Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #cisco switches - cisco firewall tag

Why Upgrade Cisco ASA 5500-X Series?

May 26 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Why Cisco upgraded Cisco ASA 5500-X Series? Can you guess and find out the reasons? Some experts listed like these: Multifaceted, highly dynamic applications and the growing acceptance of bring-your-own-device (BYOD) have dramatically altered the security landscape; with more than 100,000 new web-based threats emerging each day, businesses need a security solution that’s proactive, comprehensive, and network-integrated-and that helps accelerate business operations.

ASA-CX-Architecture.jpg

Well, Cisco’s ASA Next-Generation Firewall Services add next-generation capabilities like Application Visibility and Control (AVC) and Web Security Essentials (WSE) to the industry’s most proven stateful inspection firewall-for end-to-end network intelligence and streamlined security operations.

1. Proactive Security

Cisco ASA 5500-X Series Next-Generation Firewalls protect networks against many types of malware, including web-based threats, vulnerabilities, and advanced persistent threats (APTs) via Cisco Cloud Web Security and Cisco Security Intelligence Operations (SIO).

Cisco Cloud Web Security provides centralized, cloud-based integration with Cisco ASA firewalls and integrated services routers, delivering localized network security, comprehensive malware protection, visibility and control of web applications.

Cisco SIO is a cloud-based service that performs real-time analysis of telemetry from nearly two million security devices and more than 150 million mobile endpoints throughout the world. Continuous updates on Internet threats, network vulnerabilities, and host site reputation are sent to Cisco security devices every three to five minutes, providing near real-time protection from zero-day threats. Cisco customers can use this information to develop and enforce more granular, robust security policies to proactively protect their networks months ahead of a specific threat.

 

2. Comprehensive Suite of Security Services

Cisco ASA 5500-X Series integrates with a wide range of software- and cloud-based security services that our customers need today, and are built to scale to the meet the functional and security requirements of future networks. Current next-generation firewall services include:

Application Visibility and Control (AVC)

Web Security Essentials (WSE)

Intrusion prevention (IPS)

Botnet filter

Cisco AnyConnect VPN

Cisco Cloud Web Security (CWS)

Multiple software services can be run simultaneously on the same firewall without significant performance degradation.

 

3. Network Integration

Customers can choose their security deployment options based on their business needs and challenges with Cisco ASA 5500-X Series. By integrating the firewall with the network infrastructure, IT can simplify firewall management and optimize protection. Cisco TrustSec is available on Cisco ASA Software Release 9.0 and later to allow firewalls to participate in a broader policy framework that can simplify firewall policy management by as much as 80% and more rapidly adapt to changing users.

ASA 5500-X Series firewalls are designed to integrate with Cisco Cloud Web Security. For customers interested in granular AVC capabilities and differentiated access based on users, devices, and applications, the firewalls provide an on-premise security solution.

 

4. Performance without Compromise

Cisco ASA 5500-X Series Next-Generation Firewalls help increase the performance of the most critical network services by providing:

300% higher firewall throughput than the previous generation

60% higher VPN throughput than the previous generation

Multicore enterprise-class CPUs

Next-generation encryption support

Integrated IPS acceleration hardware on the ASA 5525-X, 5545-X, and 5555-X firewalls

Cisco ASA Next-Generation Firewall Services enable organizations to rapidly adapt to evolving business needs without abandoning time-tested methods. Blending a proven stateful inspection firewall application with user ID awareness and a host of additional network-based security controls, ASA Next-Generation Firewall Services deliver end-to-end network intelligence and streamlined security operations for enhanced visibility and control of network traffic.

PDF File from http://www.smbpartner.net/email/news/DE/2013/2013_07/download/asa_5500x_migration_e.pdf

 

More Related Cisco ASA 5500 Reviews and Topics:

ASA 5505 vs. ASA 5510 vs. ASA 5512-X vs. ASA 5515-X

Cisco ACLs In and Out on Cisco ASA

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Cisco ASA IPS Module Configuration

Multiple Vulnerabilities in Cisco ASA Software

Read more

Cisco Catalyst 4500-E & 4500-X Series Network Virtualization Solutions

May 22 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Why Network Virtualization? How many types? What Problems Do Network Virtualization Solutions Help Solve? How does the Virtual Switching System work on Cisco Catalyst 4500-E & 4500-X Series? In this article, we will share the answers and tips of the above questions.  What is the exact Network Virtualization? Let’s see here:

With network virtualization, users can:

Lower total cost of ownership.

Achieve regulatory compliance for network segmentation.

Reduce application recovery times and business disruption as well as network complexity, to increase operational efficiency and return on investment while lowering OpEx and CapEx.

 

Types of Network Virtualization

Two types of network virtualization are: device pooling with the Virtual Switching System (VSS) technology, and Layer 3 network segmentation using Virtual Route Forwarding (VRF)-Lite, Cisco Easy Virtual Network (EVN), and Multiprotocol Label Switching (MPLS).

The VSS technology on the Cisco Catalyst 4500-E and 4500-X Series Switches will add a new, powerful tool for IT managers to build resilient, highly available networks while optimizing traffic load balancing. It will be enabled in a future software release.

With the VRF-Lite feature, Catalyst 4500-E and 4500-X Series Switches support multiple VPN routing and forwarding (VRF) instances for network segmentation. (VRF-Lite is also referred to as multi-VRF Customer Edge). This technology does not need to use MPLS to support such instances; it relies instead on the configuration of Layer 3 interfaces on the interswitch links.

EVN is an enhancement of the existing VRF-Lite technology that improves Layer 3 traffic separation and path isolation on a shared network infrastructure. EVN reduces the user configuration burden and:

- Simplifies Layer 3 network virtualization without requiring MPLS end-to-end capabilities.

- Enhances shared services support, management, troubleshooting, and usability.

 

What Problems Do Network Virtualization Solutions Help Solve?

