思科Catalyst 2960 3750-E 3560-E 产品预览ppt课件

1、Catalyst 3750-E Catalyst 3560-E Catalyst 2960 OverviewFull Layer 3 RoutingLayer 2 Intelligent ServicesGUI-ManagedMost Complete Line of Fixed Configuration LAN ProductsFunction, Flexibility, ScalabilityPrice-PerformanceCisco Catalyst 3560-E and Catalyst 356010/100 and GE configurations + 2 10GEEnterp

2、rise-class intelligent Layer 3/4 servicesModular power supply with 3560-EPoE configurations with up to 15.4W on all 48 portsCisco Catalyst 296010/100 and 10/100/1000 Layer 2 switching8, 24, and 48 port configurations with dual-purpose Gig uplinksPoE configurations with up to 15.4W up to 24 portsEntr

3、y level LAN Lite IOS and enhanced LAN Base IOS for intelligent servicesCisco Catalyst 3750-E and Catalyst 3750Stackable 10/100 and GE configurations + 2 10GECisco StackWise Plus and StackWise technologyEnterprise-class intelligent Layer 3/4 servicesModular power supply with 3750-EPoE configurations

4、with up to 15.4W on all 48 portsCisco Catalyst 494810/100/1000 + 2 10GE wire speed switchingRack-optimized server switchingJumbo frame supportDual, hot swappable, internal power suppliesHot swappable fan trayCisco Catalyst Express 500Low-density, standalone, managed 10/100 switchingTailored for busi

5、nesses with up to 250 usersIntroducing The Catalyst 3750-EThe next generation complement to the Catalyst 375024 or 48 GE ports with 2x10 GE uplinksWire-speed performanceTransition to 10GE with the TwinGig adapter, a 10GE module that accepts two GE SFPsStackWise Plus Supports original StackWise featu

6、resDouble the speed of original StackWiseBackwards compatible with the Catalyst 3750PowerModular power supply and fan blowerDifferent power supply sizes48 ports of full IEEE POE in a single rack unitNew and improved redundant power supplyCisco Catalyst 2960 Series Switches Fast Ethernet and Gigabit

7、Ethernet in 8, 24, and 48 port configurations for entry-level enterprise and mid-market customersPoE configurations with up to 15.4W up to 24 portsOffers enhanced Layer 2+ intelligent LAN services: Availability Enhanced securityAdvanced quality of service (QoS)Simplified management and troubleshooti

8、ng for lower total cost of ownershipCisco Network Assistant and Cisco SmartportsLimited lifetime hardware warranty and software updates at no additional chargeFast Ethernet in 24 and 48 port configurations for small branch offices and wiring closetsOffers standard Layer 2 services with entry-level a

9、vailability, security, and QoS Scalable and secure network managementSimplified management and troubleshooting for lower total cost of ownershipCisco Network Assistant and Cisco SmartportsLimited lifetime hardware warranty and software updates at no additional chargeCatalyst 2960 LAN Base SeriesCata

10、lyst 2960 LAN Lite SeriesUses Cisco ASICs for superior quality and hardware and software integrationCisco Catalyst 2960 LAN Base Series Model OverviewEnterprise-class intelligent services: Advanced QoS, enhanced security, high availability48 10/100 ports2 10/100/1000 uplink ports24 10/100 ports2 10/

11、100/1000 uplink portsCatalyst 2960-24TT-LCatalyst 2960-48TT-L24 10/100 ports2 dual-purpose uplink portsCatalyst 2960-24TC-LCatalyst 2960-48TC-L48 10/100 ports2 dual-purpose uplink ports20 10/100/1000 ports4 dual-purpose uplink portsCatalyst 2960G-24TC-LCatalyst 2960G-48TC-L44 10/100/1000 ports4 dual

12、-purpose uplink ports8 10/100 ports1 dual-purpose uplink portCompact form-factor with no fanCatalyst 2960-8TC-L7 10/100/1000 ports1 dual-purpose uplink portCompact form-factor with no fanCatalyst 2960G-8TC-LSoftwareLAN Base Image24 10/100 PoE ports2 dual-purpose uplink portsCatalyst 2960-24PC-LCatal

