View
63
Download
0
Category
Tags:
Preview:
DESCRIPTION
Cisco Unified Access Roadshow One Network : Wired Access. Dan Schnour Cat. 3K Product Manager. Business Challenges of Evolving Workspace. BYOD. Collaboration. VIRTUALIZATION. $$. Non IT Provided Devices Guest and Contractors Secure Access . Reduce Travel Costs Collaboration - PowerPoint PPT Presentation
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Dan Schnour
Cat. 3K Product Manager
Cisco Unified Access RoadshowOne Network : Wired Access
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Business Challenges of Evolving Workspace
Managing Complexity And Scale
Delivering High-Quality Experience
• Non IT Provided Devices• Guest and Contractors• Secure Access
BYOD
• Business Productivity• Ease of Deployment• Low CAPEX/OPEX
with VDI
VIRTUALIZATION
• Reduce Travel Costs• Collaboration• Rich Media Services
COLLABORATION
Ensuring Business Continuity with Lower TCO$$
Securing Any Access
ITR
EQU
IREM
ENTS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• How do I onboard devices and contextually authenticate users?• How do I segment users, devices and applications?• How do I protect my network infrastructure?
It All Starts at Access
Securing Any Access
• Automatic discovery and device profiling with Device Sensor• Zero downtime deployment with .1x Monitor Mode • Simplify user authentication with Flexible Authentication
• Prevent Eavesdropping with link layer encryption with MACsec• First Hop IPv4/IPv6 Security for L2 threat defense• Flexible NetFlow for real-time traffic flow analysis• Protect CPU with Hardware-based Control Plane Policing.
On-Board
Protect
Segment • Flexible Role-based segmentation with Security Group Access.• Simplified Layer 3 Segmentation with Easy Virtual Network.
On-Board Segment Protect
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Corp PC doctor office
Personal laptop doctor office
Personal laptop patient hotspot
Printer N/A office
IP Phone N/A office
TelePresence N/A conf room
2 11
1
2
1
Device Aware
Identity aware
Location aware
CDPLLDPDHCPMAC
• Identify endpoints based on protocol information with Device Sensor• Identify and Authenticate user with 802.1x (Flex auth)• Classify context of access based on Device Type and User
Cat3k: Now ShippingCat4K: Now Shipping
On-Board Segment Protect
BYOD : Context-based Control
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Secure BYOD with 802.1X
Cisco Catalyst® Switch
Network Device
IP PhonesAuthorized Users Guests
Authentication Features
802.1X MAB WebAuth
Tablets
Monitor Mode Unobstructed Access No Impact on Productivity Gain Visibility
MAC Based Authentication
Flexible Authentication Sequence Enables single configuration for most use cases Flexible fallback mechanism and policies
Identity Differentiators
IP Telephony SupportSupport for Virtual Desktop Environments Single Host Mode Multi-Host Mode Multi-Auth Mode Multi-Domain Authentication
Critical Data/Voice Authentication Business Continuity in case of failure
Rich and Robust 802.1X
Cat3k: Now ShippingCat4K: Now Shipping
On-Board Segment Protect
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
BYOD: Context-based Control
Corp PC doctor office
Personal laptop doctor office
Personal laptop patient hotspot
Printer N/A office
IP Phone N/A office
TelePresence N/A conf room
2 11
1
2
1
Device Aware
Identity aware
Location aware
Cat3k: Now ShippingCat4K: Q3CY13
Corp PC doctor office
Personal laptop doctor office
Personal laptop patient hotspot
Printer N/A office
IP Phone N/A office
TelePresence N/A conf room
2 11
1
2
1
Device Aware
Identity aware
Location aware
Secure Group
doctor
doctor
patient
video
voice
facility
Patient record
internet facility
doctor permit permit permit
patient deny permit deny
voice deny ACL_v deny
SG Tag imposed to incoming traffic
SGACL enforces policy at access, campus edge, or DC
X
Security Group Access
• Simplifies ACL management
• Uniformly enforces policy independent of topology
• Fine-grained access control
Cisco Innovation
• Role-Based Access Control and Segmentation with Security Group Access
CDPLLDPDHCPMAC
On-Board Segment Protect
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 7
It All Starts @ AccessManaging
Complexity And Scale
• How do I scale my network to meet device proliferation ?• How do I future proof my network while protecting my investment?• How do I provide consistent policies across networks and devices ?