EVN is a Cisco innovation meant to overcome the overhead issues of the traditional VRF-Lite solution. With the VSS technology on Cisco Catalyst 6500 Series and now also on the Catalyst 4500-E and 4500-X Series Switches, campus networks can be designed in a way that eliminates the traditional drawbacks of multilayer network topologies, such as stateless network-level failovers resulting in increased application recovery times and business disruption; network complexity leading to lower operational efficiency and higher OpEx; and underutilized resources leading to lower return on investment and higher CapEx.

 

Cisco Easy Virtual Network

Cisco EVN technology uses the Virtual Network Trunk to significantly reduce the configuration required to implement network virtualization across the entire network infrastructure. The traditional VRF-Lite solution requires creating one interface per VRF on all switches and routers involved in the data path, a time-consuming process that can become a configuration management burden.

EVN also uses route replication technology to improve shared services support. Route replication technology makes it possible to link routes from a shared VRF to several segmented VRFs, simplify the configuration of importing and exporting routes, remove duplicate routing tables or routes, saving memory and CPU cycles.

Figure1. VRF-Lite vs EVN Configuration with multiple Interior Gateway Protocol Instances (IGPs)

VRF-Lite-vs-EVN-Configuration-with-multiple-Interior-Gatewa.jpg

 

Virtual Switching System on 4500-E and 4500-X Series

The Cisco Virtual Switching System (to be enabled in a future software release) is a clustering technology that pools two Cisco Catalyst 4500-E Series Switches with Cisco Catalyst Supervisor Engine 7-E or 7-LE or two Catalyst 4500-X Series Switches into a single virtual switch. In a VSS, the data plane of both clustered switches is active at the same time in both chassis. VSS members are connected by virtual switch links (VSLs) using standard Gigabit or 10 Gigabit Ethernet connections between the VSS members.

VSLs can carry regular user traffic in addition to the control plane communication between the VSS members.

Table1 summarizes the planned configurations and capabilities for VSS (may be subject to change).

Table1. Cisco Virtual Switching System on 4500-E and 4500-X Series Switches

Cisco-Virtual-Switching-System-on-4500-E-and-4500-X-Series-.jpg

 

What Are the Benefits of Virtualization Solutions?

Virtualization solutions offer improved management capabilities, advanced security, and optimized network resource usage.

 

Device Pooling: Virtual Switching System reduces network complexity by combining two separate physical chassis into a single control plane. VSS offers the following advantages:

Enables multipathing with Layer 2 Multichassis EtherChannel (MEC) between access and distribution (increase in link utilization).

Business continuity with improved resiliency (~200 ms) in case of a link or network device failure, with no impact to voice or video applications.

Reduces touch points with a single management and control plane between two physical switches (optimized for core and distribution deployments).

Eliminates the need for spanning tree and offers a loop-free topology between the access and distribution with Layer 2 MEC.

Simplifies and reduces network topology complexity by eliminating the need for first-hop redundancy protocols like Hot Standby Router Protocol (HSRP), Gateway Load Balancing Protocol (GLBP), or Virtual Router Redundancy Protocol (VRRP).

 

Figure2. Physical vs Logical Topology in a VSS Configuration

Physical-vs-Logical-Topology-in-a-VSS-Configuration.jpg

Layer 3 Network Segmentation: The traditional VRF-Lite solution usually requires a lot of configuration management. EVN reduces configuration time significantly across the entire network infrastructure without requiring the use of MPLS. Advantages include:

Uses the vnet trunk command to propagate segmentation information between devices.

Does not require the MPLS infrastructure to propagate a segmentation tag.

More Related Cisco 4500 Reviews:

Power Supplies for the Cisco Catalyst 4500-E Series

Cisco Catalyst 4500-E & Cisco 4500 Series Model Comparison

 

Supervisor Engine 6-E vs. Supervisor Engine 7-E vs. Supervisor Engine 8-E

Read more

Cisco 6880-X vs. Catalyst 4500X

April 8 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco Catalyst 6880-X is a highly scalable and manageable solution for user access offering up to 1008 (FCS) 10/100/1000 ports within a single management system when working with the Catalyst 6800ia remote linecard, while providing the same feature set as a regular Catalyst 6500 that you might be longing for. What do you need to know about Cisco 6880-X? We will summarize some main highlights for you.

The Cisco Catalyst 6880-X and Port cards

The-Cisco-Catalyst-6880-X-and-Port-cards.jpg

Chassis-Cisco 6880-X Series

Cisco-6880x-chassis.jpg

  • 6880-X comes in two flavors
    • C6880-X-LE (Lite) with smaller hardware table
    • C6880-X (Heavy) with larger hardware table
  • Single fixed Supervisor (based on SUP2T) 
  • Require minimum IOS 15.1SY with feature parity to SUP2T
  • Capable of 220 Gbps/Slot. Total of 2Tbps. 4Tbps in VSS.
  • Built-in 16 x 10G (10/100/1000 with Copper SFP or 1G/10G with SFP/+)
    • 80 Gbps to backplane (ie. 2:1 Oversubscription)
    • Based on WS-X6904-40G (also support up to 16 x 10G)
    • Can disable second half of port ASIC to enable line rate (Performance Mode)
  • Four half-width expansion slots available
  • Dimension 8.5x 17.36 x 23 inches, Height = 4.85 RU
  • Dual 3KW Power Supply
  • Side-to-side airflow

 

Linecard-Catalyst 6880-X Switches

Cisco-6880x_modules.jpg

  • 16-Port 10G Module
  • Also comes with two flavors
    • C-6880-X-LE-16P10G (Lite) with smaller hardware table
    • C-6880-X-16P10G (Heavy) with larger hardware table
  • 16 x 10G (10/100/1000 with Copper SFP or 1G/10G with SFP/+)
    • 80 Gbps to backplane (ie. 2:1 Oversubscription)
    • Based on WS-X6904-40G (also support up to 16 x 10G)
    • Can disable second half of port ASIC to enable line rate (Performance Mode)
    • In other word, this is identical to the built-in ports
  • Linecard type can be mixed with chassis type but they will operate at the lowest common denominator, hence not recommended.

