Scribd
Upload
38 views41 pages

Switch Conf

I am the robort 2023

Uploaded by

Gaurav Borade
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
38 views41 pages

Switch Conf

I am the robort 2023

Uploaded by

Gaurav Borade
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 41

Catalyst 3750-E

Catalyst 3560-E
Catalyst 2960
Overview

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Most Complete Line of Fixed
Configuration LAN Products
Full Layer 3 Routing Cisco Catalyst 4948
 10/100/1000 + 2 10GE wire speed switching
 Rack-optimized server switching
 Jumbo frame support
 Dual, hot swappable, internal power supplies
 Hot swappable fan tray
Cisco Catalyst 3750-E and Catalyst 3750
 Stackable 10/100 and GE configurations + 2 10GE
 Cisco StackWise™ Plus and StackWise technology
Price-Performance

 Enterprise-class intelligent Layer 3/4 services


 Modular power supply with 3750-E
 PoE configurations with up to 15.4W on all 48 ports
Cisco Catalyst 3560-E and Catalyst 3560
 10/100 and GE configurations + 2 10GE
 Enterprise-class intelligent Layer 3/4 services
 Modular power supply with 3560-E
 PoE configurations with up to 15.4W on all 48 ports

Layer 2 Intelligent Services


Cisco Catalyst 2960
 10/100 and 10/100/1000 Layer 2 switching
 8, 24, and 48 port configurations with dual-purpose Gig uplinks
 PoE configurations with up to 15.4W up to 24 ports
 Entry level LAN Lite IOS and enhanced LAN Base IOS for intelligent services

GUI-Managed
Cisco Catalyst Express 500
 Low-density, standalone, managed 10/100 switching
 Tailored for businesses with up to 250 users

Function, Flexibility, Scalability


Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Introducing The Catalyst 3750-E
 The next generation complement to the Catalyst
3750
 24 or 48 GE ports with 2x10 GE uplinks
Wire-speed performance
Transition to 10GE with the TwinGig adapter, a
10GE module that accepts two GE SFPs
 StackWise Plus
Supports original StackWise features
Double the speed of original StackWise
Backwards compatible with the Catalyst 3750
 Power
Modular power supply and fan blower
Different power supply sizes
48 ports of full IEEE POE in a single rack unit
New and improved redundant power supply

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Cisco Catalyst 2960 Series Switches
Catalyst 2960 LAN Base Series Catalyst 2960 LAN Lite Series

 Fast Ethernet and Gigabit Ethernet in 8, 24, and  Fast Ethernet in 24 and 48 port configurations
48 port configurations for entry-level enterprise for small branch offices and wiring closets
and mid-market customers
 PoE configurations with up to 15.4W up to 24 ports  Offers standard Layer 2 services with entry-
 Offers enhanced Layer 2+ intelligent LAN level availability, security, and QoS
services: Scalable and secure network management
Availability  Simplified management and troubleshooting for
Enhanced security
lower total cost of ownership
Advanced quality of service (QoS)
 Simplified management and troubleshooting for  Cisco Network Assistant and Cisco Smartports
lower total cost of ownership  Limited lifetime hardware warranty and
 Cisco Network Assistant and Cisco Smartports software updates at no additional charge
 Limited lifetime hardware warranty and software
updates at no additional charge

Uses Cisco ASICs for superior quality and hardware and software integration
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Cisco Catalyst 2960 LAN Base Series —
Model Overview
Catalyst® 2960-24PC-L Catalyst 2960-24LT-L Catalyst 2960PD-8TT-L

 8 10/100/1000 ports
 24 10/100 PoE ports  24 10/100 ports (8 PoE ports)  1 10/100/1000 PoE Input port
 2 dual-purpose uplink ports  2 10/100/1000 uplink ports  Compact form-factor with no fan

Catalyst® 2960G-24TC-L Catalyst 2960G-48TC-L Catalyst 2960G-8TC-L

 7 10/100/1000 ports
 20 10/100/1000 ports  44 10/100/1000 ports  1 dual-purpose uplink port
 4 dual-purpose uplink ports  4 dual-purpose uplink ports  Compact form-factor with no fan
Catalyst 2960-24TC-L Catalyst 2960-48TC-L Catalyst 2960-8TC-L