Scale Protect Investment Provide Consistency
• 848 Gbps System Performance• 384 Ports of 10/100/1000 & 40G uplinks• 384p of PoEP & 192p of UPOE (9KW PS)• 384p of Energy Efficient Ethernet
• 9 Member Stack• 64Gbps Stacking BW • Full POE/POE+/UPOE
Stack Capacity as you grow5-7 years of life cycle
• Unified Management / Single Pane of Glass Management : Prime Infrastructure• Single Policy Control Dashboard : Identity Services Engine [ISE]
Scale
Provide Consistency
• 7-10 years of life cycle• Legacy line-card support with new supervisor• Feature enhancement with new supervisor• Mix/Match different generation line cards with no impact to system performance
Protect Investment
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Unprecedented Investment Protection
Cisco Catalyst 4000 Maintain SupportEOS EOL
Cisco Catalyst 4500 (non-E) Maintain Support
Cisco Catalyst 4500 E-Series
EOS EOL
11 years
14 years 90% Transition to E-Series
3750-X / 3560-X
3750E / 3560E Maintain SupportEOS
EOL
… 20041999 … 2007 … 2010 … 2015 … 2020
Catalyst 3K
Catalyst 4K
9 years
Backward compatibility for all line cards with new supervisor
Scale Protect Investment Provide Consistency
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 9
It All Starts @ AccessDelivering
High-Quality Experience
• How do I know my network is ready for real time applications?• What real time applications and devices are running on my network?• How do I monitor and troubleshoot Application level traffic ?
• Assess network readiness for real time media applications with IP SLA
• Differentiate video applications and optimize QoE with Media Services Proxy (MSP)/Metadata• Improved Application visibility with Flexible NetFlow
• Automate monitoring and troubleshooting with Mediatrace• Application level hop by hop statistics with Performance Monitor
Assess
Visualize and Control
Monitoring & Troubleshooting
Assess Visualize and Control Monitor/Troubleshoot
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
End points are capable of High Definition
however they only work in Standard Definition.
Why?
How do I provide Quality of Experience for all video applications?
Which end point has poor video quality andHow do I know what to
troubleshoot?
Is my network ready for 100 HD Desktop
Cameras, 30 IPVSC and a new Telepresence
room?
Comprehensive Visibility @ Access
• IP-SLA VO injects synthetic media traffic to assess network readiness
• Wire Shark can capture raw, real-time packets directly on the switch
• Using MSI / MSP & Metadata the switch can now identify devices and applications for differential treatment
• MediaTrace locates application performance problems
• Performance Monitor provides application level data using Flexible NetFlow
• Cisco Prime provides management
X
Assess Visualize and Control Monitor/Troubleshoot
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Deterministic Quality of Experience
Device Type Axis Camera CTS3000 Jabber Laptop PC
Application Type Surveillance TelePresence Soft client HTTP/You Tube
WebEx
Priority
Rate Limiting NO NO NO Yes NO
Differential Traffic Treatment through Visibility
Device/Application ID exported to FnF
Quality of Experience
• Media Services Interface & MSP
• Flow Metadata
• AVC on Wireless Controller
• Application based QoS
• Device/App based FnF*
Campus Catalyst
3K-X/4500E
Uniform QoS policies across networkDevice and Application Identification usingMSI / MSP
Workflows to deploy and provide location awareness
Cisco Prime Infrastructure
Endpoints embedded with the Media
Services Interface
Assess Visualize and Control Monitor/Troubleshoot
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 12
It All Starts @ AccessBusiness Continuity
with Lower TCO$$
• How can I make my network resilient to handle business SLAs ?• How can I easily onboard my network infrastructure ?• How can I reduce IT energy expenses and align with corporate ‘Green’ goals?