 

Catalyst 4500X vs. Cisco 6880-X

 

If you are familiar with Catalyst 4500X, you can see that they have a lot of similarity, being able to support 1G/10G on all ports, and VSS capable. Since 4500X max out at 40 ports, if you have a need to exceed that, 6880-X could certainly be your option by scaling up to 80 ports. Despite the 2:1 oversubscription of 6800-X, the benefit of centralized configuration with 6800ia can be very compelling. Finally, the lack of modularity and redundancy of the Supervisor can easily be overcome by deploying VSS.

More Related Cisco Switch Topics:

Cisco Catalyst 6880-X Series Review

Cisco Catalyst 6800: New Name, Same Game

Cisco Delivers “Monster” Catalyst Switch, Routers for SDN Environments

Cisco Catalyst 6800 Switch and Friends

Read more

Cisco Catalyst 3750 V2 Series, Features and Configurations

March 4 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The Cisco Catalyst 3750 v2 Series is a next-generation energy-efficient Layer 3 Fast Ethernet stackable switch. It supports Cisco EnergyWise technology, which helps you manage the power consumption of your network, thereby reducing energy costs and carbon footprint.

The Cisco 3750 v2 Switch consumes less power than its predecessors and is an ideal access layer for enterprise, retail, and branch environments. It helps increase productivity and protects your network investment by providing a unified network for data, voice, and video.

Cisco Catalyst 3750 v2 Switches (Front and Back)

Cisco-Catalyst-3750-v2-Switches.jpg

Catalyst 3750 v2 Series Highlights

• Lower power consumption than its predecessors

• Backward compatible with Cisco Catalyst 3750 and 3750-E Series Switches

EnergyWise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs

• Open shortest path First (OSPF) routing with IP Base feature set

• Compatible with Cisco Redundant Power System (RPS) 2300

• Uniform depth of 11.9 inches on all units for better cable management

• IPv6 routing included in the IP Services feature set

Cisco Switch Configurations

The Cisco Catalyst 3750 v2 Series consists of the switches listed in the following table.

Model

Description

3750V2-24TS

24 Ethernet 10/100 ports and 2 Small Form-Factor Pluggable (SFP) Gigabit Ethernet ports; 1 rack unit (RU)

3750V2-48TS

48 Ethernet 10/100 ports and 4 SFP Gigabit Ethernet ports; 1RU

3750V2-24PS

24 Ethernet 10/100 ports with Power over Ethernet (PoE) and 2 SFP Gigabit Ethernet ports; 1 RU

3750V2-48PS

48 Ethernet 10/100 ports with PoE and 4 SFP Gigabit Ethernet ports; 1RU

3750V2-24FS

24 Ethernet 100FX SFP ports and 2 SFP Gigabit Ethernet ports; 1 RU; Transceivers are optional and not included with the base switch

Cisco Catalyst 3750 V2 Software

The Cisco Catalyst 3750 v2 Series can be purchased with the IP Base or IP Services license preinstalled.

The IP Base license offers advanced quality of service (QoS), rate limiting, and access control lists (ACLs), and basic static and Routing Information Protocol (RIP) and OSPF routing functions.

The IP Services license provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP multicast routing as well as policy-based routing (PBR). The Advanced IP Services license, which includes IPv6 routing and IPv6 ACL support, is now included in the IP Services license. Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license.

Cisco Catalyst 3750 V2 Series-Cisco EnergyWise& Power over Ethernet

We mentioned that Cisco Catalyst 3750 v2 Series supports Cisco EnergyWise, which is a technology that enables monitoring, reporting, and management of energy consumption by end devices that are EnergyWise enabled. This technology enables companies to reduce their energy costs and carbon footprints. EnergyWise features enable you to:

• Discover all Cisco EnergyWise enabled devices on the network

• Monitor and report power consumption by these devices

• Implement business rules to control power to these end devices

Power over Ethernet: The Cisco Catalyst 3750 v2 Series can provide a lower total cost of ownership (TCO) for deployments that incorporate Cisco IP Phones, Cisco Aironetwireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device.

PoE eliminates the need for wall power outlets for each PoE-enabled device and significantly reduces the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments.

The Cisco Catalyst 3750 v2 24-port PoE switch can support Class 3 PoE or 15.4 watts (W) of PoE power on all 24 ports. Taking advantage of Cisco Catalyst Intelligent Power Management, the Cisco Catalyst 3750 v2 48-port PoE configurations can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between. Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst 3750 v2 Series Switch is combined with the Cisco RPS 2300 for protection against internal power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages.

More Cisco Catalyst 3750 v2 Series Switches data sheet: Primary Features and Benefits, Enhanced Security, High-Performance IP Routing, Integrated Cisco IOS Software Features for Bandwidth Optimization, Cisco Catalyst 3750 v2 Series Switch Hardware, etc. You can see:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/data_sheet_c78-531031.html

As we known, Cisco 3750 V2 series is famous for allowing customers to build a unified, highly resilient switching system, one switch at a time, and improving LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches.

So Cisco 3750 version 2 series wins a number of fans among Cisco switch users. If you are willing to choose a Cisco 3750 V2 series, you can check some hot models of Cisco Catalyst 3750 V2 switch at router-switch.com:

http://www.router-switch.com/Price-cisco-switches-cisco-switch-catalyst-3750_c21

More Cisco Catalyst 3750 Info and Tutorials:

CISCO Catalyst 3750 Family

How to Configure a Cisco 3750?

How to Add a DHCP Range to a Cisco 3750 Switch?

