophisticated capabilities for remote branch facilities to:
- Quickly automate and secure your branch offices with audit tracking
- Expand highly available unified communications across your branches and beyond, even into your service provider network
- Extend rich media capabilities with secure video
- Stay secure with encryption and VPN support
- Enhance application performance by choosing the best path for critical applications
Cisco ONE for Access
Cisco ONE for Access provides performance, control, and security for wired and wireless access.
• The Access Foundation products provide a central policy engine and single management console for converged infrastructure, so you can:
- Simplify management with a single controller for both wired and wireless converged architecture
- Safeguard your network with sophisticated access control
- Improve performance and network analytics with QoS tools
- Improve the user experience with video compression and session management
- Gain deeper levels of application visibility and control with context-aware, secure access
• The Access Advanced Applications products provide guest access identity and advanced intrusion protection, allowing you to:
- Expand business mobility and create unique customer experiences with advanced location services and Cisco Connected Mobile Experience (CMX)
- Enhance security and protect intellectual property with separate virtual networks across your entire infrastructure
- Scale routing and other protocols to meet the needs of even the largest enterprise networks
Security for Cisco ONE Software
Each domain in Cisco ONE Software offers security products for use on external appliances. These products enable you to:
• Safeguard your infrastructure, your web, and your mobile users with next-generation firewall capabilities
• Reduce network operating costs by improving business-critical application performance
• Defend your network in real time while keeping informed of the latest threats
• Maintain network-wide policy consistency and troubleshoot security issues more quickly
In addition, Identity Services for Access allows:
• More fine-grained control with context-aware security
• Business mobility with enhanced integration of mobile device management
Services for Cisco ONE Software Help Simplify Management
Services from Cisco and our certified partners enable the primary features of Cisco ONE Software1 and help you maximize business outcomes and protect your investment. Pairing software and hardware support together provides the best set of benefits to reduce costs and keep your business on track.
For IT strategy and project-based service support, take a look at our professional services portfolio.
1 SWSS required for the first year for perpetual licenses with the option to renew; SWSS is included in the active subscription license for Cisco ONE Security and future subscription offerings.
Software Support Service
Our Software Support Service (SWSS) provides the technical support expertise you need to successfully navigate the rich features and functionality of Cisco ONE Software. SWSS provides access to ongoing innovation and entitlement to license portability, major software upgrades, minor software updates, access to our awardwinning Technical Assistance Center (TAC), and instant access to online resources. By providing an integrated and comprehensive service, we help you quickly resolve issues while seeing cost savings and productivity gains.
Cisco ONE Software Foundation and Advanced Applications suites both use Cisco Software Support Service (SWSS) for ongoing support and maintenance. Your SWSS contract provides:
• Access to the TAC for software issues 24 hours a day, 7 days a week
• Major upgrades, minor updates, and maintenance for licensed software applications
• Entitlement to software license portability
• Access to ongoing innovation
• Access to online resources
Software Support Service (SWSS) is required for Cisco ONE Software Suites at point of sale and for continued access to ongoing innovation and license portability beyond year one.
Smart Net Total Care
To help ensure coverage for your Cisco base OS software and hardware, we highly recommend Cisco Smart Net Total Care (SNTC) which provides 24-hour global support for the underlying hardware platforms where Cisco ONE Software is deployed.
Cisco Smart Net Total Care includes access to TAC for hardware, the base OS, and entitlement to smart capabilities to reduce your operating expenses and free your IT staff to focus on business innovation. Entitlement to smart capabilities provides selfservice access to the SNTC portal, free download of the Cisco collector software, and community support for the portal and collector.
• Access to the TAC for hardware and base OS software issues 24 hours a day, 7 days a week
• Software updates for base OS software
• Access to online resources
• Advance hardware replacement
• Entitlement to smart capabilities
Our professional services can be easily attached with Cisco ONE Software. These services have been specially designed to accelerate innovation benefits in your IT environment. To plan and design new IT initiatives, take a look at our Cisco Quick Start Services. And to gain maximum value, Cisco Optimization Services are also available for all data center, WAN, and access capabilities included with Cisco ONE Software.
