Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco switches - cisco firewall tag

Introducing the Cisco Catalyst 2960-CX 8 Port Gigabit Switch

June 24 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco Catalyst 2960-CX Series Switches

Cisco Catalyst 2960-CX Series Switches

Cisco Catalyst 2960-X Compact Switch Models and Default Software

Cisco Catalyst 2960-X Compact Switch Models and Default Software

Who are the COOL 2960-CX 8 Port Gigabit Switches? They are:

  • Layer 2 compact switches with 8 ports optimized for 1 Gb services
  • Up to 124 Watts of Power over Ethernet Plus (PoE+) power budget per switch
  • Fan-less compact design for quiet and efficient operation; flexible mounting options

Yes! The Catalyst 2960-CX Series Switches are fan-less, small form-factor, Gigabit Ethernet switches and are ideal for high-speed data connectivity, Wi-Fi backhaul, and Power over Ethernet (PoE) connectivity in places where space is at a premium.

Freedom to Connect Devices Anywhere

When you have a tight space, bigger is not always better. So start compact with the 2960-CX 8 port gigabit switch. And expand your network as your company grows. Gain the enterprise features of a larger Cisco switch without using a lot of physical space. Our Catalyst switches bring wired and wireless together through unified access, so you gain scale, security, and mobility.

Features and Capabilities

Created for organizations where space is tight, the compact 2960-CX switch is a powerful 8 port gigabit switch. Because it’s small, you can place it outside the wiring closet. It has a quiet, fan-less design so it’s silent. And it has flexible mounting options.

With a setup that allows for shorter cable runs from the switch, new devices can easily join the network. Shorter cables reduce the need for expensive and inflexible cabling.

Whether in a hospital, retail store, office, classroom, or branch location, this 8 port gigabit switch supports IP connections for devices with PoE+. You don’t need to install new electrical circuits to power your access points and other devices, such as:

  • IP phones
  • Wireless access points
  • Surveillance cameras
  • PCs
  • Video endpoints

Specifications at a Glance

  • 8 Gigabit Ethernet ports with line-rate forwarding performance
  • 2 x 1 Gigabit Ethernet copper and small form-factor pluggable (SFP) uplinks
  • PoE+ support with up to 124W of PoE budget
  • Advanced Layer 2 (LAN Base) support

More Related…

New Cisco Catalyst 3560-CX and 2960-CX Series Switches Review

Cisco Catalyst 3560-CX & 2960-CX Model Comparison

NEW Horizontal Stacking Supported on Cisco 3560-CX

Update but Not Featured: What’s New on Cisco Catalyst 2960-C & 3560-C Series Compact Switches?

Cisco Catalyst 3560-CX (the right) and 2960-CX (the Left) Compact Switch

Cisco Catalyst 3560-CX (the right) and 2960-CX (the Left) Compact Switch

Cisco Catalyst 3560-CX and 2960-CX Series

Cisco Catalyst 3560-CX and 2960-CX Series

Read more

Switch Architecture of Cisco Catalyst 2960-X/XR Series FAQ

May 17 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

Cisco Catalyst 2960-X/XR switches, the greenest Cisco Catalyst access switches

Cisco Catalyst 2960-X/XR switches, the greenest Cisco Catalyst access switches

Why Select Cisco Catalyst 2960-X? What Benefits will you get from migrating to Cisco Catalyst 2960-X/XR series? We talked about the Cisco Catalyst 2960-X a lot before, such as the added features of Catalyst 2960-X Series, stacking of the Cisco Catalyst 2960-X and 2960-XR, Comparison of Cisco Catalyst 2960 Switches, etc. As the greenest Cisco Catalyst access switches, Cisco Catalyst 2960-X/XR switches are the best replacement for the 2960-S series.

The Cisco Catalyst 2960-X models provide Layer 2 switching and have one fixed power supply with an external redundant power supply. They provide 24 or 48 Gigabit Ethernet wire rate ports, PoE/PoE+ support, and four 1G Small Form-Factor Pluggable (SFP) or two 10G SFP+ uplinks.

With FlexStack-Plus technology, the Cisco Catalyst 2960-X switches can be stacked up to 8 members with up to 80 Gbps stacking capacity for high scalability.

In this article we will continue to talk about the architecture, Energy Efficiency of the Cisco Catalyst 2960-X and 2960-XR Series Switches.

Energy Efficiency

Catalyst 2960-X Series introduced new innovative energy saving modes for the switch.

● The Switch Hibernation Mode puts the switch to sleep when the switch is not in use. This feature enables the switch to save up to 90% of power during non-business hours.

● Downlink Hibernation Mode powers down the PHY and the optics of the downlink port when not in use.

● Energy Efficient Ethernet (EEE) enables dynamic power savings on all switch ports; saves about 15W for a 48port-switch and 8W for a 24 port-switch.

● EnergyWise Puts IP End Points in Energy Saver mode, saving 60%+ power with non-active IP devices.

The collective power savings with different energy efficient technologies will reduce the power consumption by up to 80%.

Downlink Hibernation Mode (DHM) feature enables all 2960-X switches to save power on the downlink ports. The switch supports static downlink port power-down where only the PHY and Optics are powered down when not in use.

When the switch is not in use, switch hibernation mode can be scheduled to save power. When the switch is in hibernation mode, it powers off application-specific integrated circuits (ASICs), and connected PoE devices. Power to most of the components is off. The DRAM is in refresh mode, keeping data intact. The switch hibernation mode is integrated with EnergyWise.

Q. Is a Cisco Catalyst 2960-X Series Switch usable while in hibernation mode?

A. No. All hardware components on the data path are switched off on Cisco Catalyst 2960-X Series Switches during hibernation mode.

The Cisco Catalyst 2960-X Series provides the following wake-up triggers from switch hibernation mode:

● Wake on scheduled real-time clock alarm/trigger

● Wake on mode button trigger

Q. Can Cisco Catalyst 2960-X Series Switches be scheduled to switch hibernation mode using the Cisco EnergyWise management tool?

A. Yes, the switch hibernation mode is integrated with Cisco EnergyWise. Cisco Catalyst 2960-X Series Switches can be put to switch hibernation mode using a Cisco EnergyWise management tool like any other IP devices.

Q. Is it possible to wakeup a Cisco Catalyst 2960-X Series Switch in switch hibernation mode before the scheduled wake-up time?