13、yst 2960-24LT-L24 10/100 ports (8 PoE ports)2 10/100/1000 uplink ports8 10/100/1000 ports1 10/100/1000 PoE Input portCompact form-factor with no fanCatalyst 2960PD-8TT-LCisco Catalyst 2960 LAN Lite Series Model OverviewSoftwareLAN Lite Image24 10/100 portsCatalyst 2960-24-S24 10/100 ports2 dual-purp

14、ose uplink portsCatalyst 2960-24TC-SCatalyst 2960-48TC-S48 10/100 ports2 dual-purpose uplink portsNote: Catalyst 2960 Switches cannot be upgraded or downgraded between LAN Base and LAN Lite software.Entry level QoS, security, and availability with a focus on ease-of-use and lower total cost of owner

15、shipSmall size (H x W x D) 4.4cm x 27cm x 16-23cmFlexible wall and under the desk mountingDurable metal shellCable guardInternal power supply and right angle power cordPassive cooling (no fan)Magnet includedSecurity locking slot19 inch rack mount optionCatalyst 2960 Compact SwitchesMeeting unique ph

16、ysical requirements of the office workspace, conference rooms, and classrooms, and micro branch officesServices and Warranty for The Cisco Catalyst 2960 SeriesLimited lifetime hardware warrantyAdvance Replacement shipping within 10 business days Guest access to CiscoOngoing Cisco IOS Software update

17、s at no additional costCisco SMARTnet and SMARTnet Onsite SupportAround-the-clock, global access to the Cisco Technical Assistance Center (TAC) Access to the extensive Cisco knowledgebase and tools Next-business-day advance hardware replacement (premium options available for business-critical device

18、s, such as 2-hour replacement and onsite parts replacement and installation) Cisco Smart Foundation Service (formerly SMB Support Assistant)Cisco Foundation Technology Optimization ServiceCatalyst 3750-E ModelsPoE and data only optionsAny 3750-E model can be connected with another through StackWise

19、Plus3750-E models can be combined in a stack with existing 3750 models in a mixed stack48 10/100/1000T Ports w/POE + 2x 10GE24 10/100/1000T Ports w/POE + 2x 10GE48 10/100/1000T Ports + 2x 10GE24 10/100/1000T Ports + 2x 10GECatalyst 3560-E ModelsThe 3560-E is for standalone deploymentsSimilar feature

20、s to the 3750-E, but StackWise is removedSame software featuresSame PoE options48 10/100/1000T Ports w/POE + 2x 10GE24 10/100/1000T Ports w/POE + 2x 10GE48 10/100/1000T Ports + 2x 10GE24 10/100/1000T Ports + 2x 10GEStackWise PlusSpeed improved to 64Gbps*Supports local switchingLocal packets do not t

21、raverse the stackIntelligently forwards traffic over the StackWise connectionLoad BalancingQuality of ServiceTraffic OptimizationBackward compatible with the original StackWiseFault-tolerant, Bi-directional 64-Gbps stack interconnectionAutomated Configuration & ManagementSingle network instance (IP,

22、 SNMP, CLI, Spanning-Tree Protocol , VLAN)Master/secondary architecture with master failoverCross-Stack EtherChannel, cross-stack QoS* For typical traffic patterns, actual performance may be higher or lowerStackWise Plus ArchitectureABCDLocal SwitchingEFStackWise Plus12344Destination switch removes

23、packets and delivers them2Ingress Policing3Egress queuing and load balancing124 or 48 ports wire speedNo packets traverse StackWise connectionsStackWise Plus Ring10 Gigabit EthernetTwo 10GE uplink interfacesWire rate forwarding performanceSupported X2 TransceiversLX4 (MMF - 300m SMF - 10km)LR (SMF 1

24、0km)SR (MMF)CX4 (Copper)ER (SMF 40km)TwinGig Adapter converts an X2 interface into dual SFP interfacesAll SFPs supported on 3750 platform are supported with the TwinGig AdapterTwinGig Adapters are hot swappable with X2 modulesOut of Band ManagementTwo management portsRS-232 serial console port10/100

25、BASE-TX Ethernet portOut-of-band management supports Telnet, TFTP, and SSHv2One interface can manage the entire stack of switchesIf multiple out-of-band ports are connected to different switches in a stack, one is selected for active usePowerField Replaceable Power SuppliesRPS 245024-Port Switch48-P

26、ort Switch24-Port PoE Switch48-Port PoE SwitchC3K-PWR-265WDCC3K-PWR-265WACC3K-PWR-750WACC3K-PWR-1225WACPower SupplyCisco Catalyst 3750-E and 3560-E Series Switch TypeWide variety of power supply options48 port POE, 24 port POE, and data only optionsDC power available in every model for data onlyWith

