MTN_states_U tech update preseo - University Information ...

muterollΚινητά – Ασύρματες Τεχνολογίες

10 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

144 εμφανίσεις

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

1

Catalyst 3750
-
E
Catalyst 3560
-
E

Catalyst 2960


Overview

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

2

Full Layer 3 Routing

Layer 2 Intelligent Services

GUI
-
Managed

Most Complete Line of Fixed
Configuration LAN Products

Function, Flexibility, Scalability

Price
-
Performance

Cisco Catalyst 3560
-
E and Catalyst 3560


10/100 and GE configurations + 2 10GE


Enterprise
-
class intelligent Layer 3/4 services


Modular power supply with 3560
-
E


PoE configurations with up to 15.4W on all 48 ports

Cisco Catalyst 2960


10/100 and 10/100/1000 Layer 2 switching


8, 24, and 48 port configurations with dual
-
purpose Gig uplinks


PoE configurations with up to 15.4W up to 24 ports


Entry level LAN Lite IOS and enhanced LAN Base IOS for intelligent services

Cisco Catalyst 3750
-
E and Catalyst 3750


Stackable 10/100 and GE configurations + 2 10GE


Cisco StackWise™ Plus and StackWise technology


Enterprise
-
class intelligent Layer 3/4 services


Modular power supply with 3750
-
E


PoE configurations with up to 15.4W on all 48 ports

Cisco Catalyst 4948


10/100/1000 + 2 10GE wire speed switching


Rack
-
optimized server switching


Jumbo frame support


Dual, hot swappable, internal power supplies


Hot swappable fan tray

Cisco Catalyst Express 500


Low
-
density, standalone, managed 10/100 switching


Tailored for businesses with up to 250 users

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

3

Introducing The Catalyst 3750
-
E


The next generation complement to the Catalyst
3750


24 or 48 GE ports with 2x10 GE uplinks

Wire
-
speed performance

Transition to 10GE with the TwinGig adapter, a
10GE module that accepts two GE SFPs


StackWise Plus

Supports original StackWise features

Double the speed of original StackWise

Backwards compatible with the Catalyst 3750


Power

Modular power supply and fan blower

Different power supply sizes

48 ports of full IEEE POE in a single rack unit

New and improved redundant power supply

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

4

Cisco Catalyst 2960 Series Switches




Fast Ethernet and Gigabit Ethernet in 8, 24, and 48
port configurations for entry
-
level enterprise and
mid
-
market customers


PoE configurations with up to 15.4W up to 24 ports


Offers enhanced Layer 2+ intelligent LAN services:

Availability

Enhanced security

Advanced quality of service (QoS)


Simplified management and troubleshooting for
lower total cost of ownership


Cisco Network Assistant and Cisco Smartports


Limited lifetime hardware warranty and software
updates at no additional charge


Fast Ethernet in 24 and 48 port configurations
for small branch offices and wiring closets


Offers standard Layer 2 services with entry
-
level availability, security, and QoS

