Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Rene Andersen Cisco SE DK
Cisco SwitchTech UpdateCatalyst April 2017
TRADITIONAL ACCESS
CONVERGED ACCESS
Catalyst 3650
Catalyst 3850
Catalyst 2960-LCatalyst 2960-X/XR
Catalyst 6800/6500
Catalyst 4500E Sup 8
New Catalyst platforms for campus
Cisco Catalyst portefolio overview
Wired/Wireless
Convergence
For Entry Level
Stackable Switch
Wired/Wireless
Convergence
for High End
Stackable Switch
Double everything Greenest Switch Ever
Catalyst 6800/6500
Industry Leading Campus Backbone Platform
Wired/Wireless Convergence
for Chassis Based Switch
640GB Line-Rate
UADP ASIC
• New 750W AC Power Supplies
• 1+1 Power Supply Redundancy
• Front-to-Back and Back-to-Front Fan options
48 x SFP+ Fixed
UADP ASICConverged
AccessLine-Rate
Virtual
stacking
1+1 Power
Redundancy
Front-to-Back & Back-to-Front
Fans and Power Supplies
*No StackWise or StackPower on 48p SKU
4 x QSFP Fixed
Catalyst 3850 10G: 48 Port
Cisco Stackwise Virtual
VSLSW-1 SW-2
Phase 1 - Aggregation
o
o
Distributed stacking is supported in 16.3.3..
Catalyst 3850 10G SFP+12 Port and 24 Port
C3850-NM-4x10G
C3850-NM-
8x10G
C3850-NM-2x40G
UADP ASICConverged
Access`StackWise-480 StackPower
1+1 Power
RedundancyLine-Rate
C3850-NM-4x10G
WS-C3850-24XS
WS-C3850-12XS
• MPLS
• Application Visibility and Control
• Programmability
• COAP
• POE Innovations
• Enterprise Media Networks - AVB
• WCM Sub package upgrade
• MACSEC 256
• ERSPAN
Some Important Features Released in 16.3.1
©
10G SFP+1G SFP
1/10G 1RU Aggregation
Catalyst 4500-X
• Fixed 10G Aggregation
• 16p and 32p Base
Units
• 8 port 10G network
Module
• Front-to-Back and
Back-to-Front Fans and
Power Supplies
1G 1RU Aggregation
Catalyst 3850
1G Fiber
• Fixed 1G Aggregation
• Stackable
• 12p and 24p SKU
• 10G Network Module
Catalyst 6880-X
• Best-in-Class Core
Feature-set
• Up to 80 1G/10G
Ports, 20 40G ports
• Full MPLS
• Instant Access
1/10G 1RU Aggregation
Catalyst 3850
10G Fiber
• Fixed 10 G
Aggregation
• 12p, 24p and 48p
SKUs
• Stackable(12p/24p)
• 10G/40G Network
Module
1/10G 5RU Core
Catalyst 6840-X
• Best-in-Class Core
Feature-set
• Up to 40 1G/10G Ports
• 40G Uplinks
• Full MPLS
• Instant Access
1/10G 2RU Core
Catalyst Fixed Backbone Portfolio FY17S
ca
le / F
ea
ture
s
Catalyst 6800 Nexus 7700
1 2
Catalyst 6500
FY17-
18
Campus Core
Modular
Transition
Position for the following requirements:
• High-density 10/40/100-Gbps
connectivity
• Full Cisco SDA Capability
• Closest in features (MPLS), buffers,
tables to C6K
Position for the following requirements:
• Optimized for 1G/10G and low density 40G
• Full Campus Fabric support
• Proven Catalyst 6K Class of feature set
• Single O/S requirement in the Campus
Offers: C6807-XL-S6T-BUN / C6807-3850-10G-
BUN
Offers: N7706-EN-B22S2E/ N7710-EN-B23S2E
Caveats: No 100G support Caveats: NexOS in Campus
Network as a Sensor &
Enforcer
APIC-EM
Full MPLS for campus
Campus Fabric
Secure Segmentation with
TrustSec
One Management with Prime
Infrastructure
IT Simplicity with Auto Conf, Interface Template and EEM
One Policy with Identity Services
Engine
High Availability with VSS, SSO and Quad Sup
SSO
3500+ Unique RichCampus Services
Hardware
Investments8P x 40G QSFP Module
– IOS 15.5(1)SY
Catalyst 6800 FamilyThe Next Generation Campus
Backbone Portfolio is here!
