Cisco Catalyst 4500-E Innovations

Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 1

Catalyst 4500 InnovationsEnables BYODSachin BansalSr. Product Manager, Catalyst 4K/3K/2K

12th June 2012

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Basic Connectivity Unified Access

Device Onboarding and Guest Access

OnePolicy

One Management

OneNetwork

Uncompromised Experience for Any WorkspaceUnified Access


GAME/PRINTER THIN/VIRTUALCLIENTS

DESKTOP/NOTEBOOKSTABLETS

SMARTPHONES

ISE

CiscoPrime

Unified Policy

Unified Management

Scalable, Resilient AccessUnmatched Performance for Wired and Wireless

Context-aware Security

WiredWireless Unified Network

Application Optimization

SmartOperations

• Profile devices, identify users

• Develop device, user, location, role & application context

• Apply policy based on context, everywhere

• Segment user or application groups

• Simulate application traffic

• Locate performance problems

• Analyze directly in the network

• Store for trending and capacity planning

• Plug-n-play switches

• Dynamically configure ports

• Automatically diagnose and report faults

• Program event based actions

One Network – Secure Access, Uncompromised User ExperienceUnified Network

CoreNetwork


SINGLE BUSINESS POLICYWired, Wireless, and VPN -- Managed & BYOD assets

With MDM integration

CONTEXT-BASED CONTROL Central access to authorize access based on who, what, when, where – with advanced segmentation

USER-SPECIFIC SERVICESSelf-service on-boarding, with lifecycle guest handling

and context-based monitoring

One PolicyIdentity Services Engine

Identityand Policy


CDPLLDPDHCPMAC

CDPLLDPDHCPMAC

DEVICE CLASSIFICATION

LAPTOP Video Phone

Laptop Policy

[place on VLAN X]

Video Phone Policy

[restricted access]

ISE

POLICY

Collection—Switch collects device related data and sends report to ISE

Classification—ISE classifies device, collects flow information and provides device usage report

Authorization—ISE executes policy based on user and device

The Solution Deployment Scenario with Cisco Device SensorDevice Profiling + Device Sensor

Context Aware Security with Device SensorAutomated Device Profiling

AccessPoint

Profiling for both wired and wireless devices

CoreNetwork


Traditional Policies using ACLs

Context Aware Policy EnforcementSecurity Group Role Based Access

Security Group Based Policy Table

Resources

D1 (10.156.78.100)

Patient Records

D3 (10.156.54.200)

EmailIntranet

D5(10.156.100.10)

FinanceD6

D4

D2

Permissions

Intranet Portal

Email Server

Financial Servers

Patient Records

Doctor Web IMAP No Access Web File Share

Finance Web IMAP Web No Access

IT Admin Web, SQL, SSHFull

AccessSQL SQL

Policy Matrix

Web File Share

permit tcp S1 D1 eq httpspermit tcp S1 D1 eq 8081deny ip S1 D1…………permit tcp S4 D6 eq httpspermit tcp S4 D6 eq 8081deny ip S4 D6

Time ConsumingManualError Prone

SimpleFlexibleBusiness Relevant

permit tcp dst eq 443permit tcp dst eq 80permit tcp dst eq 445permit tcp dst eq 135deny ip

Doctor - Patient Record ACL

Doctors

Finance

IT Admins

S1 (10.10.24.13)

S2 (10.10.28.12)

S3 (10.10.36.10)

S4 (10.10.135.10)

Individual Users

CoreNetwork


Built-in Traffic SimulatorVideo Deployment Network Readiness

Traffic simulator built into switch; no extra appliance needed

IT can monitor and test remotely

The SolutionAutomate Network

Readiness

Deployment Scenario—Cisco Catalyst 3K/4K Series Switch

Includes a scheduler to run periodic test over extended durations

SiSi SiSi

SiSi SiSi

Remote ITPrime

Scheduler (Traffic Simulator based on IPSLA)

CoreNetwork


Mediatrace automatically traces the mediapath

Hop by hop statistics collected to find the problem node; enabled remotely

Allows easy recreation of problems with built-in traffic simulator, yielding time and resource savings

The SolutionAutomate Monitoring and

Troubleshooting

SiSi

SiSi

SiSi

SiSi

IT

?

?

? ?

? ? ?

Prime

Deployment Scenario

MediaTraceDiagnostics, Logs

MediatraceMonitor and Control

CoreNetwork


Catalyst 4500E CapabilitiesBenefits

ControlWith EEM Integration

Unprecedented Application VisibilityFlexible NetFlow

• Lower CAPEX• Better insight for capacity planning, network upgrade

• Lower OPEX• Better service and user experience• Increased IT staff productivity

IP, PortsTCPFlags

L2 MAC

L2VLAN

UDP Flags

IPv6IP

OptionsMulticast …

Day0 Attacks

Detect Anomaly

Compliance

SLAApp. M&T

Capacity Planning

Mobility, Unified Communications, Network Virtualization

Catalyst 4500E Flexible NetFlow

CampusBranch

Collector Ecosystem

• Unprecedented visibility w/ new L2~7 fields

• Scalable, flexible flow monitors

• On-box Customizable policy action w/ EEM

• Broad collector partner ecosystem

Visibility

CoreNetwork


Catalyst 4500-E Does Apps “Wireshark”

• Built-in packet sniffer for remote troubleshooting

• Real-time capture and decode on Sup7-E

• Capture and Display Data and Control Packets

• Storage options SD card or USB.

