Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco switches - cisco firewall tag

Layer-3 Switch, More than a Router?

February 10 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Do you think that layer-3 switches perform bridging and routing, while routers do only routing? “I thought IP L3 switching includes switching within subnet based on IP address, routing is between subnets only.” --- Simon Gordon in twitter

Layer-3 switches and routers definitely have to perform some intra-subnet layer-3 functions, but they’re usually not performing any intra-subnet L3 forwarding.

Here we start with the intra-subnet functions the layer-3 forwarding devices do:

  • Dynamic neighbor discovery through ARP/ND for packets sent to hosts in directly attached subnets (glean adjacencies in CEF terminology);
  • Generation of host routes based on ARP/ND results (cached adjacencies in CEF terminology);
  • Forwarding of IP packet to directly attached IP hosts based on ARP/ND-generated host routes.

However, if a layer-3 forwarding device performs MAC-based forwarding in combination with IP-based forwarding, it usually uses the destination MAC address to figure out which forwarding method to use:

  • Layer-2 frames sent to router’s own MAC address are passed up the protocol stack into the IP forwarding code (and if the IP packet is sent to router’s IP address, the packet is sent to the control plane for further processing);
  • Layer-2 frames sent to other destination MAC addresses are passed to MAC forwarding code, which performs MAC address table (or TCAM) lookup and forwards, floods or drops the packet.

Tips: There’s no difference in intra-subnet (intra-VLAN) forwarding between a router (layer-3 switch) and a simple bridge (layer-2 switch). However, an IP-aware device (even a more sophisticated layer-2 switch) might support IP-based port access lists or DSCP- or ACL-based QoS.

Layer-2 and Layer-3 interfaces

Some switches have physical layer-2 and layer-3 interfaces. Layer-2 interfaces behave as I described above, with the internal router being connected with one of its interfaces (example: VLAN or SVI interface) to the internal bridge:

A layer-3 switch routing between two VLAN/SVI/BVI interfaces


Physical layer-3 interfaces connect directly to the internal router. If a physical layer-3 interface receives an Ethernet frame sent to a third party MAC address, the frame is dropped.

A layer-3 switch with routed (layer-3) physical interface


Notes: Some switches (example: Catalyst 6500) use hidden VLANs to implement layer-3 interfaces. You might think that detail doesn’t matter ... until you run out of VLANs.

Some devices have layer-3 sub interfaces. These interfaces modify the frame forwarding rules on per-VLAN basis: if the parent physical interface receives an Ethernet frame belonging to the sub interface VLAN, the router uses the IP forwarding path (and drops the Ethernet frame on destination MAC mismatch), whereas the destination MAC address selects the forwarding method (L2 or L3) used for frames belonging to other VLANs.

Reference from: http://blog.ipspace.net/2012/08/is-layer-3-switch-more-than-router.html

More Related Layer 3 Switch Topics:

Router vs. Layer 3 Switches

Routers vs. Network Switches

Read more

What Dose Customers Benefit From Cisco 2960-X Switches?

January 23 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

To address these challenges and transform IT, Cisco introduced the Cisco Catalyst 2960-X Series (stackable Gigabit Ethernet access switches) to enable network connectivity for enterprise, midmarket, and branch office locations. These switches enable reliable and highly secure business operations with lower total cost of ownership through a range of innovative features, including Cisco FlexStack Plus, Application Visibility and Control, Power over Ethernet Plus (PoE+), innovative power management, and Catalyst Smart Operations. This highly differentiated and innovative product will help you lock out the competition and win back port share. With these switches you can participate in the huge refresh opportunity from a large installed base that is fully amortized, and increase deal size by creating architectural linkages with other Cisco products, such as Cisco Identity Services Engine (ISE), and Cisco Prime.

What does customer benefit from Cisco 2960-X seriesThe switches are scalable, smart, simple, and secure and at the same time provide investment protection. They also provide Layer3 routing capability and application-aware intelligence, with double the scale of the existing generation. 

Scalable: Catalyst 2960-X Series is scalable to meet growth needs today and in the future. These switches offer high density, with 24 or 48 Gigabit Ethernet ports and 1 and 10 Gigabit Ethernet uplinks for desktop connectivity and are ready for 1-Gbps wireless (802.11ac). They deliver wire-rate performance on all ports to keep up with increasing traffic by exploiting the full capacity of each port. The switches support FlexStack Plus with up to 80 Gbps of stack bandwidth and up to eight members in a stack for 384 Gigabit Ethernet ports, doubling many performance aspects of the existing Cisco Catalyst 2960-S Series Switches. They offer a high-capacity 740W power supply that can power all 48 ports for PoE or 24 ports for PoE+. The benefits of PoE and PoE+ are easy and rapid deployment of IP endpoints, such as IP phones, access points, and cameras, while saving the cost of installing power outlets.

The Cisco Catalyst 2960-X Series is resilient, with control-plane redundancy across FlexStack Plus switches. This feature minimizes traffic disruption if the stack member fails. The Catalyst 2960-XR is also equipped with redundant power supplies for power resilience.

Smart: The Cisco Catalyst 2960-X Series Switches are smart, with intelligent access services, in depth application visibility and control, and best-in-class energy efficiency.

Built with True Stacking: FlexStack Plus enables unified configuration and unified single IP address management across all stack members for simplicity, efficiency, and scalability.  Cross-stack quality of service (QoS) automatically applies the QoS configuration of the master switch to other stack members to ensure QoS consistency, configuration accuracy, and simplicity. Cross-stack high availability provides for automatic election of a new master switch in case of stack master failure for greater resilience.

Built for network programmability: Cisco One Platform Kit (onePK) is an easy-to-use software-defined networking (SDN) toolkit for development, automation, rapid service creation, and more. Catalyst 2960-X Series Switches are onePK ready, enabling customers to build applications to automate and create services across the campus.