Architectural SolutionLeverage aggressive services and
bundle pricing to beat competition.
Nonstop InnovationStrong hardware and software
roadmap with a lot more to come
Catalyst 6K IOS SY Software Map
Q2/Q3’CY2015
IOS 15.2(1)SY1 (Q2)
WS-C3560CX-8XPD-S
mGIG Compact as IA Client
IA Scale: 1500 ports (Sup2T)
Easy FEX/ Auto FEX
NEAT for IA (Compact Switches)
Switch / Priority Renumber for IA
Custom Port QoS for IA
OSPF Fast Re-Route (FRR/LFA)
ISIS Fast Re-Route (FRR/LFA)
HSRP BFD
Q4’CY2014
IOS 15.2(1)SY
C6800 10G Linecards (8x/16x/32x)
C6800 1G linecards (48x)
WS-C3560CX-12PD
IA Scale: 2K ports, 42 FEX ID, 5-stack
IA 2.0: AutoConf,
IBNS 2.0: Service/ Interface Templates, Critical ACL/ MAB, Concurrent/ Differentiated Auth
OSPFv3 GR/ NSSA/ Area Filter
BGP GR/ Local AS
Netflow for COPP
Netflow full MPLS support
IPv6 support for Trustsec
LISP ASM
mDNS SDG 2.0
IPv6 FHS
VRF Aware DHCP Relay (v4/v6)
VRF Aware DNS
MPLS LDP local label filtering
Q2/Q3’CY16
IOS 15.4(1)SY
Campus Fabric with 6807 w/Sup6T
4x10G -> 40G QSFP (Sup2T)
FIPS Certification – Cisco SSL
Security features (Korea Homologation)
CSDL ASLR
CSDL PSB
IOS 15.3(1)SY
Sup 6T
Reverse Breakout Cable
4x10G 40G QSFP
(Sup6T)
IOS 15.2(2)SY (Q3)
C6840-X Switches
IA Scale:1500 ports for C6840-X
APIC-EM Support
Multicast Flow based MoFRR
Q1’CY17+
IOS 15.4(1)SY1
Campus Fabric on 6840/6880
LISP/VXLAN
IOS 15.3(1)SY1
Sup6T on 6500-E series chassis
Sup 6T + IA 3.0 – 2000 ports,160 FEX
IDs
Shipping Shipping ShippingShipping
Visibility News
2960X / 2960XR
User traffic
flows
User traffic
flows
Flow
records
Flow
collector
StealthWatch
consoleOn Prem / Virtual
appliance
• Full Ingress NetFlow on
2960X/XR
• Switch supports 8k flows / ASIC
• NetFlow collection done in
hardware with Minimum impact
to CPU
• NetFlow version 9 and version
5 export
• Full NetFlow supported on
stacked and standalone 2960X/XR
NaaS on 2960 X/XR C1 for Full Netflow/NAAS ShippingFeb17
Base NaaS on Catalyst 2960-X/XR
Full NetFlow
DNS-AS 50+ Apps
StealthWatch
25 FPS/Switch License
Physical2 or Virtual ApplianceC1-based License Only (New)
C1FPCAT29003/4K9
Cisco ONE Foundation Perpetual –
Catalyst 2900 24/48 Port Cisco ONE Foundation 1.100/1.900$
Cisco Unique Solution
for Network Security
Reduce Threat Attack Surface
with Network Sensing
Improved Protection for
Customers and Employees
Implementing NaaS brings
over 200% ROI1
NEW!!
Forrester Report for StealthWatch1 2Purchase Separately
https://www.lancope.com/resources/industry-report/259-roi-lancope-stealthwatch
Full NaaS on Catalyst 3650/3850
Full NetFlow
NBAR2 1500 Apps
ERSPAN
ETTA2
Stealthwatch
50 FPS/Switch License
Physical1 or Virtual Appliance
C1 Foundation LicenseSee Software Packaging
Cisco Unique Solution
for Network Security
Reduce Threat Attack Surface
with Network Sensing
Improved Protection for
Customers and Employees
Implementing NaaS brings
over 200% ROI1
NEW!!
