Upload
cisco-public-sector
View
989
Download
4
Embed Size (px)
Citation preview
2015 Product Update&
Converged AccessRob RummelCCIE 9012Systems Engineer
Cisco 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular Access Switching Update
Fixed Access Switching Update
Campus Backbone
ISR 4400
Agenda
Converged Access
Cisco 4000 Series Integrated Services Routers
Cisco 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Branch Router Evolution
ISR 4431 & 4300 familyMaking for a complete ISR 4000 familyISR 4451-X
First ISR based on IOS XE
ISR G2 family800, 1900, 2900 & 3900Taking the ISR concept to the next level
ISR G1 family1800, 2800, 3800The first architecture custom designed for integrated services
Cisco 2500Cisco’s first family of branch routers for 23 different deployments
Cisco 2600Superseded 2500. Considered one of Cisco's premier products.
2014
2013
2009
2004
1998
1993
Not shown here: 700, 1600, 1700, 4000/4500, 3600 & 3700 series routers
Cisco 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Pay-As-You-Grow with Cisco ISR 4000 Series
ISR 432150-100 Mbps
ISR 4331100-300 Mbps
ISR 4351 200-400 Mbps
ISR 4431 500-1000 Mbps
ISR 4451 1-2Gbps
Investment Protection Without Oversubscription
4-10X FasterAdd performance and services anytime
Flexible consumption options
Cisco 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4451ISR4451-X/K9
Entity ISR 4451
CPU architecture 4 core control/services 10 core dataplane
Network Interface Modules 3
Enhanced Service Modules 2
Front-Panel Ethernet 4 GE (all dual-phy RJ45 or SFP)
ISC slot 1 for all ISC cards
USB type A ports 2
Power Dual internal AC or DC
Control/services memory
Base 4 GB; max 16 GB 1600 MHz DIMMs 2 DIMM slots
Mgmt Ethernet 1 Gbps
1 Gbps or 2 Gbps Performance1 Gbps or 2 Gbps Performance
Cisco 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4431ISR4431/K9
500 Mbps or 1 Gbps Performance500 Mbps or 1 Gbps Performance
Entity ISR 4431
CPU architecture 4 core control/services6 core data plane
Network Interface Modules 3
Enhanced Service Modules 0
Front-Panel Ethernet 4 GE (all dual-phy RJ45 or SFP)
ISC slot 1 for all ISC cards
USB type A ports 2
Power Dual internal AC or DC
Control/services memory
Base 4 GB; max 16 GB1600 MHz DIMMs 2 DIMM slots
Mgmt Ethernet 1 Gbps
Cisco 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4351ISR4351/K9
200 Mbps or 400 Mbps Performance200 Mbps or 400 Mbps Performance
Entity ISR 4351
CPU architecture 8-core CPU
Network Interface Modules 3
Enhanced Service Modules 2
Front-Panel Ethernet 3 GE (all dual phy RJ45 or SFP)
ISC slot 1 for all ISC cards
USB type A ports 2
Power Single internal AC or DC
Control/services memory
Base 4 GB; max 16 GB1600 MHz DIMMs 2 DIMM slots
Mgmt Ethernet 1 Gbps
Cisco 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4331ISR4331/K9
100 Mbps or 300 Mbps Performance100 Mbps or 300 Mbps Performance
Entity ISR 4331
CPU architecture 8-core CPU
Network Interface Modules 2
Enhanced Service Modules 1
Front-Panel Ethernet1 dual-phy (SFP or RJ45)1 RJ45 only1 SFP only (copper SFP supported)
ISC slot 1 for all ISC cards
USB type A ports 1
Power 1 internal AC
Control/services memory
Base 4 GB; max 16 GB1333 MHz DIMMs 2 DIMM slots
Mgmt Ethernet 1 Gbps
Cisco 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4321ISR4321/K9
50 Mbps or 100 Mbps Performance50 Mbps or 100 Mbps Performance
Entity ISR 4321
CPU architecture 4-core CPU
Network Interface Modules 2
Enhanced Service Modules 0
Front-Panel Ethernet 2 GE (1 dual-phy, 1 RJ45 only)
ISC slot 1 for all ISC cards
USB type A ports 1
Power 1 internal AC
Control/services memory
Base 4 GB; max 12 GB1333 MHz DIMMs 2 DIMM slots
Mgmt Ethernet 1 Gbps
Cisco 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Revolutionary Platform ArchitectureArchitected for the Optimal Application Experience
Converged Branch with UCS® E-Series
Integrated compute Up to 8 cores
4-10 Times Faster Than ISR G2 at similar price
Native L2-7 ServicesSecurity, optimization
Pay as You GrowPerformance and services
Virtualized Services FrameworkAppliance-level performance
Service-Aware Data Plane For efficient traffic handling Cisco ISR
4000
Powering the Intelligent WAN
Cisco 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4000 Family I/O Design
Management Interfaceout-of-band control plane connection directly to a management network
Front-Panel GE RJ45/SFP GE Interfaces
PoE+ available on some models
Network Interface Modules Larger and more powerful than EHWICs Up to 8 ports per module DSPs directly on modules
Optional Drive NIM for Service Containers RAID 1 for data protection Single HD (future) and
dual SSD options Embedded SSD option
USB Connections 2 type A for file storage USB type B console in addition
to RJ45 console and aux ports
Enhanced Service Modules Compatible with Cisco® ISR G2 Up to 10-Gbps connection to system Faster and more powerful than SMs
Internal Services CardInternal ExpansionCurrently for CUBE DSPs
Cisco 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco 4300 Comparison to 4400: Differences
4400 Family Benefits
Redundant power
Ability to physically separate control, services, and data plane CPU sockets
Additional service container capacity through faster CPUs
Higher throughput for base and performance licenses
Cisco 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4400 Series Architecture
Control Plane (1 core) and Services Plane (3 cores)
Data Plane (6 or 10 cores)
Multigigabit Fabric
FPGE
ISC
SM-X
NIMService Plane
(control plane CPU)Service Plane
(control plane CPU)
KVM - HypervisorKVM - Hypervisor
ISR-WAAS
Service containers live here
IOS
Cisco 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ISR 4300 Series Architecture
Service Plane (control plane CPU)
Service Plane (control plane CPU)
KVM - HypervisorKVM - Hypervisor
ISR-WAAS
IOS
Service Container
Multigigabit Fabric
FPGE
ISC
SM-X
NIM
Data Plane Cores
Note:4321 uses 2DP, 1CP & 1SC cores
Cisco 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ISR 4400
Modular Access Switching Update
Campus Backbone
Fixed Access Switching Update
Agenda
Converged Access
Cisco 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst Access PortfolioEssential connectivity to Unified Access for NG Workspace
• Secure, reliable access• Low TCO & energy‐efficient
Competitive Feature Set at Compelling Prices
UNIFIEDWORKSPACE BYOD Video Mobility
Converged Wired/Wireless Access
• Upto 480G Stacking• Upto 4x10G Uplinks• Stackpower with 3850• Supports up to 50AP’s
• Scale and Performance• 928G Backplane• 8 Modular 1/10G
Uplinks• Supports 50AP’s*
Lead Modular SwitchLead Stackable Switch
SCALE
FEAT
URE
S
NEW Jul 2013 NEW Jan 2013 gNEW Aug 2013
Cisco 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco 18
High Education
K-12Healthcare
• BYOD & rapid Client adoption Students bring in latest laptops, smartphone, tabletsHigh concentration of devices connecting to the networkBetter spectrum use when devices move to 5GHz rather than the crowded 2.4GHz band
• CT, MRI, Cardiac Imaging, and 4D modeling demands higher bandwidth
• Large file movement of images when not real‐time
• Efficient handling of legacy and new 11ac devices as wireless density increases
• Collaborative Classrooms with HD Video
• Multi‐screen HD video is streamed live to 802.11ac and 802.11n enabled devices in classrooms
Service Provider
Stadiums
• Enhanced service offerings with the latest wireless technology, providing competitive differentiation
• SP‐Wi‐Fi off‐load − balancing users between Wi‐Fi and 3G/4G/LTE
• Better Customer experience to high Bandwidth Apps such as Netflix or Hulu Plus
• Continued shift to 5 GHz to offload the crowded 2.4 GHz
• 802.11ac and CMX deliver next-gen fan experience
• Enhanced scaling forinherently High density environments
• New revenue opportunities (sponsorship, merchandising)
• CMX maps with featured attractions
• Differentiate core retail services
802.11ac Drivers
Cisco 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Multi-Gigabit Ethernet (mGig) SolutionKey Differentiators
POE/POE+/UPOE Cisco Innovation over 10GT Standard to support high end point power needs
Maintain Switch to AP Reach at Higher SpeedsAdaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) Future proofed for higher speeds
Standards Compliant 1G and 10G BaseT IEEE standards, intermediate speeds WIP
Infrastructure Investment Protection Supports 100m distance with Cat5e cabling up to 5G speeds for BrownfieldSupports Cat6a cabling for Greenfield deployments for higher speeds
So we have a very unique innovation that we are offering, which is completely differentiating us from the rest of
the industry.