27、 the RPS 2300, a power supply can be replaced without powering down the switchAC SupplyDC SupplySwitch with 1225WAC SupplyRedundant Power Supply RPS 2300Seamless failover from switch to RPS when PS failsAutomatic back-off to switch when its power supply returnsRPS and switches support dual AC power

28、circuitsConnect up to six switchesTwo switches can be actively backed upDual modular power supplies allow the RPS to match the switches suppliesField replaceable blower moduleBackwards Compatible Switches: 2950, 2960, 2970, 3550, 3560, and 3750Routers: 2811, 2821, 2851, and 3825OperationsIOS Softwar

29、e Feature SetsThree IOS feature setsIP BaseLayer 2 ForwardingBase IPv6 ServicesBasic RoutingSecurityIP ServicesFull EIGRP and OSPF RoutingMulticast RoutingPolicy Based RoutingAdvanced IP ServicesIPv6 RoutingCisco Catalyst Intelligent Switching InfrastructurePerformance, AvailabilityQoSSecurity Manag

30、eabilityIntelligent Switching is a Common Foundation of Capabilities across Cisco Catalyst SwitchesWire-speed forwardingNo performanceeffect with all services enabledLayer 2, 3, 4 classificationPolicing and shapingMultiple queuesGranular controlLayer 2, 3, 4 access controlIdentity-based authenticati

31、onManagement securityAdmission controlEnd-to-end manageability for centralized administrationWeb-based or command-line interface (CLI) Analysis and planning toolsAggregationSpeed Mismatch10 Mbps1000 MbpsLAN to WAN10 Mbps64 kbpsWhere Congestion Exists, QoS is RequiredPoints of aggregationLinks and bu

32、ffersPoints of substantial speed mismatch Transmit buffers tend to fill (TCP windowing)Buffering reduces loss, introduces delayCisco Catalyst Series Extensive QoS FeaturesRXQueue 1Queue 2Queue 3Queue 4Ingress PoliceClassifyTXIngressQueuing/SchedulingCongestionControlMarkS2Advanced Traffic Shaping an

33、d SchedulingFour Queues per PortShaped Round RobinStrict Priority QueuingAdmission Control Prevent Network CongestionInput and Output Policing per PortTraffic Classification and Marking for Differentiated ServicesPer-Port or Individual/Aggregate Flow Classification and Rewriting ofMAC Address, 802.1

34、p CoS/DSCP, IP Address, and TCP/UDP PortEgressQueuing/SchedulingCongestionControlWANAuto QoSOne Command per Interface to Enable and Configure QoS. Modify Global and Interface Settings to Make QoS for VoIP Work. Cisco CallManagerCisco Unity SoftwareVoice ApplicationsVoiceGateways Phone VLAN = 110Camp

35、us QoS ConsiderationsTrust Boundary Extension and Operation1Switch and Phone Exchange CDP; Trust Boundary Is Extended to IP Phone2Phone Sets CoS to 5 for VoIP and to 3 for Call-Signaling Traffic3Phone Rewrites CoS from PC Port to 0All PC Traffic Is Reset to CoS 04Switch Trusts CoS from Phone and Map

36、s CoS DSCP for Output Queuing“CoS 5 = DSCP 46“CoS 3 = DSCP 24“CoS 0 = DSCP 041So I Will Trust Your CoS“I See Youre an IP Phone,TRUST BOUNDARY“Voice = 5, Signaling = 32PC Sets CoS to 5 for All Traffic3PC VLAN = 10Unauthorized SwitchEnterprise ServerUnauthorized SwitchCisco SecureACSEnterprise ServerM

37、itigating Unauthorized DevicesProblem: Well-intentioned users place unauthorized network devices on the network, possibly causing instability.Solution: Cisco Catalyst Switches support rogue BPDU filtering: BPDU Guard, Root GuardIncorrect STP InfoBPDU GuardNetwork InstabilityAuthorized SwitchAuthoriz

38、ed SwitchRoot GuardProtecting Against Well-Intentioned UsersSecure ConnectivitySecure Shell (SSH) ProtocolSSH encrypts administration traffic during Telnet sessions while configuring or troubleshooting switches.Secure Sockets Layer (SSL)SSL encrypts network management traffic, allowingthe secure use