Resiliency Plug n Play Energy Efficiency
• Zero Touch deployment - Smart Install, Auto QoS, Auto Smart Ports• Programmability with EEM, XML, SDN*• Built in sniffer capabilities with Wireshark• Efficient Planning & troubleshooting with IPSLA, FnF
• Visibility, Control and Reporting of enterprise wide energy usage• Save up to $65 per Switch Port**• $0 SKU for Energy Visibility & Basic Control on 3K/4K
Plug and Play
Energy Management
• Power & data resiliency with StackPower and Stackwise+ (3K-X)• No impact to voice/video for planned and unplanned downtime with ISSU, NSF/SSO and
VSS*Resiliency
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Simplify and Scale with StackWise+
Fan Redundancy Maximize Power Redundancy with StackPower
In-Chassis FRU Redundant PSU
NO Downtime for BYOD, Collaboration & Virtualization Best in class Fixed resiliency !
Innovative Inter-Chassis Power Interconnect Common power pool for distributed power redundancy
Flexible Non-Stop communication. Variant in sizes (AC/DC)
Highly Resilient Zero-Footprint of RPS. PS Backup within Stack
Intelligent Load Shedding Preserve critical network during power failure
Resiliency Plug n Play Energy Efficiency
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Ent
Svc
Redundant PS
Redundant Fans
Redundant Sup
ISSUSSOIP
Bas
e
2+2 uplinks
Distribution Layer
Access Layer
SiSiSiSi
Campus
CoPPISSU
NSF/SSOSmart Call Home
System
Fast Detect: TDR, DOM UDLDFast Converge: Flexlink+, RPVST
Link
NetworkHSRP/VRRP/GLBP
VSS (Jan 2013)
LAN CoPP,
Basic HA
ISSU License No Long RequiredNSF available in IP Base Now!
NSF
ISSU Lic
Seamless
NO Downtime for BYOD, Collaboration & Virtualization Best in class modular resiliency !
Resiliency Plug n Play Energy Efficiency
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15Cost Savings: $15,000 (or 230 Hours) per 100 Switches*
3K, 4K, 6k * (“Director”)
AccessSwitches
Zero Touch Deployments and Maintenance
New Switch Connected
Software image downloaded;Configuration automatically applied
Smart Install
New Device AttachedPort Configuration: AppliedQoS Policy: EnforcedSecurity Policy: Enforced
Plug and Play for End DevicesAuto Smart Ports
Anomaly DetectedProactive diagnosticsReal time AlertsWeb-based reportsRouted to TAC team
Monitor & Troubleshoot
Smart Call HomeIPSLA, WireShark
BYOD : Operational Efficiency
EEMXMLSoftware Defined Network (OnePK)*
Control Your NetworkProgrammability
Resiliency Plug n Play Energy Efficiency
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 16
• Cisco EnergyWise is an IOS-based intelligent energy management protocol What’s New with Fast-Start $0 SKU’s?• Enhance customer ROI with a $0 SKU • Available only with 4K, 3K PoE/PoE+/UPOE• Features vary by partner, but
- Visibility, Monitoring of energy for free (up to 5 years)- Limited control of devices
Cisco EnergyWise: A key differentiatorSpecial $0 EW Fast-Start SKU’s for Cisco Customers with 4K/3K
Product ID
EW-JX-50SW
EW-VER-50SW
EW-CA-50SW
Cisco Switches and Routers √ √Wireless access points √ √VoIP phones √ √EnergyWise-enabled devices √ √
Windows PCs/Laptops √ Upgrade
Monitors, Printers √ Upgrade
All other campus/data center devices
Upgrade Upgrade
PoE Unlimited devices forever Unlimited devices 1 Yr
Cisco Switches Unlimited devices forever Unlimited devices 1 Yr
PC/Laptops Unlimited devices 1 Yr 1000 devices 1 Yr
Product Description
Activation Key of JouleX Energy Manager for Cisco EnergyWise
Verdiem Surveyor Accelerator Key for Cisco EnergyWise
Key for Nimsoft (CA-Technology) Management SW for Cisco EnergyWise
Visibility (Monitoring) Basic Control
How to Order?• 3 SKUs available in Cisco GPL and ordering tool• Each SKU license for up to 50 users• For more information on Cisco EnergyWise contact
ask-energywise@cisco.com
Resiliency Plug n Play Energy Efficiency
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17
Access Switching Strategy, and Areas of Investment
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Catalyst 4500E – Lead Modular AccessBuilding BYOD, Collaboration Ready Networks !