A. Yes, the mode button trigger will get the Cisco Catalyst 2960-X Series Switch out of switch hibernation mode.

Q. Can we schedule switch hibernation mode for some members only in a stack of Cisco Catalyst 2960-X Series Switches?

A. No. The whole stack of Cisco Catalyst 2960-X Series Switches can only be scheduled to switch hibernation mode.

Q. How long does it take for a Cisco Catalyst 2960-X Series Switch to be operational when it wakes up from switch hibernation mode?

A. A Cisco Catalyst 2960-X Series Switch coming out of switch hibernation mode is similar to a switch booting from reload. If the switches are stacked, master reelection is triggered after wake-up.

Q. Is Energy-Efficient Ethernet (EEE) 802.3az supported on the Cisco Catalyst 2960-X Series?

A. Yes, Energy-Efficient Ethernet (EEE) is supported on all downlink ports of the Cisco Catalyst 2960-X Series.

Q. Do we need to enable EEE on the Cisco Catalyst 2960-X Series?

A. EEE is enabled by default on all the downlink ports of the Cisco Catalyst 2960-X Series. If needed, EEE can be disabled.

Q. How is power saved with EEE on the Cisco Catalyst 2960-X Series?

A. Cisco Catalyst 2960-X downlink ports switch to low-power idle (LPI) mode during gaps in the data stream, saving power.

Q. Do both sides of the Ethernet interface have to support EEE for it to work?

A. Yes. Both endpoints of the Ethernet link must support EEE to get the power-saving advantages.

Q. How do I check if EEE is working?

A. The show eee status interface Gigabit Ethernet xxx” command can be used to check if EEE is agreed between both the endpoints.

The Cisco Catalyst 2960-X Series provides two types of console ports and one out-of-band Ethernet port:

● USB Type B console port

● Standard RJ-45 serial port

● 10/100 Ethernet management port

Q. Can both USB Type B console and RJ-45 console ports be used simultaneously?

A. No. Only one can be used for input, but both can receive output. When the USB console is connected, “it is used for input (by default)”. This design allows the administrator to see when the USB console port is in use. This capability is useful for remote administrators.

Q. Does the switch support auto-baud on the console port?

A. No. This was a tradeoff between console speed sensing and the ability to use the USB console.

Switch Architecture

Q. What management ports are available?

A. The Cisco Catalyst 2960-X Series provides two types of console ports and one out-of-band Ethernet port:

● USB Type B console port

● Standard RJ-45 serial port

● 10/100 Ethernet management port

Q. Can both USB Type B console and RJ-45 console ports be used simultaneously?

A. No. Only one can be used for input, but both can receive output. When the USB console is connected, “it is used for input (by default)”. This design allows the administrator to see when the USB console port is in use. This capability is useful for remote administrators.

Q. Does the switch support auto-baud on the console port?

A. No. This was a tradeoff between console speed sensing and the ability to use the USB console.

Q. Which management port has priority?

A. The RJ-45 console port is always the default management port, but when a PC is connected to the USB console port, the USB console takes over. The RJ-45 port continues to receive the output (a copy) of everything that gets displayed on the USB console port. This capability allows remote administrators to continue monitoring or logging the output showing what is happening at the switch location, sending it to a storage device.

Q. When a PC is left unattended on the USB console port, would remote administrators get locked out from the RJ-45 management port?

A. The USB console port has a default activity timer that can also be programmed by the user. This activity timer will expire and return control to the RJ-45 management port to avoid locking the remote administrator out.

Q. What can I do with the USB Type A port of the Cisco Catalyst 2960-X Series?

A. It is used to connect to an external USB memory drive for additional storage. This USB port can be used to perform software upgrades, store configurations, and even write memory core dumps for troubleshooting purposes. All Cisco USB memory drives can be used. Currently up to 8-GB USB drives are supported.

Q. Can a third-party USB Flash drive be used with the Cisco Catalyst 2960-X Series?

A. Yes, a third-party USB Flash drive can be used with the Cisco Catalyst 2960-X Series. They will work, but are not officially supported.

Q. What is the performance of the Cisco Catalyst 2960-X Series Switches?

A. The Cisco Catalyst 2960-X Series have a nonblocking switching architecture capable of forwarding traffic for all 48 1 Gigabit ports plus 2 10 Gigabit ports at line rate. See the datasheet for the MPPS information for each model.

Q. Do the Cisco Catalyst 2960-X Series Switches consume less power than the Cisco Catalyst 2960-S Series Switches?

A. The Cisco Catalyst 2960-X Series are based on the same building blocks as the 2960-S-Series Switches for most components. However, these switches have a new thermal design, new highly efficient power supplies, and new efficient fans, which use less power.

Q. Do the Cisco Catalyst 2960-X Series Switches support front-to-back airflow?

A. The airflow on the Cisco Catalyst 2960-X Series is “front and sides” to back airflow.

Q. Is the airflow reversible in the Cisco Catalyst 2960-X Series Switches?

A. No. The airflow is not reversible.

Q. Do Cisco Catalyst 2960-X Series Switches support field-replaceable power supplies?

A. Cisco Catalyst 2960-XR switch models have field replaceable power supplies, whereas the 2960-X switch models have fixed power supplies.

Q. Are Cisco Catalyst 2960-XR field-replaceable power supplies hot swappable?

A. Yes. Cisco Catalyst 2960-XR power supplies are hot swappable.

Q. Can a non-PoE Cisco Catalyst 2960-X Series Switch support PoE by replacing its power supply with a PoE-capable power supply?

A. No. A non-PoE Cisco Catalyst 2960-X Series Switch will not support PoE by using a PoE-capable power supply.

Q. Can we increase the PoE budget of Cisco Catalyst 2960-X Series Switch by replacing its power supply with a high-capacity power supply?

A. The available PoE budget is fixed for a given model of Cisco Catalyst 2960-X Series Switch. Replacing the switch power supply will not increase the PoE budget.

…More questions to help you know Cisco 2960-X and 2960-XR series well you can read more information here: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/qa_c67-728348.html

More Related Cisco 2960-X/XR Topics

Why SELECT Cisco 2960-X Series?

Cisco Catalyst 2960-X vs. 2960-XR Series Switches

How to Install or Replace an AC Power Supply in a Cisco 2960-X Switch?