Built for application visibility and control: For the first time, the Catalyst 2960-X Series supports NetFlow Lite services that enable IT teams to monitor and record important traffic flows through a packet-sampling mechanism. When combined with Cisco Prime or other NetFlow collectors, it can help IT prioritize business-critical applications.

Built for unified access:

One policy through integration with Cisco ISE

One management through integration with Cisco Prime

Built for green IT—the greenest access switch ever:

Cisco EnergyWise monitors and controls PoE and PoE+ device power consumption to reduce energy costs. It can turn the connected IP devices on or off to reduce power consumption based on predefined policies. For example, the IP phones can be set to turn off automatically after business hours.

Energy-Efficient Ethernet (EEE) enables dynamic power savings on all switch ports, saving about 15W for a 48 port-switch and 8W for a 24 port-switch.

The Catalyst 2960-X Series introduces two new innovative energy-saving sleep modes for the switch. Switch Hibernation mode puts the switch to sleep, consuming as little as 6W, compared to approximately 50W in active mode.

Downlink Hibernation mode shuts down the downlink interface to save 0.5W per port when the connected devices are not in use, even if the devices are not EEE aware. Downlink Hibernation mode also shuts down PoE and PoE+ to save additional energy.

Collectively these features are game changers in green technology that can reduce switch power consumption by up to 80 percent.

Simple: Cisco Catalyst 2960-X Series Switches are simple to deploy, manage, and troubleshoot. As part of the Cisco Unified Access portfolio, the Cisco Catalyst 2960-X Series Switches are fully integrated with Cisco Prime, to offer simple operation from a central location.

They can also be managed by Cisco Network Assistant, which features an intuitive GUI with which users can easily apply common services across Cisco switches, routers, and access points.

Cisco Catalyst 2960-X Series Switches offer Catalyst Smart Operations features to lower the total cost of ownership:

Smart Install automatically downloads Cisco IOS Software and configures the switches for zero-touch deployment.

Auto Smart Ports automatically configures (for example, VLAN, security, and QoS settings) ports based on device type (such as IP phones, printers, and access points) for simplified configuration and rapid deployment.

Smart Call Home offers proactive diagnostics and remediation of hardware and software issues.


Secure: Cisco Catalyst 2960-X Series Switches offer security features to help ensure easy and highly secure network deployment and access. The security policies can be set consistently across the network by Cisco ISE.

Unlike competitors’ switches, Catalyst 2960-X Series Switches preserve customer investment by allowing mixed stacking with existing Catalyst 2960-S and 2960-SF switches. Customers can grow their access networks by adding the new 2960-X switches to their existing 2960-S and 2960-SF stacks.

What customers can Cisco recommend this product? The following points tell you the users who need the Cisco 2960-X series:

Simplify the management of their unified wired and wireless infrastructure

Build resilient converged network infrastructure to deploy BYOD, video, cloud applications, and 1-Gbps wireless solutions

Improve the user experience and have granular control over policy

Address more traffic in the future, including increasing numbers of devices (of all kinds)

Scale its business for a larger amount of traffic and devices in the unified wired and wireless network

Protect their investments in network infrastructure and build for future expansion

Table1 lists the Cisco solutions applicable to various customer deployments and needs. /When to Sell Catalyst 2960-X Series Switches


Table2 shows how the features of the Catalyst 2960-X Series compare to competitors’ switches.

Table2 Comparison of the Catalyst 2960-X Series to Competitors’ Switches



More Cisco 2960 Topics:

Cisco 2960 vs. Catalyst 3560

How to Configure the Voice VLAN Feature on the Catalyst 2960 and 2960-S Switches?

Cisco Catalyst 2960-X Series Switches Debut at Cisco Partner Summit

More Popular Topics Related to Cisco Catalyst 2960-S FlexStack


Read more

How to Configure Cisco ASA Failover into Active/Standby Mode?

January 10 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

In this article we will share how to configure Cisco ASA Failover into Active/Standby mode, firstly, assume that your primary Cisco ASA is configured and working.

Primary Cisco ASA

Setup your failover interface on Primary Cisco ASA


config t

failover lan unit primary

interface gigabitEthernet 0/3

no shutdown

Assign the failover IP Address on your Primary Cisco ASA

failover lan interface FAILOVER gigabitethernet0/3

failover interfaces ip FAILOVER standby

failover key YourSecretKey

failover link FAILOVER

Assign standby Outside IP Address on Primary Cisco ASA

Assign your Cisco ASA standby External IP Address, add “standby {SECONDARY ASA IP ADDRESS}”

interface gigabitEthernet 0/0

ip address standby

Assign standby Internal IP Address on Primary Cisco ASA

Assign Internal IP Address as you did for the External IP Address with the “standby {SECONDARY ASA IP ADDRESS}”

interface gigabitEthernet 0/1

ip address standby

Enable monitoring on SubInterfaces on Primary Cisco ASA (optional)

By default, monitoring physical interfaces is enabled and monitoring subinterfaces is disabled. You can monitor up to 250 interfaces on a unit. You can control which interfaces affect your failover policy by disabling the monitoring of specific interfaces and enabling the monitoring of others. This lets you exclude interfaces attached to less critical networks from affecting your failover policy.

monitor-interface if_name

You can turn off monitoring the management interface:

no monitor management

Enable failover

conf t


Verify your Cisco ASA Failover

show failover

Secondary Cisco ASA

Setup failover interface on Secondary Cisco ASA

config t

no failover

failover lan unit secondary

interface gigabitEthernet 0/3

no nameif

no shutdown

failover lan interface FAILOVER gigabitEthernet0/3

Assign your failover IP Address on Secondary ASA using FAILOVER

failover interface ip FAILOVER standby

failover key YourSecretKey

failover link FAILOVER


Automatic Configuration Copy from Primary to Secondary Cisco ASA

The device configurations are automatically copied from the primary Cisco ASA device to the secondary Cisco ASA device using the following commands:

config t

interface gigabitEthernet 0/3

no shutdown

Verify your Cisco ASA Failover


show failover

More about ASA Failover Configuration

Enter privileged EXEC mode.