Scalable and secure network management


Simplified management and troubleshooting
for lower total cost of ownership


Cisco Network Assistant and Cisco
Smartports


Limited lifetime hardware warranty and
software updates at no additional charge

Catalyst 2960 LAN Base Series

Catalyst 2960 LAN Lite Series

Uses Cisco ASICs for superior quality and hardware and software integration

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

5

Cisco Catalyst 2960 LAN Base Series



Model Overview


Enterprise
-
class intelligent

services: Advanced QoS,

enhanced security, high availability


48 10/100 ports


2 10/100/1000 uplink ports


24 10/100 ports


2 10/100/1000 uplink ports

Catalyst 2960
-
24TT
-
L

Catalyst 2960
-
48TT
-
L


24 10/100 ports


2 dual
-
purpose uplink ports

Catalyst 2960
-
24TC
-
L

Catalyst 2960
-
48TC
-
L


48 10/100 ports


2 dual
-
purpose uplink ports


20 10/100/1000 ports


4 dual
-
purpose uplink ports

Catalyst
®

2960G
-
24TC
-
L

Catalyst 2960G
-
48TC
-
L


44 10/100/1000 ports


4 dual
-
purpose uplink ports


8 10/100 ports


1 dual
-
purpose uplink port


Compact form
-
factor with no fan

Catalyst 2960
-
8TC
-
L


7 10/100/1000 ports


1 dual
-
purpose uplink port


Compact form
-
factor with no fan

Catalyst 2960G
-
8TC
-
L

Software

LAN Base Image


24 10/100 PoE ports


2 dual
-
purpose uplink ports

Catalyst
®

2960
-
24PC
-
L

Catalyst 2960
-
24LT
-
L


24 10/100 ports (8 PoE ports)


2 10/100/1000 uplink ports


8 10/100/1000 ports


1 10/100/1000 PoE Input port


Compact form
-
factor with no fan

Catalyst 2960PD
-
8TT
-
L

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

6

Cisco Catalyst 2960 LAN Lite Series


Model Overview

Software

LAN Lite Image


24 10/100 ports

Catalyst 2960
-
24
-
S


24 10/100 ports


2 dual
-
purpose uplink ports

Catalyst 2960
-
24TC
-
S

Catalyst 2960
-
48TC
-
S


48 10/100 ports


2 dual
-
purpose uplink ports

Note: Catalyst 2960 Switches cannot be upgraded or downgraded
between LAN Base and LAN Lite software.


Entry level QoS, security, and
availability with a focus on ease
-
of
-
use and lower total cost of ownership

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

7


Small size (H x W x D)

4.4cm x 27cm x 16
-
23cm


Flexible wall and under the
desk mounting


Durable metal shell


Cable guard


Internal power supply and
right angle power cord


Passive cooling (no fan)


Magnet included


Security locking slot


19 inch rack mount option

Catalyst 2960 Compact Switches

Meeting unique physical requirements of the office workspace,
conference rooms, and classrooms, and micro branch offices

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

8

Services and Warranty for

The Cisco Catalyst 2960 Series


Limited lifetime hardware warranty

Advance Replacement shipping within 10 business days

Guest access to Cisco.com


Ongoing Cisco IOS Software updates at no additional cost


Cisco SMARTnet
®

and SMARTnet Onsite Support

Around
-
the
-
clock, global access to the Cisco Technical Assistance
Center (TAC)

Access to the extensive Cisco.com knowledgebase and tools

Next
-
business
-
day advance hardware replacement (premium options
available for business
-
critical devices, such as 2
-
hour replacement and
onsite parts replacement and installation)


Cisco Smart Foundation Service (formerly SMB Support
Assistant)


Cisco Foundation Technology Optimization Service

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

9

Catalyst 3750
-
E Models


PoE and data only options


Any 3750
-
E model can be
connected with another through
StackWise Plus


3750
-
E models can be combined
in a stack with existing 3750
models in a mixed stack

48 10/100/1000T Ports w/POE + 2x 10GE

24 10/100/1000T Ports w/POE + 2x 10GE

48 10/100/1000T Ports + 2x 10GE

24 10/100/1000T Ports + 2x 10GE

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

10

Catalyst 3560
-
E Models


The 3560
-
E is for standalone
deployments


Similar features to the 3750
-
E, but
StackWise is removed

Same software features

Same PoE options

48 10/100/1000T Ports w/POE + 2x 10GE

24 10/100/1000T Ports w/POE + 2x 10GE

48 10/100/1000T Ports + 2x 10GE

24 10/100/1000T Ports + 2x 10GE

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

11

StackWise Plus


Speed improved to 64Gbps*


Supports local switching

Local packets do not traverse the stack


Intelligently forwards traffic over the
StackWise connection

Load Balancing

Quality of Service

Traffic Optimization


Backward compatible with the original
StackWise


Fault
-
tolerant, Bi
-
directional 64
-
Gbps stack
interconnection


Automated Configuration & Management


Single network instance (IP, SNMP, CLI,
Spanning
-
Tree Protocol , VLAN)