The first major one is as the .11ac is getting adopted, there's an increasing need for more and more speeds.
So today we can go up to one gig speeds for the .11ac.
With the .11ac, we have two.
There is need for going higher than one gig.
So we have the offering, the multi‐gigabit ethernet, which is a unique offering which is capable of supporting adaptive rate
speeds, all the way from 100 meg, all the way up to 10 gig, completely future‐proofing for higher speeds for
your deployments.
So the speeds that specifically are non‐standardized at this point are the 2.5 gig and 5 gig, squarely addressing the.11ac [INAUDIBLE]
standards for phase one and phase two.
So this will essentially allow our customers to come, connect their Next Generation APs onto the switching infrastructure and deliveringhigher bandwidth.
The second key aspect is basically there is a lot of cabling out there today in the campus.
Predominantly, a lot of this cabling is Cat5e cabling based.And there's a lot of investment out here to rip apart and change it.
So today there is a technology that we have.
The Cat5e cable can only deliver up to 1 gig of speed.
The multi‐gigabit ethernet solution that we have is a unique differentiator that will let you deliver speeds beyond 1 gig,
using the same Cat5e cabling infrastructure.
So this is, again, a unique differentiator from rest of the competition.
The third key aspect as why we're delivering this, there is a lot of devices that are getting on board.
We're just demanding a lot more power in terms of PoE and PoE Plus.
And universal PoE delivering beyond 30 watts for the future IOT onboarding.
So it is very important that this solution also helps in getting us that in terms of delivering voltage higher
than the 30 watts, bringing the universal PoE devices on board.
Last, but not the least, any of these have to be standards compliant.
The solution that we have is completely compliant with the 1 gig and the 10 gig, and we are closely
working with the standard bodies to take up the intermediate speeds between 1 gig and 10 gig.
So you can see all these differentiators will completely help us launch, and take advantage of the .11ac proliferation thatis happening in industry.
Cisco 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst Access Switching – Driving the UPOE EcoSystem
Lighting as a Service (Laas)
Lighting as a Service (Laas)
Internet of Everything (IOE)
Internet of Everything (IOE) Next Gen RetailNext Gen Retail Enterprises: VDIEnterprises: VDI
HealthCare: Nurse Call Systems
HealthCare: Nurse Call Systems
Financial Institutions: IP Turrets
Financial Institutions: IP Turrets
Bring HA Mission Critical Applications
Lower CapEx& OpEx
Integrate, Monitor, Analyze and
Control
Address BYOD, 802.11ac Wave2
Cisco 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Enterprise IOT – Connected Lighting
Indu
stry
Indu
stry
Cis
co
Visi
onC
isco
Vi
sion
Ben
efits
Ben
efits
• Superior experience and favorable economics
• Intelligent building automation with IP convergence and IoT
• Centralized management and monitoring
Lower TCO
$$$ High Voltage (110/277V) AC Wiring in the Ceiling $$$
Requires High Voltage Electrician & labor intensive
• Intelligent “digital ceiling” with PoE and energy management over IP• Software defined policy
• Partnering with IoT Ecosystem
Better LED Lighting Experience
• Lower TCO: reduced material & labor cost, energy savings• Intelligent IP platform, software analytics • Global standardized lighting solution
Cisco 22© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Address BYOD 3.0 Scalability
Hill‐RomHill‐Rom NurseCall system + Catalyst UPoEUL Certification in ProgressStanford Hospital – planning to use UPOE line card + 9000 W PS in their medical networkSolution will be available as a single bundle 1HCY2015More healthcare partners in the pipeline!
Visit https://www.youtube.com/watch?v=J2CNxSl0DCM for Launch video.
UPOE EcoSystem Partnership in Healthcare
Cisco 23© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Catalyst Access portfolio was completely refreshed in 2013
• Secure, reliable access• Low TCO & energy‐efficient
Competitive Feature Set at Compelling Prices
UNIFIEDWORKSPACE BYOD Video Mobility
Converged Wired/Wireless Access
• Upto 480G Stacking• Upto 4x10G Uplinks• Stackpower with 3850• Supports up to 50AP’s
• Scale and Performance• 928G Backplane• 8 Modular 1/10G
Uplinks• Supports 50AP’s*
Lead Modular SwitchLead Stackable Switch
SCALE
FEAT
URE
S
NEW Jul 2013 NEW Jan 2013 gNEW Aug 2013
Cisco 24© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst 3850/3650 Leadership in Wired ServicesSCALABILITY/PERFORMANCE
Up to 480G Stacking Up to 50 Access Points / 2000 Clients 4x10GE Uplinks with Copper/Fiber Downlinks IPv4/IPv6/Multicast Scalability Leadership
AVAILABILITY / RESILENCY Stateful Switch Over (SSO) AP and Tunnel SSO Stackpower FRU Power Supplies / Fans
IINTERNET OF THINGS / SDN
Segmentation (TrustSec, VRF-lite) UPOE / Full POE / EnergyWise Bonjour / Services Discovery Gateway Flexible Parser
NETWORK AS A SENSOR Flexible Netflow WireShark MediaNet* Embedded Event Manager
Cisco 25© 2013 Cisco and/or its affiliates. All rights reserved.
Key Benefits Built on UADP ASIC
12 and 24 port 1G SFP
2x10G or 4x1G Modular Uplinks
Stackable with 3850 Access switches
StackPower
Integrated Mobility Controller
Wide range of Optical Interfaces
Converged Access Portfolio Strengthened With the New 3850 Fiber SwitchesConverged Access Portfolio Strengthened With the New 3850 Fiber Switches
Catalyst 3850 1G Fiber SwitchesInnovation with UADP continues…
DATADATA
PoE+PoE+
UPOEUPOE
FiberFiber
Flexible Stacking options with C3850
Cisco 26© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Release 3.6.0E!!!Enhanced Wired and Wireless Functionality
Infrastructure• Active and Passive CX1 SFP, Active CX1 SFP+, • TDR in Lan Base (4K,parity with 3K), WCCP in IP-base (3K)Layer 3• IPv6 VRF, uRPF, PBR• IPv4 & IPv6 SDM Templates • VRRPv3IT Simplicity• PnP Agent, PnP Smart Install Proxy• Auto Conf and Interface TemplatesServices• Device Sensor w/ISE• Service Discovery Gateway Ph II (Location, Static service,HA)• IP4 FQDN ACL, Secure CDP, IPv6 CTS, Bidir SXPApplication Experience• Perf Mon, Mediatrace
Infrastructure• New AP Support
• AP700I, • AP700W• AP2700• Outdoor AP1530 series (Centralized Mode Only)
Mobility Services• AVC-Wireless Ph II ( QoS tie-in with Policy)• Service Discovery Gateway Ph II (location static
service)• Device Sensor (Policy Classification Engine)• AP Pass Through
Interop• Prime 2.1, ISE 1.2/1.3, MSE 8.0
Compliance for Wired and Wireless (FIPS 140-2, CC, UCAPL, CSfc APL)
Wired FeaturesWired Features Wireless FeaturesWireless Features
Cisco 27© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Momentum towards completion of the CA solutionSignificant Feature Enhancements and Management Improvements
3.3 3.6 3.7
INFRA 9 member stacking, HSRP, Critical Voice VLAN, Sevices Discovery Gateway
VRRPv3, IPv6 Routing/PBR/VRF, QinQ, Energywise
PVLAN, XPS, AP1570, World Regulatory Domain
SECURITYSGT/SGACL on wired and wireless Device Sensor, Policy Classification Engine Macsec (wired) and IPv6 FHS
APPLICATIONEXPERIENCE Wireshark (wired and wireless), AVC
Wireless Ph IMSI/MSP, Perf. Mon, AVC Wireless Ph II AFD Visibility, Wireless Auto QoS
MANAGEABILITY & PROGRAMMABILITY 3650 management with PI 2.0.1 PI 2.1, PnP Agent/ Proxy, Interface
Templates, Auto Conf.PI 2.2, SDN* (OF1.3/OnePK), MCMA, Prime
CA Templates
CERTIFICATIONStart - FIPS, Common Criteria, UCAPL End - FIPS, Common Criteria, UCAPL WFA
*Beni MR
Cisco 28© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst 2960-X Series Access Switches is best in its class
2xDoubling Everything Stack units, bandwidth & more
Investment Protection Stack with Existing 2960‐S/SF
Application Visibility & Control
Layer 3Routing
GreenestSwitch Ever
Future-ProofScalable Smart
Intelligent & GreenSimple
Reduce TCOSecureOne Policy
Cisco 29© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Quiet and Fanless Catalyst PortfolioOptimized for deployments outside the wiring closet
WS-C2960X-24PSQ-L• 8 Ports PoE+ (110W)• LAN Base Sofftware
Ideal for retail, conference rooms, classrooms, hotels and more
Ideal for retail, conference rooms, classrooms, hotels and more
24 Ports8 Ports 12 Ports
Port Density
Catalyst Compact• 8/12 Ports PoE+ (240W)• L2/L3 Software
Cisco 30© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Enhanced PoE capabilities on the compact switches enable Perpetual PoE and scale
• Increased PoE Budget: 240W of PoE+ (8 x 30W)• Fanless, silent reliable operation.
