IOS-XE 3.6.0E / IOS 15.2(2)E · IOS-XE 3.6.0E / IOS 15.2(2)E September 2014 One Combined Software Release for Cat2K/3K/4K/WLC5760 SE René Andersen

IOS-XE 3.6.0E / IOS 15.2(2)E

September 2014

One Combined Software Release for Cat2K/3K/4K/WLC5760

SE René Andersen

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

IOS-XE3.6.0E / IOS15.2(2)E Software Release – Highlights

One Combined Release

For newly introduced IOS-XE (Cat3850/3650/3850 Fiber, Sup8E & WLC5760) and Classic IOS Platforms (2960S, 2960X/R, 3750-X, 3560-X etc)

Software Service Innovations

IT Simplicity, Mobility and Application Experience

Certifications

Complete Govt. certifications for NG and Classic shipping platforms (Wired & Wireless)

Feature Parity

• Maximum feature parity for Sup8E including VSS support

• Critical Feature parity Cat3850/3650 with improved manageability


Cisco Confidential – For NDA use only, not for further disclosure or distribution

Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 CY2015

CY2012 CY2013 CY2014

Catalyst Access Switching - Software Roadmap

EM Release

EM: Extended Maintenance Release

Darya rebuild

3.3.2SE

C3850 Fiber

Catalyst 4500E/X

Release

Catalyst 2K/3K Feature

Release

IOS-XE NG3K Releases

2K/3K/4K One Release

Amur

XE 3.6.0E/15.2(2)E Beni

XE 3.7.0/15.3(1)E

One Combined

Release for

Cat2K/3K/4K/5760

Yap XE 3.3.0SG/ IOS 15.1.(1)SG

Texel XE 3.4.0SG/ IOS 15.1(2)SG

Indus XE 3.5.0E/IOS 15.2(1)E

4K Release

Nile

15.0(2)SE

2960-SF

Launch

XE 3.2.0SE Darya

3.3.0SE

3K-X UPOE

Launch

C3850 Launch

2K/3K Release

C3850/5760 FCS

Release

Sup-8E Launch

15.0(2)EX

2960X/XR

Launch

IOS XE 3.3.0XO

EM Release

EM Release

C3650 C3850 Fiber


Customer benefits of combined release ?

• One release to Qualify, Deploy and Maintain for Cat2K/3K/4K

• Lower TCO

What combined release does not provide ?

• Merging of IOS to IOS-XE or vice-versa

• Change in existing platform behavior

5 © 2014 Cisco and/or its affiliates. All rights reserved. BRKARC-3438 Cisco Public

IOS

IOS XE 3 .x

Management Interface

Module Drivers

Common Infrastructure / HA

IOS-XE

• Modern IOS to enable multi-core CPU

• Easy customer migration

• While maintaining IOS functionality and look and feel

• Allow hosted applications like Wireshark

Management Interface

Module Drivers

Linux Kernel

Common Infrastructure / HA

IOSd

Features Components

Hosted Apps

Features Components

WCM

Kernel

IOS XE Evolution

Wireshark

IOS 15.x


SM Rebuilds EM Rebuilds

• Total 3 rebuilds spanned over 18 months.

• Last rebuild is PSIRT only.

• Total 9 rebuilds spanned over 44 months.

• Last 2 rebuilds are PSIRTS only.

• Extended Maintenance (EM) and Standard Maintenance (SM)

• Two feature releases every year, alternating between SM and EM

3.x/15.x SM SM EM SM EM EM

Release Guidelines


One Policy

One Management

One Network

Policy ISE 1.2/1.3

Manageability

Prime 2.1,WEBGUI, MSE8.0

BYOD & Mobility

Service Discovery Gateway Ph 2,

Device Profiling for Wired/Wireless

Application Experience

AVC Wireless on AP Ph II(QoS tie-in with Policy), Medianet on 3850/3650(Wired)

IT Simplicity Interface Template, Auto-conf Plug & Play Agent

Infrastructure

New APs- AP2700, AP700I,AP700W, AP1530

Optics: Active/Passive SFPs CX1, Active SFP

IOS-XE3.6.0E/15.2(2)E (Amur) Software Release C4K(SUP8,7,6,4500-X,49xx), C3K(3850,3650,X,C), C2K(2960S,FE,X,XR,C), WLC5760