Master/secondary architecture with master
failover


Cross
-
Stack EtherChannel
®
, cross
-
stack QoS

* For typical traffic patterns, actual performance may be higher or lower

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

12

StackWise Plus Architecture

A

B

C

D

Local Switching



E

F

StackWise Plus

1

2

3

4

4

Destination switch
removes packets and
delivers them

2

Ingress Policing

3

Egress queuing and
load balancing

1

24 or 48 ports wire speed

No packets traverse
StackWise connections

StackWise Plus Ring

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

13

10 Gigabit Ethernet


Two 10GE uplink interfaces


Wire rate forwarding performance


Supported X2 Transceivers

LX4 (MMF
-

300m SMF
-

10km)

LR (SMF 10km)

SR (MMF)

CX4 (Copper)

ER (SMF 40km)


TwinGig Adapter converts an X2 interface into
dual SFP interfaces


All SFPs supported on 3750 platform are
supported with the TwinGig Adapter


TwinGig Adapters are hot swappable with X2
modules

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

14

Out of Band Management


Two management ports

RS
-
232 serial console port

10/100BASE
-
TX Ethernet port


Out
-
of
-
band management
supports Telnet, TFTP, and
SSHv2


One interface can manage the
entire stack of switches


If multiple out
-
of
-
band ports are
connected to different switches
in a stack, one is selected for
active use

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

15

Power

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

16

Field Replaceable Power Supplies

RPS 2450

24
-
Port Switch

48
-
Port Switch

24
-
Port PoE
Switch

48
-
Port PoE
Switch

C3K
-
PWR
-
265WDC

C3K
-
PWR
-
265WAC

C3K
-
PWR
-
750WAC

C3K
-
PWR
-
1225WAC

Power Supply

Cisco Catalyst
3750
-
E and 3560
-
E Series Switch
Type


Wide variety of power supply options

48 port POE, 24 port POE, and data only options

DC power available in every model for data only


With the RPS 2300, a power supply can be replaced
without powering down the switch

AC Supply

DC Supply

Switch with 1225WAC Supply

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

17

Redundant Power Supply


RPS 2300


Seamless failover from switch to RPS
when PS fails


Automatic back
-
off to switch when its
power supply returns


RPS and switches support dual AC
power circuits


Connect up to six switches


Two switches can be actively backed
up


Dual modular power supplies allow
the RPS to match the switches’
supplies


Field replaceable blower module

Backwards Compatible

Switches: 2950, 2960, 2970, 3550, 3560, and 3750

Routers: 2811, 2821, 2851, and 3825

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

18

Operations

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

19

IOS Software Feature Sets


Three IOS feature sets


IP Base

Layer 2 Forwarding

Base IPv6 Services

Basic Routing

Security


IP Services

Full EIGRP and OSPF Routing

Multicast Routing

Policy Based Routing


Advanced IP Services

IPv6 Routing

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

20

Cisco Catalyst

Intelligent Switching Infrastructure

Performance,

Availability

QoS

Security


Manageability

Intelligent Switching

is a Common Foundation of Capabilities

across Cisco
®

Catalyst
®

Switches


Wire
-
speed

forwarding


No performance

effect with all

services enabled


Layer 2, 3, 4
classification


Policing and shaping


Multiple queues


Granular control


Layer 2, 3, 4 access
control


Identity
-
based
authentication


Management security


Admission control


End
-
to
-
end manageability
for centralized
administration


Web
-
based or command
-
line interface (CLI)


Analysis and planning tools

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

21

Aggregation

Speed Mismatch

10 Mbps

1000 Mbps

LAN to WAN

10 Mbps

64 kbps

Where Congestion Exists, QoS is Required


Points of aggregation


Links and buffers


Points of substantial speed mismatch


Transmit buffers tend to fill (TCP windowing)


Buffering reduces loss, introduces delay

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

22

Cisco Catalyst Series

Extensive QoS Features

RX

Queue 1

Queue 2

Queue 3

Queue 4

Ingress


Police

Classify

TX

Ingress

Queuing/

Scheduling

Congestion

Control

Mark

S
2

Advanced Traffic Shaping and Scheduling


Four Queues per Port


Shaped Round Robin


Strict Priority Queuing

Admission Control


Prevent Network Congestion


Input and Output Policing
per Port

Traffic Classification and Marking for Differentiated Services

Per
-
Port or Individual/Aggregate Flow Classification and Rewriting of

MAC Address, 802.1p CoS/DSCP, IP Address, and TCP/UDP Port

Egress

Queuing/

Scheduling

Congestion

Control

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

23

WAN

Auto QoS

One Command per Interface to Enable and Configure QoS.