• Provides non‐stop PoE power. • Switch can continue to provide PoE+ during
config and reboot
Dense Sensor Network
(Light, Motion, CO2/CO, etc.)
WiFi Access Point
IP Video Surveillance Camera
Wall Switch
CommercialLED PoE Fixtures
Ethernet Cable
Building Mgmt(Connected HVAC)
Digital Ceiling Applications
…
Compact Switch in the
Ceiling
An expanding ecosystem of PoE devices
• Option to power over 18V‐60V external DC power supply, supports PoE+
Cisco 31© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The compact switches deliver advanced networking features for performance and scale.
IT SimplicityInstant Access with 10G – New Smart Operations , AutoconfNG Plug n Play – New
SMART SERVICESNetflow Lite – New Embedded Event ManagerEEE, Hibernate Mode – New 2 x UPOE Powering option – New
SECURITYSegmentation (TrustSec*, VRF‐lite) – New MACsec*
Secure Boot – New
PERFORMANCE10G Fiber uplinks– New mGig for 11ac wireless New PoE+ Scale (240W) – New Persistent PoE* – New
(*) On the roadmap
Cisco 32© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Spurring Innovation in Enterprise IoTDoublemint – An easy way to hook up USB sensors to Cisco hardware
EIoT DevKit – combination of HW, SW and documentation to enable the developer to accelerate endpoint devices onto the network
How this is achieved?
Why create it?
What is it? PoE to USB Adapter
Accelerate IoTAdoption
Extensive ecosystem of USB
sensors & actuators
Enables rapid prototyping
Increase # of ports for Cisco Products
Any IOS capable switch or router becomes an IoT
gateway
USB
Server or VM running python
TemperatureTemperature SoundSoundLightLight MotionMotion
BLE BeaconBLE Beacon ….….RFIDRFID Legacy Serial Device
Legacy Serial Device
Cisco 33© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ISR 4400
Fixed Access Switching Update
Campus Backbone
Modular Access Switching Update
Agenda
Converged Access
Cisco 34© 2013-2014 Cisco and/or its affiliates. All rights reserved.
4503‐E
4507R+E4510R+E
4506‐E
Four Chassis Options 7 and 10 Slot with Sup Redundancy
Catalyst 4500E Portfolio
Power SupplyMaximize UPOE/POE+/POE delivery
Fully Loaded 10‐Slot with POE PWR‐C45‐9000ACV PWR‐C45‐6000ACV PWR‐C45‐4200ACV
SupervisorsTraditional and Wireless Convergence
928G Wired, 20G Wireless WS‐X45‐SUP7L‐EWS‐X45‐SUP8‐E WS‐X45‐SUP7‐E
1GE: 12/24/48 portWS‐X47xx‐SFP‐E
POE: WS‐X4748‐UPOE+E
Data: WS‐X4748‐RJ45‐E
Port Scale:Access and Collapse Agg 384 10/100/1000 POE/PoE+/UPOE
96 SFP+ , 192 SFP
10GE: WS‐X4712‐SFP+E
Cisco 35© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wireless on Catalyst 4500 Sup-8E
Works in all Shipping 4500-E chassis
Up to 50APs2000 Clients
8 SFP+ 10G/1G Uplinks
Campus LISP Ready928G total capacity
Wireless integration
Faster CPU
A p p V i s i b i l i t y
L o w e r T C O
S c a l e
• Investment Protection to UA Arch• In Service Software Upgrade• Life Cycle
• Flexible NetFlow Wireless •IOS XE Open Application Platform
• 20G Wireless Termination*• 100% more Uplink Bandwidth• Programmable Uplink FPGA (LISP)
* Wireless support in H2CY143.7
Cisco 36© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ISR 4400
Fixed Access Switching Update
Modular Access Switching Update
Campus Backbone
Agenda
Converged Access
Campus Backbone Update
Cisco 38© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Future-proof backbone platform to scale your campus services with NO
compromise
Mini but mighty backbone platform
with high density 10G and rich services
With Catalyst Instant Access Technology
solution that dramatically simplifies
your campus operations
Cisco 39© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Taking Catalyst 6K Up to 880G/Slot7 Slots10 RU
Investment protection! Compatible with Sup2T, 6700, 6800, 6900 and latest service modules
Backwards compatible backplane connectors
Catalyst 6500 DNA
Low-power and noiseHigh-efficiency fans
Up to 4 (N+1) power supply redundancy
3000W AC
Up to 880G/Slot capable
Next-generation ready
Side-to-side air flow (redirectable via airflow baffles)
Cisco 40© 2013-2014 Cisco and/or its affiliates. All rights reserved.
C6K-Based “Extensible” Fixed Platform
Up to eighty 1G/10G ports or twenty 40G ports*
Fixed module sixteen 10/100/1000/10G or up to four 40G X86 2 GHz CPU 4 GB DRAM
Sixteen 10/100M, 1/10G or up to four 40G ports
MACsec, VSS, instant access, MPLS, VPLS, LISP, SGT, 1588(*) capable on every port
Low powerLow noise fans
Platinum EFFRedundant AC and DC PS
Cisco 41© 2013-2014 Cisco and/or its affiliates. All rights reserved.
48 x 1G RJ45 Ports
Catalyst 6500 features at access
2 x 10G SFP+ Uplink PortsData and
PoE/PoE+ Options
Stackable up to three members at FCS
System and Status LEDs
Cisco 42© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst New 10G Line Card: C6800-32P10GNew High Density Multi-Rate Line Cards
* with new CVR-4SFP-QSFP Adapter Cable
32 ports of SFP/SFP+, up to 8 ports of QSFP
10/100/1000M GLC-T
100M FX
250MB per Port; 500MB in Performance Mode
Instant Access, SGT, MACSec
160G Throughput,
Performance mode for line rate
1M IPV4 Route
1M Netflow
Not Every Port is Created Equal!Not Every Port is Created Equal!