Forrester Report for StealthWatch1
Packetwatch1
1Purchase separately 2Available 1HC17
https://www.lancope.com/resources/industry-report/259-roi-lancope-stealthwatch
Challenges
HTTP
FTP
POP3
IMAP
HTTPS
SMTP
80
20/21
110
143
443
25
Yesterday’s ApplicationsL7
L6
L5 AVC
L4
L3
L2
L1
Netflo
w
Today’s Applications
Know, Monitor & Control Your ApplicationsGranular Detection, Advanced Monitoring & Business Logic Based Policies
Monitor Your ApplicationsKnow Your Applications Control Your Applications
Prioritized Applications Bandwidth Management
Fault Isolation, TroubleshootingPerformance Assessment
Granular App DetectionEncrypted Application
© 2016 Cisco and/or its affiliates. All rights reserved
http://images.google.fr/imgres?imgurl=http://www.clikphoto.com/2003/Customers/images/Siebel.Logo.JPG&imgrefurl=http://www.clikphoto.com/2003/Customers/links.html&usg=__dY-YhzjlqXwgaBUa3GI7LkIC8nE=&h=137&w=363&sz=4&hl=fr&start=1&sig2=jRZ_dNmSZXrDAJLEkmINsA&um=1&tbnid=q54bb4J2TD1_uM:&tbnh=46&tbnw=121&prev=/images?q=siebel+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=CeHBSv6xGdi7jAfDrYHfBQhttp://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQhttp://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQhttp://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ
Why do you need AVC at Access?
Application Recognition Techniques
• Pre Defined Apps
Metadata on DNS
Server
• Lightweight &
authoritative
• Identify most
Applications
• Detects ENCRYPTED
apps
• Custom Apps
• IOS XE 3.9.0E (Cat4K)
and IOS 15.2.5E1
(Cat2K)
.
DNS-AS
• 1500 Apps
• Initial packets
copied to CPU
• Good for most app
except evasive app
like bittorrent
• Available in IOS XE
16.3 (3650/3850)
NBAR2
(Performance
Optimized)
NBAR2
DPI
• 1500 Apps
• Fine Grain DPI
• Mostly on Routers,
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Internal
Network
DNS-AS Operation
1) Client requests a DNS Lookup
2) Access Switch examines the DNS request
3) Internal DNS Server returns a DNS response (A-Record)
4) Access Switch requests application metadata information by generating its own DNS query
5) Internal DNS Server returns application metadata (A-Record + TXT Record)
6) Access Switch maintains a Binding Table of application metadata
DNS Server App
Server
DNS Lookup:
mail.timco.com
DNS A-Record:
mail.timco.com is 172.16.0.7
DNS Lookup + TXT Record Request:
mail.timco.com
TXT Record:
172.16.0.7
mail.timco.com
App ID = 378
App Class: BULK-DATA
Business Relevance: YES
IP Address PTR App-ID App-Class Business-
Relevance
172.16.0.7 mail.timco.com 378 Bulk Data YES
19
NBARPP Signatures
Advanced Classification Techniques
Native IPv4/ IPv6
Classification Advanced
Field Extraction
Custom Signature
Builder
Can be used with MQC (Modular QoS CLI) to control the traffic patterns in the network
Supported devices: Catalyst 3850/3650, ISR-G2 (86x, 88x, 89x, 19xx, 29xx, 39xx), 44xx, ASR1k, CSR1kV, WLC (2508, 8500, 7500, 55xx)
Protocol Pack allows adding more applications without upgrading or reloading IOS
Use heuristic algorithms to recognize encrypted traffic
And …
Recognizes
~1500 Apps
~140 Encrypted Apps
Network Based Application Recognition
http://images.google.fr/imgres?imgurl=http://www.clikphoto.com/2003/Customers/images/Siebel.Logo.JPG&imgrefurl=http://www.clikphoto.com/2003/Customers/links.html&usg=__dY-YhzjlqXwgaBUa3GI7LkIC8nE=&h=137&w=363&sz=4&hl=fr&start=1&sig2=jRZ_dNmSZXrDAJLEkmINsA&um=1&tbnid=q54bb4J2TD1_uM:&tbnh=46&tbnw=121&prev=/images?q=siebel+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=CeHBSv6xGdi7jAfDrYHfBQhttp://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQhttp://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQhttp://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ
Enabling and Monitoring AVC – CLI - License : IP Base
CLI
switch# show run int g1/0/23
Building configuration...