Modify Global and Interface Settings to Make QoS for VoIP Work.










Cisco
®

CallManager

Cisco Unity
®

Software

Voice
Applications

Voice

Gateways










© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

24


Phone VLAN = 110

Campus QoS Considerations

Trust Boundary Extension and Operation

1

Switch and Phone Exchange CDP; Trust Boundary Is Extended to IP Phone

2

Phone Sets CoS to 5 for VoIP and to 3 for Call
-
Signaling Traffic

3

Phone Rewrites CoS from PC Port to 0

All PC Traffic Is Reset to CoS 0

4

Switch Trusts CoS from Phone and Maps CoS



䑓䍐 景f 併瑰t琠兵eu楮i

“CoS 5 = DSCP 46


“CoS 3 = DSCP 24


“CoS 0 = DSCP 0


4

1

So I Will Trust Your CoS”

“I See You’re an IP Phone,

TRUST BOUNDARY

“Voice = 5,
Signaling

= 3


2

PC Sets CoS to 5 for All Traffic

3

PC VLAN = 10

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

25

Unauthorized
Switch

Enterprise
Server

Unauthorized
Switch

Cisco
®

Secure

ACS

Enterprise
Server

Mitigating Unauthorized Devices

Problem:


Well
-
intentioned users place
unauthorized network devices on the
network, possibly causing instability.

Solution:


Cisco Catalyst
®

Switches support
rogue BPDU filtering: BPDU Guard,
Root Guard

Incorrect
STP Info

BPDU Guard

Network Instability

Authorized
Switch

Authorized
Switch

Root Guard

Protecting Against Well
-
Intentioned Users

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

26

Secure Connectivity

Secure Shell (SSH) Protocol


SSH encrypts administration traffic during Telnet
sessions while configuring or troubleshooting
switches.

Secure Sockets Layer (SSL)


SSL encrypts network management traffic, allowing

the secure use of tools such as the Cisco
®

Network
Assistant.

SNMPv3 (with crypto support)


SNMPv3 provides network security by encrypting

administrator traffic during SNMP session to configure

or troubleshoot switches.

Kerberos


Kerberos authenticates users and network services
using

a trusted third party to perform secure verification.

Secure Copy


SCP provides a secure and authenticated method for
copying switch configurations or switch image files.
SCP relies on SSH.

Encrypted Data



© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

27

Securing Layer 2 from Surveillance Attacks

Cutting Off MAC
-
Based Attacks

Problem:


“Script Kiddie” Hacking Tools Enable
Attackers’ Flood Switch CAM Tables
with Bogus MAC Addresses, Turning
the VLAN into a “Hub” and Eliminating
Privacy


Switch CAM Table Limit Is Finite
Number of MAC Addresses

Solution:


Port Security Limits MAC Flooding
Attack and Locks Down Port and
Sends an SNMP Trap

00:0e:00:aa:aa:aa

00:0e:00:bb:bb:bb

Only 3 MAC
Addresses
Allowed on the
Port: Shutdown

250,000 Bogus
MAC addresses

per Second

switchport port
-
security

switchport port
-
security maximum 3

switchport port
-
security violation restrict

switchport port
-
security aging time 2

switchport port
-
security aging type inactivity

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

28

Voice (VLAN) aware Port Security


Scenario


IP phone + host on
same switch port


Port security & STP violations are
now VLAN/voice aware


Violations for the host only affect
“data” VLAN

Only affected VLAN is placed in
error disable state

Voice VLAN remains unaffected


Improves network availability

Si
Si
Si
Si
© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

29

DHCP Spoofing Attack

Problem:


Malicious user pretends to be the network
DHCP server.