Cisco 43© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Throughput in 6807 160G
Optics: SFP/SFP+
Egress Buffer/port: 250 MB
Features:
Full-feature L2/L3 module with MPLS, VPLS. IPv4/IPv6
capabilities, 1M IPv4 Routes,1M NetFlow
Additional Hardware Features:
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access
Ideal for: Campus Aggregation and Core
80G
SFP/SFP+
250 MB
Full-feature L2/L3 module with MPLS, VPLS. IPv4/IPv6
capabilities, 1M IPv4 Routes,1M NetFlow
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access
Campus Aggregation and Core
80G
SFP/SFP+
500 MB
Full-feature L2/L3 module with MPLS, VPLS. IPv4/IPv6
capabilities, 1M+ IPv4 Routes,1M NetFlow
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant
Access
Campus Aggregation Core
Instant Access
Hierarchical QoS
SGT & MACSecLarge Buffers
Catalyst 6800 10G PortfolioProviding Deployment Options
32x10G SFP+ 16x10G SFP+ 8x10G SFP+
Cisco 44© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ISR 4400
Fixed Access Switching Update
Campus Backbone
Agenda
Modular Access Switching Update
Converged Access
Cisco 45© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco 46© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco 47© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Extending Wired Benefits to the Wireless Network
Application Visibilitywith Wireshark and Flexible Netflow
Security across wired and wireless with Trustsec
Resiliency with StackPower and StatefulSwitchover
Simplicity with PnP, Auto Smart Ports and Interface Templates
Cisco 48© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Network As A SensorFlexible NetFlow – Defend Against Emerging Threats (Cyber Security)
Lancope StealthWatch
User connects laptop that is infected with a virus. Virus spreads to another user.Catalyst switch is running Flexible NetFlow. It sends user id, application id, traffic volume & more to Lancope.Lancope alerts IT about security breach. IT quarantines affected devices for remediation.IT prevents the virus from spreading to other devices.
Catalyst 3650, 3850, or 4500E
Cisco 49© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Network as a SensorWireshark – Troubleshoot Remotely
SalesForce.Com
Web Server
Loading….
Users complain that Salesforce is running slow.IT does not know where is the problem:Switches, WAN Bandwidth, or Cloud Servers?
IT runs Wireshark to capture and analyze packetsat switch uplinks. Wireshark is included in IOS.
Analysis shows no congestion or packet drops at switch.
IT pings web server over WAN links & gets fast response.
WAN links are not causing the problem.
IT isolates the issue to cloud servers.
IT contacts 3rd party cloud provider to resolve the issue.
Switch
WAN
CloudServers
Cisco 50© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SecurityTrustsec – Simplify Security Enforcement
Role Intranet Financial Servers Web
Guest No No Yes
Employees Yes Yes Yes
Remote VPN Yes No Yes
Employee
RemoteEmployee
Guest
EE RR GG
EE RR EE RREE
11 22 33
EERRGG
Cisco 51© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SimplicityPlug-N-Play– Simplified Day 0/ Day 1 Provisioning
Pre Provision Projects/Sites• Policies• Match Rules • Configs/Image• IP Addressing
Network Admin
1
Campus-Bldg-2
Smart InstallProxy
PnP Agent
Smart Install-Client
PnP Agent
PnP Agent
PnP Agent
PnP Server
Installer
Remote Installer• Mount and cable devices • Power-on
2APIC EM
3
• Network Admin remotely monitors status of install while in progress.
• Booting devices call out to PnP Server, requesting instructions
Cisco 52© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco 53© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Traditional DeploymentsGuest SSID can hog the bandwidth
per SSID Bandwidth
Guest Enterprise
BW allocation
AP
GuestEnterprise
Single user can hog bandwidth
Enterprise
BW allocation
AP
Heavy Hitter
Fair Sharing
Heavy Hitter(BW hog)
Usage based fair bandwidth allocation
Enterprise
Fair BW allocation
Heavy Hitter
Heavy Hitter(BW hog)
Converged AccessDeterministic SSID bandwidth
Enterprise
BW allocationGuest
Enterprise
Guest10% min BW 90% min BW
Hierarchical Bandwidth Management & Fair Sharing
Cisco 54© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Visibility and Control
WirelessAPs
MCCisco Catalyst 3850/3650
Cisco Catalyst 6500/6800
MA MA MA
Web-UI on MA
Applications:Bittorent: 69%Skype: 2%…
NBAR2
Wirelessclients & Apps
Bittorent SkypeFacebook
Wireless only
Cisco 55© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Service Discovery Gateway
Customer Challenges:• Apple Bonjour® and Zeroconf compliant devices are
designed for a single LAN at home • Consumers expect the same service discovery in the
Enterprise/Campus – Across VLANs
Benefits:• ZeroConf service discovery across VLANs• Easy to manage• Designed to scale• Transparent to consumer devices• IPv4 and IPv6 • Wireless and wired access• Integrates role-based access control
CAP/WAP
VLAN100 VLAN200
mDNS based technology
The mDNS Policy Profile is a list of allowed
network applications. (i.e. AirPlay or Printing)
AirPrint AirPlay FileShare
Service Policy
Cisco 56© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco 57© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
• What is Converged Access?
• Converged Access Platforms Overview
• Wireless Deployment Options
• The new Converged Access Mobility Architecture
• How to deploy a Converged Access network?
5
Cisco 58© 2013-2014 Cisco and/or its affiliates. All rights reserved.Wireless Control
System
Access ControlServer
LAN MgmtSolution
Identity Mgmt
NACProfiler
GuestServer
Cisco WirelessLAN Controller
InternalResources
Cisco FirewallCisco Access Point
Catalyst Switch
Corporate Network Internet
One ManagementPrime
One PolicyISE
IOS Based WLAN Control ler• Consistent IOS and ASIC as Catalyst 3x50
• Required to scale beyond 200/250 APor 8 000/16 000 client domains
Converged Access Mode• Integrated wireless controller
• Distributed wired/wireless data plane (CAPWAP termination on switch)
WLC 5760
One Network
Catalyst 3650Catalyst 3850
58
One Network with Converged Access
Cisco 59© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Scalewith distributed wired and wirelessdata plane
Large stack bandwidth;40G wireless / switch;
efficient multicast; 802.11ac optimized
Maximumresiliency with fast stateful recovery
Layered network high availability design with stateful switchover
Singleplatform for wired and wireless
Common IOS, same administration point,
one release
Uni f ied Access - One Po l icy | One Management | One Network
Network wide visibility for
fastertroubleshooting
Wired and wirelesstraffic visible at
every hop
Consistent security and
Quality of Service control
Hierarchical bandwidth management anddistributed policy enforcement
Converged Wired/Wireless Access – Benefits
Cisco 60© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
• What is Converged Access?
• Converged Access Platforms Overview
• Wireless Deployment Options
• The new Converged Access Mobility Architecture
• How to deploy a Converged Access network?
• Good Stuff to Know
6
Cisco 61© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Unified Access PortfolioRobust Converged Wired and Wireless Solution
Identity Services Engine (ISE)
Prime Infrastructure
One PolicyOne Policy
1600
Small‐Mid Enterprise
2600 and 2700
Feature‐OptimizedEnterprise
3600
Mid‐LargeEnterprise
3700 W/ HDX
High‐DensityEnterprise
1530
LowProfile
1550
Larger Deployments
8500, 5760, 5508
WirelessControllers
Backbone Switches
Catalyst 4500
Converged Access Switches
Catalyst3650
Catalyst3850
One Network One Network Controllers and Access Switches Controllers and Access Switches
MDM/MAM SIEM
Access Points Access Points
Catalyst 6800Catalyst 6500
Catalyst 2960-X
AccessSwitch
One Management
Cisco 62© 2013-2014 Cisco and/or its affiliates. All rights reserved.
6B e s t - i n - C l a s s P e r f o r m a n c e , S e c u r i t y, a n d R e s i l i e n c y
5760 Wireless Controller
Cisco Prime
Who?Who? What?What? When?When?Where?Where? How?How?Who? What? When?Where? How?
