Network management
The Cisco Catalyst 1000 Series Switches offer a superior CLI for detailed configuration and administration.
Intelligent PoE+
Cisco Catalyst 1000 Series Switches support both IEEE 802.3af PoE and IEEE 802.3at PoE+ (up to 30W per port) to deliver a lower total cost of ownership for deployments that incorporate Cisco IP phones, Cisco Aironet® and Catalyst wireless access points, or other standards-compliant PoE and PoE+ end devices. PoE removes the need to supply wall power to PoE-enabled devices and eliminates the cost of adding electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments.
The PoE power allocation in the Cisco Catalyst 1000 Series Switches is dynamic, and power mapping scales up to a maximum of 740W of PoE+ power. Intelligent power management allows flexible power allocation across all ports. With Perpetual PoE, the PoE+ power is maintained during a switch reload. This is important for critical endpoints such as medical devices and for IoT endpoints such as PoE-powered lights, so that there is no disruption during a switch reboot.
Network security
Cisco Catalyst 1000 Series Switches provide a range of security features to limit access to the network and mitigate threats, including:
● Comprehensive 802.1X features to control access to the network, including flexible authentication, 802.1X monitor mode, and RADIUS change of authorization.
● 802.1X support with Network Edge Access Topology (NEAT), which extends identity authentication to areas outside the wiring closet (such as conference rooms).
● IEEE 802.1X user distribution, which enables you to load-balance users with the same group name across multiple different VLANs.
● Ability to disable per-VLAN MAC learning to allow you to manage the available MAC address table space by controlling which interface or VLANs learn MAC addresses.
● Multidomain authentication to allow an IP phone and a PC to authenticate on the same switch port while being placed on the appropriate voice and data VLANs.
● Authentication, Authorization, and Accounting (AAA) command authorization in PnP to enable seamless PnP provisioning.
● Access Control Lists (ACLS) for IPv6 and IPv4 security and Quality-of-Service (QoS) ACL elements (ACEs).
● Port-based ACLs for Layer 2 interfaces to allow security policies to be applied on individual switch ports.
● SSH, Kerberos, and SNMP v3 to provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMP v3 require a special cryptographic software image because of U.S. export restrictions.
● SPAN, with bidirectional data support, to allow the Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
● TACACS+ and RADIUS authentication to facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
● MAC address notification to notify administrators about users added to or removed from the network.
● MAC Authentication Bypass (MAB) and WebAuth with downloadable ACLs to allow per-user ACLs to be downloaded from the Cisco Identity Services Engine (ISE)as policy enforcement after authentication using MAB or web authentication in addition to IEEE 802.1X.
● Web authentication redirection to enable networks to redirect guest users to the URL they had originally requested.
● Multilevel security on console access to prevent unauthorized users from altering the switch configuration.
● BPDU Guard to shut down Spanning Tree PortFast-enabled interfaces when BPDUs are received, to avoid accidental topology loops.
● IP Source Guard to restrict IP traffic on nonrouted Layer 2 interfaces by filtering traffic based on the Dynamic Host Configuration Protocol (DHCP) snooping binding database or by manually configuring IP source bindings.
● SSH v2 to allow use of digital certificates for authentication between user and server.
● Spanning Tree Root Guard (STRG) to prevent edge devices that are not in the network administrator’s control from becoming Spanning Tree Protocol (STP) root nodes.
● Internet Group Management Protocol (IGMP) filtering to provide multicast authentication by filtering out nonsubscribers and to limit the number of concurrent multicast streams available per port.
● Dynamic VLAN assignment through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
Redundancy and resiliency
Cisco Catalyst 1000 Series Switches offer a number of redundancy and resiliency features to prevent outages and help ensure that the network remains available:
● IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offer the benefits of Layer 2 load balancing and distributed processing.
● Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
● Switch-port auto-recovery (error disable) automatically attempts to reactivate a link that is disabled because of a network error.
● Link state tracking binds the link state of multiple interfaces. The server Network Interface Cards (NICs) form a group to provide redundancy in the network. When the link is lost on the primary interface, network connectivity is transparently changed to the secondary interface.
Enhanced QoS
Cisco Catalyst 1000 Series Switches offer intelligent traffic management that keeps everything flowing smoothly. Flexible mechanisms for marking, classifying, and scheduling deliver superior performance for data, voice, and video traffic, all at wire speed. Primary QoS features include:
● Up to eight egress queues and two thresholds per port, supporting egress bandwidth control, shaping, and priority queuing so that high-priority packets are serviced ahead of other traffic.
● Ingress policing to allow the analysis of IP service levels for IP applications and services using active traffic monitoring — generating traffic in a continuous, reliable, and predictable manner — for measuring network performance. The number of ingress policers available per port is 64.
● QoS through Differentiated Services Code Point (DSCP) mapping and filtering.
● QoS through traffic classification.
● Trust boundary to configure device-based trust.
● AutoQoS to simplify the deployment of QoS features.
● Shaped Round Robin (SRR) scheduling and Weighted Tail Drop (WTD) congestion avoidance.
● 802.1p Class of Service (CoS) classification, with marking and reclassification.
Energy management
Cisco Catalyst 1000 Series Switches offer a range of industry-leading features for energy efficiency and management:
● IEEE 802.3az Energy Efficient Ethernet (EEE) enables ports to dynamically sense idle periods between traffic bursts and quickly switch the interfaces into a low-power idle mode, reducing power consumption.
● Loop detection is a new method to detect network loops in the absence of STP.
● Cisco AutoConfig determines the level of network access provided to an endpoint based on the type of device. This feature also permits hard binding between the end device and the interface.
● Cisco Auto SmartPorts enables automatic configuration of switch ports as devices connect to the switch with settings optimized for the device type, resulting in zero-touch port-policy provisioning.
● Cisco Smart Troubleshooting is an extensive array of diagnostic commands and system health checks in the switch, including Smart Call Home. The Cisco Generic Online Diagnostics (GOLD) and online diagnostics on switches in live networks help predict and detect failures more quickly.
For more information about Cisco Catalyst SmartOperations, visit cisco.com/go/SmartOperations.
Operational simplicity
● Cisco AutoSecure provides a single-line CLI to enable baseline security features (port security, DHCP snooping, Dynamic Address Resolution Protocol [ARP] Inspection). This feature simplifies security configurations with a single touch.
● DHCP auto configuration of multiple switches through a boot server eases switch deployment.
● Auto negotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
● Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
● Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups or Gigabit EtherChannel groups to link to another switch, router, or server.
● Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
● Automatic Media-Dependent Interface Crossover (MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed.
● Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic wiring or port faults to be detected and disabled on fiber-optic interfaces.
● Local Proxy ARP works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.
● VLAN1 minimization allows VLAN1 to be disabled on any individual VLAN trunk.
● IGMP snooping for IPv4 and IPv6 and Multicast Listener Discovery (MLD) v1 and v2 snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requesters.
● Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall system performance.
● Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
● Cisco VLAN Trunking Protocol (VTP) supports dynamic VLANs and dynamic trunk configuration across all switches.
● Layer 2 trace route eases troubleshooting by identifying the physical path that a packet takes from source to destination.
● Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
● Network Time Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches. |