Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco switches - cisco firewall tag

Cisco Catalyst 2960-X Switches: Enterprise Ready

August 3 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network, #IT

Cisco continually updates its Catalyst 2960-X Series Switches to meet customers’ needs.

Catalyst 2960-X series, the stackable fixed configuration Gigabit Ethernet (10/100/1000) switches, offers network connectivity for enterprise, midmarket, and branch locations.

Cisco Catalyst 2960-X switches feature:

24 or 48 Gigabit Ethernet ports with line-rate forwarding performance

• Gigabit Small Form-Factor Pluggable (SFP) or 10G SFP+ uplinks

FlexStack Plus for stacking of up to 8 switches with 80 Gbps of stack throughput (optional)

• Power over Ethernet Plus (PoE+) support with up to 740W of PoE budget

Reduced power consumption and advanced energy management features

• USB and Ethernet management interfaces for simplified operations

• Application visibility and capacity planning with integrated NetFlow-Lite

• LAN Base or LAN Lite Cisco IOS software features

• Enhanced limited lifetime warranty (E-LLW) offering next-business-day hardware replacement

Cisco Catalyst 2960-XR models also offer:

• Power resiliency with optional dual field-replaceable power supplies

• IP Lite Cisco IOS software with dynamic routing and Layer 3 features

The Cisco Catalyst 2960-XR models offer all the features of the Cisco Catalyst 2960-X. In addition, they have two field-replaceable redundant power supply modules for power redundancy. They also introduce Layer 3 routing functionality for the first time in the Cisco Catalyst 2960 Series.

Learn more: Cisco Catalyst 2960-X vs. 2960-XR Series Switches

 

Read the Cisco Catalyst 2960-X switches’ features in Details

FlexStack-Plus on Cisco Catalyst 2960-X Series Switches

Build for application visibility and control, these switches support NetFlow-Lite, which can be used to monitor, capture, and record traffic flows through the network.

With industry-leading energy management capabilities such as Cisco EnergyWise to measure and control power usage, Energy Efficient Ethernet (EEE) and Switch and Downlink Hibernation modes to conserve power during periods of inactivity in the network, the Cisco Catalyst 2960-X with up to 80 percent energy savings is the greenest switch in the industry.

The Cisco Catalyst 2960-X Series is SDN ready to enable customers to build applications that automate various services across the campus.

Simple

Cisco Catalyst 2960-X Series Switches are simple to deploy, manage, and troubleshoot. As part of the Cisco Unified Access portfolio, the Cisco Catalyst 2960-X Series Switches are fully integrated with Cisco Prime to offer simple operation from a central location.

They can also be managed by Cisco Network Assistant, which features an intuitive GUI where users can easily apply common services across Cisco switches and routers.

The Cisco Catalyst 2960-X makes deployment and ongoing management easy with Cisco Smart Operations, which enable customers to reduce switch installation, configuration, troubleshooting time, and operational costs.

Cisco Smart Install and Configuration are transparent automated technology to configure the Cisco IOS Software image and switch configuration without user intervention.

Cisco Auto SmartPorts provide automatic Ethernet interface level configuration as devices connect to the switch port, allowing auto detection and plug and play of the device onto the network. It configures the Ethernet interface port with predefined configurations, including security, quality of service (QoS), and manageability features, with minimal effort and expertise.

Smart Call Home provides proactive diagnostics and remediation of hardware and software issues.

Secure

The Cisco Catalyst 2960-X switches deliver a range of features that secure access to the network and enforce security policies.

These features include flexible authentication with robust 802.1x, SXP Cisco TrustSec for policy enforcement, role-based security access and control with Cisco ISE and IPv6 First Hop Security. Furthermore, these Cisco switches protect network data confidentiality and integrity with switch port–level encryption.

Investment Protection

Cisco Catalyst 2960-X Series Switches preserve customer investment by allowing mixed stacking with existing Cisco Catalyst 2960-S and 2960-SF switches.

Customers can grow their access networks by adding the new Cisco Catalyst 2960-X switches to their existing Cisco Catalyst 2960-S and 2960-SF stacks.

Warranty Coverage and Technical Service Options

The Cisco Catalyst 2960-X Series Switches come with an enhanced limited lifetime hardware warranty (E-LLW) that includes 90 days of Cisco Technical Assistance Center (TAC) support and next-business day hardware replacement where available.

 

Migrating to Cisco Catalyst 2960 and 2960XR Switches

Cisco Catalyst 2960-X Series Switches, the stackable Gigabit Ethernet Layer 2 and Layer 3 access switches, give you enterprise-class features at a great price.

Designed for simplicity, they are easy to deploy, manage, and troubleshoot and offer automated software installation and port configuration.

Improvements over previous generations include:

  • Better customer and employee experiences through higher performance and improved support for mobility
  • Advanced security to handle increasing threats
  • Reduced cost and complexity through support for software defined networking (SDN) and innovations in energy efficiency Without the right switching solutions—the applications, services, and devices you deploy cannot live up to their potential.

Digital transformation makes having the right foundation to stay competitive more important than ever before.

Why migrate to the Cisco Catalyst 2960-X/XR? Read the Benefits of Migrating to Cisco Catalyst 2960 and 2960XR Switches. Compare and see what you’ve been missing.

Read more:

Compare the Catalyst 2960-X/XR to the Previous 2960 Access Switches

Comparison of Cisco Catalyst 2960 Switches

 

Cisco Catalyst 2960-X Series Configurations

The 2960-X and XR Series Switches include configurations to fit in any enterprise network. Choose the best switch for your needs from more than 20 models. 

  • FlexStack-Plus Stacking: A hot swappable module that provides true stacking with up to 8 switches in a stack acting as a single unit
  • PoE: Power over Ethernet
  • PoE+: Power over Ethernet Plus
  • LAN Base: Advanced Layer 2 Feature set
  • IP Lite: Basic Layer 3 Feature set

See more Cisco 2960-X/XR Models at a great price.

 

More Related…

Cisco 2960S and 2960-X Series’ Problems from Users

Cisco Catalyst 2960-X/XR vs. Catalyst 3650 vs. Cisco 3850 Series

How to Install or Replace an AC Power Supply in a Cisco 2960-X Switch?

How to Configure the Voice VLAN Feature on the Catalyst 2960 and 2960-S Switches?