Enter global configuration mode.

asa#configure terminal

Designate the ASA as the primary or secondary unit (default is secondary).

asa(config)#failover lan unit [primary |secondary]

Configure the ASA link that will be used as the failover link.

Notes: The if_name is used to assign the name of the interface (don't use thenameif command).

The interface_id can be a physical interface, subinterface, or redundant interface; or an EtherChannel interface ID. On the ASA 5505, the interface_idspecifies a VLAN ID.

asa(config)#failover lan interfaceif_name interface_id

Configure the primary and secondary IP addresses.

Note: Both the primary and secondary IP addresses must be in the same subnet.

asa(config)#failover interface ip if_name ip_address netmask standby ip_address

Configure the ASA link that will be used as the stateful failover link.

Notes: The if_name is used to assign the name of the interface; this is the same as the failover link if_name if they are being shared. The interface_id can be a physical interface, subinterface, or redundant interface; or an EtherChannel interface ID. On the ASA 5505, the interface_idspecifies a VLAN ID. This command is optional and is required only if stateful failover is being configured.

asa(config)#failover link if_name interface_id

Configure the primary and secondary IP address for the state interface.

Note: This step is required only if the link that is being used for the stateful failover link is different from the failover link. If it is being shared with the failover link, the information configured in Step 5 is used.

asa(config)#failover interface ip if_name ip_address netmask standby ip_address

Configure the use of IPsec on the LAN-to-LAN failover links (failover and stateful failover, if configured).

Notes: The key parameter can be up to 128 characters in lengthThis is the preferred method to be used to encrypt information over these links.

OR Configure a failover key.

Notes: The key parameter when used with the hex keyword is 32 characters. When it is used without it, it can be a string from 1 to 63 characters. This is a depreciated method of encrypting on these links, and it is not recommended in favor of the IPsec option above.

asa(config)#failover key {hex key | key}

Create a failover group.

Notes: By default, group 1 is assigned to the primary failover unit (as configured in Step 3).

This command is used only when configuring an active/active failover.

asa(config)#failover group {2}

Assign the group to a unit.

Notes: Typically, group 1 is assigned to the primary unit (the default), and group 2 is assigned to the secondary unit). This command is used only when configuring active/active failover.

asa(config-fover-group)#primary OR asa(config-fover-group)#secondary

Enter context configuration mode.

Note: This command is used only when configuring active/active failover.

asa(config)#context name

Configure the context to be a member of a failover group.

Notes: All unassigned contexts are assigned into failover group 1. The admin context is always configured into failover group 1. This command is used only when configuring active/active failover.

asa(config-ctx)#join-failover-group {2}

Enable the use of failover on the ASA.



More Cisco ASA Topics:

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Cisco ASA IPS Module Configuration

How to Configure New ASA 5510 in Transparent Mode?

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel

Create IPv6 LAN-to-LAN VPN Tunnel on Cisco ASAs

Read more

How to Recover the Password on Cisco Catalyst 3850?

January 2 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

How to recover the password on a Cisco 3850 switch when you lost or forgot it? It is easy to solve it for it’s so common for a network user. Here we list some tips and basic steps to help you recover password on catalyst 3850 again.

Tips and Steps to Recover the Password on Cisco Catalyst 3850

On a switch, power off the standalone switch or the entire switch stack. Reconnect the power cord to the active switch. Within 15 seconds, press the Mode button while the System LED is still flashing green. Continue pressing the Mode button until all the system LEDs turn on and remain solid; then release the Mode button.

Several lines of information about the software appear with instructions, informing you if the password recovery procedure has been disabled or not.

If you see a message that begins with this:

The system has been interrupted prior to initializing the flash file system.

The following commands will initialize the flash file system proceed to the below steps

Step1 Initialize the flash file system.

Switch: flash_init 

Step2 Ignore the startup configuration with the following command:


Step3 Boot the switch with the packages.conf file from flash.

Switch: boot flash:packages.conf

Step4 Terminate the initial configuration dialog by answering No.

Would you like to enter the initial configuration dialog? [yes/no]: No

Step5 At the switch prompt, enter privileged EXEC mode.

Switch> enable     


Step 6 Copy the startup configuration to running configuration.

Switch# copy startup-config running-config Destination filename [running-config]?

Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.

Step7 Enter global configuration mode and change the enable password.

Switch# configure terminalSwitch(config)# 

Step8 Write the running configuration to the startup configuration file.

Switch# copy running-config startup-config     

Step9 Confirm that manual boot mode is enabled.

Switch# show boot

BOOT variable = flash:packages.conf;

Manual Boot = yes

Enable Break = yes 

Step10 Reload the switch.

Switch# reload

Step11 Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.



Step12 Boot the switch with the packages.conf file from flash.

Switch: boot flash:packages.conf

Step13 After the switch boots up, disable manual boot on the switch.

 Switch(config)# no boot manual

Refer to https://supportforums.cisco.com/docs/DOC-35289

More Cisco 3850 Tips:

Cisco Catalyst 3850 Series- the Industry’s first Fixed, Stackable GE Switch

More Cisco switch review, news and Topics you can see at: http://blog.router-switch.com/category/reviews/cisco-switches/

Read more

Cisco Catalyst 3650 Series Fixed GE Access Switch

December 2 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The Cisco Catalyst 3650 Series Switch delivers converged wired and wireless access on a single platform, creating an uncompromised user experience in any workspace. The converged system provides a single platform for wired and wireless networkwide visibility for faster troubleshooting, advanced security and quality of service (QoS) control, maximum resiliency with fast stateful recovery, and scale with distributed wired and wireless data plane.