Benefits for Your Organization
With Cisco ONE Software, your organization gains:
• The software necessary to enable key business solutions at an attractive price point
• Ongoing innovation through major release upgrades and minor updates ensure your software operates smoothly and is always up to date
• Investment protection with services-enabled software license portability across hardware refresh cycles
• Flexibility of license migration from physical devices to virtual machines
• Better budget control with flexible subscription or perpetual buying options
• Faster access to new Cisco software features and products
Reference from http://www.cisco.com/c/dam/en/us/products/collateral/software/one-software/at-a-glance-c45-731841.pdf
FCC 14-30 is a hot topic these weeks. In early June 2016, the FCC published FCC 14-30 Order, which now allows the use of three additional channels (120, 124, and 128) as well as other power adjustment and updated DFS regulations. Cisco’s compliance with new rules requires the assignment of hardware to a regulatory domain, indicating which rules the device complies.
In the following part, let’s read the reviews written by Jim Florwick (a member of the Technical Marketing Engineering team for Cisco's Wireless Business Unit). He talked about Why “It’s Okay to Mix Cisco Access Points”
Don’t Sweat the Small Stuff: It’s Okay to Mix Cisco Access Points
The new –B regulatory domain was designed to take the place of –A so that access points will be compliant with the FCC 14-30 Order. Per the FCC order, access points shipped before June 1, 2016 are grandfathered to adhere to –A requirements. Access points shipped after the June 1 date must meet the –B requirements. This includes changes in DFS detection requirements, which must re-certify according to the new rules.
I’ve been hearing from a lot of customers who don’t want to mix the two regulatory domains in their networks. But there simply is no reason not to do so.
There are a few nice things in a –B access point that aren’t available in an –A access point. Things that we all want: more 5 GHz channels and more power in U-NII 1. However, other than those minor changes, the –B and –A access points are the same. There are absolutely no operational issues in running both –A and –B on the same controller or controllers.
For example, let’s say you’re adding some access points or building out a new area – and you mix –A and –B access points, what will happen in terms of operations?
If the new channels aren’t added to the DCA list—and by default, they are not—they will not be assigned to any of the –B capable access points. If the new channels are added to the DCA list, it will only be assigned to the –B access points. This won’t be a problem as the clients will still use 120, 124, 128 where it’s available.
I have been in this industry for a long time and I’m not aware of any clients that support U-NII 1, 2, 3 that have failed in these channels. If, for some reason this does happen, simply remove the channels. No harm, no foul.
That leaves different allowed transmit (TX) power. There will be no issues here either – since TPC still works the same as it always has. The Cisco access point product line still operates with a mix of allowed powers in the 5 GHz UNII bands under the –A rules. The Neighbor Discovery Protocol is normalized for this reason and Radio Resource Management (RRM) works just fine. There are no known issues with mixing –B and –A radios in the same air on the same controller. If a user wants to stay consistent about power implications, simply set TPC Max to enforce max power to –A globally and in RF Profiles when in use.
In the last sentence I talked about consistency, and there are a lot of customers—myself included—that just don’t like the idea of a mixing anything. I go so far as to stay away from milkshakes and just eat ice cream cones, when I want a cool treat. But the reality is this is not like mixing Cisco Aironet 1130 and Aironet 3700 Access Points in the same room. Once your –A and –B access points are plugged in and running no one would ever know that a mix existed.
We don’t have operational hiccups absorbing this change like some of our other competitors. At Cisco, we’ve been running mixed environments in Alpha production networks since the Cisco AP 1810 was in development—and that’s a fair amount of time to find irregularities and observe errors. Cisco Mobility Express is built on a –B access point, and supports the –A access points. These devices have been tested over thousands of hours and work as expected.
There is really no reason other than just the perception of a mix to be worried. With that being said, I’m heading down to the ice cream shop and enjoying a frosty milkshake. I hear that they’re really great!
…The original article from http://blogs.cisco.com/wireless/dont-sweat-the-small-stuff-its-okay-to-mix-cisco-access-points
More Cisco Wireless Topics you can read here: http://blog.router-switch.com/category/technology/wireless/
What is the Cisco Intelligent Branch? What does it can do for you?
Now Business is going digital, and customers expect multiple ways of interacting with you.
Your competitors are delivering personalized in-store content to visitors over Wi-Fi, such as coupons and sales alerts. Some offer remote consultations and demonstrations.
Staying in the game requires the ability to execute your own creative digital solutions quickly.
You can do exactly that with the Cisco Intelligent Branch, an all-in-one, powerful digital network platform. Use it to deliver digital experiences in stores and at branch offices, where 90 percent of today’s business revenue is generated.1 Deliver differentiating services and new business offers with guest Wi-Fi, rich media content, and cloud applications.