Cisco 3750 Stacking Configuration

Cisco Announced End-of-Sale and End-of-Life for Cisco Catalyst 3750/3560G&E Switches

Read more

Cisco Catalyst LAN Lite Switches Overview

February 24 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Cisco Catalyst LAN Lite Switches was designed for entry-level enterprise, midmarket and small branch office networks. The LAN Lite Cisco IOS Software provides entry-level security, quality of service (QoS), and availability capabilities. What are the Catalyst LAN Lite switches?

The Cisco Catalyst 2960-S LAN Lite Series Switches have the following main capabilities:

  1. • 24 and 48 ports of Gigabit Ethernet (GbE) 10/100/1000 desktop connectivity
  2. • 1 GbE Small Form-Factor Pluggable (SFP) uplinks
  3. • USB storage interface for file backup, distribution, and simplified operations
  4. • Enhanced troubleshooting for problem solving, including link connectivity and cable diagnostics
  5. • Single IP address management for up to 16 switches
  6. • A wide range of software features to provide ease of operation, secure business operations, sustainability and borderless networking experience
  7. • Limited lifetime hardware warranty, including next-business-day replacement with 90-day service and support

 

Cisco Catalyst LAN Lite Switches, Part Numbers, Description

Product Name (Part Number)

Description

Cisco Catalyst 2960-24-S Switch (WS-C2960-24-S)

• 24 Ethernet 10/100 ports

• 1-RU, fixed-configuration switch

• LAN Lite image installed

Cisco Catalyst 2960-24TC-S Switch (WS-C2960-24TC-S)

• 24 Ethernet 10/100 ports and two dual-purpose uplinks (10/100/1000BASE-T or Small Form-Factor Pluggable [SFP])

• 1-RU, fixed-configuration switch

• LAN Lite image installed

Cisco Catalyst 2960-48TC-S Switch (WS-C2960-48TC-S)

• 48 Ethernet 10/100 ports and two dual-purpose uplinks (10/100/1000BASE-T or Small Form-Factor Pluggable [SFP])

• 1-RU, fixed-configuration switch

• LAN Lite image installed

 

Switch Configurations-Cisco Catalyst 2960-S and 2960 Series Switches with LAN Lite Software

Switch Model

Description

Uplinks

Catalyst 2960-S Switches with 1 Gigabit Uplinks and 10/100/1000 Ethernet Connectivity

Cisco Catalyst 2960S-48TS-S

48 Ethernet 10/100/1000

2 1 GbE ports

Cisco Catalyst 2960S-24TS-S

24 Ethernet 10/100/1000

2 1 GbE SFP ports

Catalyst 2960 Switches with 1 Gigabit Uplinks and 10/100 Ethernet Connectivity

Cisco Catalyst 2960-48PST-S

48 Ethernet 10/100 PoE ports (370W capacity)

2 fixed 10/100/1000 ports and 2 SFP ports

Cisco Catalyst 2960-24PC-S

24 Ethernet 10/100 PoE ports (370W capacity)

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-24LC-S

24 Ethernet 10/100 and 8 10/100 PoE ports (123W capacity)

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-48TC-S

48 Ethernet 10/100

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-48TT-S

48 Ethernet 10/100

2 fixed 10/100/1000 ports

Cisco Catalyst 2960-24TC-S

24 Ethernet 10/100

2 dual-purpose ports (10/100/1000 or SFP)

Cisco Catalyst 2960-24-S

24 Ethernet 10/100

None

Compact Switches

Cisco Catalyst 2960-8TC-S

8 Ethernet 10/100 compact size with no fan

1 dual-purpose port (10/100/1000 or SFP)

 More Cisco 2960 Reviews and News:

Cisco Catalyst 2960-24TC-L Review

Compare Cisco 2960 Models

Cisco Catalyst 2960 LAN Base Series & Catalyst 2960 LAN Lite Series

What is Exact Cisco Catalyst 2960-S FlexStack?

Read more

Layer-3 Switch, More than a Router?

February 10 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Do you think that layer-3 switches perform bridging and routing, while routers do only routing? “I thought IP L3 switching includes switching within subnet based on IP address, routing is between subnets only.” --- Simon Gordon in twitter

Layer-3 switches and routers definitely have to perform some intra-subnet layer-3 functions, but they’re usually not performing any intra-subnet L3 forwarding.

Here we start with the intra-subnet functions the layer-3 forwarding devices do:

  • Dynamic neighbor discovery through ARP/ND for packets sent to hosts in directly attached subnets (glean adjacencies in CEF terminology);
  • Generation of host routes based on ARP/ND results (cached adjacencies in CEF terminology);
  • Forwarding of IP packet to directly attached IP hosts based on ARP/ND-generated host routes.

However, if a layer-3 forwarding device performs MAC-based forwarding in combination with IP-based forwarding, it usually uses the destination MAC address to figure out which forwarding method to use:

  • Layer-2 frames sent to router’s own MAC address are passed up the protocol stack into the IP forwarding code (and if the IP packet is sent to router’s IP address, the packet is sent to the control plane for further processing);
  • Layer-2 frames sent to other destination MAC addresses are passed to MAC forwarding code, which performs MAC address table (or TCAM) lookup and forwards, floods or drops the packet.

Tips: There’s no difference in intra-subnet (intra-VLAN) forwarding between a router (layer-3 switch) and a simple bridge (layer-2 switch). However, an IP-aware device (even a more sophisticated layer-2 switch) might support IP-based port access lists or DSCP- or ACL-based QoS.

Layer-2 and Layer-3 interfaces

Some switches have physical layer-2 and layer-3 interfaces. Layer-2 interfaces behave as I described above, with the internal router being connected with one of its interfaces (example: VLAN or SVI interface) to the internal bridge:

A layer-3 switch routing between two VLAN/SVI/BVI interfaces

Layer_2_Routed_Interfaces.png

Physical layer-3 interfaces connect directly to the internal router. If a physical layer-3 interface receives an Ethernet frame sent to a third party MAC address, the frame is dropped.