ISE
Catalyst 3850/3650• Industry’s first fully integrated wired and wireless switch• Wireless: 480G stack, 50 APs, 2K clients, 40G• Flexible NetFlow, Granular QoS
One Policy with Identity Services Engine (ISE)• BYOD policy management• Device profiling and posture• Guest access portal
• Full wired and wireless management• User/device centric view• Intuitive troubleshooting workflows
One Management with Cisco Prime 2.0
5760 Wireless Controller• Consistent IOS with Catalyst 3850
• 60G, 1K APs, 12K Clients, N+1 Redundancy
• Flexible Netflow, Granular QOS
Catalyst 3850
Unified Access Components – Complete Overview
Cisco 63© 2013-2014 Cisco and/or its affiliates. All rights reserved.Bu i l t on C i s co ’s I nnovat i ve “UADP ” AS IC
Wireless CAPWAP Termination in HW
Up to 50 APs /2000 clients per stack, and 40G per switch
Up to 2000 Clients per Stack
40 Gbps Uplink Bandwidth (Modular)
Stackpower
Line Rate on All Ports
Multi‐Core CPU
480 Gbps Stacking Bandwidth
Full POE+
FRU Fans, Power Supplies ‐ HA
Granular QoS / Flexible NetFlow / SGT‐SGACL
63
APs must be directly connected to Catalyst 3850
Catalyst 3850 Switch – Platform Overview
Cisco 64© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wireless CAPWAP Termination in HWUp to 1000 Clients
per Stack
Up to 40 Gbps Uplink Bandwidth
Line Rateon All Ports
FRU Fans
Granular QoS / Flexible NetFlow
Modular 160 Gbps 9 members Stack
SGT/SGACL
Full POE+
Fixed 1G/10G Uplinks
Up to 25 APs / 1000 clients per stack, and 40G per switch
New Front‐End Power Supplies
New Catalyst 3650 Switch – Platform Overview
APs must be directly connected to Catalyst 3650
Bu i l t on C i s co ’s I nnovat i ve “UADP ” AS IC
Cisco 65© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized, or Converged Access Deployment Modes
First IOS-BasedWireless LAN Controller
FRU Fans
6x 1/10G SFP+uplinks with LAG
FRU Power Supplies
60 Gbps Wireless BandwidthGranular QOS/Flexible NetFlow
Up to 12,000 Concurrent ClientsUp to 1000 Access Points
Bu i l t on C i s co ’s I nnovat i ve “UADP ” AS IC
Wireless LAN Controller (WLC) 5760 – Platform Overview
HA Port
Cisco 66© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
• What is Converged Access ?
• Converged Access Platforms Overview
• Wireless Deployment Options
• The new Converged Access Mobility Architecture
• How to deploy a Converged Access network?
• Good Stuff to Know
Cisco 67© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco One Network: Wireless Deployment Modes
One Policy, One Management, One Network
Unified Access Wireless
Unparal leled Deployment Flexibi l i tyUnparal leled Deployment Flexibi l i ty
Autonomous FlexConnect Centralized Converged Access
Cisco 68© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Unified Access—Wireless Deployment Modes
AutonomousAutonomous FlexConnectFlexConnect CentralizedCentralized Converged AccessConverged Access
Traffic Distributed at AP Traffic Centralized at Controller
Traffic Distributed at SwitchStandalone APs
Target Positioning Small Wireless Network Branch Campus Branch and Campus
Purchase Decision
Wireless only Wireless only Wireless only Wired and Wireless
Benefits
• Simple and cost-effective for small networks
• Highly scalable for large number of remote branches
• Simple wireless operations with DC hosted controller
• Simplified operations with centralized control for Wireless
• Wireless Traffic visibility at the controller
• Wired and Wireless common operations
• One Enforcement Point• One OS (IOS)• Traffic visibility at every network layer• Performance optimized for 11ac
Key Considerations
• Limited RRM, no Rogue detection
• L2 roaming only• WAN BW and latency
requirements
• System throughput • Catalyst 3850/3650 in the access layer
WAN
Cisco 69© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Access Points
CA 3K
DMZISEPrime
CA 3K
69Employee Guest
INTEGRATED CONTROLLER OPTIONS
Controller-less BRANCH Controller-less SMALL/MEDIUM CAMPUS
PrimeISE
WAN
5508 or WISM2 with SW Upgrade or new 5760
Any CA 3K
LARGE CAMPUS with Controllers
EXTERNAL MOBILITY CONTROLLER NEEDED
ISE Prime
Traditional 3K/4K
Access Points
AP CAPWAP Tunnels
Mobility ControllerMobility
ControllerMobility
ControllerMobility
Controller
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
Mobility AgentMobility Agent
Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller
3x50
3x50
• Up to 25 Access Points with 3650 (50 w3850)• Up to 1000 Clients per branch with 3650• All WAN Services Available (local
termination)
• Up to 200 Access Points with only 3650s• Up to 250 Access Points with 3850s• Up to 8000 Clients with only 3650s (16k w/3850)• Visibility, Control and resiliency
• Up to 72 000 Access Points (5760 or WiSM-2)• Up to 1 080 000 clients (WiSM-2 as MCs)• Largest Layer 3 roaming domains
Optional Guest Anchor
Converged Access Deployment Modes
Cisco 70© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
• What is Converged Access ?
• Converged Access Platforms Overview
• Wireless Deployment Options
• The new Converged Access Mobility Architecture
• How to deploy a Converged Access network?
Cisco 71© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ISEISE PIPI
Data Centre /Service block
Mobility GroupMobility Group
AP AP AP AP
Inter‐ControllerEoIP / CAPWAP Tunnel
Inter‐ControllerEoIP / CAPWAP Tunnel
AP‐Controller CAPWAP Tunnel802.11 Control Session + Data
Plane
AP‐Controller CAPWAP Tunnel802.11 Control Session + Data
Plane
SSID2 SSID1 SSID3
IntranetEoIP Mobility Tunnel ( < 7.2)
CAPWAP Option in 7.3EoIP Mobility Tunnel ( < 7.2)
CAPWAP Option in 7.3
Notes –• AP / WLC CAPWAP Tunnels are an IETF Standard• UDP ports used –
• 5246: Encrypted Control Traffic • 5247: Data Traffic (non‐Encrypted or DTLS Encrypted (configurable))
• Inter‐WLC Mobility Tunnels• EoIP – IP Protocol 97 … AireOS 7.3 introduces CAPWAP option• Used for inter‐WLC L3 Roaming and Guest Anchor
Inter‐Controller (Guest Anchor)EoIP / CAPWAP Tunnel
Inter‐Controller (Guest Anchor)EoIP / CAPWAP Tunnel
WLC #1WLC #1
CAPWAPTunnelsCAPWAPTunnels LE
GEN
DLEGEN
D
Internet
Well‐known,proven
architecture
Encrypted(see Notes)Encrypted(see Notes)
SSID – VLAN Mapping
(at controller)
SSID – VLAN Mapping
(at controller)
Foreign WLC “Guest” AnchorForeign WLC
“Guest” Anchor
WLC #2WLC #2
Existing Wireless Deployment todayArchitecture Constructs –CUWN Tunnel Types
Cisco 72© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ISEISE PIPI
Data Centre /Service block
Mobility GroupMobility Group
AP AP AP AP
SSID2 SSID1 SSID3
IntranetEoIP Mobility Tunnel ( < 7.2)
CAPWAP Option in 7.3EoIP Mobility Tunnel ( < 7.2)
CAPWAP Option in 7.3
WLC #1WLC #1
CAPWAPTunnelsCAPWAPTunnels
Internet
Well‐known,proven
architectureForeign WLC “Guest” AnchorForeign WLC
“Guest” Anchor
WLC #2WLC #2
Access Points –AP3600, 2600, etc.Access Points –
AP3600, 2600, etc.
Access Switches –Catalyst
3750‐X, 4500‐E
Access Switches –Catalyst
3750‐X, 4500‐E
Distribution Switches –Catalyst 4500‐E, 6500‐EDistribution Switches –Catalyst 4500‐E, 6500‐E
Core Switches –Catalyst 6500‐ECore Switches –Catalyst 6500‐E
Controllers –WLC 5508,WiSM2
Controllers –WLC 5508,WiSM2
Controller –WLC 5508Controller –WLC 5508
Some typical examples –
of products we see used today at various points
in the CUWN solution set,for wireless as well aswired connectivity
Architecture Constructs –CUWN Product Examples
Existing Wireless Deployment today
Cisco 73© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Deployment Overview
Mobility DomainMobility Domain MO
Sub-Domain #1
Sub-Domain #1
Sub-Domain #2
Sub-Domain #2
Mobility Group
SPGSPG SPGSPG
PIISE
MAMAMA MAMAMA
MCMC
Cisco 74© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Mobility Agent (MA) – Terminates CAPWAP tunnel from AP• Mobility Controller (MC) – Manages mobility within and across Sub‐Domains• Mobility Oracle (MO) – Superset of MC,
allows for Scalable Mobility Management within a Domain
• Mobility Groups – Grouping of Mobility Controllers (MCs)to enable Fast Roaming, Radio Frequency Management, etc.