39、 of tools such as the Cisco Network Assistant.SNMPv3 (with crypto support)SNMPv3 provides network security by encrypting administrator traffic during SNMP session to configure or troubleshoot switches. KerberosKerberos authenticates users and network services using a trusted third party to perform s

40、ecure verification.Secure CopySCP provides a secure and authenticated method for copying switch configurations or switch image files. SCP relies on SSH.Encrypted DataSecuring Layer 2 from Surveillance AttacksCutting Off MAC-Based AttacksProblem:“Script Kiddie Hacking Tools Enable Attackers Flood Swi

41、tch CAM Tables with Bogus MAC Addresses, Turning the VLAN into a “Hub and Eliminating PrivacySwitch CAM Table Limit Is Finite Number of MAC AddressesSolution:Port Security Limits MAC Flooding Attack and Locks Down Port and Sends an SNMP Trap00:0e:00:aa:aa:aa00:0e:00:bb:bb:bbOnly 3 MAC Addresses Allo

42、wed on the Port: Shutdown250,000 Bogus MAC addressesper Secondswitchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivityVoice (VLAN) aware Port SecurityScenario IP phone

43、+ host on same switch portPort security & STP violations are now VLAN/voice awareViolations for the host only affect “data VLANOnly affected VLAN is placed in error disable stateVoice VLAN remains unaffected Improves network availabilityDHCP Spoofing AttackProblem:Malicious user pretends to be the n

44、etwork DHCP server.Misconfigured user starts up a DHCP server incorrectly.Malicious user can send out bogus address, deplete the address space, or spoof the default gateway.SolutionDo not trust user ports so only DHCP requests can be sent.Snoop DHCP information for integrity.Rogue DHCP OfferIP: 0/24

45、GW: DNS: 22DHCP DiscoveryBroadcastVictimDHCPServerUser PortsUntrustedDHCPServerDHCPClientDHCPServerRogue ServerTrustedDHCP Snooping EnabledDHCP RequestXDHCP ACKUntrustedDHCP SnoopingWhat It Does:Switch forwards only DHCP requests from untrusted access ports, and drops all other types of DHCP traffic

46、. DHCP snooping allows only designated DHCP ports or uplink ports trusted to relay DHCP messages. It builds a DHCP binding table containing client IP address, client MAC address, port, and VLAN number.Benefit:DHCP snooping eliminates rogue devices from behaving as the DHCP server.FlexLinksL2 Redunda

47、ncyAchieve Layer 2 redundancy without requiring STP (Spanning Tree Protocol)Access switches with backup links to Distribution switchesdeployed as Flex link pairFast convergence upon forwarding link failover Sub 100msec cut overConvergence time independent of number of VLANs and MAC-addressesAccessDi

48、stributionCatalyst 2960Cat6KCat6KFlexLinksL2 Redundancy1. Primary link down detected (24msec poll)2. Backup link becomes the active linkXActive LinkBackup LinkCat2960Flexlink VLAN load balancingPrimary link down detectedBackup carries VLANs 60, 50, 20XPrimary Link - Carries VLANs 60, 50Backup Link -

49、 carries VLAN 20gi2/0/8gi2/0/6Integrated Time Domain Reflectometer (TDR)Layer1 Troubleshooting toolTDR helps to determine:The length of a cableWhether the cable is correctly wired internally (pin-to-pin wire mapping)Whether the cable contains a short circuit (wires touching each other through damage

50、d or missing insulation)Whether the cable contains a broken wire (called an “open)Whether the cable suffers from electrical cross talk (interference). CISCO-CABLE-DIAG-MIBPORTCableFaultPORTUniDirectional Link Detection (UDLD)Protecting Against One Way CommunicationHighly available networks require U

51、DLD to protect against one way communication or partially failed links and the effect that they could have on protocols like STP and RSTPAre You Echoing My Hellos?Primarily used on fiber optic links where patch panel errors could cause link up/up with miss matched transmit/receive pairsNeighboring p

52、orts should see their own device/port ID (echo) in the packets received from the other sideFailing to receive this information indicates misconfiguration and the port is error-disabled.CiscoWorks LAN Management Solution (LMS)Simplifies and automates tasks associated with day-to-day managementTaking inventory, configuration, IOS software deployment and troubleshooting.Breadth of device support (over 4