A layer-3 switch with routed (layer-3) physical interface

Layer_3_Interface.png

Notes: Some switches (example: Catalyst 6500) use hidden VLANs to implement layer-3 interfaces. You might think that detail doesn’t matter ... until you run out of VLANs.

Some devices have layer-3 sub interfaces. These interfaces modify the frame forwarding rules on per-VLAN basis: if the parent physical interface receives an Ethernet frame belonging to the sub interface VLAN, the router uses the IP forwarding path (and drops the Ethernet frame on destination MAC mismatch), whereas the destination MAC address selects the forwarding method (L2 or L3) used for frames belonging to other VLANs.

Reference from: http://blog.ipspace.net/2012/08/is-layer-3-switch-more-than-router.html

More Related Layer 3 Switch Topics:

Router vs. Layer 3 Switches

Routers vs. Network Switches

Read more

What Dose Customers Benefit From Cisco 2960-X Switches?

January 23 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

To address these challenges and transform IT, Cisco introduced the Cisco Catalyst 2960-X Series (stackable Gigabit Ethernet access switches) to enable network connectivity for enterprise, midmarket, and branch office locations. These switches enable reliable and highly secure business operations with lower total cost of ownership through a range of innovative features, including Cisco FlexStack Plus, Application Visibility and Control, Power over Ethernet Plus (PoE+), innovative power management, and Catalyst Smart Operations. This highly differentiated and innovative product will help you lock out the competition and win back port share. With these switches you can participate in the huge refresh opportunity from a large installed base that is fully amortized, and increase deal size by creating architectural linkages with other Cisco products, such as Cisco Identity Services Engine (ISE), and Cisco Prime.

What does customer benefit from Cisco 2960-X seriesThe switches are scalable, smart, simple, and secure and at the same time provide investment protection. They also provide Layer3 routing capability and application-aware intelligence, with double the scale of the existing generation. 

Scalable: Catalyst 2960-X Series is scalable to meet growth needs today and in the future. These switches offer high density, with 24 or 48 Gigabit Ethernet ports and 1 and 10 Gigabit Ethernet uplinks for desktop connectivity and are ready for 1-Gbps wireless (802.11ac). They deliver wire-rate performance on all ports to keep up with increasing traffic by exploiting the full capacity of each port. The switches support FlexStack Plus with up to 80 Gbps of stack bandwidth and up to eight members in a stack for 384 Gigabit Ethernet ports, doubling many performance aspects of the existing Cisco Catalyst 2960-S Series Switches. They offer a high-capacity 740W power supply that can power all 48 ports for PoE or 24 ports for PoE+. The benefits of PoE and PoE+ are easy and rapid deployment of IP endpoints, such as IP phones, access points, and cameras, while saving the cost of installing power outlets.

The Cisco Catalyst 2960-X Series is resilient, with control-plane redundancy across FlexStack Plus switches. This feature minimizes traffic disruption if the stack member fails. The Catalyst 2960-XR is also equipped with redundant power supplies for power resilience.

Smart: The Cisco Catalyst 2960-X Series Switches are smart, with intelligent access services, in depth application visibility and control, and best-in-class energy efficiency.

Built with True Stacking: FlexStack Plus enables unified configuration and unified single IP address management across all stack members for simplicity, efficiency, and scalability.  Cross-stack quality of service (QoS) automatically applies the QoS configuration of the master switch to other stack members to ensure QoS consistency, configuration accuracy, and simplicity. Cross-stack high availability provides for automatic election of a new master switch in case of stack master failure for greater resilience.

Built for network programmability: Cisco One Platform Kit (onePK) is an easy-to-use software-defined networking (SDN) toolkit for development, automation, rapid service creation, and more. Catalyst 2960-X Series Switches are onePK ready, enabling customers to build applications to automate and create services across the campus.

Built for application visibility and control: For the first time, the Catalyst 2960-X Series supports NetFlow Lite services that enable IT teams to monitor and record important traffic flows through a packet-sampling mechanism. When combined with Cisco Prime or other NetFlow collectors, it can help IT prioritize business-critical applications.

Built for unified access:

One policy through integration with Cisco ISE

One management through integration with Cisco Prime

Built for green IT—the greenest access switch ever:

Cisco EnergyWise monitors and controls PoE and PoE+ device power consumption to reduce energy costs. It can turn the connected IP devices on or off to reduce power consumption based on predefined policies. For example, the IP phones can be set to turn off automatically after business hours.

Energy-Efficient Ethernet (EEE) enables dynamic power savings on all switch ports, saving about 15W for a 48 port-switch and 8W for a 24 port-switch.

The Catalyst 2960-X Series introduces two new innovative energy-saving sleep modes for the switch. Switch Hibernation mode puts the switch to sleep, consuming as little as 6W, compared to approximately 50W in active mode.

Downlink Hibernation mode shuts down the downlink interface to save 0.5W per port when the connected devices are not in use, even if the devices are not EEE aware. Downlink Hibernation mode also shuts down PoE and PoE+ to save additional energy.

Collectively these features are game changers in green technology that can reduce switch power consumption by up to 80 percent.

Simple: Cisco Catalyst 2960-X Series Switches are simple to deploy, manage, and troubleshoot. As part of the Cisco Unified Access portfolio, the Cisco Catalyst 2960-X Series Switches are fully integrated with Cisco Prime, to offer simple operation from a central location.

They can also be managed by Cisco Network Assistant, which features an intuitive GUI with which users can easily apply common services across Cisco switches, routers, and access points.

Cisco Catalyst 2960-X Series Switches offer Catalyst Smart Operations features to lower the total cost of ownership:

Smart Install automatically downloads Cisco IOS Software and configures the switches for zero-touch deployment.

Auto Smart Ports automatically configures (for example, VLAN, security, and QoS settings) ports based on device type (such as IP phones, printers, and access points) for simplified configuration and rapid deployment.