interface GigabitEthernet1/0/23switchport access vlan 193ip nbar protocol-discoveryend
switch# show ip nbar protocol-discovery top-n
GigabitEthernet1/0/23 Input Output ----- ------
Protocol Packet Count Packet Count Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate
------------------------ ------------------------ ------------------------youtube 356 187
264713 25603 0 0 6000 3000
bing 2741 2384 493258 423925 0 0 3000 3000
© 2016 Cisco and/or its affiliates. All rights reserved
Enabling AVC ServicesWebUI interface
AVC MonitoringWebUI - Easy and Simple Visibility
Campus Application Map
Polaris 16.2• NBAR2 Dynamic PPs
• NBAR2 Custom Apps
• AVC
Polaris 16.3.x AVC with FNF Ph1
Programmability
Stackwise virtual 48XS
Polaris 16.5/16.6• Python On-box
• Stackwise Virtual 12/24XS
CAT3650/385
0
DNS-AS
Nova 3.9.1 Programmability
Campus Fabric
MKA MACSec
Release 15.2(5b)E DNS-AS Full NetFlow
CAT 4K
CAT 2K
Shipping!
Shipping!Shipping!
Shipping!
Shipping!
Cisco Catalyst 2960-L Series Switches
More Use CasesPowering Small Networks with Quietness and Simplicity
Often used in:
Bank branches
Hotel buildings
School buildings
Retail stores
Office buildings
Common ask:
Low-priced GE model
Simple management
Low energy consumption
Low-budget PoE+
802.1X and web authentication
Small form factor
Out-of-wiring-closet design
Basic Layer 2, QoS, and IPv6
Enterprise-grade quality and support
Addressing Business TransformationNew Unified Access Cisco Catalyst Switching Solution
Bu
sin
ess C
on
tin
uit
y
Business Agility
GreenIntelligent
Services
Comprehensive
Security
Ease of Operations
and Simplicity
Mission-Critical
Performance
Scale and
Resilience
Entry-Level
Cisco Catalyst
C2960-L Lan Lite
New
Converged L2
Services
C2960-X LAN Base
Resilient L2 and
Converged L3 Services
C2960-XR IP Lite
Introducing Cisco Catalyst 2960-L SeriesEntry-Level Cisco Catalyst GE Switches
IOS LANLite image
2 x 1G or 4 x 1GEEE
downlinks
Operational temperature-5 to 55°C
Cisco EnergyWise™ management
Type-A USB for storage and Bluetooth dongle
Persistent PoE (FCS+1)
Shallow depthUp to 11.5” 4 Egress queues
per port
2 MB per ASIC
Up to 370W PoE+
Versatile Form Factor Noiseless Cisco TAC Support Energy Efficiency Simplified Management
Enterprise-class
• CLI, web GUI, mobile
app (FCS+1)
• Cisco IOS® Software
• Cisco Catalyst® brand
• ELLW
• Fanless operation
• High MTBF
• Cisco® lifecycle
management
Bluetooth-ready
800 MHzCPU
Global Share Fighter
IOS; 2960L More
LAN-Base & IP-Lite
NaaS: Netflow & DNS-
AS
Openflow v1.3
80Gbps Stacking
PoE+
2*10G Uplinks
Migrate FE
(2960P, 2960C)
Catalyst 2K Product Positioning
Entry-level Catalyst
GE
IOS: 2960Plus +
More
No Stacking
PoE+
1G Uplinks only
Better
Catalyst 2960P(10 SKUs)
Catalyst 2960L (8 SKUs)
Catalyst 2960X/XR(23 SKUs)
Catalyst FE
LAN Base/LAN Lite
No Stacking
No PoE+
1G Uplinks only
Comparing Cisco Catalyst 2960 Families
2960-P 2960-L 2960-X/XR
1G Downlinks ✗ ✔ ✔
10G Uplinks ✗ ✗ ✔
Full PoE ✗ ✗ ✔
PoE+ ✗ ✔ ✔
Stacking ✗ Virtual Stacking (Clustering) ✔
Advanced L2/L3 ✗ ✗ ✔*
Entry-Level DNA ✗ ✗ ✔
Noiseless Operation ✗ ✔ ✗
Power Redundancy ✗ ✗ ✔* Netflow Lite, IPv6 first-hop security, etc.