Cisco Catalyst 2960-X/XR vs. Catalyst 3650 vs. Cisco 3850 Series

WS-C2960X-48TD-L & WS-C2960XR-48TD-I Tested, from Miercom

Catalyst 2960-XR Family Power Supply & Configuration

Catalyst 2960-XR Family Power Supply & Configuration

Read more

Discussion: Management of ASA with Firepower Services

March 3 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

Cisco ASA with FirePOWER Services-Key Security Features

Cisco ASA with FirePOWER Services-Key Security Features

Discussion: Management of ASA with Firepower Services

We talked Cisco ASA with Firepower Services a lot before. With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions.

The Cisco Firepower Next-Generation Firewall is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It includes Application Visibility and Control (AVC), optional Firepower next-gen IPS (NGIPS), Cisco Advanced Malware Protection (AMP), and URL Filtering. Cisco Firepower NGFW provides advanced threat protection before, during, and after attacks.

Cisco ASA with FirePOWER Services, Stop more threats with a threat-focused NGFW

Beat sophisticated cyber attacks with superior security. We offer the industry’s first threat-focused next-generation firewall (NGFW). You get the confidence of the most-deployed stateful firewall combined with application control, next-generation intrusion prevention system (NGIPS), and advanced malware protection (AMP).

Discussion: Management of ASA with Firepower Services

There are a few questions about the Management of ASA with Firepower Services. Let’s look at the discussion from Cisco Communities

1. An ASA with Firepower Services requires a Firesight management device (physical or virtual) - Correct?

Yes, that’s correct.

2. Is there a High Availability option for a physical Firesight management?

Read about this in the bottom of Table 2 on this page:

http://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-732251.html

3. Does the Firesight management also manage the ASA's firewall rules?

--Not yet. Cisco is developing Firepower Threat Defence that does excately that.

4. I ask because I believe there was mention that a rule could have a specific IPS policy assigned to it. This is correct in the terms on Firepower Access Control Rules. Not ASA firewall rules.

5. If this is true I would believe that the use of CLI or ASDM on the ASA would no longer be usable - Correct?

The new Threat Defence system will be managed from Firepower Management Center. Not CLI nor ASDM.

6. When changes are made on the Firesight management station are they applied immediately to the ASA, like managing via CLI or is there another step to applying he changes?

No. You will have to deploy the new policy to the Firepower sensor first.

7. When change are applied what if anything happens to existing connections?

- I actually am not sure about this. I have never seen any connections being dropped when applying policy. Cisco has made a note about this in their manual: Firepower Management Center Configuration Guide, Version 6.0 - Policy Management [Cisco FireSIGHT Management Center] -…

  • When you enable Inspect traffic during policy apply:
    • Certain configurations can require the Snort process to restart.
    • When the configurations you deploy do not require a Snort restart, the system initially uses the currently deployed access control policy to inspect traffic, and switches during deployment to the access control policy you are deploying.
  • When you disable Inspect traffic during policy apply, the Snort process always restarts when you deploy.
  • How a Snort restart affects traffic depends on the interface configuration and the platform.

Original Discussion from https://communities.cisco.com/thread/59509

More Related…

What are the Considerations While Buying a Cisco Next-Generation Firewall?

NGFW-Cisco ASA with FirePOWER Services

Cisco ASA 5500-X Series’ New Features & Main Model Comparison

How to Enable the Wireless Access Point (ASA 5506W-X)?

How to Deploy the ASA 5508-X or ASA 5516-X in Your Network?

Cisco ASA 5506-X with Version 9.4.1–Policy Based Routing

ASA 5508-X and ASA 5516-X Overview

ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, Cisco ASA with FirePOWER Services, What’s New Here?

Read more

New Catalyst Performance of Cisco Switch Engines

February 22 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco Modules & Cards

Cisco Catalyst 4500E Supervisor Engine 8L-E

Cisco Catalyst 4500E Supervisor Engine 8L-E

To Read the Cisco Catalyst 4500E Supervisor Engine 8L-E

To Read the Cisco Catalyst 4500E Supervisor Engine 8L-E

Cisco introduced two supervisor engines last week--the 6T and 8L-E. The former is for the Catalyst 6700, 6800 and 6900 series, while Cisco has aimed the latter at the Catalyst 4500E.

Both switch engines are scheduled to ship in April.

Read more about the Updated: Cisco Catalyst 4500 Supervisor Engine 8-E and 8L-E & Introducing Cisco Catalyst 6800 Series Supervisor Engine 6T

In general, the Catalyst switches are designed for the campus backbone, the wiring closet, or a small office or retail network. Switch engines, which are the brains of the Catalyst, extend the usefulness of the hardware as application-driven network traffic rises.

The 6T raises speeds to 400 Gbps per slot on the Catalyst 6807-XL chassis. As a result, the supervisor engine can increase switch capacity to 6 Tbps and scale to 12 Tbps when in the Virtual Switching System configuration. The Supervisor Engine 6T is compatible with 10 Gb, 40 Gb and 100 Gb line cards, and has 8 x 10 GbE and 2 x 40 GbE uplinks to support high-performance applications.

The 8L-E has up to 560 Gbps of wired switching capacity and can handle independent packets simultaneously at a rate of 48 Gbps. The extension has four 10 GbE uplinks.

Cisco upgrades wireless, UCS platforms

With the latest switch engines, Cisco introduced the Catalyst 3650-Mini for companies with space-constrained locations. The hardware mirrors the 3650 family of switches in a 1RU form factor. It's available with 24 or 48 fixed PoE+ GbE ports.

For wireless networks, Cisco introduced 802.11ac Wave 2 access points under the Aironet and cloud-managed Meraki brands. The company also introduced stackable Meraki MS Switches that feature 16 or 32 1 Gbps ports, and hot-swappable power supplies and fans.

The Catalyst and wireless network upgrades reflect Cisco's two-prong product strategy of strengthening its on-premises and cloud-managed technology, which also includes security, said Rohit Mehra, an analyst at IDC. By focusing on both, Cisco is bolstering its core platforms for switching and routing, while also addressing the needs of the "midmarket, distributed enterprise that is developing a greater affinity for leveraging cloud for IT infrastructure."

For the data center, Cisco introduced the 6300 Series Fabric Interconnect for the company's Unified Computing System (UCS), which combines compute, storage and networking into a single platform. Cisco's fabric interconnects provide the management and communication backbone of the UCS B-Series Blade Servers, 5100 Series Blade Server Chassis and the C-Series Rack Servers.