 8 10/100 ports
 24 10/100 ports  48 10/100 ports  1 dual-purpose uplink port
 2 dual-purpose uplink ports  2 dual-purpose uplink ports  Compact form-factor with no fan

Catalyst 2960-24TT-L Catalyst 2960-48TT-L Software


LAN Base Image
 Enterprise-class intelligent
 24 10/100 ports  48 10/100 ports services: Advanced QoS,
 2 10/100/1000 uplink ports  2 10/100/1000 uplink ports enhanced security, high availability

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Cisco Catalyst 2960 LAN Lite Series —
Model Overview

Catalyst 2960-24TC-S Catalyst 2960-48TC-S

 24 10/100 ports  48 10/100 ports


 2 dual-purpose uplink ports  2 dual-purpose uplink ports

Catalyst 2960-24-S Software


LAN Lite Image

 24 10/100 ports  Entry level QoS, security, and


availability with a focus on ease-of-
use and lower total cost of ownership

Note: Catalyst 2960 Switches cannot be upgraded or downgraded


between LAN Base and LAN Lite software.
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Catalyst 2960 Compact Switches
Meeting unique physical requirements of the office workspace,
conference rooms, and classrooms, and micro branch offices

• Small size (H x W x D)
4.4cm x 27cm x 16-23cm
• Flexible wall and under the
desk mounting
• Durable metal shell
• Cable guard
• Internal power supply and
right angle power cord
• Passive cooling (no fan)
• Magnet included
• Security locking slot
• 19 inch rack mount option

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Services and Warranty for
The Cisco Catalyst 2960 Series
 Limited lifetime hardware warranty
Advance Replacement shipping within 10 business days
Guest access to Cisco.com
 Ongoing Cisco IOS Software updates at no additional cost
 Cisco SMARTnet® and SMARTnet Onsite Support
Around-the-clock, global access to the Cisco Technical Assistance
Center (TAC)
Access to the extensive Cisco.com knowledgebase and tools
Next-business-day advance hardware replacement (premium options
available for business-critical devices, such as 2-hour replacement and
onsite parts replacement and installation)
 Cisco Smart Foundation Service (formerly SMB Support
Assistant)
 Cisco Foundation Technology Optimization Service
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Catalyst 3750-E Models
 PoE and data only options
 Any 3750-E model can be
connected with another through 24 10/100/1000T Ports + 2x 10GE

StackWise Plus
 3750-E models can be combined
in a stack with existing 3750 48 10/100/1000T Ports + 2x 10GE

models in a mixed stack

24 10/100/1000T Ports w/POE + 2x 10GE

48 10/100/1000T Ports w/POE + 2x 10GE


Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Catalyst 3560-E Models
 The 3560-E is for standalone
deployments
 Similar features to the 3750-E, but 24 10/100/1000T Ports + 2x 10GE

StackWise is removed
Same software features
Same PoE options 48 10/100/1000T Ports + 2x 10GE

24 10/100/1000T Ports w/POE + 2x 10GE

48 10/100/1000T Ports w/POE + 2x 10GE

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
StackWise Plus
 Speed improved to 64Gbps*
 Supports local switching
Local packets do not traverse the stack
 Intelligently forwards traffic over the
StackWise connection
Load Balancing
Quality of Service
Traffic Optimization
 Backward compatible with the original
StackWise
 Fault-tolerant, Bi-directional 64-Gbps stack
interconnection
 Automated Configuration & Management
 Single network instance (IP, SNMP, CLI,
Spanning-Tree Protocol , VLAN)
 Master/secondary architecture with master
failover
 Cross-Stack EtherChannel®, cross-stack QoS

* For typical traffic patterns, actual performance may be higher or lower

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
StackWise Plus Architecture

Local Switching C E F D

24 or 48 ports wire speed


1 No packets traverse
StackWise connections 2 4

StackWise Plus
3
StackWise Plus Ring
2 Ingress Policing
1
Egress queuing and
3 load balancing

