Rene Andersen Cisco SE DK

Cisco SwitchTech UpdateCatalyst April 2017

TRADITIONAL ACCESS

CONVERGED ACCESS

Catalyst 3650

Catalyst 3850

Catalyst 2960-LCatalyst 2960-X/XR

Catalyst 6800/6500

Catalyst 4500E Sup 8

New Catalyst platforms for campus

Cisco Catalyst portefolio overview

Wired/Wireless

Convergence

For Entry Level

Stackable Switch

Wired/Wireless

Convergence

for High End

Stackable Switch

Double everything Greenest Switch Ever

Catalyst 6800/6500

Industry Leading Campus Backbone Platform

Wired/Wireless Convergence

for Chassis Based Switch

640GB Line-Rate

UADP ASIC

• New 750W AC Power Supplies

• 1+1 Power Supply Redundancy

• Front-to-Back and Back-to-Front Fan options

48 x SFP+ Fixed

UADP ASICConverged

AccessLine-Rate

Virtual

stacking

1+1 Power

Redundancy

Front-to-Back & Back-to-Front

Fans and Power Supplies

*No StackWise or StackPower on 48p SKU

4 x QSFP Fixed

Catalyst 3850 10G: 48 Port

Cisco Stackwise Virtual

VSLSW-1 SW-2

Phase 1 - Aggregation

o

o

Distributed stacking is supported in 16.3.3..

Catalyst 3850 10G SFP+12 Port and 24 Port

C3850-NM-4x10G

C3850-NM-

8x10G

C3850-NM-2x40G

UADP ASICConverged

Access`StackWise-480 StackPower

1+1 Power

RedundancyLine-Rate

C3850-NM-4x10G

WS-C3850-24XS

WS-C3850-12XS

• MPLS

• Application Visibility and Control

• Programmability

• COAP

• POE Innovations

• Enterprise Media Networks - AVB

• WCM Sub package upgrade

• MACSEC 256

• ERSPAN

Some Important Features Released in 16.3.1

©

10G SFP+1G SFP

1/10G 1RU Aggregation

Catalyst 4500-X

• Fixed 10G Aggregation

• 16p and 32p Base

Units

• 8 port 10G network

Module

• Front-to-Back and

Back-to-Front Fans and

Power Supplies

1G 1RU Aggregation

Catalyst 3850

1G Fiber

• Fixed 1G Aggregation

• Stackable

• 12p and 24p SKU

• 10G Network Module

Catalyst 6880-X

• Best-in-Class Core

Feature-set

• Up to 80 1G/10G

Ports, 20 40G ports

• Full MPLS

• Instant Access

1/10G 1RU Aggregation

Catalyst 3850

10G Fiber

• Fixed 10 G

Aggregation

• 12p, 24p and 48p

SKUs

• Stackable(12p/24p)

• 10G/40G Network

Module

1/10G 5RU Core

Catalyst 6840-X

• Best-in-Class Core

Feature-set

• Up to 40 1G/10G Ports

• 40G Uplinks

• Full MPLS

• Instant Access

1/10G 2RU Core

Catalyst Fixed Backbone Portfolio FY17S

ca

le / F

ea

ture

s

Catalyst 6800 Nexus 7700

1 2

Catalyst 6500

FY17-

18

Campus Core

Modular

Transition

Position for the following requirements:

• High-density 10/40/100-Gbps

connectivity

• Full Cisco SDA Capability

• Closest in features (MPLS), buffers,

tables to C6K

Position for the following requirements:

• Optimized for 1G/10G and low density 40G

• Full Campus Fabric support

• Proven Catalyst 6K Class of feature set

• Single O/S requirement in the Campus

Offers: C6807-XL-S6T-BUN / C6807-3850-10G-

BUN

Offers: N7706-EN-B22S2E/ N7710-EN-B23S2E

Caveats: No 100G support Caveats: NexOS in Campus

Network as a Sensor &

Enforcer

APIC-EM

Full MPLS for campus

Campus Fabric

Secure Segmentation with

TrustSec

One Management with Prime

Infrastructure

IT Simplicity with Auto Conf, Interface Template and EEM

One Policy with Identity Services

Engine

High Availability with VSS, SSO and Quad Sup

SSO

3500+ Unique RichCampus Services

Hardware

Investments8P x 40G QSFP Module

– IOS 15.5(1)SY

Catalyst 6800 FamilyThe Next Generation Campus

Backbone Portfolio is here!