Read more

Cisco Catalyst 9300 Series Will Replace the Catalyst 3850 Series

July 26 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Switches - Cisco Firewall, #Cisco Technology - IT News, #IT, #Cisco Switches-Software, #Technology

Is Your Network Ready for the New Era? Cisco announced its new Catalyst series switches-the Catalyst 9000 Series, introducing an entirely new era of networking. The Network. Intuitive.

There are three series in the new Catalyst 9000 switch family:

1. Catalyst 9300 Series (LAN Access Switches): the top fixed-access enterprise network switch series, stacking to 480 Gbps.

2. Catalyst 9400 Series (LAN Access Switches): the leading modular-access switches for enterprise, the Catalyst 9400 Series supports up to 9 Tbps.

3. Catalyst 9500 Series (LAN Core and Distribution Switches): the industry’s first fixed-core 40-Gbps switch for the enterprise.

Learn more: The New Catalyst 9000 Switches Simplify IoT & Cloud Requirements

In this article we will talk about the new Catalyst 9300 Series, the Next Level of the Market-Leading Fixed Access Switching Platform.

Will the Catalyst 9300 replace the Catalyst 3850 Series? Definitely, it is the best replacement for the Catalyst 3850 Series. Why? Let’s check the more detailed features of the Cisco Catalyst 9300 Series.

Switch models and configurations

The Cisco Catalyst 9300 Series is made up of seven different switch models. Any of the models can be used together in a stack of up to eight units.

The Table below lists port scale and power details for the Cisco Catalyst 9300 Series models.

Cisco Catalyst 9300 Series Switch configurations

Model

Total 10/100/1000 or Multigigabit Copper Ports

Default AC Power Supply

Available PoE Power

Cisco StackWise-480

Cisco StackPower

C9300-24T

24

350WAC

 

Yes

Yes

C9300-48T

48

350WAX

C9300-24P

24 POE+

715WAC

445W

C9300-48P

48 POE+

715WAC

437W

C9300-24U

24 Cisco UPOE

1100WAC

830W

C9300-48U

48 Cisco UPOE

1100WAC

822W

C9300-24UX*

24 Multigigabit Cisco UPOE (100 Mbps or 1, 2.5, 5, or 10 Gbps)

1100WAC

490W

 

Network modules

The Cisco Catalyst 9300 Series Switches support optional network modules for uplink ports. The default switch configuration does not include the network module. When you purchase the switch, you can choose from the network modules described in the following Table.

  • Uplink modules supported on all 9300 Series copper models
  • Online Insertion and Removal (OIR) supported on all uplink modules

Network module numbers and descriptions

Network Module

Description

C9300-NM-4G

9300 Series 4x 1G Network Module

C9300-NM-8X

9300 Series 8x 10G Network Module

C9300-NM-2Q

9300 Series 2x 40G Network Module

C9300-NM-4M

9300 Series 4x Multigigabit Network Module

Please note: Existing 3850 network modules are also supported in the Catalyst 9300 Series platforms.

 

Power Supplies

The Cisco Catalyst 9300 Series Switches support dual redundant power supplies. The switches ship with one power supply by default, and the second power supply can be purchased when the switch is ordered or at a later time. If only one power supply is installed, it should always be in power supply bay #1. The switches also ship with three field-replaceable fans.

Table3 lists the different power supplies available in these switches and available PoE power.

Table3. Power supply models

Models

Default Power Supply

Available PoE Power

24-port data switch

PWR-C1-350WAC

48-port data switch

24-port PoE+ switch

PWR-C1-715WAC

445W

437W

48-port PoE+ switch

24-port Cisco UPOE switch

PWR-C1-1100WAC

830W

822W

48-port Cisco UPOE switch

24-port Multigigabit Cisco UPOE switch

PWR-C1-1100WAC

490W – Support in Open IOS-XE 16.6

Power supply requirements for PoE and PoE+

 

24-Port PoE Switch

48-Port PoE Switch

PoE on all ports (15.4W per port)

1 PWR-C1-715WAC

1 PWR-C1-1100WAC or 2 PWR-C1-715WAC

PoE+ on all ports (30W per port)

1 PWR-C1-1100WAC or 2 PWR-C1-715WAC

2 PWR-C1-1100WAC or 1 PWR-C1-1100WAC and 1 PWR-C1-715WAC

Power supply requirements for Cisco UPOE

 

24-Port UPOE Switch

48-Port UPOE Switch

24-Port Multigigabit UPOE Switch

Cisco UPOE (60W per port) on all ports (24-port switch) or up to 30 ports (48-port switch)

1 PWR-C1-1100WAC and 1 PWR-C1-715WAC

2 PWR-C1-1100WAC

2 PWR-C1-1100WAC

●   Perpetual PoE: With Perpetual PoE, the PoE power is maintained during a switch reload. This is important for IoT endpoints such as PoE-powered lights, so that there is no disruption during switch reboot.

●   Fast PoE: When power is restored to a switch, PoE starts delivering power to endpoints without waiting for the operating system to fully load, thereby speeding up the time for the endpoint to start up.

Software requirements

Cisco Catalyst 9300 Series Switches run on Open IOS XE 16.5.1a release or later. This software release includes all the features listed earlier in the Platform Benefits section.

 

  • Up to 8 Switches can be stacked together using back stacking cables
  • All 9300 models are supported in the stack
  • All the switches in the stack should run the same IOS and License
  • Mixed stacking between 9300 and 9300 is not supported

 

Cisco Catalyst 9300 Series StackPower

“Zero-Footprint” RPS Deployment

• Provides RPS functionality with Zero RPS Footprint

• Pay-as-you-grow architecture–similar to the Data Stack

• 1+N Redundancy with Inline Power

• Up to 4 Switches in a StackPower Ring

• Multiple StackPower Possible within one Data Stack

• Up to 9 Switches in a star topology with XPS

 

Mapping Between Cisco Catalyst 3850 and 9300

3850 PIDs

9300 PID

Short description

WS-C3850-24T

C9300-24T

Catalyst 9300 24-port data only switch

WS-C3850-24P

C9300-24P

Catalyst 9300 24-port PoE+ switch

WS-C3850-24U

C9300-24U

Catalyst 9300 24-port UPOE switch

WS-C3850-24XU

C9300-24UX

Catalyst 9300 24-port mGig and UPOE switch

WS-C3850-48T

C9300-48T

Catalyst 9300 48-port data only switch

WS-C3850-48P

C9300-48P

Catalyst 9300 48-port PoE+ switch

WS-C3850-48U

C9300-48U

Catalyst 9300 48-port UPOE switch

Learn More: Why Migrate to Cisco Catalyst 9300 Switches?