Smart Call Home offers proactive diagnostics and remediation of hardware and software issues.

 

Secure: Cisco Catalyst 2960-X Series Switches offer security features to help ensure easy and highly secure network deployment and access. The security policies can be set consistently across the network by Cisco ISE.

Unlike competitors’ switches, Catalyst 2960-X Series Switches preserve customer investment by allowing mixed stacking with existing Catalyst 2960-S and 2960-SF switches. Customers can grow their access networks by adding the new 2960-X switches to their existing 2960-S and 2960-SF stacks.

What customers can Cisco recommend this product? The following points tell you the users who need the Cisco 2960-X series:

Simplify the management of their unified wired and wireless infrastructure

Build resilient converged network infrastructure to deploy BYOD, video, cloud applications, and 1-Gbps wireless solutions

Improve the user experience and have granular control over policy

Address more traffic in the future, including increasing numbers of devices (of all kinds)

Scale its business for a larger amount of traffic and devices in the unified wired and wireless network

Protect their investments in network infrastructure and build for future expansion

Table1 lists the Cisco solutions applicable to various customer deployments and needs. /When to Sell Catalyst 2960-X Series Switches

When-to-Sell-Catalyst-2960-X-Series-Switches.jpg

Table2 shows how the features of the Catalyst 2960-X Series compare to competitors’ switches.

Table2 Comparison of the Catalyst 2960-X Series to Competitors’ Switches

Comparison-of-the-Catalyst-2960-X-Series-to-Competitors--.jpg

Comparison-of-the-Catalyst-2960-X-Series-to-Competi-copy-1.jpg

More Cisco 2960 Topics:

Cisco 2960 vs. Catalyst 3560

How to Configure the Voice VLAN Feature on the Catalyst 2960 and 2960-S Switches?

Cisco Catalyst 2960-X Series Switches Debut at Cisco Partner Summit

More Popular Topics Related to Cisco Catalyst 2960-S FlexStack

 

Read more

How to Configure Cisco ASA Failover into Active/Standby Mode?

January 10 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

In this article we will share how to configure Cisco ASA Failover into Active/Standby mode, firstly, assume that your primary Cisco ASA is configured and working.

Primary Cisco ASA

Setup your failover interface on Primary Cisco ASA

enable

config t

failover lan unit primary

interface gigabitEthernet 0/3

no shutdown

Assign the failover IP Address on your Primary Cisco ASA

failover lan interface FAILOVER gigabitethernet0/3

failover interfaces ip FAILOVER 10.10.10.1 255.255.255.0 standby 10.10.10.2

failover key YourSecretKey

failover link FAILOVER

Assign standby Outside IP Address on Primary Cisco ASA

Assign your Cisco ASA standby External IP Address, add “standby {SECONDARY ASA IP ADDRESS}”

interface gigabitEthernet 0/0

ip address 1.1.1.1 255.255.255.224 standby 1.1.1.2

Assign standby Internal IP Address on Primary Cisco ASA

Assign Internal IP Address as you did for the External IP Address with the “standby {SECONDARY ASA IP ADDRESS}”

interface gigabitEthernet 0/1

ip address 172.16.10.1 255.255.255.0 standby 172.16.10.2

Enable monitoring on SubInterfaces on Primary Cisco ASA (optional)

By default, monitoring physical interfaces is enabled and monitoring subinterfaces is disabled. You can monitor up to 250 interfaces on a unit. You can control which interfaces affect your failover policy by disabling the monitoring of specific interfaces and enabling the monitoring of others. This lets you exclude interfaces attached to less critical networks from affecting your failover policy.

monitor-interface if_name

You can turn off monitoring the management interface:

no monitor management

Enable failover

conf t

failover

Verify your Cisco ASA Failover

show failover

Secondary Cisco ASA

Setup failover interface on Secondary Cisco ASA

config t

no failover

failover lan unit secondary

interface gigabitEthernet 0/3

no nameif

no shutdown

failover lan interface FAILOVER gigabitEthernet0/3

Assign your failover IP Address on Secondary ASA using FAILOVER

failover interface ip FAILOVER 10.10.10.1 255.255.255.0 standby 10.10.10.2

failover key YourSecretKey

failover link FAILOVER

failover

Automatic Configuration Copy from Primary to Secondary Cisco ASA

The device configurations are automatically copied from the primary Cisco ASA device to the secondary Cisco ASA device using the following commands:

config t

interface gigabitEthernet 0/3

no shutdown

Verify your Cisco ASA Failover

 

show failover

More about ASA Failover Configuration

Enter privileged EXEC mode.

asa>enable

Enter global configuration mode.

asa#configure terminal

Designate the ASA as the primary or secondary unit (default is secondary).

asa(config)#failover lan unit [primary |secondary]

Configure the ASA link that will be used as the failover link.

Notes: The if_name is used to assign the name of the interface (don't use thenameif command).

The interface_id can be a physical interface, subinterface, or redundant interface; or an EtherChannel interface ID. On the ASA 5505, the interface_idspecifies a VLAN ID.

asa(config)#failover lan interfaceif_name interface_id

Configure the primary and secondary IP addresses.

Note: Both the primary and secondary IP addresses must be in the same subnet.

asa(config)#failover interface ip if_name ip_address netmask standby ip_address

Configure the ASA link that will be used as the stateful failover link.

Notes: The if_name is used to assign the name of the interface; this is the same as the failover link if_name if they are being shared. The interface_id can be a physical interface, subinterface, or redundant interface; or an EtherChannel interface ID. On the ASA 5505, the interface_idspecifies a VLAN ID. This command is optional and is required only if stateful failover is being configured.

asa(config)#failover link if_name interface_id

Configure the primary and secondary IP address for the state interface.