Destination switch
4 removes packets and A B
delivers them

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
10 Gigabit Ethernet
 Two 10GE uplink interfaces
 Wire rate forwarding performance
 Supported X2 Transceivers
LX4 (MMF - 300m SMF - 10km)
LR (SMF 10km)
SR (MMF)
CX4 (Copper)
ER (SMF 40km)

 TwinGig Adapter converts an X2 interface into


dual SFP interfaces
 All SFPs supported on 3750 platform are
supported with the TwinGig Adapter
 TwinGig Adapters are hot swappable with X2
modules

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Out of Band Management
 Two management ports
RS-232 serial console port
10/100BASE-TX Ethernet port
 Out-of-band management
supports Telnet, TFTP, and
SSHv2
 One interface can manage the
entire stack of switches
 If multiple out-of-band ports are
connected to different switches
in a stack, one is selected for
active use

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Power

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Field Replaceable Power Supplies
 Wide variety of power supply options
48 port POE, 24 port POE, and data only options
DC power available in every model for data only

 With the RPS 2300, a power supply can be replaced


without powering down the switch
Cisco Catalyst Power Supply
3750-E and 3560-
C3K-PWR- C3K-PWR- C3K-PWR- C3K-PWR-
E Series Switch
1225WAC 750WAC 265WAC 265WDC
Type
48-Port PoE
Switch
Switch with 1225WAC Supply
24-Port PoE
Switch
48-Port Switch

24-Port Switch
AC Supply DC Supply
RPS 2450

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Redundant Power Supply – RPS 2300
 Seamless failover from switch to RPS
when PS fails
 Automatic back-off to switch when its
power supply returns
 RPS and switches support dual AC
power circuits
 Connect up to six switches
 Two switches can be actively backed
up
 Dual modular power supplies allow the
RPS to match the switches’ supplies
 Field replaceable blower module
Backwards Compatible
Switches: 2950, 2960, 2970, 3550, 3560, and 3750
Routers: 2811, 2821, 2851, and 3825

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Operations

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
IOS Software Feature Sets

 Three IOS feature sets


 IP Base
Layer 2 Forwarding
Base IPv6 Services
Basic Routing
Security
 IP Services
Full EIGRP and OSPF Routing
Multicast Routing
Policy Based Routing
 Advanced IP Services
IPv6 Routing

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Cisco Catalyst
Intelligent Switching Infrastructure
Intelligent Switching is a Common Foundation of Capabilities
across Cisco® Catalyst® Switches

Performance, QoS Security Manageability


Availability
 Layer 2, 3, 4 access  End-to-end manageability
 Layer 2, 3, 4 control for centralized
 Wire-speed
classification  Identity-based administration
forwarding
 Policing and shaping authentication  Web-based or command-
 No performance
effect with all  Multiple queues  Management security line interface (CLI)
services enabled  Granular control  Admission control  Analysis and planning
tools

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Where Congestion Exists, QoS is Required
Aggregation Speed Mismatch LAN to WAN

10 Mbps 10 Mbps

1000 Mbps 64 kbps

 Points of aggregation
 Links and buffers
 Points of substantial speed mismatch
 Transmit buffers tend to fill (TCP windowing)
 Buffering reduces loss, introduces delay

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
S2

Cisco Catalyst Series


Extensive QoS Features
Traffic Classification and Marking for Differentiated Services
Per-Port or Individual/Aggregate Flow Classification and Rewriting of
MAC Address, 802.1p CoS/DSCP, IP Address, and TCP/UDP Port

Ingress Queue 1 Egress


Queuing/ Queue 2 Queuing/
RX Ingress Scheduling Scheduling
Classify Mark TX
Police Queue 3
Congestion Congestion
Control Queue 4 Control

Admission Control Advanced Traffic Shaping and Scheduling


 Prevent Network Congestion  Four Queues per Port
 Input and Output Policing  Shaped Round Robin
per Port  Strict Priority Queuing

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Auto QoS

One Command per Interface to Enable and Configure QoS.


Modify Global and Interface Settings to Make QoS for VoIP Work.