More Related…

Why Migrate to the Cisco Catalyst 9400 Series Switches?

Why Migrate to Cisco Catalyst 9500 Switches?

Q and A: Cisco Catalyst 9400 Overview

The New Catalyst 9000 Switches Simplify IoT & Cloud Requirements

Read more

New Catalyst 9000 Switches for a Changing World

July 11 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Switches - Cisco Firewall, #IT, #Technology, #Data Center, #Cisco & Cisco Network, #Cisco Technology - IT News

Cisco switches are constantly learning, constantly adapting, constantly protecting in your data center, core, or edge.

This is the new era in networking. The Network. Intuitive.

Now here comes the Cisco Catalyst 9000 Series.

Cisco’s new Catalyst 9000 switches, switching for a changing world, constantly adapt to help you solve new challenges.

  • Their integrated security helps you address ever-changing threats.
  • They simplify management of your evolving mobility, Internet-of-Things (IoT), and cloud requirements.

There are three series in Catalyst 9000 family:

Catalyst 9300 Series: The Catalyst 9300 Series is our top fixed-access enterprise network switch series, stacking to 480 Gbps.

Catalyst 9400 Series: Cisco’s leading modular-access switches for enterprise, the Catalyst 9400 Series supports up to 9 Tbps.

Catalyst 9500 Series: The Catalyst 9500 Series is the industry’s first fixed-core 40-Gbps switch for the enterprise.

More fast questions and answers help you learn more about the new Catalyst 9000 Series.

Cisco Catalyst 9000 network features and services (common to all Cisco Catalyst 9000 Switches)

Q: What feature sets do the Cisco Catalyst 9000 Switches support?

A: The Cisco Catalyst 9000 Series Switches support the packaging of features into Essentials and Advantage packages. The details of the features in each package are listed in the data sheets–link provided below in the Pricing and Ordering section.

Q: What programmability capabilities are available on the Cisco Catalyst 9000?

A: The Cisco Catalyst 9000 opens a completely new paradigm in network configuration, operation, and monitoring through network automation. The Cisco automation solution is open, standards-based, and extensible across the entire network lifecycle of a network device.

• Device provisioning: Through Plug-and-Play (PnP), Zero-Touch Provisioning (ZTP), and Preboot Execution (PXE)

• Configuration: Model-driven operation through open Application Programming Interfaces (APIs) over NETCONF, Python Scripting

• Customization and monitoring: Streaming telemetry

• Upgrade and manageability: In-Service Software Upgrade (ISSU), patchability, and config/replace

Q: What management capabilities are available for the Cisco Catalyst 9000?

A: You can manage it using the Cisco IOS Software Command-Line Interface (CLI), using Cisco Prime® Infrastructure 3.1.7 DP13, Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM), onboard Cisco IOS XE Software Web User Interface (WebUI), Simple Network Management Protocol (SNMP), or Netconf/YANG.

Q: Is there an onboard web GUI on the Cisco Catalyst 9000?

A: Yes. An onboard web GUI is available.

Q: What is the purpose of the blue beacon LED on the Cisco Catalyst 9000?

A: The blue beacon LED is common across the Cisco Catalyst 9000 Series Switches to simplify the operations. It makes chassis identification easier when several such switches are mounted on racks. A remote administrator can enable the LED to blink to help the local operator quickly locate the chassis. The local operator presses the mode button to acknowledge.

Q: What is the maximum number of VRF instances that I can configure on a Cisco Catalyst 9000?

A: The maximum number of VRFs that you can configure on a Cisco Catalyst 9000 is 256.

Q: What is Cisco’s direction for wireless?

A: Cisco believes that the best solution for a wired or wireless network is achieved when integrated into SD-Access, Cisco’s lead architecture for the next-generation enterprise network. This solution delivers consistency with wired infrastructure around policy, segmentation, orchestration and automation, and assurance. This new architecture delivers the best experience for mobility, guest, IoT, multicast services, and overall network performance with its distributed data plane and centralized control-plane architecture.

Q: What wireless support is provided with the Cisco Catalyst 9000 platforms?

A: Cisco Catalyst 9000 products are instrumental in supporting the following wireless capabilities in the SD-Access architecture:

• Connect access points and integrate them into the SD-Access fabric. The switch integrates with the fabric control plane (LISP), thereby providing reachability for the access points and clients in the fabric.

• Deliver macro (VRF) and micro (Scalable Group Tag (SGT) [SGT] group-based) segmentation to the access points to deliver end-to-end policies.

• Can terminate guest VXLAN traffic, so there is no need for a dedicated guest anchor controller.

The support for wireless capability at launch will be together with the AireOS 8.5 Controller running on an Cisco 8540 Wireless Controller, Cisco 5520 Wireless Controller, or Cisco 3504 Wireless Controller appliance with the Cisco Catalyst platforms functioning as Fabric Edge and Fabric Border nodes.

 

Q: What are the SD-Access wireless capabilities?

A: The new Cisco Catalyst 9000 Series switches provide a complete solution for Campus with Cisco AireOS Conrollers and Wave 2 access points.

Q: What are the advantages of integrating wireless in the SD-Access fabric architecture?

A: • Highest performance and scale: Distributed data-plane forwarding in hardware distributed in the network paired with the large control-plane scale offered by the dedicated controller appliances.

• Best guest: You don’t need a dedicated guest anchor controller in the Demilitarized Zone (DMZ): Traffic is sent directly to the fabric border to exit the fabric. Also, there is no sub-optimal traffic forwarding such as from an access point to a foreign controller and on to a guest anchor controller.

• Best mobility: IP addressing is simpler; there is one subnet for the entire wireless SSID across the network, and no hairpin of traffic when roams occur.

• Simple operation: Operation is simple because wired and wireless are treated the same and operated together; they have common policies and controller-based automation.

• Wired innovations applied to wireless: First-hop security innovations available for wired can also be applied to wireless; for example, Dynamic ARP Inspection (DAI), IP Source Guard (IPSG), and DHCP Snooping.

• Segmentation across wired and wireless:

-The virtual network now passes all the way to wired as well as wireless devices.

-This segmentation is important for separation of certain devices from others, such as IoT and building automation devices connected over wireless.