Shipping

Complete Govt. Certification, One Combined Release, Extended Maintenance


3850/3650 Wired Feature Parity with 3750-X

3.3.0SE (Shipping)

Core

• HSRPv2

• 9 member stack

• QoS Enh

Core

• VRRPv3, IPv6 VRFs • IPv6 Multicast Routing • QinQ/L2PT

Software Services • Security: SGT/SGACL,

Critical Voice VLAN,

(SXP/SXP2 Enhancements

• BYOD: Service Discovery

Gateway (wired & wireless),

Wired Guest Access

• IT Simplicity : Wireshark

(wired & wireless)

(

Compliance • FIPS & Common Criteria

• UCAPL (DoD/JITC)

Other • 10G DWDM SFP+, ZR

(3.3.3SE rebuild, Target

CCO: 4/30/14)

Software Services

• Security: Device Sensor • AVC: Medianet (Perf Mon,

Mediatrace, Metadata) • EW : Energywise Parity

Compliance • FIPS & Common Criteria

• UCAPL & USGv6

Other • Extended Maint

• Active/Passive SFP/SFP+

Optical Cables

3.7.0E - EC(Q4CY14)

Core • PVLAN

• XPS Power supply, IPv6

FHS Ph II, Etherchannel

support for IPv6 FHS

Software Services • Security: MACSec uplink

(sw-2-sw)

• AVC: Medianet (Metadata

QoS)

CY15 Roadmap

Core • CoPP

• BFD, REP, MVR

• Smart Call Home

• Embedded Syslog manager

Software Services • Security: MACSec

downlink(sw-2-host)

• AVC: Medianet (IP SLA VO)

3.6.0E (Shipping)


IOS-XE 3.6.0E/ IOS15.2(2)E Release

Wired Features Infrastructure • Active and Passive CX1 SFP, Active CX1 SFP+,

• Sup8-E wired feature parity w/ SUP7E (except IPv6 PBR)

• Migration enablers for 3850 & 3650* (See next slide for details)

• TDR in Lan Base (4K,parity with 3K), WCCP in IP-base (3K), IPv6 PIM in IP-lite(2960XR)

Layer 3 • IPv6 VRF (Sup8E, 3850/3650)

• IPv6 uRPF, IPv6 PBR (3850/3650)

• IPv4 & IPv6 SDM Templates (3850/3650)

• VRRPv3 (Sup8E, 3850/3650)

IT Simplicity • PnP Agent, PnP Smart Install Proxy

• Smart Install Client (4K)

• Auto Conf and Interface Templates

• Easy VSS, Auto Secure

Services • Device Sensor w/ISE – Wired & Wireless

• Service Discovery Gateway Ph II (Location, Static service,,HA)

• IP4 FQDN ACL, Secure CDP, IPv6 CTS, Bidir SXP

Application Experience • Medianet on 3850 & 3650 (Perf Mon, Mediatrace, Metadata)

Wireless Features

Infrastructure • New AP Support: AP700I, AP700W, AP2700

• Outdoor AP1530 series (Centralized Mode Only)

Mobility Services • AVC-Wireless Ph II ( QoS tie-in with Policy) • Service Discovery Gateway Ph II (location static

service) • Device Sensor (Policy Classification Engine)

Interop • Prime 2.1, ISE 1.2/1.3, MSE 8.0

Compliance for Wired and Wireless

• Wired & Wireless FIPS 140-2, CC, UCAPL

Shipping

Last Release for Sup6E/L-E, 2960S/SF,

2K/3K Gig compact


New Hardware Support


Starts at $1,095 List Price

3x4 MIMO: 3 SS 802.11ac AP

3x performance of 802.11n

RF Excellence enabled in Hardware

HDX Technology

2 GigE Ports

Downstream device support only

Cisco Aironet 2700 Access Point Series

Aironet 2700 Series

Shipping Now

CUWN 7.6 MR2

IOS XE 3.6 (Amur)