Cisco Catalyst 2960-L Portfolio
Product ID GE Downlinks SFP Uplinks PoE Power Depth (cm) Fanless
WS-C2960L-8TS-LL 8 2 21,5 Yes
WS-C2960L-8PS-LL 8 2 67W 24 Yes
WS-C2960L-16TS-LL 16 2 21,5 Yes
WS-C2960L-16PS-LL 16 2 120W 24 Yes
WS-C2960L-24TS-LL 24 4 24 Yes
WS-C2960L-24PS-LL 24 4 195W 26,5 Yes
WS-C2960L-48TS-LL 48 4 24 Yes
WS-C2960L-48PS-LL 48 4 370W 29,2 No
Simple Management: Web UI
Building IoT
Building Applications(Light & temperature control, video surveillance)
Building Endpoints(Sensors, IoT Devices, Luminaires,
VAV, Badging, HVAC)
Cisco Digital Building Blueprint - A Converged Ecosystem
Introducing Network Innovation for Digital Buildings
Digital Network Architecture (Switching, Routing, Security)
Security Automation InsightsAnalytics
Automation
Security
Policy based Configuration, onboarding & management with APIC-EM
Device Profiling, authentication and segmentation of IoT devices with NaaS
A platform for Real-Time Analytics across enterprise and IoT networks
Extends DNA to the building edge and creates the foundation for next generation Smart Buildings
Introducing the Catalyst Digital Building Series Switch
Optimized and purpose-built for Low Voltage Building Deployments
Compact,
Rugged Design
Cisco UPOE
and PoE+ options
Low Voltage
Compliance
Power Efficient
(~4W standby)
Ceiling and
Rack
Mountable
High Temperature
Rating (50 deg C)
SecureAutomated policy
& segmentation
SimpleEasy Installation
& management
SavingsEnergy efficiency
& control
An Expanding Ecosystem of PoE Devices
Enhanced PoE Capabilities on the Digital Building Switches
Enable Scale
Full UPOE
Increased PoE
Budget: 480W of
UPOE (8 x 60W)
Fanless, silent
reliable operation with
increased MTBF and
system life (10 yrs)
Perpetual UPOE
Provides non-stop
UPOE power
Switch can continue to
provide power during
configuration and reboot
Fast UPOE
Restores power to
powered device within
5 secs of
power resumption
Digital Building Switch
Ethernet Cable
…
Wall Switch
IP Video Surveillance
Camera
Dense Sensor Network
(Light, Motion, CO2/CO, etc.)
Commercial LED PoEFixtures
Building Mgmt(Connected
HVAC)
Digital Building Applications
2-Event Classification
Simplified power
negotiation without LLDP
Physical layer negotiation
< 1s based on class/type
Perpetual
UPOE
CDB Switches Enable Efficient Cabling and Cost Effective Installation
Flexible Mounting (Ceiling, rack, cabinet)
Flexible Orientation(Upright, face-down, side)
Flexible Powering(IEC, Direct Wired)
Single Cable (Terminating at Wiring Closet)
Simplify Installations with Cable Consolidation
Fire, Safety
Variable Air Valve
Badge Reader / Access
Sensors
Physical Stacking(multiple stacked mounts)
Smart
Installs
LED LightsIP Camera
Cisco Day 0 Mobile App Makes Installation hassle-free
Install LV
Power SwitchRun Cables
Install
Luminaire
Create Project
LV Power
Source
Mobile App
No Uplinks
Plenum SpaceUpdate image (optional)
Connect to LV power source
Apply profile (optional)
Take snapshot
Generate/send project report
Validate devices
PoE Luminaire
Smart
Installs
Cisco Configuration Professional for Cisco Catalyst (Cisco CPC) Switch Management Simplified
Localized for English, Japanese, Chinese, and Korean
Set Up and Configure
Switch, VLAN, and port config
4-step wizard for day 0
Troubleshooting and Maintenance
Cisco® IOS® Software image upgrade
Alerts and notification
Monitoring
Client and endpoint visibility
on wired and wireless LAN
System health and port status dashboard
Smart
Installs
APIC-EM 1.X Update
N-PnP Cloud Redirection Service
PnP-Agent APIC EM
Server
PnP-Agent
Where’s my PnP Server?