The 6300 Series features two 1RU 40 GbE switches and a 40 GbE Fabric Extender. The products leverage the Virtual Interface Card 1300 series, which is designed to support up to 40 GbE networks. The card supports network overlay technologies, such as VXLAN.

The Article from http://searchnetworking.techtarget.com/news/4500272897/Cisco-switch-engines-boost-Catalyst-performance

More Related…

Cisco Catalyst 4500E Supervisor Engine 8L-E in Detail

Updated: Cisco Catalyst 4500 Supervisor Engine 8-E and 8L-E

Introducing Cisco Catalyst 6800 Series Supervisor Engine 6T

Cisco 4500E Supervisor 8E vs. Supervisor 7E vs. Supervisor 7LE

Read more

The Different Types of Ethernet Switches

February 1 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

More about the Types of Cisco Switches:

More about the Types of Cisco Switches:

There are two main categories of Ethernet Switches: Modular and Fixed Configuration.

What are the Exact Modular and Fixed Configuration switches?

Modular switches, as the name implies, allows you to add expansion modules into the switches as needed, thereby delivering the best flexibility to address changing networks. Examples of expansion modules are application-specific (such as Firewall, Wireless, or Network Analysis), modules for additional interfaces, power supplies, or cooling fans.

Good examples of Modular switches: Cisco Catalyst 4K and Catalyst 6K.

Fixed Configuration switches are switches with a fixed number of ports and are typically not expandable.

Good Examples of Fixed Configuration Switches: Cisco Catalyst 2K, Catalyst 3K and the Cisco 300/500 series.

The Fixed configuration switch category is further broken down into:

– Unmanaged Switches

– Smart Switches

– Managed L2 and L3 Switches

Unmanaged Switches:

This category of switch is the most cost effective for deployment scenarios that require only basic layer 2 switching and connectivity. As such, they fit best when you need a few extra ports on your desk, in a lab, in a conference room, or even at home.

With some Unmanaged switches in the market, you can even get capabilities such as cable diagnostics, prioritization of traffic using default QoS settings, Energy savings capabilities using EEE (Energy Efficient Ethernet) and even PoE (Power Over Ethernet). However, as the name implies, these switches generally cannot be modified/managed. You simply plug them in and they require no configuration at all.

Cisco 100 Series switches are good examples of this category.

Smart Switches (also known as Lightly Managed Switches):

This category of switches is the most blurred and fastest changing. The general rule here is that these switches offer certain levels of Management, QoS, Security, etc. but is “lighter” in capabilities and less scalable than the Managed switches. It therefore makes them a cost-effective alternative to Managed switches. As such, Smart switches fit best at the edge of a large network (with Managed Switches being used in the core), as the infrastructure for smaller deployments, or for low complexity networks in general.

The capabilities available for this Smart switch category vary widely. All of these devices have an interface for Management – historically a browser-based interface used to be the only way to configure these devices, though nowadays you can manage some of these devices with CLI and/or SNMP/RMON as well. Regardless, these capabilities are lighter than what you will find in their Managed switch counterparts. Smart switches tend to have a management interface that is more simplified than what Managed Switches offer.

Smart switches allow you to segment the network into workgroups by creating VLANs, though with a lower number of VLANs and nodes (MAC addresses) than you’d get with a Managed switch.

They also offer some levels of security, such as 802.1x endpoint authentication, and in some cases with limited numbers of ACLs (access control lists), though the levels of control and granularity would not be the same as a Managed switch.

In addition, Smart switches support basic quality-of-service (QoS) that facilitates prioritization of users and applications based on 802.1q/TOS/DSCP, thereby making it quite a versatile solution.

Cisco 200 Series switches are good examples of this category.

Fully Managed L2 and L3 switches:

Managed Switches are designed to deliver the most comprehensive set of features to provide the best application experience, the highest levels of security, the most precise control and management of the network, and offer the greatest scalability in the Fixed Configuration category of Switches. As a result, they are usually deployed as aggregation/access switches in very large networks or as core switches in relatively smaller networks. Managed switches should support both L2 switching and L3 IP routing though you’ll find some with only L2 switching support.

From a Security perspective, Managed switches provide protection of the data plane (User traffic being forwarded), control plane (traffic being communicated between networking devices to ensure user traffic goes to the right destination), and management plane (traffic used to manage the network or device itself). Managed switches also offer network storm control, denial-of-service protection, and much more.

The Access Control List capabilities allows for flexibly dropping, rate limiting, mirroring, or logging of traffic by L2 address, L3 address, TCP/UDP port numbers, Ethernet type, ICMP or TCP flags, etc.

Managed switches are rich in features that enable them to protect themselves and the network from deliberate or unintended Denial of Service attacks. It includes Dynamic ARP Inspection, IPv4 DHCP snooping, IPv6 First Hop Security with RA Guard, ND Inspection, Neighbor Binding Integrity, and much more.

Additional Security capabilities may include Private VLANs for securing communities of users or device isolation, Secure Management (downloads through SCP, Web-based Authentication, Radius/TACACS AAA, etc), Control Plane Policing (CoPP) for protecting the CPU of the switch, richer support for 802.1x (time-based, Dynamic VLAN Assignment, port/host-based, etc)

From a Scalability perspective, these devices have large table sizes so that you can create large numbers of VLANs (for workgroups), devices (MAC table size), IP routes, and ACL policies for flow-based security/QoS purposes, etc.

For highest network availability and uptime, Managed switches support L3 redundancy using VRRP (Virtual Router Redundancy Protocol), large numbers of Link Aggregation groups (which is used both for scalability and resiliency), and capabilities for protecting L2 such as Spanning Tree Root Guard and BPDU Guard.

When we talk about QoS and Multicast features, the richness of capabilities goes far beyond what you’d see in a Smart Switch. Here you’d see things such as IGMP and MLD Snooping with Querier functions for optimizing IPv4/v6 multicast traffic in the LAN, TCP Congestion Avoidance, 4 or 8 queues to treat traffic differently by importance, setting/tagging traffic by L2 (802.1p) or L3 (DSCP/TOS), and rate limiting traffic.