Cisco Aironet 1530 Outdoor N Access Point Series Ultra Compact and Flexible for Enterprise and Service Provider

• Ideal for Campus coverage between buildings, seamless indoor to outdoor to indoor roaming

• Small and ruggedized IP67 design for outdoors • Innovative flexible port architecture: dual or

single band external antenna configuration via software

• Only supported in Centralized AP mode(No support for Mesh mode)


Cisco Aironet 700W N Access Point Series Wall Mount, Dual Radio with 4 (four) integrated GbE ports • Target Hospitality, Dorm, Multi Dwelling

• Enterprise class RF performance, integrated

antennas, Dual Radio 2x2:2

• 4x GbE local ports with 1x PoE out

• Sleek design in a small form factor (6 x 4 x 1.5 in)

• Purpose-built bracket for ease of mounting to numerous wall-box standards

• Physical security enhancements: Torx screw or Kensington lock

• Only supported in AP mode(No support for Mesh mode)


2960-X Fan Less Model Silent Operation : co-locate with end users

First 8 ports PoE/PoE+ (110W PoE Budget)

4 uplink ports 2 * SFP + 2 * 1G BT

LAN Base only Non-Stackable

Front Vents

Heat Sinks

Top Vents

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 15

The NEW Catalyst 3850 Fiber Switches

Key Benefits

•12 and 24 port 1G

Fiber SKUs

• 2x10G or 4x1G Uplinks

• Built on UADP ASIC

• Integrated Mobility Controller

• StackPower

• Stackable with 3850 Access

switches

Converged Access Por t fo l io s t reng thened wi t h t he New 3850 F iber swi t ches

Licensing Options: IP Base and IP Services


Compliance & Certifications


Compliance - Catalyst 2K, Compact, 3K-X, 3850, 3650, 5760 Certified In Progress with 3.6.0E

2960S/SF, 2960X/XR 2960S/SF All

2960C, 3560C All All

3K-X, 3K-X UPoE 3K-X All

Wired & Wireless

3850, 3650, 3850-UPoE, 5760 All

2960S/SF, 2960X/XR 2960S/SF All

2960C, 3560C 2960C, 3560C All

3K-X, 3K-X PoE 3K-X All

Wired & Wireless

3850, 3650, 3850-UPoE, 5760 All

2960S/SF, 2960X/XR 2960S/SF All

2960C, 3560C 3560C All

3K-X, 3K-X PoE 3K-X All

Wired & Wireless

3850, 3650, 3850-UPoE, 5760 All

2960S/SF, 2960X/XR 2960S/SF 2960X/R

2960C, 3650C All

3K-X, 3K-X PoE All

Wired & Wireless

3850, 3650, 3850-UPoE, 5760 3850, 3850-UPoE 3650

NA

Certified NA

Not Applicable Not Certified

NA

Products


Compliance - Catalyst 4500E/X,49xx Series Switches Currently Certified In Progress with 3.6.0E

Sup2, Sup4, Sup5, Sup6E, Sup6LE Sup2, Sup4, Sup5

Sup7E, Sup7LE, 4500X Sup7E,7LE,4500X All

Sup8E Sup8E (Wired)

49xx 4900M, 4948E, 4948EF

Sup2, Sup4, Sup5, Sup6E, Sup6LE

Sup7E, Sup7LE, 4500X Sup7E,7LE, 4500X All

Sup8E Sup8E (Wired)

49xx

Sup2, Sup4, Sup5, Sup6E, Sup6LE Sup6E, Sup6LE

Sup7E, Sup7LE, 4500X Sup7E,7LE,4500X All

Sup8E Sup8E (Wired)

49xx

Sup2, Sup4, Sup5, Sup6E, Sup6LE Sup6E, Sup6LE

Sup7E, Sup7LE, 4500X Sup7E,7LE,4500X

Sup8E Sup8E (Wired)

49xx 4900M, 4948E, 4948EF

Certified NA Not Applicable

Product

NA

NA

NA

Not Certified


Feature Details: SIMPLICITY!