PnP Cloud
Redirection Service
Customer
Or Partner
APIC-EM IP
PnP Protocol
CISCO
CUSTOMERCisco Commerce Workspace
Supply-Chain
Customer DB
Customer Order
Smart
Account DB
Device SR# Device SR#
Download Image & Config
APIC-EM Registers IP Address w/ Cloud
CCW Ordering of PnP Device (NETWORK-PNP-LIC)
• NETWORK-PNP-LIC
(option item) requires a
Smart Account
• Smart Account
requirement message
provided to customer
• Note that there is also a
minimum IOS
requirement
• NETWORK-PNP-LIC is
structured to the BOM
as a zero dollar Option
Item
CCW Ordering of PnP Device (Smart Account Assignment)
• Smart Account can be
assigned at the order or
line level
• Customer can also
request a Smart Account
directly from order
Cisco Plug and Play Connect (PnP Connect) General Availability
We are pleased to announce the general availability of Cisco Plug and Play Connect (PnP Connect)
Release 1.0. Cisco PnP Connect, a cloud based service, is a component of the Cisco Network Plug and Play
solution and provides automated discovery of an on-premise APIC-EM controller. Additionally, PnP Connect
enables configuration provisioning of devices directly through the cloud, without APIC-EM (beta feature
App Features
EasyQoS Custom BW Allocation per Traffic Class
EasyQoS Policy Scheduler
EasyQoS Sub-Interface (WAN) support
EasyQoS Classification based on latest NBAR2 PP(#27)
EasyQoS Support for 2960CX/C
EasyQoS UX Improvements
Dynamic
QoS
Support for App Name in Flow API
Dynamic
QoS
Performance Improvement
What’s New in 1.4 –APIC-EM EasyQOS App
Custom BW Allocation per BW Class
Custom BW Profile
Custom BW Allocation per BW Class
Ability to select BW profile per policy scope
EasyQOS Policy Scheduler
Ability to schedule policy provisioning
EasyQOS UX Improvements
Improved UX for per Wireless SSID policy scope
What’s New in 1.4APIC-EM Inventory/Discovery/Topology
Shipped: 02/21
App Features
Topology Disaggregation and Layout Improvements
Topology Toggle button to turn off host visibility
Discovery
& Inventory
Generic TTY Read only API
(Command Runner Utility)
Discovery
& Inventory
Resync Inventory on demand
Discovery
& Inventory
Edit Credentials per device
Discovery
& Inventory
Per Device polling timer
Discovery
& Inventory
Auto Configuration of IPDT
Discovery
& Inventory
Incremental Back off Polling Interval for 3850 and
similar switches
Topology Visualizer – Ability to toggle Hosts
Host Toggle Switch
Topology Visualizer – Ability to toggle Hosts
Device Inventory – Ability to Resync Inventory on demand
Ability to re-sync inventory on a per device level
Device Inventory – Per Device Polling Timer
Ability to modify per-device Polling Timer
Device Inventory – Auto Configuration of IP Device Tracking
Auto-Configure IP Device Tracking on discovered switches
APIC-EM Command Runner App
APIC-EM 1.x PlatformCommand Runner App
APIC-EM 1.x PlatformCommand Runner App
APIC-EM 1.x PlatformCommand Runner App
APIC-EM 1.x PlatformCommand Runner App
APIC-EM 1.x PlatformCommand Runner App
APIC-EM Integrity and Verification App
APIC-EM 1.x PlatformIntegrity and Verification
APIC-EM 1.x PlatformIntegrity and Verification
APIC-EM 1.x PlatformIntegrity and Verification
APIC-EM CAA – Life Cycle Management
• Personalized Advisor Info on:
• End-of-life & End-of-support dates
• Security Advisories (PSIRTs) based on PID and OS
APIC-EM 1.x PlatformCAA- Life Cycle Management
APIC-EM 1.x PlatformCAA- Life Cycle Management
APIC-EM 1.x PlatformCAA- Life Cycle Management – Hardware EoL
HW End of Sale/End of Support Information
APIC-EM 1.x PlatformCAA- Life Cycle Management - PSIRTs
Security Vulnerability Information
APIC-EM Bonjour App
• APIC-EM SDG Controller provides central control for Enterprise wide SDG-Agents(v1.3.3 max 200 SDG Agents, 150’000 Service Instances)
Problem: Bonjour Protocol has initially been designed for limited number of Consumer Devices in a single Layer 2 Domain – how to provide Enterprise Scale across multiple L3 Boundaries ?
Solution: Leverage Software-Defined Bonjour Service-Discovery Gateway-Controller App on APIC-EM
• Bonjour provides Service Discovery in single Layer 2 Domain
• Service Discovery Gateways (SDG) provide granular control and service across L2 Domains
APIC-EM 1.x PlatformSD-Bonjour