Benefits from the Cisco Intelligent Branch
For Lines of Business:
• Create an immersive digital experience for your workforce and customers.
• Improve mobile, social, and online engagement with customers.
• Gather actionable insights that allow you to build new business offerings.
• Get an ownership cost advantage with a pay-as-yougrow model.
• Protect your investment through license portability.
• Get operational simplicity and automated management.
• Gain a scalable and resilient infrastructure for digital business needs.
One Platform, Many Functions
The Cisco Intelligent Branch combines key IT capabilities in a small-footprint, zero-touch deployment platform that’s SD-WAN ready. It consists of a modular Cisco 4000 Series Integrated Services Router (ISR) running the Cisco Unified Computing System™ E-Series server blade. You can add on network services – wireless LAN, WAN optimization, security, and more – so you can easily activate, change, and replace the functions as your business grows. The Cisco Intelligent Branch works with whatever type of wired or wireless WAN you have.
Intelligent Branch Foundational Components
• Integrated Cisco UCS E-Series server blade
• Cisco Intelligent WAN (IWAN) architecture
Add-On Network Services
• Cisco Virtual Wide Area Application Services (vWAAS) WAN optimization
• Cisco IOS Software Zone-Based Firewall
• Cisco FirePower Virtual Intrusion Prevention System (IPS)
• Cisco Virtual Wireless Controller
• Cisco Adaptive Security Virtual Appliance (ASAv)
Use this technology foundation with cloud-based software-as-aservice (SaaS) applications to increase your business agility. You can also use the network as a sensor to protect your business from attack with embedded security. All while gathering intelligence about your users that lets you create new, personalized business offerings and revenue opportunities.
Here are a few sample scenarios for the Cisco Intelligent Branch:
• The bank branch: No mortgage advisor available? Set the customer up with an advisor in another location using telepresence.
• The retail store: Shoppers need help? Use a kiosk and a remote advisor to provide advice. Showcase an e-catalog and enable mobile point of sale on an associate’s tablet. Customers won’t have to stand in long lines anymore.
• The classroom: Stream HD video to students’ tablets so they can attend live classroom sessions from anywhere. Students can also collaborate with each other and with instructors more engagingly in real time, increasing student comprehension.
• The traditional branch office: Use wireless WAN connections to quickly deploy pop-up sites. Empower employees with superior cloud application performance. Increase customer loyalty with mobile and virtual experiences.
“Digital mastery requires companies to acquire, build, and deploy new technology services at speeds that used to be unthinkable. – Digital Predator or Digital Prey?”
Info from http://www.cisco.com/c/dam/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/at-a-glance-c45-736379.pdf
More Related Cisco Network Topics
DHCP is short for Dynamic Host Configuration Protocol. We know that DHCP is used in LAN environments to dynamically assign host IP addresses from a centralized server, which reduces the overhead of administrating IP addresses.
I’ve read an article “DHCP Snooping and DHCP Snooping Configuration” that is about a CCIE’s experience. In that article it also shares the DHCP Option 82 concept.
In this article we will share some info of using the DHCP Option 82.
DHCP also helps conserve limited IP address space because IP addresses no longer need to be permanently assigned to client devices; only those client devices that are connected to the network require IP addresses. The DHCP relay agent information feature (option 82) enables the DHCP relay agent (Catalyst switch) to include information about itself and the attached client when forwarding
DHCP requests from a DHCP client to a DHCP server. This basically extends the standard DHCP process by tagging the request with the information regarding the location of the requestor. (See the Figure “DHCP Option 82 Operation”)
The following are key elements required to support the DHCP option 82 feature:
• Clients supporting DHCP
• Relay agents supporting option 82
• DHCP server supporting option 82
The relay agent information option is inserted by the DHCP relay agent when forwarding the client-initiated DHCP request packets to a DHCP server. The servers recognizing the relay agent information option may use the information to assign IP addresses and to implement policies such as restricting the number of IP addresses that can be assigned to a single circuit ID. The circuit ID in relay agent option 82 contains information identifying the port location on which the request is arriving.
1. The DHCP option 82 feature is supported only when DHCP snooping is globally enabled and on the VLANs to which subscriber devices using this feature are assigned.
2. DHCP and the DHCP option 82 feature have not been validated in the lab for EttF version 1.1. At this time, Cisco recommends considering only DHCP with option 82 for the application servers at level 3.