-It is also important for security reasons to reduce attack the surface; if someone gets into a segment, the person can move only within that segment.

-Because segmentation is handled by the fabric, the number of SSIDs can be limited.

• Best multicast:

-The solution offers the best performance of distributed replication in hardware across the network.

These switches truly deliver the best of wired and wireless together.

 

More Related

The New Catalyst 9000 Switches Simplify IoT & Cloud Requirements

Why Migrate to the Cisco Catalyst 9400 Series Switches?

http://www.router-switch.com/Price-cisco-wireless-ap-cisco-wlan-controller_c60

Read more

Cisco ASA FirePOWER Services Sizing

June 30 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Networking, #IT, #Technology

It is really important that you understand the capabilities of each Cisco ASA model before you select the one that is appropriate for your specific deployment.

The following Table lists the maximum application visibility and control (AVC) and NGIPS throughput on each Cisco ASA–supported model.

Table.The Maximum Concurrent Connections and AVC/NGIPS Throughput

ASA Model

Maximum Concurrent Connections

Maximum AVC and NGIPS Throughput

ASA 5506-X (with Security Plus license)

50,000

125 Mbps

ASA 5506W-X (with Security Plus license)

50,000

125 Mbps

ASA 5506H-X (with Security Plus license)

50,000

125 Mbps

ASA 5508-X

100,000

250 Mbps

ASA 5512-X (with Security Plus license)

100,000

150 Mbps

ASA 5515-X

250,000

250 Mbps

ASA 5516-X

250,000

450 Mbps

ASA 5525-X

500,000

650 Mbps

ASA 5545-X

750,000

1,000 Mbps

ASA 5555-X

1,000,000

1,250 Mbps

ASA 5585-X with SSP10

500,000

2 Gbps

ASA 5585-X with SSP20

1,000,000

3.5 Gbps

ASA 5585-X with SSP40

1,800,000

6 Gbps

ASA 5585-X with SSP60

4,000,000

10 Gbps

For a complete and up-to-date Cisco ASA model comparison, visit Cisco’s ASA website, at cisco.com/go/asa.

Reference from http://www.ciscopress.com/articles/article.asp?p=2730336&seqNum=4

More Related

How to Deploy the ASA FirePOWER Services in the Internet Edge, VPN Scenarios and Data Center?

Finding the Sweet Spot–Firepower 2100

The Most Common NGFW Deployment Scenarios

Migration to Cisco NGFW

How to Recover the Password for Your ASA?

Read more

Cisco ASA FirePOWER Management Options

May 26 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #IT, #Technology, #Data Center, #Cisco & Cisco Network, #Cisco Switches - Cisco Firewall

In the book Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP (it was written by Omar Santos), the author shared more contents about the Design of Cisco ASA with FirePOWER Services.

Now in the following part we selected some chapters that were shared with you: Cisco ASA FirePOWER Management Options

There are several options available for network security administrators to manage the Cisco ASA FirePOWER module. The Cisco ASA FirePOWER module provides a basic command-line interface (CLI) for initial configuration and troubleshooting only. Network security administrators can configure security policies on the Cisco ASA FirePOWER module using either of these methods:

  • Administrators can configure the Cisco Firepower Management Center hosted on a separate appliance or deployed as a virtual machine (VM).
  • Administrators can configure the Cisco ASA FirePOWER module deployed on Cisco ASA 5506-X, 5508-X, and 5516-X using Cisco’s Adaptive Security Device Manager (ASDM).

Figure 1 shows a Cisco ASA with FirePOWER Services being managed by a Cisco Firepower Management Center (FMC) in a VM.

Cisco ASA with FirePOWER Services Managed by a Cisco Firepower Management Center

 

In Figure 1 the Cisco Firepower Management Center manages the Cisco ASA FirePOWER module via its management interface. The following section provides important information about configuring and accessing the Cisco ASA FirePOWER module management interface.

Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances

In the Cisco ASA 5585-X, the Cisco ASA FirePOWER module includes a separate management interface. All management traffic to and from the Cisco ASA FirePOWER module must enter and exit this management interface, and the management interface cannot be used as a data interface.

The Cisco ASA FirePOWER module needs Internet access to perform several operations, such as automated system software updates and threat intelligence updates. If the module is managed by the Firepower Management Center, the FMC is the one that needs to have Internet access to perform those tasks.

Figure 2 shows an example of how you can physically connect the Cisco ASA FirePOWER module management interface to be able to reach the Internet via the Cisco ASA interface.

Cisco ASA 5585-X FirePOWER Module Management Interface

 

In Figure 2, the Cisco ASA 5585-X has two modules:

  • A module running Cisco ASA software
  • A module running FirePOWER Services

The Cisco ASA is managed via the interface named management 0/0 in this example. This interface is configured with the IP address 192.168.1.1. The Cisco ASA FirePOWER module is managed via the interface named management 1/0, configured with the IP address 192.168.1.2. The Cisco ASA FirePOWER module is being managed by a virtual Cisco Firepower Management Center. Both interfaces are connected to a Layer 2 switch in this example.

NOTE: You can use other cabling options with the Cisco ASA FirePOWER module management interface to be able to reach the Internet, depending on how you want to connect your network. However, the example illustrated in Figure 4 is one of the most common scenarios.

In order for the Cisco ASA FirePOWER module management interface to have an Internet connection, the default gateway of the Cisco ASA FirePOWER module is set to the Cisco ASA management interface IP address (192.168.1.1 in this example). Figure 3 illustrates the logical connection between the Cisco ASA FirePOWER module management interface and the Cisco ASA management interface.

Cisco ASA FirePOWER Module Management Interface

 

Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances

In the rest of the Cisco 5500-X appliances, the management interface is shared by the Cisco ASA FirePOWER module and the classic Cisco ASA software. These appliances include the Cisco ASA 5506-X, 5506W-X, 5506H-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, and 5555-X appliances.

Figure 4 shows a Cisco ASA 5516-X running Cisco ASA FirePOWER Services.

Cisco ASA 5500-X FirePOWER Module Management Interface

 

In Figure 4, the management interface is used by the Cisco ASA FirePOWER module. The management interface is configured with the IP address 10.1.2.2. You cannot configure an IP address for this interface in the Cisco ASA configuration. For the ASA 5506-X, 5508-X, and 5516-X, the default configuration enables the preceding network deployment; the only change you need to make is to set the module IP address to be on the same network as the ASA inside interface and to configure the module gateway IP address. For other models, you must remove the ASA-configured name and IP address for management 0/0 or 1/1 and then configure the other interfaces as shown in Figure 5.