Architectural SolutionLeverage aggressive services and

bundle pricing to beat competition.

Nonstop InnovationStrong hardware and software

roadmap with a lot more to come

Catalyst 6K IOS SY Software Map

Q2/Q3’CY2015

IOS 15.2(1)SY1 (Q2)

WS-C3560CX-8XPD-S

mGIG Compact as IA Client

IA Scale: 1500 ports (Sup2T)

Easy FEX/ Auto FEX

NEAT for IA (Compact Switches)

Switch / Priority Renumber for IA

Custom Port QoS for IA

OSPF Fast Re-Route (FRR/LFA)

ISIS Fast Re-Route (FRR/LFA)

HSRP BFD

Q4’CY2014

IOS 15.2(1)SY

C6800 10G Linecards (8x/16x/32x)

C6800 1G linecards (48x)

WS-C3560CX-12PD

IA Scale: 2K ports, 42 FEX ID, 5-stack

IA 2.0: AutoConf,

IBNS 2.0: Service/ Interface Templates, Critical ACL/ MAB, Concurrent/ Differentiated Auth

OSPFv3 GR/ NSSA/ Area Filter

BGP GR/ Local AS

Netflow for COPP

Netflow full MPLS support

IPv6 support for Trustsec

LISP ASM

mDNS SDG 2.0

IPv6 FHS

VRF Aware DHCP Relay (v4/v6)

VRF Aware DNS

MPLS LDP local label filtering

Q2/Q3’CY16

IOS 15.4(1)SY

Campus Fabric with 6807 w/Sup6T

4x10G -> 40G QSFP (Sup2T)

FIPS Certification – Cisco SSL

Security features (Korea Homologation)

CSDL ASLR

CSDL PSB

IOS 15.3(1)SY

Sup 6T

Reverse Breakout Cable

4x10G 40G QSFP

(Sup6T)

IOS 15.2(2)SY (Q3)

C6840-X Switches

IA Scale:1500 ports for C6840-X

APIC-EM Support

Multicast Flow based MoFRR

Q1’CY17+

IOS 15.4(1)SY1

Campus Fabric on 6840/6880

LISP/VXLAN

IOS 15.3(1)SY1

Sup6T on 6500-E series chassis

Sup 6T + IA 3.0 – 2000 ports,160 FEX

IDs

Shipping Shipping ShippingShipping

Visibility News

2960X / 2960XR

User traffic

flows

User traffic

flows

Flow

records

Flow

collector

StealthWatch

consoleOn Prem / Virtual

appliance

• Full Ingress NetFlow on

2960X/XR

• Switch supports 8k flows / ASIC

• NetFlow collection done in

hardware with Minimum impact

to CPU

• NetFlow version 9 and version

5 export

• Full NetFlow supported on

stacked and standalone 2960X/XR

NaaS on 2960 X/XR C1 for Full Netflow/NAAS ShippingFeb17

Base NaaS on Catalyst 2960-X/XR

Full NetFlow

DNS-AS 50+ Apps

StealthWatch

25 FPS/Switch License

Physical2 or Virtual ApplianceC1-based License Only (New)

C1FPCAT29003/4K9

Cisco ONE Foundation Perpetual –

Catalyst 2900 24/48 Port Cisco ONE Foundation 1.100/1.900$

Cisco Unique Solution

for Network Security

Reduce Threat Attack Surface

with Network Sensing

Improved Protection for

Customers and Employees

Implementing NaaS brings

over 200% ROI1

NEW!!

Forrester Report for StealthWatch1 2Purchase Separately

https://www.lancope.com/resources/industry-report/259-roi-lancope-stealthwatch

Full NaaS on Catalyst 3650/3850

Full NetFlow

NBAR2 1500 Apps

ERSPAN

ETTA2

Stealthwatch

50 FPS/Switch License

Physical1 or Virtual Appliance

C1 Foundation LicenseSee Software Packaging

Cisco Unique Solution

for Network Security

Reduce Threat Attack Surface

with Network Sensing

Improved Protection for

Customers and Employees

Implementing NaaS brings

over 200% ROI1

NEW!!