In terms of Management, things such as multiple ways to configure (using CLI, Web GUI, SNMP Management application), discovering of neighbor devices in the networks (using CDP, LLDP, Bonjour, etc), and troubleshooting capabilities (such as VLAN and Port Mirroring, Traceroute, Ping, Syslog, Cable Diagnostics, RMON, etc) are all included.

What I highlighted is by no means exhaustive, but gives you a sense of what some of the differences may be between Managed and Smart Switches.

Cisco Catalyst and Cisco 300 Series and 500 Series switches are good examples of this category of products.

Managed Switches can go even further than what I’ve highlighted. For example, there’s even richer support for Dynamic Unicast and Multicast Routing protocols, deeper flow intelligence or macro flow statistics with Netflow/SFlow, non-Stop Forwarding capabilities, MPLS/VRF support, Policy enforcement, and many others.

Now, to take a deeper dive into these switch categories and talk about various options, you can select the switches based on:

– Speed

– Number of ports

– POE versus non-POE

– Stackable versus Standalone

Speed:

You can find Fixed Configuration switches in Fast Ethernet (10/100 Mbps), Gigabit Ethernet (10/100/1000 Mbps), Ten Gigabit (10/100/1000/10000 Mbps) and even some 40/100 Gbps speeds. These switches have a number of uplink ports and a number of downlink ports. Downlinks connect to end users – uplinks connect to other Switches or to the network infrastructure. Currently, Gigabit is the most popular interface speed though Fast Ethernet is still widely used, especially in price-sensitive environments. Ten Gigabit has been growing rapidly, especially in the datacenter and, as the cost comes down, it will continue to expand into more network applications. With 10GBase-T Ten Gigabit copper interfaces being integrated into LOM (LAN on the Motherboard) and 10G-Base-T switches becoming available now (see the Cisco SG500XG-8F8T 16-port 10-Gigabit switch), building a Storage or Server farm with 10 Gigabit interfaces has never been easier or more cost-effective. 40G/100G is still emerging and will be mainstream in a few years.

Number of ports:

Fixed Configuration Switches typically come in 5, 8, 10, 16, 24, 28, 48, and 52-port configurations. These ports may be a combination of SFP/SFP+ slots for fiber connectivity, but more commonly they are copper ports with RJ-45 connectors on the front, allowing for distances up to 100 meters. With Fiber SFP modules, you can go distances up to 40 kilometers

POE versus non-POE:

Power over Ethernet is a capability that facilitates powering a device (such as an IP phone, IP Surveillance Camera, or Wireless Access Point) over the same cable as the data traffic. One of the advantages of PoE is the flexibility it provides in allowing you to easily place endpoints anywhere in the business, even places where it might be difficult to run a power outlet. One example is that you can place a Wireless Access Point inside a wall or ceiling.

Switches deliver power according to a few standards – IEEE 802.3af delivers power up to 15.4 Watts on a switch port whereas IEEE 802.3at (also known as POE+) delivers power up to 30 Watts on a switch port. For most endpoints, 802.3af is sufficient but there are devices, such as Video phones or Access Points with multiple radios, which have higher power needs. It’s important to point out that there are other PoE standards currently being developed that will deliver even high levels of power for future applications. Switches have a power budget set aside for running the switch itself, and also an amount of power dedicated for POE endpoints.

To find the switch that is right for you, all you need to do is choose a switch according to your power needs. When connecting to desktops or other types of devices which do not require POE, the non-POE switches are a more cost-effective option.

Stackable versus Standalone:

As the network grows, you will need more switches to provide network connectivity to the growing number of devices in the network. When using Standalone switches, each switch is managed, troubleshot, and configured as an individual entity.

In contrast, Stackable switches provide a way to simplify and increase the availability of the network. Instead of configuring, managing, and troubleshooting eight 48-port switches individually, you can manage all eight like a single unit using a Stackable Switches. With a true Stackable Switch, those eight switches (total 384 ports) function as a single switch – there is a single SNMP/RMON agent, single Spanning Tree domain, single CLI or Web interface – i.e. single management plane. You can also create link aggregation groups spanning across multiple units in the stack, port mirror traffic from one unit in the stack to another, or setup ACLs/QoS spanning all the units. There are valuable operational advantages to be gained by this approach.

Here’s a word of warning. Be careful about products in the market which are sold as “Stackable” when they merely offer a single user interface, or central management interface, for getting to each individual switch unit. This approach is not stackable, but really “clustering”. You still have to configure every feature such as ACLs, QoS, Port mirroring, etc, individually on each switch. Use the following as a proof point – can I create a link aggregation group with one port in one unit of the stack and another port of that group in another unit of the stack? Can I select a port on one unit in the stack and mirror the traffic to a port on another unit of the stack? When I configure an ACL for Security purposes, can I apply that to any port on any unit in the stack? If the answer is “No” to any of these questions, you’re probably not working with a stackable switch.

There are other advantages of True Stacking as well. You can connect the stack members in a ring such that, if a port or cable fails, the stack will automatically route around that failure, many times at microsecond speeds. You can also add or subtract stack members and have it automatically recognized and added into the stack.

Cisco Catalyst 2K-X and 3K or Cisco 500 Series Switches are examples of Switches in this category.

As you can see there’s a multitude of switch options to choose from. So, have a close look at your current deployment and future needs to determine the right switch for your network.

From http://blogs.cisco.com/smallbusiness/understanding-the-different-types-of-ethernet-switches

More Related Cisco Network Switch Topics

Cisco Catalyst Switches for Campus Networks & Nexus Switches for Data Centers

Cisco Catalyst Switches for the Different Types of Campuses

About Cisco Catalyst Multigigabit Ethernet & Cisco Multigigabit Ethernet Switches

Layer-3 Switching or Layer-2 Switching?

Routers vs. Network Switches

Read more

Configuring the ASA as CA Server

January 18 2016 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall, #Cisco & Cisco Network

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

Do you know how to configure the ASA as CA Server? You know the Cisco ASA can act as a Certificate Authority server an issue certificates to the VPN clients or other network devices.

The Cisco ASA only provides browser-based certificate enrollment.

Before to proceed with the configuration, make sure the time on your ASA is correct (Show clock) or use a NTP server to synchronize the time across your network devices.

We cannot specify the CA server name, because you can only have one instance of Local CA server running at the same time.