The Cisco Catalyst 3650 is built on the advanced Cisco StackWise-160, and takes advantage of the new Cisco Unified Access Data Plane (UADP) application-specific integrated circuit (ASIC). This switch can enable uniform wired-wireless policy enforcement, application visibility, flexibility, application optimization, and superior resiliency. The Cisco Catalyst 3650 Series Switches support full IEEE 802.3at Power over Ethernet Plus (PoE+), and offer modular and field-replaceable redundant fans and power supplies. They can help you increase wireless productivity and reduce your TCO.


All Cisco Catalyst 3650 Series Switches have fixed, built-in uplink ports. Customers can choose from three types of uplink ports at the time of the switch purchase:

• 4 x Gigabit Ethernet with Small Form-Factor Pluggable (SFP)

• 2 x 10 Gigabit Ethernet with SFP+ or 4 x Gigabit Ethernet with SFP

• 4 x 10 Gigabit Ethernet with SFP+ or 4 x Gigabit Ethernet with SFP


The SFP+ interface supports both 10 Gigabit Ethernet and Gigabit Ethernet ports. Refer to Table 1 for a description of the basic switch models and the corresponding uplink ports. Refer to Table 2 for a description of the various uplink port interface options.


Cisco Catalyst 3650 Highlights

Built on Cisco Unified Access Data Plane (UADP) application-specific integrated circuit (ASIC) with programmability to support Cisco ONE Enterprise Networks

Architecture and software-defined networking (SDN)

Integrated wireless LAN controller functionality

Native Flexible NetFlow (FnF) on all ports

Granular, hierarchical bandwidth management

Cisco TrustSec support


Cisco Catalyst 3650 Primary Features

Integrated wireless LAN controller capability with:

- Up to 40G of wireless capacity per switch (48-port models)

- Support for up to 25 access points and 1000 wireless clients on each switch or stack

24 and 48 10/100/1000 data and Power over Ethernet Plus (PoE+) models with Energy-Efficient Ethernet (EEE)

-Optional Cisco StackWise-160 technology provides scalability and resiliency with 160 Gbps of stack throughput (for additional wired and wireless capabilities, please visit the Cisco Catalyst 3850 Series Switches page)

- Fixed, built-in 4 x Gigabit Ethernet, 2 x 10 Gigabit Ethernet, or 4 x 10 Gigabit

Ethernet Small Form-Factor Pluggable (SFP) and SFP+ uplink ports

- Dual redundant power supplies and three modular fans, providing higher redundancy

- Full IEEE 802.3at (PoE+) with 30W power on all ports in 1 rack unit (RU) form factor

Software support for IPv4 and IPv6 routing, multicast routing, modular QoS, FnF Version 9, and advanced security features

Single, consistent Cisco IOS XE Software image across all license levels, providing an easy upgrade path for access points and software features

Enhanced limited lifetime warranty (E-LLW) with next business day (NBD) advance hardware replacement and 90-day access to Cisco Technical Assistance Center (TAC) support


Switch Configurations

The Cisco Catalyst 3650 Series Switches are available in LAN Base, IP Base, and IP Services feature sets. All switches ship with a default AC power supply. A DC power supply can be purchased as an option or spare. The base switch does not include any access point licenses. Figure 1 shows the Cisco Catalyst 3650 Series.

Figure1. Cisco Catalyst 3650 Series Switches (Front and Back)


Table1. Compare different switch models.


StackWise-160 Technology

The Cisco Catalyst 3650 provides maximum data, power, and wireless resiliency using Cisco StackWise-160 technology, which is built on the highly successful industryleading CiscoStackWise technology. The StackWise-160 technology provides optional stacking with 160 Gbps of bandwidth for providing resiliency within the stack. The stack behaves as a single switching unit that is managed by an active switch elected from one of the member switches. The active switch creates and updates all the switching, routing, and wireless tables. In an event of the active member failure, the standby member assumes the role of the active switch, continuing to keep the stack operational.


Cisco Catalyst 3650 Primary Advantages

Converged Wired and Wireless Platform

The Cisco Catalyst 3650 is a stackable platform that converges wired and wireless services on a Cisco IOS XE Software based platform. The CAPWAP tunnels from the access points terminate at the 3650 switch, enabling users to configure and apply software features such as QoS, security, and FnF across wired ports and wireless SSIDs on the same switch at the same time. The converged wired and wireless platform supports the Cisco Unified Access solution. With “one policy, one management, one network,” the Cisco Catalyst 3650 and Cisco Unified Access help IT spend less time running the network and more time on business innovation.

Advanced Security

The Cisco Catalyst 3650 is hardware capable of supporting Cisco TrustSec functionality. Cisco TrustSec uses the device and user credentials acquired during authentication for classifying the packets by security groups as they enter the network with scalability and simplified management. The classification is maintained through the network by the security group tag (SGT) and through integration with the Cisco Identity Services Engine. The Cisco Catalyst 3650 is also hardware-ready for link layer MACsec encryption, which provides networkwide encryption to protect data traffic across the network.

Application Visibility and Control (AVC)

With the native support for FnF on all the ports, the Cisco Catalyst 3650 can monitor both east-west and north-south wired traffic at the same time. The Cisco Catalyst 3650 switch terminates the wireless CAPWAP tunnels from the access point, providing full visibility into the wireless traffic at the switch. Because the wireless traffic is now isible at the switch, it is possible to identify wireless traffic using FnF and prioritize the traffic using advanced QoS capabilities for an improved user experience and faster troubleshooting.


The Cisco Catalyst 3650 supports Cisco Catalyst SmartOperations. SmartOperations features such as Auto Smartports, Auto QoS, and Smart Install reduce deployment time by automating most of the basic switch and port configurations.

Foundation for Cisco ONE Enterprise Networks Architecture

The Cisco Catalyst 3650 is built on the UADP ASIC, which provides wire-rate hardware performance with software programmability. The UADP ASIC features a programmable data plane, enabling deployment of SDN services and support of future software features over the product lifetime. The Cisco Catalyst 3650 supports the Cisco ONE Enterprise Networks Architecture for openness, programmability, and operational simplicity.