WAN
• •
• •
• •

Cisco® Voice
CallManage Gateways
r Voice
Cisco Unity®
Software Applications

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Campus QoS Considerations
Trust Boundary Extension and Operation
“I See You’re an IP Phone,
1 So I Will Trust Your CoS” PC VLAN = 10

Phone VLAN = 110

TRUST BOUNDARY
4
“CoS 5 = DSCP 46” “Voice = 5, Signaling = 3”
2
“CoS 3 = DSCP 24”
“CoS 0 = DSCP 0”
All PC Traffic Is Reset to CoS 0 3 PC Sets CoS to 5 for All Traffic

1 Switch and Phone Exchange CDP; Trust Boundary Is Extended to IP Phone

2 Phone Sets CoS to 5 for VoIP and to 3 for Call-Signaling Traffic

3 Phone Rewrites CoS from PC Port to 0

4 Switch Trusts CoS from Phone and Maps CoS  DSCP for Output Queuing

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Mitigating Unauthorized Devices
Protecting Against Well-Intentioned Users

Network Instability Unauthorized Cisco® Secure


Switch ACS
Unauthorized
Switch
BPDU Guard

Incorrect Root Guard


STP Info
Enterprise Enterprise
Server Server
Authorized
Authorized Switch
Switch

Problem: Solution:
Well-intentioned users place Cisco Catalyst® Switches support
unauthorized network devices on the rogue BPDU filtering: BPDU Guard,
network, possibly causing instability. Root Guard

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Secure Connectivity
Secure Shell (SSH) Protocol
 SSH encrypts administration traffic during Telnet
sessions while configuring or troubleshooting
switches.
Secure Sockets Layer (SSL)
 SSL encrypts network management traffic, allowing
the secure use of tools such as the Cisco ® Network
Assistant.
SNMPv3 (with crypto support) Encrypted Data
 SNMPv3 provides network security by encrypting
administrator traffic during SNMP session to configure
or troubleshoot switches.
Kerberos
 Kerberos authenticates users and network services
using
a trusted third party to perform secure verification.
Secure Copy
 SCP provides a secure and authenticated method for
copying switch configurations or switch image files.
SCP relies on SSH.
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Securing Layer 2 from Surveillance Attacks
Cutting Off MAC-Based Attacks

00:0e:00:aa:aa:aa
Only 3 MAC
00:0e:00:bb:bb:bb
Addresses
Allowed on the
250,000 Bogus Port: Shutdown
MAC addresses
per Second

Problem: Solution:
 “Script Kiddie” Hacking Tools Enable  Port Security Limits MAC Flooding
Attackers’ Flood Switch CAM Tables Attack and Locks Down Port and
with Bogus MAC Addresses, Turning Sends an SNMP Trap
the VLAN into a “Hub” and Eliminating
switchport port-security
Privacy switchport port-security maximum 3
 Switch CAM Table Limit Is Finite switchport port-security violation restrict
switchport port-security aging time 2
Number of MAC Addresses switchport port-security aging type inactivity

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Voice (VLAN) aware Port Security

 Scenario – IP phone + host on


same switch port
 Port security & STP violations are Si Si

now VLAN/voice aware


 Violations for the host only affect
“data” VLAN
Only affected VLAN is placed in
error disable state
Voice VLAN remains unaffected
 Improves network availability

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
DHCP Spoofing Attack
Rogue DHCP Offer DHCP
IP: 10.1.1.20/24 Server
GW: 10.1.1.1
DNS: 192.168.1.122


DHCP
Server User Ports
DHCP Discovery Untrusted
Broadcast Victim

Problem: Solution
 Malicious user pretends to be the network  Do not trust user ports so
DHCP server. only DHCP requests can
 Misconfigured user starts up a DHCP server be sent.
incorrectly.  Snoop DHCP information
 Malicious user can send out bogus address, for integrity.
deplete the address space, or spoof the
default gateway.
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
DHCP Snooping
What It Does:
 Switch forwards only DHCP DHCP Snooping Enabled
requests from untrusted access
ports, and drops all other types
Si Trusted

t
es
of DHCP traffic. DHCP

qu
snooping allows only

Re
DHCP

DH
designated DHCP ports or
X

CP
Server

CP
uplink ports trusted to relay Untrusted

DH

AC
DHCP messages. It builds

K
a DHCP binding table
containing client IP address,
client MAC address, port, and
VLAN number.
DHCP
Benefit: Client
 DHCP snooping eliminates Rogue Server
rogue devices from behaving
as the DHCP server.