Under the Crypto ca server mode, we have multiple options explained as follows:

CA Server configuration commands:

  • CDP-URL: Specifies the certificate revocation list distribution point to be included in the certificates issued by the CA.
  • Database: Specifies a path or location for the local CA database. The default location is flash memory.
  • Enrollment-retrieval: Specifies the time in hours that an enrolled user can retrieve a PKCS12 enrollment file.
  • Issuer-name: Indicates that rule entry is applied to the issuer DN of the IPSec peer certificate.
  • Keysize: Configure the size of keypair to generate for certificate enrollments for the local CA server.
  • Lifetime CA-certificate: Specify the lifetime for the CA certificate.
  • Lifetime certificate: Specify the lifetime for the user certificate.
  • Lifetime CRL: Specify the lifetime for the CRL.
  • OTP expiration: Specify the lifetime for the OTP expiration.
  • Publish-CRL: Make the CRL available for download via HTTP on the specified interface.
  • Renewal-reminder: Specify the time prior the CA certificate expiration, the ASA will notify the users via email.
  • SMTP from address: Specify the email from which the notification will be sent to deliver the OTP password and enrollment invitations.
  • SMTP subject: Customize the email subject.
  • Subject-name-default: Specify an optional SUBJECT-NAME DN.

Basic ASA configuration as CA server

ASDM -> Configuration -> Remote Access VPN -> Certificate Management - Local Certificate Authority

...

Equivalent CLI configuration.

ASA(config)# Crypto ca server

ASA(config-ca-server)# lifetime ca-certificate 100 ASA(config-ca-server)# lifetime certificate 30 ASA(config-ca-server)# smtp from-address admin@cisco.com ASA(config-ca-server)# smtp subject Certificate enrollment ASA(config-ca-server)# keysize 2048 ASA(config-ca-server)# cdp-url http://cisco/+CSCOCA+/asa_ca.crl ASA(config-ca-server)# subject-name-default CN=BoB , O=Cisco, C= US ASA(config-ca-server)# no shutdown

Once the CA server has been enabled , we cannot do any modification to the configuration unless we shutdown the server.

Show and debugs commands:

  • Debug crypto ca server
  • Show crypto ca server
  • Show crypto ca server cert-db

More information http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/config/guide/config/cert_cfg.html

Original Guide From https://supportforums.cisco.com/document/12597006/how-configure-asa-ca-server

More Cisco and Network Guide

ASA Routed vs. Transparent

Cisco ACLs In and Out on Cisco ASA

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Cisco ASA IPS Module Configuration

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel

Read more

IPv6 Feature Support on the Cisco ASA Firewall

November 12 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Technology - IT News, #Cisco Switches - Cisco Firewall

It is well known that Cisco ASA series supports IPv6 and it can be setup very easily and quickly. In the following part it focuses on a basic ASA setup for a native IPv6 network. As you will see, there are very few commands required to have your ASA firewall join an IPv6 ready network.

Here is a quick way to configure up your ASA firewall for IPv6 connectivity.

BASIC CONFIGURATION

Step 1

In this step we assign a link local address to the interface. There are 2 ways to assign a link local address to the interface

Step 1.1.

Configure the interface to generate a link local address from its MAC address.

interface GigabitEthernet 0/0

no shutdown

nameif inside

ipv6 enable

When you enter IPv6 enable, a link local address is automatically generated (this is based on your mac address).

Step 1.2.

Configure a link local address manually.

interface GigabitEthernet 0/0

no shutdown

nameif inside

ipv6 address <ipv6-address> link-local

Using the above command you can assign a link local address to the interface manually.

You can verify the link local address by executing the “show ipv6 interface” command.

Step 2

Next we have to assign the global address to the interface. There are 2 ways of doing this.

Step 2.1.

You can manually assign a global IPv6 address to the interface.

interface GigabitEthernet 0/0

ipv6 address 2001::db8:2:3::1/64

With the IPv6 address command above, you are manually specifying the global IPv6 address for the interface. You can specify more than one IPv6 addresses for the interface using the command.

Step 2.2.

You can configure the interface to obtain the address automatically using stateless address autoconfiguration.

interface GigabitEthernet 0/0

ipv6 address autoconfig

Enabling stateless autoconfiguration on the interface configures IPv6 addresses based on prefixes received in Router Advertisement messages.

NOTE: There was a defect (CSCuq62164) in the ASA software that caused the ASA to not assign an address if it received a RA message with both the M and A flags set. This has been fixed in 9.3(1) release and hence we recommend this version if you intend to use SLAAC for configuring the address on ASA interfaces.

Step 3

Verify IPv6 configuration.

Example:

show ipv6 interface


inside is up, line protocol is up

IPv6 is enabled, link-local address is fe80::e6c7:22ff:fe84:eb2

Global unicast address(es):

2001:db8:2:3::1, subnet is 2001:db8:2:3::/64

Joined group address(es):

ff02::1:ff00:1

ff02::1:ff84:eb2

ff02::2

ff02::1

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 1000 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses.

Step 4 (Optional)

Suppress Router Advertisement messages on an interface.

By default, Router Advertisement messages are automatically sent in response to router solicitation messages. You may want to disable these messages on any interface for which you do not want the security appliance to supply the IPv6 prefix (for example, the outside interface).

Enter the following command to suppress Router Advertisement messages on an interface:

ipv6 nd suppress-ra

Neighbor discovery will continue to be operational even though RA suppression has been configured.

Step 5

Define an IPv6 default route.

ipv6 route outside ::/0 next_hop_ipv6_addr

Using ::/0 is equivalent to “any”. The IPv6 route command is functionally similar to the IPv4 route.

Step 6

Define access-lists.

Using the regular access-list command define the access-lists with IPv6 addresses in them so as to permit the required traffic to flow through the ASA.

Example:

access-list test permit tcp any host 2001:db8::203:a0ff:fed6:162d

access-group test in interface outside

The above is permitting traffic to a specific server 2001:db8::203:a0ff:fed6:162d.

SECURING THE FIREWALL

If you plan to configure autoconfig for the IPv6 global address on the ASA, you should limit the amount of router advertisements (RA) to known routers in your network. This will help prevent the ASA from being auto configured from unknown routers.

access-list outsideACL permit icmp6 host fe80::21e:7bff:fe10:10c any router-advertisement

access-list outsideACL deny icmp6 any any router-advertisement

access-group outsideACL in interface outside

interface GigabitEthernet 0/0

nameif outside

security-level 0

ipv6 address autoconfig

ipv6 enable

The above access-list when applied on the ASA will limit receiving router advertisements (RA) from only the router specified. All other RAs will be denied.