Reduced Total Cost of Ownership

The Cisco Catalyst 3650 reduces the total cost of ownership and provides superior investment protection through:

Built-in wireless controller functionality

Optional stacking

Support for fixed GE or 10 GE uplink

Support for IP Base and IP Services software options

Dual redundant power supply and three individual fans to help ensure high availability

E-LLW with NBD advance hardware replacement and 90-day access to Cisco TAC support


More Related Cisco 3650 Series News:

New Catalyst 3650 Series, Main FEATURES, Comparisons, Modules and Supports

Cisco to Unveil New Catalyst Access Switch to Converge Wired&Wireless Networking

Cisco Released Wave 2-Ready 802.11ac Access Point and Catalyst 3650

Read more

Cisco Nexus 3100: Next-gen Merchant Silicon-based ToR Switch Series

October 22 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco expanded its line of merchant silicon-based, top-of-rack data center switches with its new Nexus 3100 series.nexus-3100.png

Like other switches in this family, including the Nexus 3000 and 3500 series, the Nexus 3100 is a low-latency, high-density Layer 2 and Layer 3 switch. And because it is based on merchant silicon, the Nexus 3100 series does not support FabricPath, Cisco's TRILL-based Layer 2 mulit-pathing technology, or Cisco's fabric extender technology. In other words, like previous Nexus 3000 switches, the Nexus 3100 is not a part of Cisco's FabricPath-based data center fabric strategy.

Instead, Cisco is positioning the Nexus 3100 as a top-of-rack device for enterprises that require high-density, low-latency, top-of-rack switches that can be deployed in a leaf-spine architecture using conventional Layer 3 protocols.

Cisco also said the Nexus 3100 will support a variety of software-defined networking (SDN) capabilities, including its onePK SDN interface, virtual extensible LAN and OpenFlow 1.0. Cisco did not specify if or when it will start supporting the newer OpenFlow 1.3 specification.

Cisco didn't announce when the new switch will start shipping, but promised more details would be available "in the coming weeks."

The Nexus 3100 comes in two flavors. The Nexus 3132Q is a 2.56 Tbps switch that ships with 32 ports of 40 Gigabit Ethernet (GbE). The Nexus 3172PQ is a 1.44 Tbps switch with 48 10 GbE ports and 6 40 Gbps ports. Cisco claimed these switches will support Layer 3 in-service software upgrades. Although it claimed the switches will be ultra-low latency, Cisco has not published exactly how low that latency will be.

Cisco Nexus 3132Q vs. Cisco Nexus 3172PQ

Cisco Nexus 3132Q vs. Cisco Nexus 3172PQ

Cisco envisions two use cases for the Nexus 3100 series, according to Jimmy Shah, product manager at Cisco. First, the switches can serve as server access switches, particularly as leaf switches in a leaf-spine data center network. Second, the Nexus 3132Q, with its high-density 40 GbE ports, can serve as a pizza-box spine switch in the same leaf-spine environment.

Cisco's Nexus 3000 switches were seen by many experts as a response to rival Arista Networks' success in selling merchant silicon-based, ultra-low latency switches into financial trading firms. Cisco is calling the Nexus 3100 line the second generation of those switches.

"This is a big step up from the Nexus 3064," Shah said. "We see a lot of our 3064 customers transitioning to this product. If I'm building a new data center and I'm looking for the densest 10 Gb switch, then the 3100 becomes a great choice based on these hardware and software features."

Refer to http://searchnetworking.techtarget.com/news/2240206672/Cisco-Nexus-3100-Next-gen-merchant-silicon-based-ToR-switch-series

More Related Cisco Topics:

Cisco Will Raise Catalyst Switch Prices by Up to 67%

Cisco Released Wave 2-Ready 802.11ac Access Point and Catalyst 3650

Cisco Nexus 3100, Ready to Support VMware NSX?

Cisco to Unveil New Catalyst Access Switch to Converge Wired&Wireless Networking

Cisco Catalyst 6800: New Name, Same Game

Read more

Short Review: Cisco Catalyst 2960-S vs. 2960-X Series Switches

September 30 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco Catalyst 2960-X series debut at Cisco Partner Summit this year. Cisco announced that the Cisco 2960-X series is the greenest catalyst access switch, as well as the next generation of the world’s most widely deployed access switches.


These switches also provide Layer 3 routing capability, application-aware intelligence, and double the scale. They are the greenest Cisco Catalyst access switches ever. These switches are built to reduce total cost of ownership.

Compared with Cisco 2960-S series, what’s the New features of Cisco Catalyst 2960-X Series Switches? Like the 2960-S Series, Catalyst 2960-X Series is line-rate no blocking switches with the following added features:

●Dual-core CPU at 600 MHz

●Cisco FlexStack-Plus stacking

       80 Gbps bandwidth

        8-member stack

●Dual-FRU power supply with integrated fan (2960-XR only)

●NetFlow-Lite on all downlink and uplink ports

●Switch Hibernation mode integrated with Cisco Energ yWise

●Energy-Efficient Ethernet (EEE) downlink ports

●Signed Cisco IOS Software images

●Layer 3 features with IP Lite feature set (2960-XR only)

●24 port fan less model with 2 SFP and 210/100/1000BT uplinks

More Related Cisco Catalyst Switch Reviews:

Cisco Catalyst 2960-X Series Switches Debut at Cisco Partner Summit

Cisco Catalyst 2960-X and Catalyst 2960-XR Review

Cisco to Unveil New Catalyst Access Switch to Converge Wired&Wireless Networking

Cisco’s Greenest Catalyst Access Switch

Read more

Top 5 Reasons to Purchase Cisco ASA 5500 Series

September 26 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

A key component of the Cisco Secure Borderless Network, the Cisco ASA 5500 Series Adaptive Security Appliances delivers superior scalability, a broad span of technology and solutions, and effective, always-on security designed to meet the needs of an array of deployments.