There are two main categories of Ethernet Switches: Modular and Fixed Configuration.
What are the Exact Modular and Fixed Configuration switches?
Modular switches, as the name implies, allows you to add expansion modules into the switches as needed, thereby delivering the best flexibility to address changing networks. Examples of expansion modules are application-specific (such as Firewall, Wireless, or Network Analysis), modules for additional interfaces, power supplies, or cooling fans.
Fixed Configuration switches are switches with a fixed number of ports and are typically not expandable.
The Fixed configuration switch category is further broken down into:
– Unmanaged Switches
– Smart Switches
– Managed L2 and L3 Switches
This category of switch is the most cost effective for deployment scenarios that require only basic layer 2 switching and connectivity. As such, they fit best when you need a few extra ports on your desk, in a lab, in a conference room, or even at home.
With some Unmanaged switches in the market, you can even get capabilities such as cable diagnostics, prioritization of traffic using default QoS settings, Energy savings capabilities using EEE (Energy Efficient Ethernet) and even PoE (Power Over Ethernet). However, as the name implies, these switches generally cannot be modified/managed. You simply plug them in and they require no configuration at all.
Cisco 100 Series switches are good examples of this category.
Smart Switches (also known as Lightly Managed Switches):
This category of switches is the most blurred and fastest changing. The general rule here is that these switches offer certain levels of Management, QoS, Security, etc. but is “lighter” in capabilities and less scalable than the Managed switches. It therefore makes them a cost-effective alternative to Managed switches. As such, Smart switches fit best at the edge of a large network (with Managed Switches being used in the core), as the infrastructure for smaller deployments, or for low complexity networks in general.
The capabilities available for this Smart switch category vary widely. All of these devices have an interface for Management – historically a browser-based interface used to be the only way to configure these devices, though nowadays you can manage some of these devices with CLI and/or SNMP/RMON as well. Regardless, these capabilities are lighter than what you will find in their Managed switch counterparts. Smart switches tend to have a management interface that is more simplified than what Managed Switches offer.
Smart switches allow you to segment the network into workgroups by creating VLANs, though with a lower number of VLANs and nodes (MAC addresses) than you’d get with a Managed switch.
They also offer some levels of security, such as 802.1x endpoint authentication, and in some cases with limited numbers of ACLs (access control lists), though the levels of control and granularity would not be the same as a Managed switch.
In addition, Smart switches support basic quality-of-service (QoS) that facilitates prioritization of users and applications based on 802.1q/TOS/DSCP, thereby making it quite a versatile solution.
Cisco 200 Series switches are good examples of this category.
Fully Managed L2 and L3 switches:
Managed Switches are designed to deliver the most comprehensive set of features to provide the best application experience, the highest levels of security, the most precise control and management of the network, and offer the greatest scalability in the Fixed Configuration category of Switches. As a result, they are usually deployed as aggregation/access switches in very large networks or as core switches in relatively smaller networks. Managed switches should support both L2 switching and L3 IP routing though you’ll find some with only L2 switching support.
From a Security perspective, Managed switches provide protection of the data plane (User traffic being forwarded), control plane (traffic being communicated between networking devices to ensure user traffic goes to the right destination), and management plane (traffic used to manage the network or device itself). Managed switches also offer network storm control, denial-of-service protection, and much more.
The Access Control List capabilities allows for flexibly dropping, rate limiting, mirroring, or logging of traffic by L2 address, L3 address, TCP/UDP port numbers, Ethernet type, ICMP or TCP flags, etc.
Managed switches are rich in features that enable them to protect themselves and the network from deliberate or unintended Denial of Service attacks. It includes Dynamic ARP Inspection, IPv4 DHCP snooping, IPv6 First Hop Security with RA Guard, ND Inspection, Neighbor Binding Integrity, and much more.
Additional Security capabilities may include Private VLANs for securing communities of users or device isolation, Secure Management (downloads through SCP, Web-based Authentication, Radius/TACACS AAA, etc), Control Plane Policing (CoPP) for protecting the CPU of the switch, richer support for 802.1x (time-based, Dynamic VLAN Assignment, port/host-based, etc)
From a Scalability perspective, these devices have large table sizes so that you can create large numbers of VLANs (for workgroups), devices (MAC table size), IP routes, and ACL policies for flow-based security/QoS purposes, etc.