Configuring ASA to help autoconfigure IPv6 addresses on hosts behind the ASA

The hosts in the network behind the ASA might be configured to autoconfigure their IPv6 address. Dynamic address assignment happens in 2 ways on IPv6 networks. It could either be a stateful address assignment or stateless address assignment.

Stateful dynamic address assignment

For stateful address assignment, a DHCPv6 server needs to be configured on the network that can assign address to hosts upon request. ASA currently does not have the ability to host a DHCPv6 server on its interfaces. But the ASA can act as a DHCPv6 relay agent. In order to enable stateful dynamic address assignment to hosts behind the ASA, the DHCPv6 relay agent needs to be configured on the ASA.

To configure the DHCPv6 relay agent the following configuration is needed:

ipv6 dhcprelay server 2001:db8:c18:6:a8bb:ccff:fe03:2701

ipv6 dhcprelay enable inside

The first command specifies the address of a DHCPv6 server to which the DHCP requests are forwarded. The command also accepts an optional interface name that specifies the output interface for the destination. The second command enables DHCP relay on an interface. When DHCP relay is enabled on an interface, all the DHCP requests coming on that interface get forwarded to the configured DHCP server.

Stateless dynamic address assignment

In Stateless Autoconfiguration (SLAAC) the client picks up its own address based on the prefix being advertised by the ASA. The prefix is advertised by means of an IPv6 router advertisement. ASA sends out IPv6 router advertisements by default from any interface on which a global IPv6 address is configured. Additionally, a DHCPv6 relay agent can be configured to point to a DHCPv6 server that can advertise a DNS server address and a domain name only.

IPv6 Prefix delegation

ASA does not support IPv6 prefix delegation yet. If the network behind the ASA requires to be assigned IPv6 addresses based on the prefix delegated by a delegation router, then we need to place an ASA between the provider edge (PE) router and the IPv6 capable customer premise router. The ASA must be in transparent mode. This way the ASA protects the entire IPv6 network, including the infrastructure router, on the customer premises. All ICMP6 traffic must be permitted on the ASA running in transparent mode.

The following must be configured on the ASA:

firewall transparent

interface BVI1

no ip address

ipv6 enable


interface GigabitEthernet0/0

nameif outside

bridge-group 1

security-level 0


interface GigabitEthernet0/1

nameif inside

bridge-group 1

security-level 100


access-list permit_icmp6 extended permit icmp6 any6 any6

access-group permit_icmp6 global

This example uses a link-local IPv6 address on the BVI interface. You can also configure an explicit IPv6 address for in-band management purposes.

The original article was shared from https://supportforums.cisco.com/document/61451/cisco-asa-ipv6-quick-start

More Cisco Firewall & Network Security Topics you can read here...http://blog.router-switch.com/category/reviews/cisco-firewalls-security/

Read more

How to Stack Cisco 3750E and 3750X Switches?

August 7 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The issue: “There are two Cisco 3750 switches: WS-C3750E-48PD-SF and WS-C3750X-48PF-L. Both have universal IOS. So can we make the stacking of these two Cisco switches?”

How to STACK the Cisco 3750E and 3750X one? Firstly, we should know the license the two 3750s have. Well, the switch 3750E has IP Base license and the 3750X has LAN Base license. In fact, the 3750E and the 3750x-LAN base are not compatible to stack.

Cisco 3750x LanBase can only stack with other LanBase. 3750x IPBase can stack with any other 3750 (with the exeption of 3750x lanbase and some older 3750 with 16 Mb of memory)

So we need to have a license upgrade the 3750x from lanbase to ipbase and then they are able to stack with each other.

It is a license thing: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/data_sheet_c78-584733.html "The Cisco Catalyst 3750-X Series Switches with LAN Base feature set can only stack with other Cisco Catalyst 3750-X Series LAN Base switches. A mixed stack of LAN Base switch with IP Base or IP Services features set is not supported."

A Cisco 3750 switch can be stacked with any other model of Cisco 3750 switches but 3750X to

Participate IP services feature set enabled otherwise Basic routing functions, including static routing and the Routing Information Protocol (RIP) will be in use.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00807811ad.shtml

In stacking 3750, 3750G or 3750X IOS should be identical.

https://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/prod_white_paper09186a00801b096a.html

This discussion you can read here…

https://supportforums.cisco.com/discussion/11623571/stacking-switch-3750e-and-3750x

More Related Topics

How to Upgrade the License from IP Base to IP Services on 3750-X Stack?

Cisco Switch Stacking Using a Couple of Cisco Catalyst 3650

Cisco 3750 Stacking Configuration

Read more

An Example to Upgrade IOS on Cisco 4500X Switch

July 22 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Kingston 32Gb USB Flash with Metal Casing-Using a Kingston USB stick to upgrade the IOS on a Cisco 4500X Switch

Kingston 32Gb USB Flash with Metal Casing-Using a Kingston USB stick to upgrade the IOS on a Cisco 4500X Switch

How to upgrade the IOS/Software on a Cisco 4500X switch? A Consultant named Roger Perkin (Who is for a Cisco Gold Partner in the UK) shared his experience of Upgrading IOS on Cisco 4500X Switch. What’s it? Let’s have a look.

Roger Perkin said that it will not be covering how to do a hitless upgrade using ISSU with 2 switches in a VSS pair. This process is performed on two switches which are not in production. So to perform the upgrade he has disconnected the VSS link and will upgrade each switch in turn and will then connect the VSS link again.

First copy your image file into the bootflash: of the switch, this can be done via TFTP or USB.

USB is the much easier solution, for this to work you need a compatible USB stick, I have always used a Kingston brand and have never had any problems.(This is the exact USB stick he used for upgrading IOS on Cisco Switches)

Insert the USB stick into the slot on the front of the Cisco 4500X switch as shown above.

From the CLI issue the command dir usbb0: If you get (No such device) your USB is not supported

4500X-SW-01#dir usb0:

%Error opening usb0:/ (No such device)

If your USB is supported this is the output you will see

4500X-SW-01#dir usb0:

Directory of usb0:/

176 -rwx 173555452 Mar 23 2015 18:59:44 +00:00 cat4500e-universalk9.SPA.03.05.03.E

You now need to copy this image from the USB to the bootflash: using the following command

copy usb0:cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin bootflash:

This will copy the image onto the bootflash of the switch.