• Various display options

• Lightweight Text version “T-Shark”

FeaturesComponents

Wireshark

Hosted Apps IOSd

Shipping

Common Infrastructure / HA

Management Interface

Module Drivers

Kernel

SIMPLIFIED TROUBLESHOOTING

Switch# show monitor capture file bootflash:nflow.pcap detailedFrame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal<..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits)<..SNIP..> [Protocols in frame: eth:ip:udp:data]Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)

CoreNetwork


Cost Savings: $15,000 (or 230 Hours) per 100 Switches*

ISR or 3K (“Director”), 4K, 6K Roadmap

AccessSwitches

Zero Touch Deployments and Maintenance

New Switch is Connected

Software image downloaded; Configuration automatically applied

Smart Install

New Device Attached

Port Configuration: AppliedQoS Policy: EnforcedSecurity Policy: Enforced

Plug and Play for End Devices

Auto Smart Ports

Anomaly Detected

Proactive diagnosticsAlert created in real-timeWeb-based reportsRouted to correct TAC teamRemediation initiated with EEM

Quickly Identify and Resolve Network Issues

Smart Call Home

CoreNetwork

Smart OperationsAutomate Network Provisioning and Diagnostics


Catalyst 4500E Leadership

Lead Modular Access PlatformPrice/Performance Distribution

100M+ Ports Sold

700K+ Systems

70% PoE/PoEP Port share

70% Adoption by Top Cisco Customers (GET, Enterprise)

MARKET LEADERSHIP INDUSTRY LEADERSHIP

48G/slot

Flexible Netflow

IOS-XE (3rd Party Apps)

In Service Software Upgrade

EEE/ Cisco UPOE

Strategic Campus Platform


“Catalyst 4500” LifeCycleUnprecedented Switching Lifecycle

All Linecards Can Be Reused With Newer Supervisor

Cisco Catalyst 4000 Maintain Support

Cisco Catalyst 4500 (non-E) Maintain Support

EOS EQL

Cisco Catalyst 4500 E-Series

1999 201020072004 2015 2020

11 Years

EOS

14 Years

EQL


48G

24G

Data PoE

Catalyst 4500E Campus Portfolio

High Densi

ty

Low Densi

ty

1G 10G

4503-E

4507R+E

4510R+E

4506-E

WS-X4624-SFP-EWS-X4748-UPOE+E

Supervisor Engine 7-E

Optimized for Large Campus848Gbps Switching Capacity4 x SFP+/SFP uplinks384 10/100/1000 Ports100 10G SFP+

WS-X4748-RJ45-E

WS-X4612-SFP-E WS-X4606-X2-EWS-X4648-RJ45V+EWS-X4648-RJ45-E

Supervisor Engine 7L-E

Optimized for Small/Mid Size Campus520Gbps Switching Capacity2 x 10G SFP+/SFP uplink 240 10/100/1000 Ports62 10G SFP+

PWR-C45-1300ACV PWR-C45-2800ACV PWR-C45-6000ACVPWR-C45-4200ACV PWR-C45-9000ACV

2HCY12

• UPOE 60W, IEEE 802.3az• 30W/port on all 48 ports

• 30W/port on 24 ports

WS-X4712-SFP+E

• SFP+/SFP

Fiber LinecardsCopper Linecards


In-Service Software Upgrade (ISSU)Software Upgrades—w/o Service Interruption

• Comprehensive, non-intrusive softwareupgrade solution

• Transparent to end users — no loss ofuser sessions

• Upgrades can be scheduled at anytime— even during business hours!

Seamless

Lin

e

Ca

rd

Lin

e

Ca

rd

Lin

e

Ca

rd

Redundant Supervisors

STA

ND

BY

AC

TIV

E

STA

ND

BY

AC

TIV

E

“Instead of having to prepare for two weeks for a planned outage, software updates with the Cisco Catalyst 4500 ISSU features in the new emergency department are absolutely transparent. We no longer have any downtime at all.”


Leadership in Power Over EthernetA Historical Perspective

2000 2003 2007 2009 2011

Industry Standard:

IEEE 802.3af (15W PoE)

Industry Standard:IEEE 802.3at (30W

PoE+)

7WInline Power

15W (PoE)

30W(PoE+)

60W(UPOE)

All specifications subject to change without notice

Cisco Innovations Drive Industry Standards

Thank you.

Technology

Cisco Catalyst 4500-E Innovations