Note: This step is required only if the link that is being used for the stateful failover link is different from the failover link. If it is being shared with the failover link, the information configured in Step 5 is used.

asa(config)#failover interface ip if_name ip_address netmask standby ip_address

Configure the use of IPsec on the LAN-to-LAN failover links (failover and stateful failover, if configured).

Notes: The key parameter can be up to 128 characters in lengthThis is the preferred method to be used to encrypt information over these links.

OR Configure a failover key.

Notes: The key parameter when used with the hex keyword is 32 characters. When it is used without it, it can be a string from 1 to 63 characters. This is a depreciated method of encrypting on these links, and it is not recommended in favor of the IPsec option above.

asa(config)#failover key {hex key | key}

Create a failover group.

Notes: By default, group 1 is assigned to the primary failover unit (as configured in Step 3).

This command is used only when configuring an active/active failover.

asa(config)#failover group {2}

Assign the group to a unit.

Notes: Typically, group 1 is assigned to the primary unit (the default), and group 2 is assigned to the secondary unit). This command is used only when configuring active/active failover.

asa(config-fover-group)#primary OR asa(config-fover-group)#secondary

Enter context configuration mode.

Note: This command is used only when configuring active/active failover.

asa(config)#context name

Configure the context to be a member of a failover group.

Notes: All unassigned contexts are assigned into failover group 1. The admin context is always configured into failover group 1. This command is used only when configuring active/active failover.

asa(config-ctx)#join-failover-group {2}

Enable the use of failover on the ASA.

 

asa(config)#failover

More Cisco ASA Topics:

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Cisco ASA IPS Module Configuration

How to Configure New ASA 5510 in Transparent Mode?

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Cisco ASA SNMP Polling Via VPN Site-to-Site Tunnel

Create IPv6 LAN-to-LAN VPN Tunnel on Cisco ASAs

Read more

How to Recover the Password on Cisco Catalyst 3850?

January 2 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

How to recover the password on a Cisco 3850 switch when you lost or forgot it? It is easy to solve it for it’s so common for a network user. Here we list some tips and basic steps to help you recover password on catalyst 3850 again.

Tips and Steps to Recover the Password on Cisco Catalyst 3850

On a switch, power off the standalone switch or the entire switch stack. Reconnect the power cord to the active switch. Within 15 seconds, press the Mode button while the System LED is still flashing green. Continue pressing the Mode button until all the system LEDs turn on and remain solid; then release the Mode button.

Several lines of information about the software appear with instructions, informing you if the password recovery procedure has been disabled or not.

If you see a message that begins with this:

The system has been interrupted prior to initializing the flash file system.

The following commands will initialize the flash file system proceed to the below steps

Step1 Initialize the flash file system.

Switch: flash_init 

Step2 Ignore the startup configuration with the following command:

Switch: SWITCH_IGNORE_STARTUP_CFG=1

Step3 Boot the switch with the packages.conf file from flash.

Switch: boot flash:packages.conf

Step4 Terminate the initial configuration dialog by answering No.

Would you like to enter the initial configuration dialog? [yes/no]: No

Step5 At the switch prompt, enter privileged EXEC mode.

Switch> enable     

Switch#  

Step 6 Copy the startup configuration to running configuration.

Switch# copy startup-config running-config Destination filename [running-config]?

Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.

Step7 Enter global configuration mode and change the enable password.

Switch# configure terminalSwitch(config)# 

Step8 Write the running configuration to the startup configuration file.

Switch# copy running-config startup-config     

Step9 Confirm that manual boot mode is enabled.

Switch# show boot

BOOT variable = flash:packages.conf;

Manual Boot = yes

Enable Break = yes 

Step10 Reload the switch.

Switch# reload

Step11 Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.

Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=1 

Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0

Step12 Boot the switch with the packages.conf file from flash.

Switch: boot flash:packages.conf

Step13 After the switch boots up, disable manual boot on the switch.

 Switch(config)# no boot manual

Refer to https://supportforums.cisco.com/docs/DOC-35289

More Cisco 3850 Tips:

Cisco Catalyst 3850 Series- the Industry’s first Fixed, Stackable GE Switch

More Cisco switch review, news and Topics you can see at: http://blog.router-switch.com/category/reviews/cisco-switches/

Read more

Cisco Catalyst 3650 Series Fixed GE Access Switch

December 2 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

The Cisco Catalyst 3650 Series Switch delivers converged wired and wireless access on a single platform, creating an uncompromised user experience in any workspace. The converged system provides a single platform for wired and wireless networkwide visibility for faster troubleshooting, advanced security and quality of service (QoS) control, maximum resiliency with fast stateful recovery, and scale with distributed wired and wireless data plane.

 

The Cisco Catalyst 3650 is built on the advanced Cisco StackWise-160, and takes advantage of the new Cisco Unified Access Data Plane (UADP) application-specific integrated circuit (ASIC). This switch can enable uniform wired-wireless policy enforcement, application visibility, flexibility, application optimization, and superior resiliency. The Cisco Catalyst 3650 Series Switches support full IEEE 802.3at Power over Ethernet Plus (PoE+), and offer modular and field-replaceable redundant fans and power supplies. They can help you increase wireless productivity and reduce your TCO.

 

All Cisco Catalyst 3650 Series Switches have fixed, built-in uplink ports. Customers can choose from three types of uplink ports at the time of the switch purchase:

• 4 x Gigabit Ethernet with Small Form-Factor Pluggable (SFP)

• 2 x 10 Gigabit Ethernet with SFP+ or 4 x Gigabit Ethernet with SFP

• 4 x 10 Gigabit Ethernet with SFP+ or 4 x Gigabit Ethernet with SFP

 

The SFP+ interface supports both 10 Gigabit Ethernet and Gigabit Ethernet ports. Refer to Table 1 for a description of the basic switch models and the corresponding uplink ports. Refer to Table 2 for a description of the various uplink port interface options.