Easy VSS


Problem with Traditional VSS Configuration

Up to 30 Lines

Configuration on both Active & Standby

Error prone

Version Mismatch – More manual tasks

Easy VSS

Access Switch

Multi-Chassis Etherchannel

Access Switch


Easy VSS Configuration

1 Line – ‘switch convert mode easy-vss’

Zero touch on Standby (No Config Needed)

Mismatch Discovery & Fix

Needs an L3 Reachability to the pair for communication

Option to choose VSL Link

Easy VSS

Access Switch

Multi-Chassis Etherchannel

Access Switch

#(easy-vss)#VSL ?

Local Interface Remote Interface Hostname Standby-IP

GigabitEthernet3/5 TenGigabitEthernet1/1 4K-DEMO 2.2.2.4

GigabitEthernet3/6 TenGigabitEthernet1/2 4K-DEMO 2.2.2.4

GigabitEthernet3/7 TenGigabitEthernet1/1 4K-DEMO2 2.2.2.5


Easy VSS

Switch 1

Switch-1(config)# switch virtual domain 100

Switch-1(config-vs-domain)# switch 1

Switch-1(config-vs-domain)# exit

Switch-1(config)# interface port-channel 10

Switch-1(config)# switchport

Switch-1(config-if)# switch virtual link 1

Switch-1(config-if)# no shutdown

Switch-1(config-if)# exit

Switch-1(config)# interface range tengigabitethernet 3/1-2

Switch-1(config-if)# channel-group 10 mode on

Switch-1# switch convert mode virtual

Switch 2

Switch-2(config)# switch virtual domain 100

Switch-2(config-vs-domain)# switch 2

Switch-2(config-vs-domain)# exit

Switch-2(config)# interface port-channel 20

Switch-2(config)# switchport

Switch-2(config-if)# switch virtual link 2

Switch-2(config-if)# no shutdown

Switch-2(config-if)# exit

Switch-2(config)# interface range tengigabitethernet 5/2-3

Switch-2(config-if)# channel-group 20 mode on


Traditional VSS Config

Easy VSS Config Switch 1


#(easy-vss)#VSL Te3/1 Te3/2

Switch 2

Switch-2(config)#


AutoSecure


Auto Secure

Generally Applied Security Configuration

• 3 Simple Security Features

• DHCP Snooping

• Dynamic ARP Inspection

• Port Security

• Several Lines of Configuration

• Difficult to Validate


Auto Security – Features Enabled

• DHCP Snooping

Globally

ip dhcp snooping

ip dhcp snooping vlan 2-4094

no ip dhcp snooping information option

Per Access Port

ip dhcp snooping limit rate 100

Per Trunk Port

ip dhcp snooping trust

• Dynamic Arp Inspection

Globally

ip arp inspection vlan 2-4094

Per Access Port

ip arp inspection limit rate 100

Per Trunk Port

ip arp inspection trust

• Port Security

Per Access Port

switchport port-security

switchport port-security maximum 2

switchport port-security maximum vlan access 1

switchport port-security maximum vlan voice 1

switchport port-security violation restrict

switchport port-security aging time 2

switchport port-security aging type inactivity

Per Trunk Port




Auto Secure

Auto Security Config

• 1 Line – ‘auto security’

• Uplinks & Downlinks

• Global & Per Port Option

• Global Config enables on all ports as well

• Based on port mode – access OR trunk, it applies host config or uplink config


Auto Secure – Features Enabled

• DHCP Snooping

Globally

ip dhcp snooping



Per Access Port


Per Trunk Port


• Dynamic Arp Inspection

Globally


Per Access Port


Per Trunk Port


• Port Security

Per Access Port



switchport port-security maximum vlan access 1

switchport port-security maximum vlan voice 1




Per Trunk Port




Auto Secure – Actual Config & show Commands auto security

!

interface GigabitEthernet3/3

description Connected to wired PC

switchport access vlan 11

switchport mode access

auto security-port host

!

interface TenGigabitEthernet1/1

description Trunk Port

switchport mode trunk

auto security-port uplink

Switch#sh auto security configuration

%AutoSecure provides a single CLI config 'auto secure'

to enable Base-line security Features like

DHCP snooping, ARP inspection and Port-Security

Auto Secure CLIs applied globally:

---------------------------------

ip dhcp snooping




ip arp inspection validate src-mac dst-mac ip

Auto Secure CLIs applied on Access Port:

----------------------------------------


switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice







Auto Secure CLIs applied on Trunk Port:

--------------------------------------






Switch#sh auto security

Auto Secure is Enabled globally

AutoSecure is Enabled on below

interface(s):

-----------------------------------

---------

TenGigabitEthernet1/1

GigabitEthernet3/1

GigabitEthernet3/3

GigabitEthernet3/4

GigabitEthernet3/5

GigabitEthernet3/6

Switch#


Interface Templates


Auto Conf and Interface Template

Port based only Usability/Bloated config Inflexible

• Simplified running-config

• Parsed at definition time

• Built-in templates

Lower TCO

• Config rollback

• Precedence management

• Integrated with session aware networking

Easy to use &

Intuitive

Next Gen Auto Smart Port

Current Challenges


P1

P4

P2

Auto conf – Use case

Access

Switch

switchport trunk encapsulation dot1q

switchport trunk allowed vlan ALL


switchport nonegotiate

auto qos voip trust

mls qos trust cos

srr-queue bandwidth limit $LIMIT

S1, S2, S3

S4

auto qos voip trust




vlan 100

access-group corp

inactivity 300

vlan 200

access-group corp

service-policy corp

interface-template service-template

interface-template

service-template

Phone

Compact switch

Access

point

Interface Templates • Activated on INTERFACES

• Auto-conf one network device per port

e.g. Switch or AP

• Impacts all the traffic exchanged via that

interface

• Stays ON as long as activated

Service Templates • Activated on NETWORK SESSIONS

• No impact on other session’s sharing

that port

• Stays ON as long as the session exists

Platforms supported:4K/3K/2K/Compact


3750X# show run interface Gig 1/0/10

Building configuration...

Current configuration : 79 bytes

!

interface GigabitEthernet1/0/10

source template DMP_INTERFACE_TEMPLATE

end

3750X(config-if)#source template DMP_INTERFACE_TEMPLATE

3750X(config-if)# end

3750X# show derived-config interface Gig 1/0/10

Derived configuration : 249 bytes

!



switchport block unicast


srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust dscp

spanning-tree portfast

spanning-tree bpduguard enable

end

Interface Templates

• Easy to build, modify and troubleshoot

• Simplify Running config BEFORE

AFTER


Config File Readability and Manageability

Smaller configuration files

Built-in Interface Templates for ease of use

All Interface Templates are customizable.

Advantages over Auto Smart Ports

Templates updates immediately ripple to interfaces

• Per session or per port templates

• No change to running-config

• Full rollback and precedence management

• Compatible with Session Networking/AutoConf

Interface Templates Benefits Overview


Interface Templates: Built-in Templates

11 Built-in Templates based on common end devices

3750X# show template interface brief

Template-Name Source Bound-to-Interface

------------- ------ ------------------

AP_INTERFACE_TEMPLATE Built-in No

DMP_INTERFACE_TEMPLATE Built-in No

IP_CAMERA_INTERFACE_TEMPLATE Built-in No

IP_PHONE_INTERFACE_TEMPLATE Built-in No

LAP_INTERFACE_TEMPLATE Built-in No

MSP_CAMERA_INTERFACE_TEMPLATE Built-in No

MSP_VC_INTERFACE_TEMPLATE Built-in No

PRINTER_INTERFACE_TEMPLATE Built-in No

ROUTER_INTERFACE_TEMPLATE Built-in No

SWITCH_INTERFACE_TEMPLATE Built-in No

TP_INTERFACE_TEMPLATE Built-in No

Good Defaults


Similar to Nexus Port Profiles

Easy

Intuitive

Reduces configuration file size

Interface Templates: Summary


AutoConf


Automates Interface Templates

Combines User Sessions and Interface sessions into one architecture

AutoConf is Flexible (see Gumby)