By integrating the world’s most proven firewall; a comprehensive, highly effective intrusion prevention system (IPS) with Cisco Global Correlation and guaranteed coverage; and a high-performance VPN, the Cisco ASA 5500 Series helps organizations provide secure, high performance connectivity and protects critical assets for maximum productivity.

Offering seamless client and clientless access for a broad spectrum of desktop and mobile platforms, the Cisco ASA 5500 Series delivers versatile, always-on secure mobility integrated with web security and IPS for a comprehensive solution. Unlike most security providers that force you to choose between a high-quality firewall and an effective intrusion prevention system (IPS), Cisco combines the world’s most proven firewall with the industry’s most comprehensive, effective IPS for a powerful security solution.

Figure1. Cisco ASA 5500 Series


The Cisco ASA 5500 Series delivers superior real-time protection: Integrating innovative IPS with Global Correlation, firewall, and VPN technology, the Cisco ASA 5500 Series delivers highly effective intrusion prevention capabilities using hardware-accelerated IPS modules. And Cisco guaranteed coverage delivers peace of mind.

Site-to-site VPN: Using the hardware-accelerated site-to-site IPsec VPN capabilities provided by the Cisco ASA 5500 Series, businesses can securely augment or even replace legacy WANs by using low-cost Internet connections and IPsec VPN tunnels to connect to business partners and to remote and satellite offices worldwide.

Secure mobility: The Cisco ASA 5500 Series offers flexible technologies that deliver tailored solutions to suit connectivity and secure mobility requirements for company-managed assets such as desktops, laptops and smartphones, as well as unmanaged devices such as Internet kiosks or employee-owned desktops, laptops and handhelds. The Cisco ASA 5500 Series delivers both clientless and SSL/DTLS/IPsec VPN secure mobility client options.

Secure unified communications: The Cisco ASA 5500 Series provides extensive protocol support, signaling and media inspection, remote office and mobile user support, and simple provisioning to enable a secure, integrated voice and data network.

Top 5 Reasons to Purchase Cisco ASA 5500 Series Adaptive Security Appliances

1. Advanced intrusion prevention services with guaranteed coverage

With real-time reputation technology, the Cisco ASA 5500 Series IPS with Global Correlation is twice as effective as legacy IPS and includes guaranteed coverage for greater peace of mind. It protects against a wide range of threats, including worms, application-layer attacks, operating-system-level attacks, rootkits, spyware, peer-to-peer file sharing, and instant messaging for both IPv6 and IPv4 networks.

2. Industry-leading content security services

With the Cisco ASA 5500 Series, customers have their choice of on-box threat protection and content control based on Trend Micro technology, or a proven off-box solution with the Cisco IronPort Web Security Appliance. Both solutions provide comprehensive antivirus, antispyware, file blocking, ant spam, antiphishing, URL blocking and filtering, and content filtering services.

3. Secure mobility

The Cisco AnyConnect Secure Mobility solution provides business employees and partners with ubiquitous, highly secure access to enable employee mobility, enhance collaboration and improve productivity, while protecting the company’s resources and data from web-based threats and data leakage by enforcing acceptable use policies.

4. Unified communications

The Cisco ASA 5500 Series delivers secure access by enabling protection for voice, video, and multimedia traffic. Businesses can securely take advantage of the improved productivity and lower operational costs of a Cisco Unified Communications solution.

5. Comprehensive management and monitoring services

Several elements round out a rich complement of management options: with Cisco Adaptive Security Device Manager (ASDM), a comprehensive CLI, verbose syslog, and support for Simple Network Management Protocol (SNMP). Cisco Security Manager supports distributed deployments of up to 500 devices.

Figure2. Market-Leading Application/IPS/Content Security Services


Figure3. Secure Unified Communications


Figure4. Threat-Protected SSL and IPsec VPN Services


Figure5. Industry-Leading IPS/Content Security Service



SSC: Security Services Card; SSM: Security Services Module; SSM: Security Services Module; CSC SSM: Content Security and Control Security Services Module; 4GE SSM: 4 Gigabit Ethernet Security Services Module; SSP: Security Services Processor; IPS SSP: IPS Security Services Processor; IEC: Interface Expansion Card.

Table1. Cisco ASA 5505, 5510, 5520, 5540, 5550 Product Comparison

 Cisco ASA 5505, 5510, 5520, 5540, 5550 Product Comparison

Table2. Cisco ASA 5580 and ASA 5585-X Product Comparison

Cisco ASA 5580 and ASA 5585-X Product Comparison


1. Max firewall throughput measured under ideal test conditions

2. VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning

3. Licensed features

4. A/S = Active/Standby; A/A = Active/Active

Note: Performance numbers tested and validated with the ASA 7.2 software release for ASA 5505 through ASA 5540, and the ASA 8.4 software release for ASA 5550 through ASA 5585-X

Reference: The full PDF file of Cisco ASA 5500 Series Adaptive Security Appliances you can visit: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf

More Related Cisco ASA Topics:

Cisco ASA 5500 Family, Key Component of the Cisco Secure Borderless Network

How to Configure Cisco ASA 5505 Firewall?

Simple Steps to Connect a Remote Office to Cisco ASA 5510

How to Set up a Cisco ASA 5505 Firewall with a Wireless Router?

The Way to Activate Your Cisco ASA 5500

Read more

Cisco Catalyst 4500 Supervisor Engine 6-E with CenterFlex Technology

August 16 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco Catalyst 4500 Supervisor Engine 6-E with CenterFlex Technology-Secure, Flexible, Nonstop Communications.