 

Cisco Catalyst 3650 Highlights

Built on Cisco Unified Access Data Plane (UADP) application-specific integrated circuit (ASIC) with programmability to support Cisco ONE Enterprise Networks

Architecture and software-defined networking (SDN)

Integrated wireless LAN controller functionality

Native Flexible NetFlow (FnF) on all ports

Granular, hierarchical bandwidth management

Cisco TrustSec support

 

Cisco Catalyst 3650 Primary Features

Integrated wireless LAN controller capability with:

- Up to 40G of wireless capacity per switch (48-port models)

- Support for up to 25 access points and 1000 wireless clients on each switch or stack

24 and 48 10/100/1000 data and Power over Ethernet Plus (PoE+) models with Energy-Efficient Ethernet (EEE)

-Optional Cisco StackWise-160 technology provides scalability and resiliency with 160 Gbps of stack throughput (for additional wired and wireless capabilities, please visit the Cisco Catalyst 3850 Series Switches page)

- Fixed, built-in 4 x Gigabit Ethernet, 2 x 10 Gigabit Ethernet, or 4 x 10 Gigabit

Ethernet Small Form-Factor Pluggable (SFP) and SFP+ uplink ports

- Dual redundant power supplies and three modular fans, providing higher redundancy

- Full IEEE 802.3at (PoE+) with 30W power on all ports in 1 rack unit (RU) form factor

Software support for IPv4 and IPv6 routing, multicast routing, modular QoS, FnF Version 9, and advanced security features

Single, consistent Cisco IOS XE Software image across all license levels, providing an easy upgrade path for access points and software features

Enhanced limited lifetime warranty (E-LLW) with next business day (NBD) advance hardware replacement and 90-day access to Cisco Technical Assistance Center (TAC) support

 

Switch Configurations

The Cisco Catalyst 3650 Series Switches are available in LAN Base, IP Base, and IP Services feature sets. All switches ship with a default AC power supply. A DC power supply can be purchased as an option or spare. The base switch does not include any access point licenses. Figure 1 shows the Cisco Catalyst 3650 Series.

Figure1. Cisco Catalyst 3650 Series Switches (Front and Back)

Cisco-Catalyst-3650-Series-Switches--Front-and-Back-.jpg

Table1. Compare different switch models.

Model-Comparison-for-Cisco-Catalyst-3650-Series-Switches.jpg

StackWise-160 Technology

The Cisco Catalyst 3650 provides maximum data, power, and wireless resiliency using Cisco StackWise-160 technology, which is built on the highly successful industryleading CiscoStackWise technology. The StackWise-160 technology provides optional stacking with 160 Gbps of bandwidth for providing resiliency within the stack. The stack behaves as a single switching unit that is managed by an active switch elected from one of the member switches. The active switch creates and updates all the switching, routing, and wireless tables. In an event of the active member failure, the standby member assumes the role of the active switch, continuing to keep the stack operational.

 

Cisco Catalyst 3650 Primary Advantages

Converged Wired and Wireless Platform

The Cisco Catalyst 3650 is a stackable platform that converges wired and wireless services on a Cisco IOS XE Software based platform. The CAPWAP tunnels from the access points terminate at the 3650 switch, enabling users to configure and apply software features such as QoS, security, and FnF across wired ports and wireless SSIDs on the same switch at the same time. The converged wired and wireless platform supports the Cisco Unified Access solution. With “one policy, one management, one network,” the Cisco Catalyst 3650 and Cisco Unified Access help IT spend less time running the network and more time on business innovation.

Advanced Security

The Cisco Catalyst 3650 is hardware capable of supporting Cisco TrustSec functionality. Cisco TrustSec uses the device and user credentials acquired during authentication for classifying the packets by security groups as they enter the network with scalability and simplified management. The classification is maintained through the network by the security group tag (SGT) and through integration with the Cisco Identity Services Engine. The Cisco Catalyst 3650 is also hardware-ready for link layer MACsec encryption, which provides networkwide encryption to protect data traffic across the network.

Application Visibility and Control (AVC)

With the native support for FnF on all the ports, the Cisco Catalyst 3650 can monitor both east-west and north-south wired traffic at the same time. The Cisco Catalyst 3650 switch terminates the wireless CAPWAP tunnels from the access point, providing full visibility into the wireless traffic at the switch. Because the wireless traffic is now isible at the switch, it is possible to identify wireless traffic using FnF and prioritize the traffic using advanced QoS capabilities for an improved user experience and faster troubleshooting.

SmartOperations

The Cisco Catalyst 3650 supports Cisco Catalyst SmartOperations. SmartOperations features such as Auto Smartports, Auto QoS, and Smart Install reduce deployment time by automating most of the basic switch and port configurations.

Foundation for Cisco ONE Enterprise Networks Architecture

The Cisco Catalyst 3650 is built on the UADP ASIC, which provides wire-rate hardware performance with software programmability. The UADP ASIC features a programmable data plane, enabling deployment of SDN services and support of future software features over the product lifetime. The Cisco Catalyst 3650 supports the Cisco ONE Enterprise Networks Architecture for openness, programmability, and operational simplicity.

Reduced Total Cost of Ownership

The Cisco Catalyst 3650 reduces the total cost of ownership and provides superior investment protection through:

Built-in wireless controller functionality

Optional stacking

Support for fixed GE or 10 GE uplink

Support for IP Base and IP Services software options

Dual redundant power supply and three individual fans to help ensure high availability

E-LLW with NBD advance hardware replacement and 90-day access to Cisco TAC support

 

More Related Cisco 3650 Series News:

New Catalyst 3650 Series, Main FEATURES, Comparisons, Modules and Supports

Cisco to Unveil New Catalyst Access Switch to Converge Wired&Wireless Networking

Cisco Released Wave 2-Ready 802.11ac Access Point and Catalyst 3650

Read more
<< < 1 2 3 4 5 6 7 8 9 10 > >>