NOTE: The management interface is considered completely separate from the Cisco ASA, and routing must be configured accordingly.

The Cisco ASA FirePOWER module default gateway is configured to be the inside interface of the Cisco ASA (10.1.2.1), as illustrated in Figure 5.

Cisco ASA 5500-X FirePOWER Module Default Gateway

 

If you must configure the management interface separately from the inside interface, you can deploy a router or a Layer 3 switch between both interfaces, as shown in Figure 8. This option is less common, as you still need to manage the ASA via the inside interface.

Cisco ASA 5500-X FirePOWER Module Management Interface Connected to a Router

 

In Figure 6, the Cisco ASA FirePOWER module default gateway is the router labeled R1, with the IP address 10.1.2.1. The Cisco ASA’s inside interface is configured with the IP address 10.1.1.1. The Cisco ASA FirePOWER module must have a way to reach the inside interface of the ASA to allow for on-box ASDM management. On the other hand, if you are using FMC, the Cisco ASA FirePOWER module needs to have a way to reach the FMC.

Reference from http://www.ciscopress.com/articles/article.asp?p=2730336&seqNum=3

More Related

How to Deploy the Cisco ASA FirePOWER Services in the Internet Edge, VPN Scenarios and Data Center?

The Most Common NGFW Deployment Scenarios

Cisco ASA with FirePOWER Services

How to Start a Cisco ASA 5585-X Series?

Read more

Embrace Efficiency and Lower Costs with Cisco Digital Building Series

April 26 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Switches - Cisco Firewall, #IT

Designed for smart buildings and optimized for low-voltage PoE, the new Catalyst Digital Building plenum-rated UPOE fan-less switches combine lighting, air conditioning, security systems, and more on one IP network with seamless security and easy installation and management.

Cisco Catalyst Digital Building Series Switch Highlights

● 8 fast Ethernet ports and 2 gigabit copper uplink ports, with line-rate forwarding performance

● Universal Power over Ethernet (Cisco UPOE) and Power over Ethernet Plus (PoE+) support with up to 480W of power budget.

● Support for Layer 2 features, optimized for robust connectivity to lighting and other building IoT devices.

● Silent operation due to fanless design, which enhances reliability

● Enhanced Limited Lifetime Warranty (E-LLW)

Cisco Catalyst Digital Building Series Switch Models and Default Software

The Cisco Catalyst Digital Building Switches are available in two switch models. They vary by the output power/port supported by the model. One model supports Power over Ethernet Plus (PoE+), which guarantees 30W/port of power. The other model supports Universal Power over Ethernet (UPOE), which guarantees double the power, 60W/port.

Model

Ethernet Ports

PoE
Output Ports

Available
PoE Power

Uplinks

Default Software

CDB-8U

8 x 10/100 Fast Ethernet UPOE

8

480W

2 x 10/100/1000

LAN Lite

CDB-8P

8 x 10/100 Fast Ethernet PoE+

8

240W

2 x 10/100/1000

LAN Lite

 

Embrace Efficiency and Lower Costs with Cisco Digital Building Series

The Cisco Catalyst Digital Building Series Switches are industry’s first ever purpose-built switch designed for low-voltage LED lighting and digital building systems. The switch can be used to power devices and applications with Cisco’s perpetual and fast Universal Power over Ethernet (UPOE) technologies, delivering up to 60W/port.

The Cisco Catalyst Digital Building Series Switch offers several benefits that no other competitive switch in the market does:

• Flexible deployment with semiruggedized, plenum-rated, UL-certified fanless features, multiple powering options, and support for mobile apps for easy deployment

• <0.5W power consumption on standby, Uninterrupted power during reboots and rapid power restoration under 5 seconds after power resumption

• High security and reliability with long-lasting 10+ year system life and threat sensing and mitigation when used with Catalyst 3850 upstream switches.

• Functional interoperability with CoAP proxy support, a lightweight protocol for constrained devices: lights, VAV systems, digital signage, sensors, and so on.

 

More Related

Cisco’s New ‘Light Switch’-The Catalyst Digital Building Series

Read more

EoS and EoL Announcement for the Cisco FirePOWER 8200 Series Appliances—3-Year Subscriptions

March 17 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco News, #IT, #Cisco Switches - Cisco Firewall

Cisco announced the end-of-sale and end-of-life dates for the Cisco FirePOWER 8200 Series Appliances–3-Year Subscriptions. The last day to order the affected product(s) is October 3, 2015. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table1 of the EoL bulletin.

  1. Table1 describes the end-of-life milestones, definitions, and dates for the affected product(s).
  2. Table2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

Table1. End-of-Life Milestones and Dates for the Cisco FirePOWER 8200 Series Appliances—3-Year Subscriptions

Milestone

Definition

Date

End-of-Life Announcement Date

The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public.

April 4, 2015

End-of-Sale Date

The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.

October 3, 2015

Last Ship Date:
License

The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.

January 1, 2016

End of Signature Release Date

The date after which there will be no more signature update releases for Firepower 8200 Series Appliances.

October 3, 2018

Table2.  Product Part Numbers Affected by This Announcement

End-of-Sale Product
Part Number

Product Description

Replacement Product Part Number

Replacement Product Description

Additional Information

FP8250-AMP-3Y

Cisco AMP for FirePOWER 8250 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TA-3Y

Cisco FirePOWER 8250 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TAC-3Y

Cisco FirePOWER 8250 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TAM-3Y

Cisco FirePOWER 8250 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-TAMC-3Y

Cisco FirePOWER 8250 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8250-URL-3Y

Cisco FirePOWER 8250 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-AMP-3Y

Cisco AMP for FirePOWER 8260 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TA-3Y

Cisco FirePOWER 8260 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TAC-3Y

Cisco FirePOWER 8260 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TAM-3Y

Cisco FirePOWER 8260 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-TAMC-3Y

Cisco FirePOWER 8260 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8260-URL-3Y

Cisco FirePOWER 8260 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-AMP-3Y

Cisco AMP for FirePOWER 8270 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TA-3Y

Cisco FirePOWER 8270 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TAC-3Y

Cisco FirePOWER 8270 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TAM-3Y

Cisco FirePOWER 8270 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-TAMC-3Y

Cisco FirePOWER 8270 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8270-URL-3Y

Cisco FirePOWER 8270 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-AMP-3Y

Cisco AMP for FirePOWER 8290 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TA-3Y

Cisco FirePOWER 8290 IPS and Apps 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TAC-3Y

Cisco FirePOWER 8290 IPS, Apps and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TAM-3Y

Cisco FirePOWER 8290 IPS, Apps and AMP 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-TAMC-3Y

Cisco FirePOWER 8290 IPS, Apps, AMP and URL 3YR Service Subs

See the Product Migration Options section below for detailed information on replacing this product.