No impact to running configuration

Easy to Enable

AutoConf Benefits Overview


P1

P4

P2

Autoconf – Campus Use case

Access

Switch




switchport nonegotiate

auto qos voip trust

mls qos trust cos

srr-queue bandwidth limit $LIMIT

S1, S2, S3

S4

auto qos voip trust




vlan 100

access-group corp

inactivity 300

vlan 200

access-group corp

service-policy corp

interface-template service-template

interface-template

service-template

Phone

Compact switch

Access

point

Interface Templates • Activated on INTERFACES

• Auto-conf the network device (one per

port) e.g. Switch or AP

• Template impacts all the traffic via that

interface

• Stays ON as long as activated

Service Templates • Activated on NETWORK SESSIONS

• Template impacts only the control or data

packets to the session

• No impact on other sessions sharing port

• Stays ON as long as the session exists


AutoConf – Interface Templates relationship

AutoConf

Templates

Templates are the

foundation for AutoConf

Templates can work

without AutoConf

AutoConf requires

Templates


To Enable Autoconf Globally “Autoconf enable”

Builtin parameter map auto generated BUILTIN_DEVICE_TO_TEMPLATE

Not shown in running configuration unless modified

Based on Templates (Interface and Service)

Maps Device-Type to Interface Template automatically

By default uses builtin Interface Templates (see previous section)

Builtin Policy Map & builtin Parameter Map

AutoConf: the Basics


BUILTIN_AUTOCONF_POLICY - AutoConf policy

that identifies parameter map

AutoConf: default Hierarchy

AutoConf Policy

Parameter Map

Container relationship

Mapping Device type A to

interface template X

Mapping Device type B to

interface template Y

Mapping Device type C to

interface template Z

3750X# show parameter-map type subscriber attribute-to-service all

Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE

Map: 10 map device-type regex "Cisco-IP-Phone"

Action(s):

20 interface-template IP_PHONE_INTERFACE_TEMPLATE

Map: 20 map device-type regex "Cisco-IP-Camera"

Action(s):

20 interface-template IP_CAMERA_INTERFACE_TEMPLATE

Map: 30 map device-type regex "Cisco-DMP"

Action(s):

20 interface-template DMP_INTERFACE_TEMPLATE

All builtin by default

3750X# show policy-map type control subscriber BUILTIN_AUTOCONF_POLICY

BUILTIN_AUTOCONF_POLICY

event identity-update match-all

10 class always do-until-failure

10 map attribute-to-service table BUILTIN_DEVICE_TO_TEMPLATE


Parameter Map: Brains behind autoconf

Parameter Map role

Maps device-type to interface template

BUILTIN_DEVICE_TO_TEMPLATE

Automatically created when autoconf enabled

Not shown in running-config unless modified

Easy to modify

Ways to map device to template

device-type specify device-type

mac-address specify mac-address

oui specify oui

user-role specify user-role

username specify username

AutoConf: default parameter map

3750X# show parameter-map type subscriber attribute-to-service all

Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE

Map: 10 map device-type regex "Cisco-IP-Phone"

Action(s):

20 interface-template IP_PHONE_INTERFACE_TEMPLATE

Map: 20 map device-type regex "Cisco-IP-Camera"

Action(s):

20 interface-template IP_CAMERA_INTERFACE_TEMPLATE

Map: 30 map device-type regex "Cisco-DMP"

Action(s):


Map: 40 map oui eq 00.0f.44

Action(s):


Map: 50 map oui eq 00.23.ac

Action(s):


Map: 60 map device-type regex "Cisco-AIR-AP"

Action(s):

20 interface-template AP_INTERFACE_TEMPLATE

Map: 70 map device-type regex "Cisco-AIR-LAP"

Action(s):

20 interface-template LAP_INTERFACE_TEMPLATE

Map: 80 map device-type regex "Cisco-TelePresence"

Action(s):

20 interface-template TP_INTERFACE_TEMPLATE

Map: 90 map device-type regex "Surveillance-Camera"

Action(s):

10 interface-template MSP_CAMERA_INTERFACE_TEMPLATE

Map: 100 map device-type regex "Video-Conference"

Action(s):

10 interface-template MSP_VC_INTERFACE_TEMPLATE


After IP Phone connected to Interface Gi1/0/2

No change to running configuration

Show run int <intf>

AutoConf In Action: Dynamic Binding to Interface (1) 3750X# show run interface gi1/0/2


!