• Switch Peer Group (SPG) – Localises traffic for roams within its Distribution Block
Physical Entities –
Logical Entities –
MA, MC, Mobility Group functionality all exist in today’s controllers (4400, 5500, WiSM2)
Cisco Converged Access Deployment
Converged Access –Components – Physical vs. Logical Entities
Cisco 75© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Service BlockService Block ISEISE
PIPI
AP AP AP
• MA is the first level in the hierarchy of MA / MC / MO
• MA is the first level in the hierarchy of MA / MC / MO
• One MA per Catalyst 3850/3650 Stack
• One MA per Catalyst 3850/3650 Stack
• Maintains Client DBof locally served clients
• Maintains Client DBof locally served clients
• Interfaces to the Mobility Controller (MC)
• Interfaces to the Mobility Controller (MC)
MA MA MA
Converged Access –Physical Entities – Mobility Agents (MA)
Cisco 76© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Service BlockService Block ISEISE
PIPI
AP AP AP
• Mandatory element in design• Mandatory element in design
• Maintains Client DB within a Sub‐Domain (1 x MC = One Sub‐Domain)
• Maintains Client DB within a Sub‐Domain (1 x MC = One Sub‐Domain)
• Handles RF functions (including RRM)• Handles RF functions (including RRM)
• Multiple MCs can be grouped togetherin a Mobility Group for scalability
• Multiple MCs can be grouped togetherin a Mobility Group for scalability
• Manages mobility‐related configuration of the downstream MAs
• Manages mobility‐related configuration of the downstream MAs
• Can be hosted on a MA (smaller deployments)• Can be hosted on a MA (smaller deployments)
• Supported platforms areCatalyst 3850/3650, WiSM2, 5508, and 5760
• Supported platforms areCatalyst 3850/3650, WiSM2, 5508, and 5760
MC
MA MA MA
MC
Cisco Converged Access Deployment
Converged Access –Physical Entities – Mobility Controllers (MC)
Cisco 77© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Fast Roaming within an SPG• Fast Roaming within an SPG
• MAs within an SPG are fully-meshed (auto-created at SPG formation)
• MAs within an SPG are fully-meshed (auto-created at SPG formation)
• Made up of multiple Catalyst 3x50 switches as Mobility Agents (MAs),plus an MC (on controller as shown)
• Made up of multiple Catalyst 3x50 switches as Mobility Agents (MAs),plus an MC (on controller as shown)
• Handles roaming across SPG (L2 / L3)• Handles roaming across SPG (L2 / L3)
• Multiple SPGs under the controlof a single MC form a Sub-Domain
• Multiple SPGs under the controlof a single MC form a Sub-Domain
SPGs are a logical construct, not a physical one …SPGs can be formed across Layer 2 or Layer 3 boundaries
SPGs are designed to constrain roaming traffic to a smaller area, and optimize roaming capabilities and performance
Current thinking on best practices dictates thatSPGs will likely be built around buildings,around floors within a building, or otherareas that users are likely to roam most withinRoamed traffic within an SPG moves directlybetween the MAs in that SPG (CAPWAP full mesh)
Roamed traffic between SPGs movesvia the MC(s) servicing those SPGs
Sub-Domain 1
MAMA
SPG-B
MC
MAMA
SPG-A
Converged Access –Logical Entities – Switch Peer Groups (SPGs)
Cisco 78© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Mobility Domain
Mobility Group M
Converged Access: Mobility Architecture
Fast Roam
Full Authentication
Mobility Group N
Mobility Subdomain A
Mobility Oracle
Mobility Controller
Peer Group 2
50ms 80ms 120ms > 250ms14ms
Mobility Subdomain B
Peer Group 1Mobility Agent
Cisco 79© 2013-2014 Cisco and/or its affiliates. All rights reserved.
7
Converged Access – Scalability ConsiderationsCheck for latest release notes
As with any solution – there are scalability constraints to be aware of …• These are summarized below, for quick reference
Scalability3650 as
MC(3.3.1SE)
3850 as MC(3.3.1SE)
WLC2504(7.6)
WLC5760(7.6)
WLC5508(7.6)
WiSM2(7.6)
Max APs Supported per MC 25 50 75 1000 500 1000
Max APs Supported in overall Mobility Domain 200 250 5400 72000 36000 72000
Max Clients Supported per MC 1000 2000 1000 12000 7000 15000
Max Clients Supported in overall Mobility Domain 8000 16000 72000 864000 504000 1.08M
Max number of MC in Mobility Domain 8 8 72 72 72 72
Max number of MC in Mobility Group 8 8 24 24 24 24
Max number of MAs in Sub-domain (per MC) 16 16 350 350 350 350Max number of SPGs in Mobility Sub-Domain (per
MC) 8 8 24 24 24 24
Max number of MAs in a SPG 16 16 64 64 64 64
Max number of WLANs 64 64 16 512 512 512
For YourReference
Cisco 80© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
• What is Converged Access?
• Converged Access Platforms Overview
• Wireless Deployment Options
• The new Converged Access Mobility Architecture
• How to deploy a Converged Access network?
Cisco 81© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• The Catalyst 3850 and 3650 support only directly attached APsAPs need to be in the same VLAN as the Wireless Management interface:
If you do not define a wireless management VLAN on the 3x50, the switch will then be transparent to AP attachment and everything will continue to operate as it does today on a 3750-X.
As soon as you define a «wireless management interface VLAN», the Catalyst 3x50 will interceptall incoming AP CAPWAP requests, and terminate / process them at the local ASIC.
• WLC 5760 supports only NON-directly attached APs
Same as it works today in CUWN: AP attached to a local switch (3750-X or alike) findsthe centralized controller through DHCP option 43 or other methods and registers
interface GigabitEthernet1/0/1description to_APswitchport access vlan 31switchport mode access
interface Vlan31ip address 192.168.31.42 255.255.255.0!wireless management interface Vlan31
81
Converged Access Deployment –Before You Begin – How to Connect APs
Cisco 82© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Access Points
NewCatalyst 3850
New Catalyst 3850
DMZISEPrime
3850/3650
Employee
Guest
INTEGRATED CONTROLLER OPTIONS
BRANCH LARGER BRANCH/SMALL CAMPUS
UP TO 50 ACCESS POINTS MULTIPLE STACKS, UP TO 250 APs
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller
PrimeISE
WAN
Catalyst 3750
5508 or WISM2 with SW Upgrade or new 5760
New Catalyst 3850
LARGE CAMPUS
EXTERNAL MOBILITYCONTROLLER NEEDED
GREATER THAN 250 ACCESS POINTS
ISEPrime
Access Points
AP Capwap Tunnels
Mobility ControllerMobility Controller
Mobility AgentMobility AgentINTEGRATED CONTROLLERSINTEGRATED CONTROLLERS
82
Converged Access Deployment – Branch Use Case
Cisco 83© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Management VLAN Configurationinterface Vlan31description MANAGEMENT VLANip address 192.168.31.42 255.255.255.0
SVIs for client VLANs defined locally on the switch
interface Vlan32description Client VLAN32ip address 192.168.32.2 255.255.255.0
interface Vlan33description Client VLAN33ip address 192.168.33.2 255.255.255.0
Wireless Management Interface Configuration3850(config)# wireless management interface VLAN31
3850# show wireless Interface summary Wireless Interface SummaryAP Manager on management Interface: Enabled
Interface Name Interface Type VLAN ID IP Address IP Netmask MAC Address---------------------------------------------------------------------------------Vlan31 Management 31 192.168.31.42 255.255.255.0 2037.06ce.0a55
ISEPrime
3850
Guest
BRANCH
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
WAN
This activates the MA functionalityThis activates the MA functionality
83
Converged Access Deployment –Branch Use Case – Mobility Configuration
Cisco 84© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Configuring Mobility Controller
3850(config)# wireless mobility controller
Mobility role changed to Mobility Controller Please save config and reboot the whole stack
3850# sh wireless mobility summary Mobility Controller Summary:
Mobility Role : Mobility ControllerMobility Protocol Port : 16666Mobility Group Name : defaultMobility Oracle IP Address : 0.0.0.0DTLS Mode : EnabledMobility Domain ID for 802.11r : 0xac34Mobility Keepalive Interval : 10Mobility Keepalive Count : 3Mobility Control Message DSCP Value : 0Mobility Domain Member Count : 1Link Status is Control Path Status : Data Path Status
Controllers configured in the Mobility Domain:IP Public IP Group Name Multicast IP Link Status---------------------------------------------------------------------------------------------192.168.31.42 - default 0.0.0.0 UP : UP
After rebootAfter reboot
ISEPrime
3850
Guest
BRANCH
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
WAN
This activates the MC functionalityThis activates the MC functionality
84
Converged Access Deployment –Branch Use Case – Mobility Configuration, continued
Cisco 85© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI: Wireless Management Configuration
IOS GUIIOS GUI
85
Cisco 86© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI: VLAN Interface Configuration
IOS GUIIOS GUI
86
Cisco 87© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Access Point port configurationinterface GigabitEthernet1/0/15
description - Access port for Access pointsswitchport access vlan 31switchport mode access
3850# show ap summary Number of APs: 1
Global AP User Name: Not configuredGlobal AP Dot1x User Name: Not configured
AP Name AP Model Ethernet MAC Radio MAC State --------------------------------------------------------------------------------------AP3502I 3502I c47d.4f3a.ed80 04fe.7f49.58c0 Registered
WLAN Configuration
3850(config)# wlan WPA-PSK 4 wpa-psk 3850(config-wlan)# client vlan 323850(config-wlan)# no security wpa akm dot1x3850(config-wlan)# security wpa akm psk set-key ascii 0 Cisco12343850(config-wlan)# no shut
Access Points need to be configured on Wireless
Management VLAN
Access Points need to be configured on Wireless
Management VLAN
ISEPrime
3850
Guest
BRANCH
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
WAN
WLAN sample configurationWLAN sample configuration
87
Converged Access Deployment –Branch Use Case – AP Port and WLAN Configuration
Cisco 88© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Client Connectivity
3850# sh wireless client summary
Number of Local Clients : 1
MAC Address AP Name WLAN State Protocol--------------------------------------------------------------------------------f81e.dfe2.e80e AP3502I 4 UP 11n(5)
3850# sh wcdb database all
Total Number of Wireless Clients = 1Clients Waiting to Join = 0Local Clients = 1Anchor Clients = 0Foreign Clients = 0MTE Clients = 0
Mac Address VlanId IP Address Auth Mob -------------- ------ --------------- ------- -----f81e.dfe2.e80e 32 192.168.32.57 RUN LOCAL
ISEPrime
3850
Guest
BRANCH
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
WAN
88
Converged Access Deployment –Branch Use Case – Client Connectivity
Cisco 89© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI: WLAN Configuration
IOS GUIIOS GUI
89
Cisco 90© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Access Points
Catalyst 3850
Catalyst 3850
DMZISEPrime
3850s
Employee
Guest
INTEGRATED CONTROLLER OPTIONS
BRANCH LARGER BRANCH / SMALL CAMPUS
UP TO 50 ACCESS POINTS MULTIPLE STACKS, UP TO 250 APs
INEGRATED CONTROLLERINEGRATED CONTROLLER
Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller
PrimeISE
WAN
Catalyst 3750
5508 or WISM2 with SW Upgrade or new 5760
Catalyst3850
LARGE CAMPUS
EXTERNAL MOBILITYCONTROLLER NEEDED
GREATER THAN 250 ACCESS POINTS
ISEPrime
Access Points
AP Capwap Tunnels
Mobility ControllerMobility Controller
Mobility AgentMobility AgentINTEGRATED CONTROLLERINTEGRATED CONTROLLER
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
90
Converged Access Deployment –Larger Branch / Small Campus Use Case
Cisco 91© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SPG configuration on 3850 acting as MC
3850-MC1(config)# wireless mobility controller peer-group GroupABC
3850-MC(config)# wireless mobility controller peer-group GroupABC member ip 192.168.41.44
3850 acting as MA
interface Vlan41description MANAGEMENT VLANip address 192.168.41.44 255.255.255.0
3850-MA(config)# wireless management interface VLAN 41
3850-MA(config)# wireless mobility controller ip 192.168.31.42
Access Points
Catalyst 3850
Catalyst3850
MEDIUM BRANCH up to 50 APs, multiple stacks
PrimeISE
AP Capwap Tunnels
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
3850-MC1# sh wireless mobility summary
Mobility Controller Summary:
Mobility Role : Mobility ControllerMobility Protocol Port : 16666Mobility Group Name : defaultMobility Oracle IP Address : 0.0.0.0DTLS Mode : EnabledMobility Domain ID for 802.11r : 0xac34Mobility Keepalive Interval : 10Mobility Keepalive Count : 3Mobility Control Message DSCP Value : 0Mobility Domain Member Count : 1
Link Status is Control Path Status : Data Path Status
Controllers configured in the Mobility Domain:
IP Public IP Group Name Multicast IP Link Status-------------------------------------------------------------------------------192.168.31.42 - default 0.0.0.0 UP : UP
Switch Peer Group Name : GroupABCSwitch Peer Group Member Count : 1Bridge Domain ID : 0Multicast IP Address : 0.0.0.0
IP Public IP Link Status-------------------------------------------------------192.168.41.44 192.168.41.44 UP: UP
Both control and data plane need to be UPBoth control and data plane need to be UP
91
Converged Access Deployment –Larger Branch / Small Campus Use Case – SPG Configuration
Cisco 92© 2013-2014 Cisco and/or its affiliates. All rights reserved.
MC configuration on the 3850 to create a Mobility Group and add the other switch as a member
3850-MC1(config)# wireless mobility group name Mobility-GroupABC
3850-MC1(config)# wireless mobility group member ip 192.168.41.44 public-ip 192.168.41.44 Mobility-GroupABC
MC configuration on the other 3850
3850-MC2(config)# wireless mobility controller
Mobility role changed to Mobility Controller Please save config and reboot the whole stack
3850-MC2(config)# wireless mobility group name Mobility-GroupABC
3850-MC2(config)# wireless mobility group member ip 192.168.31.42 public-ip 192.168.31.42 Mobility-GroupABC
Access Points
Catalyst 3850
Catalyst3850
SMALL CAMPUS up to 250 APs, multiple stacks
PrimeISE
AP Capwap Tunnels
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
This switch is now also a Mobility Controller,
not onlya Mobility Agent
This switch is now also a Mobility Controller,
not onlya Mobility Agent
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
92
Converged Access Deployment –Larger Branch / Small Campus Use Case – Multiple MCs
Cisco 93© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Access Points
Catalyst 3850
New Catalyst 3850
DMZISEPrime
3850
Employee
Guest
INTEGRATED CONTROLLER OPTIONS
BRANCH LARGER BRANCH/SMALL CAMPUS
UP TO 50 ACCESSS POINTS MULTIPLE STACKS, UP TO 250 APs
INTEGRATED CONTROLLERINTEGRATED CONTROLLER
Capwap Tunnel Standard Ethernet, No Tunnels Guest Tunnel from Switch to DMZ Controller
PrimeISE
WAN
GREATER THAN 250 ACCESS POINTS
AP Capwap Tunnels
INTEGRATED CONTROLLERSINTEGRATED CONTROLLERS
Catalyst 3750
5508 or WISM2 with SW upgrade or 5760
Catalyst3850
LARGE CAMPUS
EXTERNAL MOBILITYCONTROLLER NEEDED
ISEPrime
Access Points
Mobility ControllerMobility Controller
Mobility AgentMobility Agent
93
Converged Access Deployment –Large Campus Use Case
Cisco 94© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Configure 5760 as MC and member of SPG
interface Vlan100description WIRELESS MANAGEMENT VLANip address 192.168.100.42 255.255.255.0
5760(config)# wireless management interface VLAN100
5760(config)# wireless mobility controller peer-group WestBldg
5760(config)# wireless mobility controller peer-group WestBldg member ip 10.1.1.5
• Configure 3850 as MA
interface Vlan10description MANAGEMENT VLANip address 10.1.1.5 255.255.255.0
3850(config)# wireless management interface VLAN10