The Cisco Catalyst 4500 E-Series, including the new Cisco Catalyst 4500 Supervisor Engine 6-E, three new E-Series line cards, and four new E-Series chassis, is a next-generation extension to the widely deployed Cisco Catalyst 4000 and 4500 Series of switches. Cisco Catalyst 4500 E-Series with CenterFlex technology, provides secure, flexible, nonstop communications to facilitate business resilience for enterprises, small and medium-sized businesses (SMBs), and Metro Ethernet customers deploying business-critical applications.

CenterFlex technology is enabled by the Supervisor Engine 6-E centralized application-specific integrated circuits (ASICs), which deliver the highest centralized performance and configuration flexibility in the industry. CenterFlex technology facilitates granular optimization of real-time voice, video, and data communication, maximizing performance and enhancing user experience. The new E-Series with CenterFlex technology is designed with unprecedented backward and forward compatibility, delivering exceptional investment protection and deployment flexibility to meet the evolving needs of organizations of all sizes.

Figure1. Cisco Catalyst 4500 Supervisor Engine 6-E


Cisco Catalyst 4500 Supervisor Engine 6-E with CenterFlex Technology Feature Highlights


• Centralized 320-Gbps switching capacity with 250 Mpps of throughput

• IPv6 support in hardware, providing wire-rate forwarding for IPv6 networks

• Dual 10 Gigabit Ethernet uplinks (X2 optics)

• Hardware forwarding entries: 256,000

• Quality-of-service (QoS) services hardware entries: 64,000

• Security services entries: 64,000

• Low latency



• Flexibility to operate at 6 or 24 Gbps per line-card slot

• Ability to mix and match 6-Gbps classic and 24-Gbps E-Series line cards, with no performance degradation

• Twin gigabit converter modules that enable flexibility for up to 4 Gigabit Ethernet (Small Form-Factor Pluggable [SFP]) uplinks in the X2 optic slots

• Dynamic hardware forwarding table allocations for ease of IPv4-to-IPv6 migration

• Advanced QoS support with up to 8 queues per port, dynamic queue sizing, and hierarchical policing to provide flexibility and control

• Enhanced security with Unicast Reverse Path Forwarding (URPF) for added protection against network spoofing attacks

• File allocation table (FAT)-based file system for easier network administration


The Cisco Catalyst 4500 Supervisor Engine 6-E is compatible with classic Cisco Catalyst 4500 line cards, chassis, and power supplies, providing full investment protection. The Supervisor Engine 6-E delivers 24 Gbps per slot of switching capacity when deployed with the E-Series line cards in a Cisco Catalyst 4500 E-Series chassis. You can mix and match classic line cards and E-Series line cards within a Cisco Catalyst 4500 E-Series chassis with no performance degradation. When you deploy the Cisco Catalyst Supervisor Engine 6-E with classic line cards, all of the new features except the 24-Gbps per-slot switching capacity are inherited.

The Cisco Catalyst Supervisor Engine 6-E also provides flexibility and an easy migration path to 10 Gigabit Ethernet uplinks with dual-purpose X2 slots that can accommodate wire-speed 10 Gigabit Ethernet optics or Cisco Twin Gigabit Converter modules (Figure 2), enabling Gigabit Ethernet SFP optics.


The Cisco Twin Gigabit Converter Module, which ships standard with the Supervisor Engine 6-E (unless you order 10 Gigabit Ethernet optics on the configuration tool), converts a single 10 Gigabit Ethernet X2 interface into two Gigabit Ethernet port slots that can be populated with appropriate SFP optics, providing a total of 4 Gigabit Ethernet uplinks if used in both X2 interface slots. With the flexibility offered by the Cisco Twin Gigabit Converter Module, you can initially use the gigabit uplinks and then, as your business demands change, you can simply remove the Cisco Twin Gigabit Converter Module and insert 10 Gigabit Ethernet X2 optics to provide full line-rate 10 Gigabit Ethernet uplinks without having to upgrade. The ability to support both Gigabit Ethernet uplinks and 10 Gigabit Ethernet uplinks on a single supervisor engine further demonstrates the flexibility and the investment protection of the Cisco Catalyst 4500 Series.

Cisco Twin Gigabit Converter Module: Converting 10 Gigabit Ethernet X2 Interface Into Two Gigabit Ethernet SFP Interfaces


The increased capabilities and investment protection provided by the Supervisor Engine 6-E and CenterFlex technology facilitates not only scalability for today's network requirements but also investment protection by providing significant hardware resources for future growth.


Cisco Catalyst 4500 E-Series Line Cards




The Cisco Catalyst 4500 E-Series line cards include the following options:

• 48-port 10/100/1000 E-Series Power over Ethernet (PoE) line card (2:1 oversubscribed)

• 48-port 10/100/1000 E-Series Premium PoE line card (2:1 oversubscribed)

• 6-port 10 Gigabit Ethernet E-Series line card (2.5:1 oversubscribed)

The Cisco Catalyst 4500 48-port 10/100/1000 PoE and premium PoE E-Series line cards are designed for high-performance LAN access applications. The Cisco Catalyst 4500 6-Port 10 Gigabit Ethernet E-Series Line Card can be deployed for high-performance 10 Gigabit Ethernet aggregation in the campus, in small to medium-sized networks as a core switch, or in high-performance wiring closets where additional 10 Gigabit Ethernet uplinks are required. The Cisco Catalyst 4500 6-Port 10 Gigabit Ethernet E-Series Line Card supports standard X2 optics as well as Cisco Twin Gigabit Converter modules as orderable options.

For more information, refer to the Cisco Catalyst 4500 Line Card data sheet at: http://www.cisco.com/en/US/prod/collateral/modules/ps2710/ps5494/product_data_sheet0900aecd802109ea.html.