End

Gig1/0/2

Nothing

shown


After IP Phone connected to Interface Gi1/0/2

No change to running configuration

Show run int <intf>

Full Configuration displayed with derived command show derived int <intf>

AutoConf In Action: Dynamic Binding to Interface (2) 3750X# show run interface gi1/0/2


!


end

3750X# show derived int gi1/0/2

Derived configuration : 616 bytes

!



switchport block unicast


switchport port-security maximum 2 vlan access





load-interval 30

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

storm-control broadcast level pps 1k

storm-control multicast level pps 2k

storm-control action trap

spanning-tree portfast

spanning-tree bpduguard enable


end

Gig1/0/2

Nothing

shown


What template is bound to interface? Show template interface

binding

show template binding

AutoConf In Action: Dynamic Binding to Interface (3) 3750X# show template interface binding all

Template-Name Source Method Interface

------------- ------ ------ ---------

IP_PHONE_INTERFACE_TEMPLATE Built-in dynamic Gi1/0/2

3750X# show template binding target gi1/0/2

Interface Templates

===================

Interface: Gi1/0/2

Method Source Template-Name

------ ------ -------------

dynamic Built-in IP_PHONE_INTERFACE_TEMPLATE

Service Templates

=================

Interface: Gi1/0/2

Session Source Template-Name

------- ------ -------------

Gig1/0/2


Policy Classification Engine


ACTIONS

RADIUS

Aut

h

AD memberOf

= cisco-av-pair

Device

Profiling AV

C

Wired Wireless Policy Classification Engine

• Integrated on 5760, 3850, 3650

• No separate server/license required

• Ability to classify 237 device profiles

• Apple iPhone, Apple iPad, Windows XP,

• Windows7/8, Samsung Galaxy S3,

• iOS 5.1/6, Ice Cream Sandwich, Jelly Bean

• Policy Actions

• Prioritize, Drop traffic DEVICE TYPE

USER ROLE CISCO-AV-

PAIR

Faculty

Student

APPLICATION NAME

Voice

Video

BIND

Prioritize QoS

Drop ACL

Change VLAN VLAN

Cisco Confidential

WLC


Application Visibility & Control Wireless Only


Application Visibility and Control on Gen-2 AP For wireless clients

Gen2 AP

NBAR2 Engine NBAR2 Protocol Pack

16 8

Upstream SSID Marking and Policing

Upstream Client Marking and Policing

Upstream drop

Downstream SSID Marking and Policing

Downstream Client Marking and Policing

Updated NBAR2 Engine and Protocol Pack

Note AVC is not supported on legacy Gen-1 platforms or APs with low memory such as AP700I and AP700W

Ability to support Microsoft Lync 2013,

Jabber, Dropbox and many more…

ROLE BASED APPLICATION POLICY

• Alice & Bob are both employees connected to same SSID. Bob can access

certain applications but Alice cannot.

DEVICE BASED APPLICATION POLICY

• Alice can access application on (Company issued) Windows Laptop but not on

(Personal) iPad on the same WLAN

http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ

http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ


Key Takeaways


Key Takeaways

• One Combined and Extended maintenance for Cat2K/3K/4K/WLC5760

• Rich Software Services - IT simplicity, Mobility, Application Experience

• VSS support on Sup8-E

• Critical Feature Parity for Cat3850/3650

• Complete Government Certifications (Wired & Wireless)

• Improved Managebility


Simplicity

Plug-N-Play– Simplified Day 0/ Day 1 Provisioning

Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing

Network Admin

1

Campus-

Bldg-2

Smart Install Proxy

PnP Agent

Smart Install-Client

PnP Agent

PnP Agent

PnP Agent

PnP Server

Installer

Remote Installer • Mount and cable devices • Power-on

2

APIC EM

3

• Network Admin remotely monitors status of install while in progress.

• Booting devices call out to PnP Server, requesting instructions

Thank you.

Documents

IOS-XE 3.6.0E / IOS 15.2(2)E · IOS-XE 3.6.0E / IOS 15.2(2)E September 2014 One Combined Software Release for Cat2K/3K/4K/WLC5760 SE René Andersen