-

-

FP8290-URL-3Y

Cisco FirePOWER 8290 URL Filtering 3YR Service Subscription

See the Product Migration Options section below for detailed information on replacing this product.

-

-

Customers are encouraged to migrate to the Cisco FirePOWER 8300 Series Appliances and appropriate subscriptions for new purchases. One-year subscriptions will remain available for renewals for existing 8200 Series deployments beyond the appliance end-of-sale period.

Information about the Cisco FirePOWER 8000 Series can be found at: http://www.cisco.com/c/en/us/products/security/firepower-8000-series-appliances/literature.html.

Reference from http://www.cisco.com/c/en/us/products/collateral/security/firepower-8000-series-appliances/eos-eol-notice-c51-734291.html

More Cisco EoL & EoS News

EoS and EoL Announcement for the Cisco ASA 5585-X Next-Generation Firewall

Cisco’s High-end Next Generation Firewalls-Firepower 4100 and 9300 Series

How to Start a Cisco ASA 5585-X Series

Cisco ASA 5500-X Series Migration Options

Read more

Cisco ASA 5500-X Series Migration Options-ASA 5555-X, ASA 5525-X & ASA 5515-X

March 8 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #IT, #Cisco Switches - Cisco Firewall

Product Migration Options-ASA 5550 to ASA 5555-X, ASA 5520 to ASA 5525-X, ASA 5510 to ASA 5515-X

Most of Cisco ASA 5500 Models have been announced end-of-life and end-of-sale, such as the ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550. Cisco ASA users and customers are encouraged to migrate to the newer Cisco ASA 5500-X Series of next-generation firewalls (NGFW), which includes the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X and so forth.

 

In the following tables we will share the main Product Comparisons of ASA 5500 Models and the new ASA 5500-X models, which include the ASA 5550 and ASA 5555-X, ASA 5520 and ASA 5525-X, ASA 5510 and ASA 5515-X

ASA 5550 vs. ASA 5555-X

Feature

Cisco ASA 5550 Adaptive Security Appliance

Cisco ASA 5555-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

No

Yes (Does not require separate hardware module)

Content Security Service

No

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

1.2 Gbps

4 Gbps

IPS Throughput (Max)

Not Applicable

1.3 Gbps

VPN Throughput (Max)

425 Mbps

700 Mbps

Connections (Max)

600,000

1,000,000

Connections Per Second

33,000

50,000

Integrated I/O

8 GE Copper and 1 FE

8 GE Copper + Dedicated GE Copper Management Port

Expansion I/O

Not Available

6-port GE Copper, or 6-port GE SFP

CPU

Single Core

Multiple Cores

Memory

4 GB

16 GB

Dual Power Supplies

No

Yes

IPS Accelerator hardware

No

In-built hardware accelerator for both default and custom signatures

Hardware support for 2048-bit certificates

No

Yes

 

ASA 5540 to Cisco ASA 5545-X

Feature

Cisco ASA 5540 Adaptive Security Appliances

Cisco ASA 5545-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

Yes (Requires separate Hardware module)

Yes (Does not require separate hardware module)

Content Security Card Module

Available

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

650 Mbps

3 Gbps

IPS Throughput (Max)

650 Mbps

900 Mbps

VPN Throughput (Max)

325 Mbps

400 Mbps

Connections (Max)

400,000

750,000

Connections Per Second

25,000

30,000

Dual Power Supplies

No

Yes

Integrated I/O

4GE Cu + 1FE

6GE Cu

Expansion I/O

4-port GE Cu or 4-port GE SFP

6-port GE Cu or 6-port GE SFP

CPU

Single-core

Multiple cores

Memory

2GB

12GB

Hardware support for 2048-bit certificates

No

Yes

 

Migration Options-ASA 5520 to ASA 5525-X

The Cisco ASA 5525-X offers increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Additionally, the ASA 5525-X includes a hardware chip to speed up IPS signature execution (for both default and custom signatures).

Refer to the table below for a detailed comparison between the ASA 5520 and ASA 5525-X. Customers can also upgrade to the Cisco ASA 5545-X, which provides the option of dual power supplies in addition to better performance and scaling.

Product Comparisons-ASA 5520 vs. ASA 5525-X

Feature

Cisco ASA 5520 Adaptive Security Appliance

Cisco ASA 5525-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

Yes (Requires separate Hardware module)

Yes (Does not require separate hardware module)

Content Security Card Module

Yes

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

450 Mbps

2 Gbps

IPS Throughput (Max)

450 Mbps

600 Mbps

VPN Throughput (Max)

225 Mbps

300 Mbps

Connections (Max)

280,000

500,000

Connections Per Second

12,000

20,000

Integrated I/O

4 GE Copper + 1 FE

8 GE Copper

Expansion I/O

4-port GE Cu or 4-port GE SFP

6-port GE Copper or 6-port GE SFP

CPU

Single Core

Multiple Cores

Memory

2 GB

8 GB

IPS Accelerator hardware

No. All signatures run on IPS Security Module CPU.

In-built hardware accelerator for both default and custom signatures

Hardware support for 2048-bit certificates

No

Yes

 

Migration Options-ASA 5510 to ASA 5515-X

The Cisco ASA 5512-X and ASA 5515-X offer increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Customers can choose the ASA 5512-X if they do not want high availability, which comes as a default option on the ASA 5515-X.

Note that there is a license on the ASA 5512-X that enables high availability, should that be required later.