Dual Supervisor<200ms ISSUSingle Supervisor
4503-E
4507R+E4510R+E
4506-E
2 LineCards 5 LineCards 5 LineCards 8 LineCards
POE, POE+ and Cisco UPOEDual Core CPU for 3rd Party Apps (Wireshark)
1+1 Power RedundancyN+1 Fan RedundancyScales up to 384p POE/PoEP & 192p of UPOE
Supervisor Engine 7-E
848Gbps Switching Capacity4 x SFP+/SFP uplinks384 10/100/1000 Ports
Supervisor Engine 7L-E
520Gbps Switching Capacity2 x 10G SFP+/SFP uplink 240 10/100/1000 Ports
UNDISPUTED MARKET LEADERSHIP
110M+ Ports, 800K+ Systems70% PoE/PoEP Port share80% Adoption by Cisco Top Customers
48G
24G
Data PoE
WS-X4748-UPOE+EWS-X4748-RJ45-E
WS-X4648-RJ45V+EWS-X4648-RJ45-E
• UPOE 60W, IEEE• 30W/port on all 48 ports
• 30W/port on 24 ports
3rd party validation
“Powerful stuff: New Cisco switch delivers 60 watts to the desktop”
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 19
Stand-Alone Switch Portfolio
Gigabit Ethernet
Catalyst 3560-XData / PoE(+)Modular 1G/10G Uplinks Dual PS E-LLW
Stackable Switch Portfolio
Gigabit Ethernet
Catalyst 3750-XData / PoE(+)StackWise PlusModular 1G/10G UplinksDual FRU PS and FansE-LLW
Network And Service Modules
C3KX-NM-1G C3KX-NM-10G C3KX-NM-10GT C3KX-SM-10G
Catalyst 3750 v2Data or PoEStackWiseFixed 1G UplinksSingle PSLLW
Fast Ethernet
Catalyst 3560 v2Data or PoEFixed 1G UplinksSingle PSLLW
Fast Ethernet
Service ModuleNEW
Flexible Netflow MACsec
Catalyst 3K – Lead Fixed AccessBuilding BYOD, Collaboration Ready Networks !
UPOE coming soon!!