For highest network availability and uptime, Managed switches support L3 redundancy using VRRP (Virtual Router Redundancy Protocol), large numbers of Link Aggregation groups (which is used both for scalability and resiliency), and capabilities for protecting L2 such as Spanning Tree Root Guard and BPDU Guard.
When we talk about QoS and Multicast features, the richness of capabilities goes far beyond what you’d see in a Smart Switch. Here you’d see things such as IGMP and MLD Snooping with Querier functions for optimizing IPv4/v6 multicast traffic in the LAN, TCP Congestion Avoidance, 4 or 8 queues to treat traffic differently by importance, setting/tagging traffic by L2 (802.1p) or L3 (DSCP/TOS), and rate limiting traffic.
In terms of Management, things such as multiple ways to configure (using CLI, Web GUI, SNMP Management application), discovering of neighbor devices in the networks (using CDP, LLDP, Bonjour, etc), and troubleshooting capabilities (such as VLAN and Port Mirroring, Traceroute, Ping, Syslog, Cable Diagnostics, RMON, etc) are all included.
What I highlighted is by no means exhaustive, but gives you a sense of what some of the differences may be between Managed and Smart Switches.
Cisco Catalyst and Cisco 300 Series and 500 Series switches are good examples of this category of products.
Managed Switches can go even further than what I’ve highlighted. For example, there’s even richer support for Dynamic Unicast and Multicast Routing protocols, deeper flow intelligence or macro flow statistics with Netflow/SFlow, non-Stop Forwarding capabilities, MPLS/VRF support, Policy enforcement, and many others.
Now, to take a deeper dive into these switch categories and talk about various options, you can select the switches based on:
– Number of ports
– POE versus non-POE
– Stackable versus Standalone
You can find Fixed Configuration switches in Fast Ethernet (10/100 Mbps), Gigabit Ethernet (10/100/1000 Mbps), Ten Gigabit (10/100/1000/10000 Mbps) and even some 40/100 Gbps speeds. These switches have a number of uplink ports and a number of downlink ports. Downlinks connect to end users – uplinks connect to other Switches or to the network infrastructure. Currently, Gigabit is the most popular interface speed though Fast Ethernet is still widely used, especially in price-sensitive environments. Ten Gigabit has been growing rapidly, especially in the datacenter and, as the cost comes down, it will continue to expand into more network applications. With 10GBase-T Ten Gigabit copper interfaces being integrated into LOM (LAN on the Motherboard) and 10G-Base-T switches becoming available now (see the Cisco SG500XG-8F8T 16-port 10-Gigabit switch), building a Storage or Server farm with 10 Gigabit interfaces has never been easier or more cost-effective. 40G/100G is still emerging and will be mainstream in a few years.
Number of ports:
Fixed Configuration Switches typically come in 5, 8, 10, 16, 24, 28, 48, and 52-port configurations. These ports may be a combination of SFP/SFP+ slots for fiber connectivity, but more commonly they are copper ports with RJ-45 connectors on the front, allowing for distances up to 100 meters. With Fiber SFP modules, you can go distances up to 40 kilometers
POE versus non-POE:
Power over Ethernet is a capability that facilitates powering a device (such as an IP phone, IP Surveillance Camera, or Wireless Access Point) over the same cable as the data traffic. One of the advantages of PoE is the flexibility it provides in allowing you to easily place endpoints anywhere in the business, even places where it might be difficult to run a power outlet. One example is that you can place a Wireless Access Point inside a wall or ceiling.
Switches deliver power according to a few standards – IEEE 802.3af delivers power up to 15.4 Watts on a switch port whereas IEEE 802.3at (also known as POE+) delivers power up to 30 Watts on a switch port. For most endpoints, 802.3af is sufficient but there are devices, such as Video phones or Access Points with multiple radios, which have higher power needs. It’s important to point out that there are other PoE standards currently being developed that will deliver even high levels of power for future applications. Switches have a power budget set aside for running the switch itself, and also an amount of power dedicated for POE endpoints.
To find the switch that is right for you, all you need to do is choose a switch according to your power needs. When connecting to desktops or other types of devices which do not require POE, the non-POE switches are a more cost-effective option.
Stackable versus Standalone:
As the network grows, you will need more switches to provide network connectivity to the growing number of devices in the network. When using Standalone switches, each switch is managed, troubleshot, and configured as an individual entity.