Product Comparisons: ASA 5510 vs. ASA 5515-X

Feature

Cisco ASA 5510 Adaptive Security Appliance

Cisco ASA 5515-X Adaptive Security Appliance

Next-Generation Firewall

No

Yes

Application Visibility and Control Service

No

Yes

Web Security Service

No

Yes

IPS Service

Yes (Requires separate Hardware module)

Yes (Does not require separate hardware module)

Content Security Service

Yes (Requires separate Hardware module)

Similar functionality available through Cloud Web Security (formerly known as ScanSafe)

Firewall Throughput (Max)

300 Mbps

1.2 Gbps

IPS Throughput (Max)

300 Mbps

400 Mbps

VPN Throughput (Max)

170 Mbps

250 Mbps

Connections (Max)

100,000

250,000

Connections Per Second

9,000

15,000

Integrated I/O

2GE Copper and 3FE

6 GE Copper

Expansion I/O

4-port GE Copper, or 4-port GE SFP

6-port GE Copper 6-port GE SFP

CPU

Single core

Multiple cores

Memory

1 GB

8 GB

Hardware support for 2048-bit certificates

No

Yes

USB thumb drive support

No

Yes (can be used to store logs and configuration files)

 

More Related…

Migration to Cisco NGFW

Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?

EoS and EoL Announcement for the Cisco ASA 5512-X and ASA 5515-X

Read more

Choose the Right Enterprise Campus and Branch Switch

January 23 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

Do you need to...

Manage switches in the cloud?

Simplify and scale virtual networking?

Use your network to strengthen security?

Gain pervasive visibility into your infrastructure?

Digitize your Audio Video network?

Get a platform for extreme industrial environments?

Build carrier-class cloud services?

Check the Cisco Switch Family to find the right one for your needs.

Lead SwitchIt is the best-in-class switch that has high-end differentiated set of features in a given category. This switch has the most differentiation compared to competitors in that category.

Base SwitchIt is the entry level switch in the given category. Also called the foundation switch, it has a lower price and limited feature set, but still better than competitors.

Cisco Catalyst Switch Portfolio

Functionality Based: Campus Access Switches

Functionality

Switch

Wired & Wireless (Modular)

Lead: Catalyst 4500E with Supervisor Engine 8-E

Wired & Wireless (Stackable)

Lead: Catalyst 3850 (Up to 50 APs, 2000 Clients)

Base: Catalyst 3650 (Up to 25 APs, 1000 Clients)

Gigabit Ethernet (Modular)

Lead: Catalyst 4500E with Supervisor Engine 8-E

Base: Catalyst 4500E with Supervisor Engine 7L-E

Gigabit Ethernet (Stackable)

Lead: Catalyst 3850

Base: Catalyst 3650, Catalyst 2960-X/XR

Gigabit Ethernet (Instant Access)

Lead: Catalyst 6800ia

Gigabit Ethernet (Cloud Managed)

Lead: Meraki MS Series

Fast Ethernet (Stackable)

Lead: Catalyst 2960-SF

Fast Ethernet (Standalone)

Lead: Catalyst 2960-SF

Base: Catalyst 2960-Plus

8/12 port Gigabit Ethernet (Standalone)

Lead: Catalyst 3560-C

8/12 port Fast Ethernet (Standalone)

Lead: Catalyst 2960-C

 

Functionality Based: Branch Access Switches

Functionality

Positioning

Wired & Wireless (Modular)

Lead: Catalyst 4500E with Supervisor Engine 8-E

Wired & Wireless (Stackable) (Converged Access is the Recommended Deployment Mode)

Lead: Catalyst 3850 (Up to 50 APs, 2000 Clients) Base: Catalyst 3650 (Up to 25 APs, 1000 Clients)

Gigabit Ethernet (Modular)

Lead: Catalyst 4500E with Supervisor Engine 8-E Base: Catalyst 4500E with Supervisor Engine 7L-E

Gigabit Ethernet (Stackable)

Lead: Catalyst 3850

Base: Catalyst 3650, Catalyst 2960-X/XR

Gigabit Ethernet (Cloud Managed)

Lead: Meraki MS Series

Fast Ethernet (Stackable)

Lead: Catalyst 2960-SF

Fast Ethernet (Standalone)

Lead: Catalyst 2960-SF

Base: Catalyst 2960-Plus

8 port Gigabit Ethernet (Standalone)

Lead: Catalyst 3560-C

8/12 port Fast Ethernet (Standalone)

Lead: Catalyst 2960-C

 

Functionality Based: Campus Backbone Switches

Functionality

Positioning

1/10/40/100 Gigabit Ethernet (Modular)

Lead: Catalyst 6807-XL

Base: Catalyst 6500-E with Supervisor Engine 2T

1/10/40 Gigabit Ethernet (Standalone)

Lead: Catalyst 6880-X (semi-modular) Base: Catalyst 4500-X

1/10 Gigabit Ethernet (Modular)

Lead: Catalyst 6500-E with Supervisor Engine 2T

Base: Catalyst 4500E with Supervisor Engine 8-E

1 Gigabit Ethernet (Standalone)

Lead: Catalyst 4500-X

Base: Catalyst 3850 Fiber

 

Campus Access Switches Upgrade Path

From Existing Switch

To New Switch

Catalyst 2900XL, 2948-G, Any 2950, 2970, Any non-X 2960

Lead: Catalyst 3650

Base: Catalyst 2960-X/XR

Catalyst 3500XL, Any 3550, Any 3560, Any 3750

Lead: Catalyst 3850

Base: Catalyst 3650

Catalyst 4500 non-E Any Catalyst 4500 without Supervisor Engine 8-E or 7L-E

Lead: Catalyst 4500E with Supervisor Engine 8-E Base: Catalyst 4500E with Supervisor Engine 7L-E

Any Catalyst 6500 non-E or E in Access

Lead: Catalyst 4500E with Supervisor Engine 8-E Base: Catalyst 4500E with Supervisor Engine 7L-E, Catalyst Instant Access

 

Campus Backbone Switches Upgrade Path

 

THE COMPLETE FAMILY

Campus and Branch Access Switches

Enterprise Campus Switch Family

Positioning

Catalyst 2960-CX & 3560-CX

Lead: Gigabit Ethernet (GbE) and Multigigabit Ethernet (mGig) managed switches are ideal for high-speed data connectivity, Wi-Fi backhaul, and Power over Ethernet (PoE+) connectivity in places where space is at a premium.