You now need to tell the switch to boot this image.

There are 2 options to do this – Option 1 Rename old IOS

By default the config-register of the switches will be set to 0x2101 when the appliance is shipped out.

The last octet of “1” basically tells the appliance to IGNORE the boot variable string and boot the first valid IOS
(from top to bottom) found in the bootflash.

So you can either delete the old image or rename it. I prefer to rename it.

rename bootflash:OLD_IOS_filename.bin bootflash:OLD_IOS_filename.bin

If you now reload the switch it will boot the newer image.

Option 2 – change boot variable and config-register

The second option is to create a new boot variable

In global config enter the command.

boot system flash bootflash:cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin (or your new image name)

Just this will not do anything as with the config register set to 0X2101 it will ignore the boot variable set.

If you change the config-register to 0X2102 the switch will then reference the boot variable.

In global config

config-register 0x2102

Save the config and reload the switch.

You may need to delete any other boot variable settings

Check this with sh ver | inc boot

If there is a second one referencing the old image delete it.

Repeat this operation on the second switch and when both have booted using the new image connect up the VSS link.

Reference from http://www.rogerperkin.co.uk/ccie/switching/4500x/how-to-upgrade-ios-on-cisco-4500x-switch/

More Topics Related to Cisco 4500 Series

What’s New on Cisco Catalyst 4500 VSS?

VSS on Cisco 4500/4500X Switches

Cisco VSS Configuration: Cisco Catalyst 6500 Virtual Switching System

A Sample VSS Configuration for 2x Cisco Cat6500 with Supervisor 720

Cisco 4500 VSS Requirement-Software, Hardware and Licensing

Cisco Catalyst Switches for the Different Types of Campuses

Read more

What’s The New of Cisco Catalyst 4507R+E and 4510R+E Chassis?

July 17 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

WS-C4507R-E and WS-C4510R-E-Redundant Sups

WS-C4507R-E and WS-C4510R-E-Redundant Sups

Two new redundant chassis, the Catalyst 4507R+E and 4510R+E had been introduced to Cisco Catalyst 4500E family. What’s the new of them? WS-C4507R+E, as the name, is a new 7-slot redundant chassis. And WS-C4510R+E, is a 10-slot redundant chassis. WS-C4507R+E continues to support five line card slots and two supervisor slots, like the WS-C4507R-E chassis. Similarly, the WS-C4510R+E chassis continues to support eight line card slots and two supervisor slots, like the WS-C4510R-E chassis.

Compared to the previous WS-C4507R-E and WS-C4510R-E (they are End-of-Sale & End-of-Life), the new WS-C4507R+E and WS-C4510R+E chassis support 48 Gbps bandwidth per line card slot. Also, WS-C4503-E and WS-C4506-E are already capable of supporting 48 Gbps bandwidth per line card slot.

The Cisco Catalyst 4507R+E and 4510R+E chassis offer the following benefits:

Bandwidth capacity: The new chassis are capable of providing up to 848 Gbps switching capacity at 48 Gb per slot. This provides investment protection and the capability to meet future high-bandwidth requirements in the network.

Redundant power supplies: The Cisco Catalyst 4507R+E and 4510R+E chassis have two bays for the power supplies to help maximize system uptime.

Redundant supervisor engines: To facilitate nonstop operations, the new chassis have two dedicated slots for supervisor engines.

AC and DC power options: The new chassis support both AC and DC power supply options. For AC power, 1300 watts (W), 1400W, 2800W, 4200W, and 6000W power supplies are available. For DC power, 1400W DC power supplies are available.

Standards compliance: The Cisco Catalyst 407R+E and 4510R+E comply with Network Equipment Building Standards (NEBS).

WS-C4507R+E and WS-C4510R+E, both support Supervisor Engine 8-E, Supervisor Engine 7L-E and Supervisor Engine 7-E.

Note: Refer to your software release notes for the minimum software release versions required to support the supervisor engines.

  • Supervisor engines must be installed in slot 3 or in slot 4.
  • Supervisor engine redundancy is supported in this chassis.

Note: The Catalyst 4507R+E and 4510R+E switch supports 1+1 supervisor-engine redundancy. With the support of stateful switchover (SSO), the secondary supervisor engine serves as a backup to immediately take over after a primary supervisor failure. During the switchover, Layer 2 links are maintained transparently without the need to renegotiate sessions.

The Catalyst 4507R+E and 4510R+E switch support one or two power supplies. The following power supplies are supported:

–1000 W AC-input power supply (PWR-C45-1000AC)

–1400 W AC-input power supply (PWR-C45-1400AC)

–1300 W AC-input power supply (PWR-C45-1300ACV)

–2800 W AC-input power supply (PWR-C45-2800ACV)

–4200 W AC-input power supply (PWR-C45-4200ACV)

–6000 W AC-input power supply (PWR-C45-6000ACV)

–9000 W AC-input power supply (PWR-C45-9000ACV)

–1400 W DC-input power supply, triple-input (PWR-C45-1400DC)

–1400 W DC-input power supply with integrated PEM (PWR-C45-1400DC-P)

–External AC power shelf (WS-P4502-1PSU)

  • All Catalyst 4500 series AC-input power supplies require single-phase source AC.
  • Source AC can be out of phase between multiple power supplies or multiple AC-power plugs on the same power supply because all AC power supply inputs are isolated.
  • Single power supplies are installed in the left power supply bay. The second power supply is installed in the right power supply bay.

Note: For proper operation of the power supply OUTPUT FAIL LED, systems with single power supplies must be configured with a minimum of one fan tray and one supervisor engine. Systems with dual power supplies must have a minimum configuration of one fan tray, one supervisor engine, and one additional module. Failure to meet these minimum configuration requirements can cause a false power supply output fail signal.

…More info: Some simple questions about the New Cisco Catalyst 4500 E-Series Redundant Chassis you can read here

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/qa_c67_610073.html

More Related Cisco 4500E Topics

Supervisor Engine 6-E vs. Supervisor Engine 7-E vs. Supervisor Engine 8-E

Cisco Catalyst 4500E Supervisor Engine 8-E Review

Power Supplies for the Cisco Catalyst 4500-E Series

Read more
<< < 1 2 3 4 5 6 7 8 9 10 > >>