Forrester Report for StealthWatch1

Packetwatch1

1Purchase separately 2Available 1HC17

https://www.lancope.com/resources/industry-report/259-roi-lancope-stealthwatch

Challenges

HTTP

FTP

POP3

IMAP

HTTPS

SMTP

80

20/21

110

143

443

25

Yesterday’s ApplicationsL7

L6

L5 AVC

L4

L3

L2

L1

Netflo

w

Today’s Applications

Know, Monitor & Control Your ApplicationsGranular Detection, Advanced Monitoring & Business Logic Based Policies

Monitor Your ApplicationsKnow Your Applications Control Your Applications

Prioritized Applications Bandwidth Management

Fault Isolation, TroubleshootingPerformance Assessment

Granular App DetectionEncrypted Application

© 2016 Cisco and/or its affiliates. All rights reserved

http://images.google.fr/imgres?imgurl=http://www.clikphoto.com/2003/Customers/images/Siebel.Logo.JPG&imgrefurl=http://www.clikphoto.com/2003/Customers/links.html&usg=__dY-YhzjlqXwgaBUa3GI7LkIC8nE=&h=137&w=363&sz=4&hl=fr&start=1&sig2=jRZ_dNmSZXrDAJLEkmINsA&um=1&tbnid=q54bb4J2TD1_uM:&tbnh=46&tbnw=121&prev=/images?q=siebel+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=CeHBSv6xGdi7jAfDrYHfBQhttp://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQhttp://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQhttp://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ

Why do you need AVC at Access?

Application Recognition Techniques

• Pre Defined Apps

Metadata on DNS

Server

• Lightweight &

authoritative

• Identify most

Applications

• Detects ENCRYPTED

apps

• Custom Apps

• IOS XE 3.9.0E (Cat4K)

and IOS 15.2.5E1

(Cat2K)

.

DNS-AS

• 1500 Apps

• Initial packets

copied to CPU

• Good for most app

except evasive app

like bittorrent

• Available in IOS XE

16.3 (3650/3850)

NBAR2

(Performance

Optimized)

NBAR2

DPI

• 1500 Apps

• Fine Grain DPI

• Mostly on Routers,

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Internal

Network

DNS-AS Operation

1) Client requests a DNS Lookup

2) Access Switch examines the DNS request

3) Internal DNS Server returns a DNS response (A-Record)

4) Access Switch requests application metadata information by generating its own DNS query

5) Internal DNS Server returns application metadata (A-Record + TXT Record)

6) Access Switch maintains a Binding Table of application metadata

DNS Server App

Server

DNS Lookup:

mail.timco.com

DNS A-Record:

mail.timco.com is 172.16.0.7

DNS Lookup + TXT Record Request:

mail.timco.com

TXT Record:

172.16.0.7

mail.timco.com

App ID = 378

App Class: BULK-DATA

Business Relevance: YES

IP Address PTR App-ID App-Class Business-

Relevance

172.16.0.7 mail.timco.com 378 Bulk Data YES

19

NBARPP Signatures

Advanced Classification Techniques

Native IPv4/ IPv6

Classification Advanced

Field Extraction

Custom Signature

Builder

Can be used with MQC (Modular QoS CLI) to control the traffic patterns in the network

Supported devices: Catalyst 3850/3650, ISR-G2 (86x, 88x, 89x, 19xx, 29xx, 39xx), 44xx, ASR1k, CSR1kV, WLC (2508, 8500, 7500, 55xx)

Protocol Pack allows adding more applications without upgrading or reloading IOS

Use heuristic algorithms to recognize encrypted traffic

And …

Recognizes

~1500 Apps

~140 Encrypted Apps

Network Based Application Recognition

http://images.google.fr/imgres?imgurl=http://www.clikphoto.com/2003/Customers/images/Siebel.Logo.JPG&imgrefurl=http://www.clikphoto.com/2003/Customers/links.html&usg=__dY-YhzjlqXwgaBUa3GI7LkIC8nE=&h=137&w=363&sz=4&hl=fr&start=1&sig2=jRZ_dNmSZXrDAJLEkmINsA&um=1&tbnid=q54bb4J2TD1_uM:&tbnh=46&tbnw=121&prev=/images?q=siebel+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=CeHBSv6xGdi7jAfDrYHfBQhttp://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQhttp://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQhttp://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ

Enabling and Monitoring AVC – CLI - License : IP Base

CLI

switch# show run int g1/0/23

Building configuration...

interface GigabitEthernet1/0/23switchport access vlan 193ip nbar protocol-discoveryend

switch# show ip nbar protocol-discovery top-n

GigabitEthernet1/0/23 Input Output ----- ------

Protocol Packet Count Packet Count Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate

------------------------ ------------------------ ------------------------youtube 356 187

264713 25603 0 0 6000 3000

bing 2741 2384 493258 423925 0 0 3000 3000

© 2016 Cisco and/or its affiliates. All rights reserved

Enabling AVC ServicesWebUI interface

AVC MonitoringWebUI - Easy and Simple Visibility

Campus Application Map

Polaris 16.2• NBAR2 Dynamic PPs

• NBAR2 Custom Apps

• AVC

Polaris 16.3.x AVC with FNF Ph1

Programmability

Stackwise virtual 48XS

Polaris 16.5/16.6• Python On-box

• Stackwise Virtual 12/24XS

CAT3650/385

0

DNS-AS

Nova 3.9.1 Programmability

Campus Fabric

MKA MACSec

Release 15.2(5b)E DNS-AS Full NetFlow

CAT 4K

CAT 2K

Shipping!

Shipping!Shipping!

Shipping!

Shipping!

Cisco Catalyst 2960-L Series Switches

More Use CasesPowering Small Networks with Quietness and Simplicity

Often used in:

Bank branches

Hotel buildings

School buildings

Retail stores

Office buildings

Common ask:

Low-priced GE model

Simple management

Low energy consumption

Low-budget PoE+

802.1X and web authentication

Small form factor

Out-of-wiring-closet design

Basic Layer 2, QoS, and IPv6

Enterprise-grade quality and support

Addressing Business TransformationNew Unified Access Cisco Catalyst Switching Solution

Bu

sin

ess C

on

tin

uit

y

Business Agility

GreenIntelligent

Services

Comprehensive

Security

Ease of Operations

and Simplicity

Mission-Critical

Performance

Scale and

Resilience

Entry-Level

Cisco Catalyst

C2960-L Lan Lite

New

Converged L2

Services

C2960-X LAN Base

Resilient L2 and

Converged L3 Services

C2960-XR IP Lite

Introducing Cisco Catalyst 2960-L SeriesEntry-Level Cisco Catalyst GE Switches

IOS LANLite image

2 x 1G or 4 x 1GEEE

downlinks

Operational temperature-5 to 55°C

Cisco EnergyWise™ management

Type-A USB for storage and Bluetooth dongle

Persistent PoE (FCS+1)

Shallow depthUp to 11.5” 4 Egress queues

per port

2 MB per ASIC

Up to 370W PoE+

Versatile Form Factor Noiseless Cisco TAC Support Energy Efficiency Simplified Management

Enterprise-class

• CLI, web GUI, mobile

app (FCS+1)

• Cisco IOS® Software

• Cisco Catalyst® brand

• ELLW

• Fanless operation

• High MTBF

• Cisco® lifecycle

management

Bluetooth-ready

800 MHzCPU

Global Share Fighter

IOS; 2960L More

LAN-Base & IP-Lite

NaaS: Netflow & DNS-

AS

Openflow v1.3

80Gbps Stacking

PoE+

2*10G Uplinks

Migrate FE

(2960P, 2960C)

Catalyst 2K Product Positioning

Entry-level Catalyst

GE

IOS: 2960Plus +

More

No Stacking

PoE+

1G Uplinks only

Better

Catalyst 2960P(10 SKUs)

Catalyst 2960L (8 SKUs)

Catalyst 2960X/XR(23 SKUs)

Catalyst FE

LAN Base/LAN Lite

No Stacking

No PoE+

1G Uplinks only

Comparing Cisco Catalyst 2960 Families

2960-P 2960-L 2960-X/XR

1G Downlinks ✗ ✔ ✔

10G Uplinks ✗ ✗ ✔

Full PoE ✗ ✗ ✔

PoE+ ✗ ✔ ✔

Stacking ✗ Virtual Stacking (Clustering) ✔

Advanced L2/L3 ✗ ✗ ✔*

Entry-Level DNA ✗ ✗ ✔

Noiseless Operation ✗ ✔ ✗

Power Redundancy ✗ ✗ ✔* Netflow Lite, IPv6 first-hop security, etc.