In contrast, Stackable switches provide a way to simplify and increase the availability of the network. Instead of configuring, managing, and troubleshooting eight 48-port switches individually, you can manage all eight like a single unit using a Stackable Switches. With a true Stackable Switch, those eight switches (total 384 ports) function as a single switch – there is a single SNMP/RMON agent, single Spanning Tree domain, single CLI or Web interface – i.e. single management plane. You can also create link aggregation groups spanning across multiple units in the stack, port mirror traffic from one unit in the stack to another, or setup ACLs/QoS spanning all the units. There are valuable operational advantages to be gained by this approach.
Here’s a word of warning. Be careful about products in the market which are sold as “Stackable” when they merely offer a single user interface, or central management interface, for getting to each individual switch unit. This approach is not stackable, but really “clustering”. You still have to configure every feature such as ACLs, QoS, Port mirroring, etc, individually on each switch. Use the following as a proof point – can I create a link aggregation group with one port in one unit of the stack and another port of that group in another unit of the stack? Can I select a port on one unit in the stack and mirror the traffic to a port on another unit of the stack? When I configure an ACL for Security purposes, can I apply that to any port on any unit in the stack? If the answer is “No” to any of these questions, you’re probably not working with a stackable switch.
There are other advantages of True Stacking as well. You can connect the stack members in a ring such that, if a port or cable fails, the stack will automatically route around that failure, many times at microsecond speeds. You can also add or subtract stack members and have it automatically recognized and added into the stack.
Cisco Catalyst 2K-X and 3K or Cisco 500 Series Switches are examples of Switches in this category.
As you can see there’s a multitude of switch options to choose from. So, have a close look at your current deployment and future needs to determine the right switch for your network.
More Related Cisco Network Switch Topics
Do you know how to configure the ASA as CA Server? You know the Cisco ASA can act as a Certificate Authority server an issue certificates to the VPN clients or other network devices.
The Cisco ASA only provides browser-based certificate enrollment.
Before to proceed with the configuration, make sure the time on your ASA is correct (Show clock) or use a NTP server to synchronize the time across your network devices.
We cannot specify the CA server name, because you can only have one instance of Local CA server running at the same time.
Under the Crypto ca server mode, we have multiple options explained as follows:
CA Server configuration commands:
- CDP-URL: Specifies the certificate revocation list distribution point to be included in the certificates issued by the CA.
- Database: Specifies a path or location for the local CA database. The default location is flash memory.
- Enrollment-retrieval: Specifies the time in hours that an enrolled user can retrieve a PKCS12 enrollment file.
- Issuer-name: Indicates that rule entry is applied to the issuer DN of the IPSec peer certificate.
- Keysize: Configure the size of keypair to generate for certificate enrollments for the local CA server.
- Lifetime CA-certificate: Specify the lifetime for the CA certificate.
- Lifetime certificate: Specify the lifetime for the user certificate.
- Lifetime CRL: Specify the lifetime for the CRL.
- OTP expiration: Specify the lifetime for the OTP expiration.
- Publish-CRL: Make the CRL available for download via HTTP on the specified interface.
- Renewal-reminder: Specify the time prior the CA certificate expiration, the ASA will notify the users via email.
- SMTP from address: Specify the email from which the notification will be sent to deliver the OTP password and enrollment invitations.
- SMTP subject: Customize the email subject.
- Subject-name-default: Specify an optional SUBJECT-NAME DN.
Basic ASA configuration as CA server
ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority
Equivalent CLI configuration.
ASA(config)# Crypto ca server
ASA(config-ca-server)# lifetime ca-certificate 100
ASA(config-ca-server)# lifetime certificate 30
ASA(config-ca-server)# smtp from-address email@example.com
ASA(config-ca-server)# smtp subject Certificate enrollment
ASA(config-ca-server)# keysize 2048
ASA(config-ca-server)# cdp-url http://cisco/+CSCOCA+/asa_ca.crl
ASA(config-ca-server)# subject-name-default CN=BoB , O=Cisco, C= US
ASA(config-ca-server)# no shutdown
Once the CA server has been enabled , we cannot do any modification to the configuration unless we shutdown the server.
Show and debugs commands:
- Debug crypto ca server
- Show crypto ca server
- Show crypto ca server cert-db
More information http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/config/guide/config/cert_cfg.html
Original Guide From https://supportforums.cisco.com/document/12597006/how-configure-asa-ca-server
More Cisco and Network Guide