More detailed reference of Cisco Catalyst 4500 Supervisor Engine 6-E with CenterFlex Technology you can read at: http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps9294/product_data_sheet0900aecd806df543_ps4324_Products_Data_Sheet.html

More Related Cisco 4500 Info and Tips:

Generals Qs of Cisco Catalyst 4500 E-Series and Its CenterFlex Technology

Video Illustrates Cisco Catalyst 4500 Series Switches

Cisco Catalyst 4000/4500 Family, Entry-level Chassis-based Switch

Cisco Catalyst 6500 Switches Vs. Catalyst 4500 Series

Cisco Catalyst 4500 Switch, How to Configure a DHCP Relay on It?

Read more

Cisco Refreshes Campus Switching, Including Catalyst 6800 Core Chassis

July 3 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco unveiled a refresh of its campus switching and enterprise routing products at Cisco Live this week, highlighted by the Catalyst 6800 series, a big brother to the Catalyst 6500 that is compatible with the older switch's existing supervisor modules and line cards.


The new Catalyst 6807 is a 10/40/100 Gigabit Ethernet (GbE) modular switch with 11.4 Tbps of total throughput and 880 Gbps capacity per slot. It has five times the performance and six times the capacity of the venerable Catalyst 6500. Because it is compatible with the modules designed for the Catalyst 6500, this new switch hits the market with all the advanced services that customers usually have to wait a couple years for, such as the Wireless Services Module and Multiprotocol Label Switchingsupport.

"The Catalyst 6500 has an 80 Gb-per-slot limit, so they just couldn't work around that," said Andre Kindness, senior analyst with Cambridge, Mass.-based Forrester Research Inc. "So they came out with the 6800. The chassis had to change to accommodate 100 Gb throughput."

Kindness said the Catalyst 6800's compatibility with modules from the 6500 offers customers a new level of investment protection.

"This is the first time I've seen a vendor come out with a new chassis and be able to create a switch with higher speeds without having to build new modules," he said.

Switch to run on upgraded Supervisor Engine

The Catalyst 6807 will run on the Supervisor Engine 2T (Sup 2T) module, which was introduced as the next-generation supervisor for the Catalyst 6500 two years ago, said Inbar Lasser-Raab, Cisco's senior director of enterprise network marketing. Cisco has upgraded the software on the Sup 2T for the new chassis.

Paris-based utility giant EDF plans to adopt the Catalyst 6807 in a large network refresh. "We have a big project to replace all of the networks in our nuclear power plants, hydro-power plants and thermal power plants. We chose to place the Catalyst 6800 at the heart of this network," said Dominique Massoni, senior ICT architect for the global core at EDF.

Don Prince, senior IT architect with Atlanta-based Southern Company, said he appreciated "being able [to] use the same services and take advantage of the same line cards and other equipment [from the Catalyst 6500] that is compatible with the 6800. Investment protection is important to us."

Additionally, Cisco introduced a semi-fixed form factor model Catalyst 6880, a 10 GbE switch designed for midmarket customers who want a switch with moderate 10 GbE density and some advanced services. The Catalyst 6880 is a 4 rack-unit switch with 16x10 GbE fixed ports and half slots that can service an additional 80x10 GbE ports.

Wiring closet device optimized for campus

Cisco also announced a wiring closet device, the Catalyst 6800ia (Instant Access), a 1 rack-unit device with 48 GbE ports that extends the services and the image of a Catalyst 6500 or Catalyst 6800 to the access layer of a network.

"It's analogous to a [Nexus 2000 fabric extender], except that it's optimized for the campus, with features like PoE [Power over Ethernet]," said Rob Soderbery, senior vice president of Cisco's enterprise networking group.

Unlike the Nexus 2000, which extends the ports of a Nexus 5000 or 7000 data center switch to the top of a rack, the Catalyst 6800ia virtually adds ports to the core Catalyst devices. These additional ports are physically located in wiring closets on the 6800ia, but they exist logically on the chassis switch.

"I got immediately excited about the [Catalyst 6800ia] because my company could triple in size and I wouldn't have to increase the size of my networking staff," said Chris Tillett, network administrator with Halifax Media Group, a Daytona Beach, Fla.-based publisher that owns more than 30 newspapers. Since the Catalyst 6800ia extends the image of an existing core switch, a network engineer doesn't need to deploy and configure it. Tillett said he can send the device to an IT generalist who can simply plug it in and the device is up and running.

Cisco enhanced another part of its campus portfolio by introducing a new supervisor module for the Catalyst 4500. This new module features Cisco's Unified Access Data Plane (UADP) application-specific integrated chip (ASIC), which allows customers to integrate wireless LAN control into their switching fabric. Cisco first introduced this ASIC on its Catalyst 3850 stackable switch.

Finally, Cisco beefed up its enterprise routing products with a new top-of-the-line Integrated Services Router (ISR) 4451-AX [Application Experience]. This router ships with 1 Gbps performance, but its software license can be upgraded to 2 Gbps. All Application Experience features introduced recently on other ISR models ship on this new 4451-AX, but all the services are integrated directly into the box. No additional modules need to be installed. All advanced services, including Wide Area Application Services (WAAS) and security, operate at line rate.

Forrester's Kindness said existing ISR models provide all the Layer 4-7 services that the new ISR 4451-AX offers, but this new model has much better performance. Earlier models delivered those services as if a customer "was deploying a server on top. They can't do WAAS at full performance. This router is integrating Layer 2 through 7 so you can do WAAS and security at 1 to 2 Gb line speed."

Cisco also rolled out the Application Experience services package to the ASR-1000 router, which can be added to existing deployments through a software upgrade. Cisco said the 6807 and 6880 switches will be available in November. Other products and upgrades will be available in July.

Reviews from http://searchnetworking.techtarget.com/news/

More Related Reviews:

Cisco Delivers “Monster” Catalyst Switch, Routers for SDN Environments

Cisco Catalyst 6800 Switch and Friends

Cisco Catalyst Access Switching

Cisco Catalyst 6800: New Name, Same Game

Read more
<< < 1 2 3 4 5 6 7 8 9 10 > >>