Stack Power now available on LAN
Base
9 member switch stack**Enhanced video features, e.g., Mediatrace, built-in traffic generationEnhanced Security features, e.g., SGT, Device Sensor
Data Redundancy using Stackwise+ (64 Gbps)*Power Redundancy using StackPower*Field replaceable Power Supplies and Fans*
**available on 3750, *available on 3K-X
¼ Billion+ Ports and 7 Million+ Units sold worldwide
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
2000 2003 2007 2009 2011
C i s c o I n n o v a t i o n s D r i v e I n d u s t r y S t a n d a r d s
Industry Standard:
IEEE 802.3af (15W PoE)
Industry Standard:
IEEE 802.3at (30W PoE+)
7WInline Power
15W (PoE)
30W(PoE+)
Power Over EthernetA technology pioneered by Cisco
60WUPOE
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
CISCO 2960S PORTFOLIOLayer 2 Only
Fast Ethernet Gigabit Ethernet
Catalyst 2960S
10G/1G UplinksFlexStackFull PoE, PoE+E-LLW
Catalyst 2960SF
1G UplinksFlexStackFull PoE, E-LLW
Cisco Quality at Competitive Price
EASE-OF-USE 60MPORTS
1.3M+UNITS
ENERGY EFFICIENCY
LOWERTCO
Competitive Features• Security with 802.1x Monitor Mode• Lower TCO with Energy Wise, Smart
Operations and Auto QoS• Static Routing & Priority Queing• FlexStack 2 x 10G ports (wire speed)
Differentiators of 4K/3K over 2K• TrustSec: SGT, MACsec, Device Sensor • Application Visibility: FnF, Mediatrace, Wireshark• Resiliency: StackPower, ISSU, UPOE• Scale: Stack up to 9 on 3750X, 10 Slot Chassis 4500E
Catalyst 2K Campus Portfolio
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
3560C and 2960C Compact SwitchDelivering Zero Touch BYOD Deployments • 22% Growth in FY12
Fast Growing Catalyst Platform
4500E
3750X
• POE+/UPOE Powered• AC Power Option
• Smart Operations • Smart Install • Auto Smart Ports
• PoE • PoE(+) and non PoE Models
Scalable and Proven Deployments in Education,
Retail & Healthcare
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
BYOD Access Portfolio : Catalyst Switching
Scale & Performance• Stacking (upto 192 port)• POE/POE+• Base Identity features
Lower TCO• Lowest Power consumption • Green / Energywise• Smart Install Client
Catalyst 3K
Traditional Workspace Next Generation Workspace
Data Voice BYOD Collaboration Virtualization
Catalyst 2960Scale & Performance• 9 Member Stack (2X+ ports)• 3 X Stacking BW (64 Gbps)• Full POE/POE+
Resiliency• StackPower, StackWise+• FRU Power supplies and Fans
Energy Management & Green• EnergyWise• UPOE (60W) **• EEE **
* Only on IP Base
Scale & Performance• Wired/wireless convergence*
TrustSec & Segmentation• Device Sensor, Cisco TrustSec (SGA,
MACSec)
Dynamic routing protocol • OSPF, EIGRP Stub, RIP
Application Visibility• Flexible NetFlow & Medianet• 3rd Party Apps (WireShark) *
Lower TCO• EEM & IP SLA• Smart Install Client & Director
LAN Base
IP Base
* Roadmap
IP Base
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Scale & Performance• 848 Gbps System Performance• 240p with 7 slot and 384p with 10 slot Chassis• In Service Software Upgrade*• VSS**• Wired/wireless convergence **
TrustSec & Segmentation• Device Sensor*• VRF-Lite, EVN*• Cisco TrustSec* (SGA**, MACSec)
Application Visibility• Flexible NetFlow*, Medianet*• 3rd Party Apps (WireShark*)
BYOD Access Portfolio : Catalyst Switching
Scale & Performance• Stacking (upto 192 port)• POE/POE+
TrustSec • Identity
Lower TCO• Power consumption • Green / Energywise• Smart Install Client
Catalyst 4500E
Traditional Workspace Next Generation Business
Data Voice BYOD Collaboration Virtualization
Catalyst 2960
@96p base config with Redundancy and UPOE Capability
Energy Management and Green• UPOE (60w)• EnergyWise and EEE
Lower TCO• AutoSmart Ports• Longer Life Cycle (7-10 years)• Smart Install Director**
* With IP Base** Roadmap
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Key Takeaways
Protect your current investments while getting ready for future in Access.
Breadth of the portfolio across 2k, 3k and 4500E Features for current and Next
Generation Campus
• Trustsec
• SmartOps
• AVC
Investment ProtectionFlexibility of Choice Architecture and Operations Agility
Recommended