3850(config)# wireless mobility controller ip 192.168.100.42
Catalyst 3750
5508/WISM2 with swupgradeor 5760
Catalyst3850
LARGE CAMPUS
ISEPrime
Access Points
Mobility ControllerMobility
Controller
Mobility AgentMobility Agent
94
Converged Access Deployment –Large Campus Use Case – Mobility Configuration
Cisco 95© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Mobility Group configuration
5760(config)# wireless mobility group name cisco-live
5760(config)# wireless mobility group member ip 10.1.1.5
• Verify the configuration
5760# sh wireless mobility summary
Mobility Controller Summary:Mobility Role : Mobility ControllerMobility Protocol Port : 16666Mobility Group Name : cisco-liveMobility Oracle : DisabledMobility Oracle Ip Address : 0.0.0.0DTLS Mode : EnabledMobility Domain ID for 802.11r : 0x2feeMobility Keepalive Interval : 10Mobility Keepalive Count : 3Mobility Control Message DSCP Value : 0Mobility Group Members Configured :
Catalyst 3750
5508 or WISM2 with swupgradeor 5760
Catalyst3850
LARGE CAMPUS
ISEPrime
Access Points
Mobility ControllerMobility
Controller
Mobility AgentMobility AgentControllers configured in the Mobility Domain:
IP Address Public IP Address Group Name Multicast IP Status------------------------------------------------------------------------------------192.168.100.42 - cisco-live 0.0.0.0 UP10.1.1.5 10.1.1.5 cisco-live 0.0.0.0 UP
Switches configured in WestBldg switch Peer Group: 1
IP Address Public IP Address Status------------------------------------------------------------------192.168.41.44 192.168.41.44 UP
95
Converged Access Deployment –Large Campus Use Case – Mobility Configuration, continued
Cisco 96© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI: Mobility Controller Configuration-5760
IOS GUIIOS GUI
96
Cisco 97© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI: Mobility Agent Configuration CAT3850
IOS GUIIOS GUI
97
Cisco 98© 2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI: Switch Peer Group Configuration
IOS GUIIOS GUI
98
Cisco 99© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• New Mobility is supported on 7.3.112, 7.5 and 7.6 with 5508 and WiSM2
• Only MC and MO functions are supportedon the upgraded controller
“MA only” functionality for converged access APs is only supported on 3850
• Seamless and Fast roaming is supportedbetween Converged Access and CUWN
Controllers need to be In the same Mobility Group
Roaming is always treated as a L3 roam
Traffic is anchored at the home switch/controller
• 5760 can terminate CAPWAP tunnel from APsconnected to non-MA switches
• 3850 (acting as MA) will only allow APs toterminate CAPWAP locally
Cannot connect an AP to 3850 and have it registered to a CUWN controller
Catalyst 3750
5508 or WISM2 with SW Upgrade or new 5760
Catalyst 3850 / 3650
Hybrid CUWN and Converged Access Deployment
ISEPrime
Access Points
Mobility ControllerMobility Controller
Mobility AgentMobility Agent
Converged Access Deployment –Hybrid Deployment – Key Considerations
99
Cisco 100© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access Deployment –IOS-XE-based Wireless Controllers – Highlights
1
• 60 Gbps wireless throughput
• Up to 1000 Aps
• Up to 12000 Clients
• Optimized for 802.11ac deploymentsDistributed data forwarding & services
Support for latest 3700 802.11ac AP!
• Common IOS and Feature Set for Wired and Wireless
Granular QoS
Downloadable ACLs
EEM / TCL Scripting, Secure Copy
Flexible Netflow v9
• Multiple LAGs (Aggregated uplinks)
• Secure Web-auth redirection using HTTPS
• Right-To-Use license model
Differentiating capabilitiesDifferentiating capabilitiesWLC 5760WLC 5760
• 40 Gbps wireless throughput
• Up to 50 directly connected APs / Stack
• Up to 2000 Clients per Switch/Stack
Catalyst 3850Catalyst 3850
• 40 Gbps wireless throughput
• Up to 25 directly connected APs / Stack
• Up to 1000 Clients per Switch/Stack
Catalyst 3650Catalyst 3650
Cisco 101© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Feature 5508 5760
Throughput 8 Gbps 60 Gbps Line‐rate
Scale 500 APs, 7000 Clients Up to 1000 APs, 12000 Clients
Data forwarding Modes Local, Flex, Mesh, Outdoor, OEAP Local Mode
Resiliency SSO, N+1, HA SKU AP SSO, N+1, Multiple LAG, HA SKU
QoS Alloy (precious metal) QoS Granular QoS (MQC), AFB
Security Dynamic ACLs (Airspace ACL) Downloadable and Dynamic ACLs
BYOD ISE 1.2, CWA, Device Sensor, Policy Classification Engine ISE 1.2, CWA, Policy Classification Engine
AVC AVC phase 3, Microsoft Lync and Jabber support AVC Phase 2, Lync and Jabber support
Bonjour Bonjour Phase 3 Bonjour Phase 2
IPv6 IPv6 Client Mobility, First Hop Security, Source Guard IPv6 Client Mobility, First Hop Security
Management GUI, AireOS CLI, Secure FTP IOS CLI, EEM/TCL, GUI
Licensing License PAK based on serial number Right to use101
Converged Access Deployment –WLC 5760 (IOS-XE 3.6) vs. WLC 5508 (AireOS 8.0)
Cisco 102© 2013-2014 Cisco and/or its affiliates. All rights reserved.
102
• Software compatibility matrix for IOS based Controllers:
(*) IOS-XE 3.6 is not officially supported by PI 2.1 because it doesn’t supportthe new features and but supports the new hardware introduced in IOS-XE 3.6
5760 3850 3650 5508 MSE ISE ACS Prime
3.2.0SE 3.2.0SE - 7.3.112 - 1.1.1MR 5.2 -
3.2.1SE 3.2.1SE - 7.3.112 - 1.1.3,1.1.2 5.2, 5.3 -
3.2.2SE 3.2.2SE - 7.3.112/7.5+ - 1.1.3,1.1.2 5.2,5.3 -
3.2.3SE 3.2.3SE - 7.3.112/7.5+ 7.4 1.1.3,1.1.2 5.2, 5.3 2.0
3.3.0SE 3.3.0SE 3.3.0SE 7.3.112/7.5+ 7.5 1.2 2.1
3.3.xSE 3.3.xSE 3.3.xSE 7.3.112/7.5+ 7.5 1.2 2.1
3.6.0SE 3.6.0SE 3.6.0SE 7.6/8.0 8.0 1.2/1.3 2.1*
Converged Access Deployment – Software Matrix
Cisco 103© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Agenda
• What is Converged Access?
• Converged Access Platforms Overview
• Wireless Deployment Options
• The new Converged Access Mobility Architecture
• How to deploy a Converged Access network?
• Putting it all together
1
Cisco 104© 2013-2014 Cisco and/or its affiliates. All rights reserved.
1
An Evolutionary Advance to Cisco’s Wired + Wireless Portfolio, to address device and bandwidth scale, and services demands ….
Control plane functionalityon NG Controller
(also possible on upgraded 5508s, WiSM2s forbrownfield deployments, or NG Converged
Accessswitches for small, branch deployments) Next-Generation WLAN Controller (5760)
Data plane functionalityon NG Switches
(also possible on NG Controllers, for deploymentsin which a centralized approach is preferred)
Next-Generation Switches (Cat 3850/3650)
Enabled by Cisco’s strengthinSilicon and Systems …UADP ASIC
ControllerController
104
Bringing Together Wired and Wireless –How Are We Addressing This Shift?
Cisco 105© 2013-2014 Cisco and/or its affiliates. All rights reserved.
1
Bringing Together Wired and Wireless –How Are We Addressing This Shift?
Mobility DomainMobility Domain MO
Sub-Domain #1
Sub-Domain #1
Sub-Domain #2
Sub-Domain #2
Mobility Group
SPGSPG SPGSPG
PIISE
MAMAMA MAMAMA
MCMC
An Evolutionary Advance to Cisco’s Wired + Wireless Portfolio, to address device and bandwidth scale, and services demands ….
CiscoConverged
AccessDeployment
Cisco 106© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access – Deployment Guides
1
For additional deployment information, check the deployment guides…
WLC 5760 Deployment Guide: http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Controller_Deployment_Guide.html
Catalyst 3850 Deployment Guide: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/deployment_guide_c07-727067.html
IOS-XE HA Deployment Guide: http://www.cisco.com/en/US/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/5760_HA_DG_iosXE33.pdf
AVC Deployment Guide: http://www.cisco.com/en/US/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/iosXE_3point3_AVC_DG.html
Cisco 107© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Rob RummelCCIE 9012Systems Engineer
Mahalo!!!