Catalyst 2960-Plus

Base: standalone access switch for Fast Ethernet

Catalyst 2960-SF

Lead: standalone/stackable access switch for Fast Ethernet with PoE+ (Compared to 2960-Plus, Offers Stacking, PoE+)

Meraki MS Series

Cloud managed virtually stackable access switch for Gigabit Ethernet with PoE+

Catalyst 2960-X/XR

Base: stackable access switch for Gigabit Ethernet with PoE+

Catalyst 3650

Base: stackable access switch for wired-wireless convergence and Fast / Gigabit Ethernet with PoE+

Catalyst 3850

Lead: stackable access switch for wired-wireless convergence with UPOE/PoE+ (Compared to 3650, Offers 3x stacking bandwidth - 480G and 2x AP’s - 50, Modular uplinks and StackPower)

Lead: stackable access switch for Gigabit Ethernet with PoE+ (Compared to 2960-X, Offers Medianet, Enhanced Security, Application Visibility & Control, Resiliency, 6x stacking bandwidth (480G)0

Catalyst 4500E with Supervisor Engine 7L-E

Base: modular access switch for Fast/Gigabit Ethernet with UPOE/PoE+

Catalyst 4500E with Supervisor Engine 8E

Lead: modular access switch for wired-wireless convergence and Fast/Gigabit Ethernet with UPOE/PoE+ (Compared to Sup 7L-E, Offers Built-in wireless controller, 1.7x switching capacity (928G), 2x uplinks (8x10G))

Base: modular backbone switch for 1/10G

 

Campus Backbone Switches

Enterprise Campus Switch Family

Positioning

Catalyst 6800ia

Lead: stackable access switch for Catalyst 6800/6500 with Catalyst Instant Access (Simplification of access with centralized configuration, management and operations using Catalyst 6K backbone switch)

Catalyst 3750-X Fiber

Base: stackable backbone switch for 1G

Catalyst 4500-X

Lead: standalone backbone switch for 1G (Compared to 3750-X Fiber, Offers VSS, 2x ports (40x1G), 2x uplinks (8))

Base: standalone backbone switch for 1/10/40G (up to 40x10G ports)

Catalyst 6500-E with Supervisor Engine 2T

Lead: modular backbone switch for 1/10G (MPLS, EVN, Service Modules)

Base: modular backbone switch for 1/10/40/100G

Catalyst 6807-XL

Lead: modular backbone switch for 1/10/40/100G (up to 880G/slot, 11.4 Tbps switching, All 6500 features, service modules)

Catalyst 6880-X

Lead: standalone backbone switch for 1/10/40G (with up to 80x10G or 20x40G ports)

Reference from http://www.cisco.com/c/dam/global/es_mx/partners/sell/switchit/pdfs/47492_switching_poster_april_3.pdf

More Related…

How to Choose a Fibre Switch?

How Much You Know about the Cisco Catalyst Switches?

Cisco Switches, Stack Please!

Read more

Deploying Cisco ASA FirePOWER Services in the Data Center

January 3 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Networking, #Cisco & Cisco Network, #Cisco Technology - IT News

The Data Center is a one of popular words in network communication. And it can be definited as a very complex world.

The Data Center not only provides a rich set of services and architectures but also hosts the crown jewels of an organization. It is extremely important to maintain visibility of everything that is happening in the data center.

The concept of “north-to-south” and “east-to-west” is often used in describing the types of communication (or flow) within and to the outside of the data center:

  • North-to-south describes communication between end users and external entities.
  • East-to-west describes communication between entities in the data center.

The following Figure illustrates the concepts of north-to-south and east-to-west communication.

 

The data center has many different high-throughput and low-latency requirements, in addition to increased high-availability requirements. In addition, automated provisioning and control with orchestration, monitoring, and management tools are crucial.

The data center architecture consists of three primary modular layers with hierarchical interdependencies:

  • Data center foundation: This is the primary building block of the data center, on which all other services rely. Regardless of the size of the data center, the foundation must be resilient, scalable, and flexible to support data center services that add value, performance, and reliability. The data center foundation provides the computing necessary to support the applications that process information and the seamless transport between servers, storage, and the end users who access the applications.
  • Data center services: These services include infrastructure components to enhance the security of the applications and access to critical data. They also include virtual switching services to extend the network control in a seamless manner from the foundation network into the hypervisor systems on servers to increase control and reduce operational costs (as well as other application resilience services).
  • User services: These services include email, order processing, and file sharing or any other applications in the data center that rely on the data center foundation and services, like database applications, modeling, and transaction processing.

The Figure below illustrates some of the components of the data center services architecture.

 

Examples of the data center service insertion components include the following:

  • Firewalls (In the example illustrated in the Figure above, Cisco ASAs with FirePOWER modules are deployed.)
  • Intrusion prevention systems (IPS)
  • Application delivery features
  • Server load balancing
  • Network analysis tools (such as NetFlow)
  • Virtualized services deployed in a distributed manner along with virtual machines
  • Traffic direction with vPath and Nexus 1000v
  • Application Centric Infrastructure (ACI) automated framework components for service insertion

In the case of virtualized environments, the Cisco ASAv (virtual machine) can be deployed to protect VM-to-VM communication. The Cisco ASA FirePOWER module in these environments is not supported, as the Cisco ASAv is just a virtual machine. Cisco FirePOWER virtual machines running network AMP can be deployed in those scenarios.

NOTE: The Cisco ASAv supports both traditional tiered data center deployments and the fabric-based deployments of Cisco ACI environments. The Cisco ASAv can also be deployed in cloud environments like Amazon Web Services (AWS).

The Cisco ASA with FirePOWER modules can be deployed in geographically dispersed cluster environments.

The following Figure shows an example in which four Cisco ASAs with FirePOWER modules are deployed in two separate sites (site A and site B).

 

In the example illustrated in the Figure above, the cluster of four Cisco ASAs is fully extended between the two data centers, using the cluster control links (CCL) operating at Layer 2 with a latency of less than 10 milliseconds. A single spanned EtherChannel for transient data is used on the cluster side. The local data links are also configured with EtherChannels at the switch pairs on each site.

TIP: The data VLANs between the switches are not extended to prevent network loops.

The Article from http://www.ciscopress.com/articles/article.asp?p=2730336&seqNum=12

More Related…

NGFW-Cisco ASA with FirePOWER Services

ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, Cisco ASA with FirePOWER Services, What’s New Here?

How to Start Cisco Firepower 9300 ASA Security Module?

Find Your Cisco’s Next-Generation Firewalls

Read more
1 2 3 4 5 6 7 8 9 10 > >>