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
FlexLinks—L2 Redundancy

 Achieve Layer 2 redundancy without


requiring STP (Spanning Tree
Protocol) Si Si

 Access switches with backup links


to Distribution switches—deployed
as Flex link pair
Si Si

 Fast convergence upon forwarding Distribution


link failover
Sub 100msec cut over
 Convergence time independent Access
of number of VLANs and MAC-
addresses

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
FlexLinks—L2 Redundancy

Cat6K Cat6K

1. Primary link
down detected
(24msec poll)
X √ 2. Backup link
becomes the
active link
Active Link Backup Link

Catalyst 2960

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Flexlink VLAN load balancing

Primary link
down detected Backup carries
VLANs 60, 50, 20
X
Primary Link - Backup Link -
Carries VLANs 60, 50 carries VLAN 20
gi2/0/6 gi2/0/8

Cat2960

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Integrated Time Domain Reflectometer (TDR)
Layer1 Troubleshooting tool
TDR helps to determine:
 The length of a cable
 Whether the cable is correctly wired
internally (pin-to-pin wire mapping)
 Whether the cable contains a short
circuit (wires touching each other
through damaged or missing insulation)
 Whether the cable contains a broken
wire (called an “open”)
 Whether the cable suffers from electrical
cross talk (interference).
 CISCO-CABLE-DIAG-MIB

Cable
P P
O O
R R
T Fault T

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
UniDirectional Link Detection (UDLD)
Protecting Against One Way Communication
Highly available networks require UDLD to protect against one way
communication or partially failed links and the effect that they could
have on protocols like STP and RSTP

 Neighboring ports
should see their
own device/port
Si
ID (echo) in the
packets received
from the other Are
side You
 Failing to receive
‘Echoin
g’ My
this information
Hellos? Primarily used on fiber optic
indicates
misconfiguration links where patch panel
and the port is errors could cause link up/up
error-disabled. with miss matched
Si
transmit/receive pairs

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
CiscoWorks LAN Management Solution (LMS)
LMS is a suite of applications designed to simplify
and augment the daily tasks required to manage
a Cisco end-to-end network—reducing total cost
of ownership and improving network availability.

 Simplifies and automates tasks associated with

day-to-day management—Taking inventory,


configuration, IOS software deployment and
troubleshooting.
 Breadth of device support (over 400 Cisco
device types) provides a single application
suite for managing most Cisco-labeled devices.
 Provides detailed visibility of users, ports and
network connectivity—topology services, user
tracking, inventory.
 Automates the change management process
quickly identifying hardware, software and
configuration changes—change audit reports.

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Management Interfaces
Cisco Catalyst Device Manager Cisco Network Assistant

Manages a single device Manages a 40-device


network
 Web-based—HTML
 Router, switch,
IP phone, wireless…
 Web-based—Java

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Express Setup
1. Power up the switch and hold the
mode button for a few seconds until
all the mode LEDs are green.
2. Connect the PC into the Ethernet
port and launch the browser.
3. Launch the Express Setup page by
entering the IP address of 10.0.0.1
in the browser.
4. Assign the switch IP address and
management VLAN; enable the
secret password, (optional) Telnet
password, and SNMP configuration.

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Cisco Catalyst Device Manager

 Embedded in the switch


 View and configure a single switch using a web browser
 Display switch trends, status, and port statistics
 Integrated Smart Ports for simple port configuration

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
Cisco Network Assistant
Release 5.0

 Multi-product, multi-technology
management tool
 Supports up to 40 devices
Switches, Routers and
Firewalls and unlimited IP
Phones and Access points
 Interactive topology and front
panel views
 Configuration, Monitoring,
Troubleshooting & Network
Optimization
 Highlight your VLANs, Telnet
to devices, Drag-n-Drop IOS
upgrades
 Localized in French, Italian,
German, Spanish, Chinese
and Japanese
 Free download
www.cisco.com/go/cna

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41

You might also like