Cisco Catalyst 2960-L Portfolio

Product ID GE Downlinks SFP Uplinks PoE Power Depth (cm) Fanless

WS-C2960L-8TS-LL 8 2 21,5 Yes

WS-C2960L-8PS-LL 8 2 67W 24 Yes

WS-C2960L-16TS-LL 16 2 21,5 Yes

WS-C2960L-16PS-LL 16 2 120W 24 Yes

WS-C2960L-24TS-LL 24 4 24 Yes

WS-C2960L-24PS-LL 24 4 195W 26,5 Yes

WS-C2960L-48TS-LL 48 4 24 Yes

WS-C2960L-48PS-LL 48 4 370W 29,2 No

Simple Management: Web UI

Building IoT

Building Applications(Light & temperature control, video surveillance)

Building Endpoints(Sensors, IoT Devices, Luminaires,

VAV, Badging, HVAC)

Cisco Digital Building Blueprint - A Converged Ecosystem

Introducing Network Innovation for Digital Buildings

Digital Network Architecture (Switching, Routing, Security)

Security Automation InsightsAnalytics

Automation

Security

Policy based Configuration, onboarding & management with APIC-EM

Device Profiling, authentication and segmentation of IoT devices with NaaS

A platform for Real-Time Analytics across enterprise and IoT networks

Extends DNA to the building edge and creates the foundation for next generation Smart Buildings

Introducing the Catalyst Digital Building Series Switch

Optimized and purpose-built for Low Voltage Building Deployments

Compact,

Rugged Design

Cisco UPOE

and PoE+ options

Low Voltage

Compliance

Power Efficient

(~4W standby)

Ceiling and

Rack

Mountable

High Temperature

Rating (50 deg C)

SecureAutomated policy

& segmentation

SimpleEasy Installation

& management

SavingsEnergy efficiency

& control

An Expanding Ecosystem of PoE Devices

Enhanced PoE Capabilities on the Digital Building Switches

Enable Scale

Full UPOE

Increased PoE

Budget: 480W of

UPOE (8 x 60W)

Fanless, silent

reliable operation with

increased MTBF and

system life (10 yrs)

Perpetual UPOE

Provides non-stop

UPOE power

Switch can continue to

provide power during

configuration and reboot

Fast UPOE

Restores power to

powered device within

5 secs of

power resumption

Digital Building Switch

Ethernet Cable

…

Wall Switch

IP Video Surveillance

Camera

Dense Sensor Network

(Light, Motion, CO2/CO, etc.)

Commercial LED PoEFixtures

Building Mgmt(Connected

HVAC)

Digital Building Applications

2-Event Classification

Simplified power

negotiation without LLDP

Physical layer negotiation

< 1s based on class/type

Perpetual

UPOE

CDB Switches Enable Efficient Cabling and Cost Effective Installation

Flexible Mounting (Ceiling, rack, cabinet)

Flexible Orientation(Upright, face-down, side)

Flexible Powering(IEC, Direct Wired)

Single Cable (Terminating at Wiring Closet)

Simplify Installations with Cable Consolidation

Fire, Safety

Variable Air Valve

Badge Reader / Access

Sensors

Physical Stacking(multiple stacked mounts)

Smart

Installs

LED LightsIP Camera

Cisco Day 0 Mobile App Makes Installation hassle-free

Install LV

Power SwitchRun Cables

Install

Luminaire

Create Project

LV Power

Source

Mobile App

No Uplinks

Plenum SpaceUpdate image (optional)

Connect to LV power source

Apply profile (optional)

Take snapshot

Generate/send project report

Validate devices

PoE Luminaire

Smart

Installs

Cisco Configuration Professional for Cisco Catalyst (Cisco CPC) Switch Management Simplified

Localized for English, Japanese, Chinese, and Korean

Set Up and Configure

Switch, VLAN, and port config

4-step wizard for day 0

Troubleshooting and Maintenance

Cisco® IOS® Software image upgrade

Alerts and notification

Monitoring

Client and endpoint visibility

on wired and wireless LAN

System health and port status dashboard

Smart

Installs

APIC-EM 1.X Update

N-PnP Cloud Redirection Service

PnP-Agent APIC EM

Server

PnP-Agent

Where’s my PnP Server?

PnP Cloud

Redirection Service

Customer

Or Partner

APIC-EM IP

PnP Protocol

CISCO

CUSTOMERCisco Commerce Workspace

Supply-Chain

Customer DB

Customer Order

Smart

Account DB

Device SR# Device SR#

Download Image & Config

APIC-EM Registers IP Address w/ Cloud

CCW Ordering of PnP Device (NETWORK-PNP-LIC)

• NETWORK-PNP-LIC

(option item) requires a

Smart Account

• Smart Account

requirement message

provided to customer

• Note that there is also a

minimum IOS

requirement

• NETWORK-PNP-LIC is

structured to the BOM

as a zero dollar Option

Item

CCW Ordering of PnP Device (Smart Account Assignment)

• Smart Account can be

assigned at the order or

line level

• Customer can also

request a Smart Account

directly from order

Cisco Plug and Play Connect (PnP Connect) General Availability

We are pleased to announce the general availability of Cisco Plug and Play Connect (PnP Connect)

Release 1.0. Cisco PnP Connect, a cloud based service, is a component of the Cisco Network Plug and Play

solution and provides automated discovery of an on-premise APIC-EM controller. Additionally, PnP Connect

enables configuration provisioning of devices directly through the cloud, without APIC-EM (beta feature

App Features

EasyQoS Custom BW Allocation per Traffic Class

EasyQoS Policy Scheduler

EasyQoS Sub-Interface (WAN) support

EasyQoS Classification based on latest NBAR2 PP(#27)

EasyQoS Support for 2960CX/C

EasyQoS UX Improvements

Dynamic

QoS

Support for App Name in Flow API

Dynamic

QoS

Performance Improvement

What’s New in 1.4 –APIC-EM EasyQOS App

Custom BW Allocation per BW Class

Custom BW Profile

Custom BW Allocation per BW Class

Ability to select BW profile per policy scope

EasyQOS Policy Scheduler

Ability to schedule policy provisioning

EasyQOS UX Improvements

Improved UX for per Wireless SSID policy scope

What’s New in 1.4APIC-EM Inventory/Discovery/Topology

Shipped: 02/21

App Features

Topology Disaggregation and Layout Improvements

Topology Toggle button to turn off host visibility

Discovery

& Inventory

Generic TTY Read only API

(Command Runner Utility)

Discovery

& Inventory

Resync Inventory on demand

Discovery

& Inventory

Edit Credentials per device

Discovery

& Inventory

Per Device polling timer

Discovery

& Inventory

Auto Configuration of IPDT

Discovery

& Inventory

Incremental Back off Polling Interval for 3850 and

similar switches

Topology Visualizer – Ability to toggle Hosts

Host Toggle Switch

Topology Visualizer – Ability to toggle Hosts

Device Inventory – Ability to Resync Inventory on demand

Ability to re-sync inventory on a per device level

Device Inventory – Per Device Polling Timer

Ability to modify per-device Polling Timer

Device Inventory – Auto Configuration of IP Device Tracking

Auto-Configure IP Device Tracking on discovered switches

APIC-EM Command Runner App

APIC-EM 1.x PlatformCommand Runner App

APIC-EM 1.x PlatformCommand Runner App

APIC-EM 1.x PlatformCommand Runner App

APIC-EM 1.x PlatformCommand Runner App

APIC-EM 1.x PlatformCommand Runner App

APIC-EM Integrity and Verification App

APIC-EM 1.x PlatformIntegrity and Verification

APIC-EM 1.x PlatformIntegrity and Verification

APIC-EM 1.x PlatformIntegrity and Verification

APIC-EM CAA – Life Cycle Management

• Personalized Advisor Info on:

• End-of-life & End-of-support dates

• Security Advisories (PSIRTs) based on PID and OS

APIC-EM 1.x PlatformCAA- Life Cycle Management

APIC-EM 1.x PlatformCAA- Life Cycle Management

APIC-EM 1.x PlatformCAA- Life Cycle Management – Hardware EoL

HW End of Sale/End of Support Information

APIC-EM 1.x PlatformCAA- Life Cycle Management - PSIRTs

Security Vulnerability Information

APIC-EM Bonjour App

• APIC-EM SDG Controller provides central control for Enterprise wide SDG-Agents(v1.3.3 max 200 SDG Agents, 150’000 Service Instances)

Problem: Bonjour Protocol has initially been designed for limited number of Consumer Devices in a single Layer 2 Domain – how to provide Enterprise Scale across multiple L3 Boundaries ?

Solution: Leverage Software-Defined Bonjour Service-Discovery Gateway-Controller App on APIC-EM

• Bonjour provides Service Discovery in single Layer 2 Domain

• Service Discovery Gateways (SDG) provide granular control and service across L2 Domains

APIC-EM 1.x PlatformSD-Bonjour