Misconfigured user starts up a DHCP server
incorrectly.


Malicious user can send out bogus address,
deplete the address space, or spoof the

default gateway.

Solution


Do not trust user ports so
only DHCP requests can
be sent.


Snoop DHCP information
for integrity.

Rogue DHCP
O
ffer

IP: 10.1.1.20/24

GW: 10.1.1.1

DNS: 192.168.1.122

DHCP Discovery

Broadcast

Victim

DHCP

Server

User Ports

Untrusted

DHCP

Server



© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

30

DHCP

Client

DHCP

Server

Si
Si
Rogue Server

Trusted

DHCP Snooping Enabled

X

Untrusted



DHCP Snooping

What It Does:


Switch forwards only DHCP
requests from untrusted access
ports, and drops all other types

of DHCP traffic. DHCP
snooping allows only
designated DHCP ports or
uplink ports trusted to relay
DHCP messages. It builds

a DHCP binding table
containing client IP address,
client MAC address, port, and
VLAN number.

Benefit:


DHCP snooping eliminates

rogue devices from behaving

as the DHCP server
.

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

31

FlexLinks

L2 Redundancy


Achieve Layer 2 redundancy without
requiring STP (Spanning Tree
Protocol)


Access switches with backup links

to Distribution switches

deployed
as Flex link pair


Fast convergence upon forwarding

link failover

Sub 100msec cut over


Convergence time independent

of number of VLANs and MAC
-
addresses

Si
Si
Si
Si
Si
Si
Si
Si
Access

Distribution

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

32

Catalyst 2960

Cat6K

Cat6K

FlexLinks

L2 Redundancy

1.

Primary link
down detected
(24msec poll)

2.

Backup link
becomes the
active link

X

Active Link

Backup Link

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

33

Cat2960

Flexlink VLAN load balancing

Primary link
down detected

Backup carries
VLANs 60, 50, 20

X

Primary Link
-


Carries VLANs 60, 50

Backup Link
-

carries VLAN 20

gi2/0/8

gi2/0/6

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

34

Integrated Time Domain Reflectometer (TDR)

Layer1 Troubleshooting tool

TDR helps to determine:


The length of a cable


Whether the cable is correctly wired
internally (pin
-
to
-
pin wire mapping)


Whether the cable contains a short
circuit (wires touching each other
through damaged or missing insulation)


Whether the cable contains a broken
wire (called an “open”)


Whether the cable suffers from electrical
cross talk (interference).



CISCO
-
CABLE
-
DIAG
-
MIB

P

O

R

T

Cable

Fault

P

O

R

T

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

35

UniDirectional Link Detection (UDLD)

Protecting Against One Way Communication

Highly available networks require UDLD to protect against one way
communication or partially failed links and the effect that they could
have on protocols like STP and RSTP

Are
You
‘Echoin
g’ My
Hellos?

Si
Si
Si
Si
Primarily used on fiber optic
links where patch panel

errors could cause link up/up

with miss matched
transmit/receive pairs


Neighboring ports
should see their
own device/port
ID (echo) in the
packets received
from the other
side


Failing to receive
this information
indicates
misconfiguration
and the port is
error
-
disabled
.

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

36

CiscoWorks LAN Management Solution (LMS)


Simplifies and automates tasks associated with

day
-
to
-
day management

Taking inventory,
configuration, IOS software deployment and
troubleshooting.


Breadth of device support (over 400 Cisco
device types) provides a single application
suite for managing most Cisco
-
labeled
devices.


Provides detailed visibility of users, ports and
network connectivity

topology services, user
tracking, inventory.


Automates the change management process
quickly identifying hardware, software and
configuration changes

change audit reports.

LMS is a suite of applications designed to simplify
and augment the daily tasks required to manage
a Cisco end
-
to
-
end network

reducing total cost
of ownership and improving network availability.

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

37

Management Interfaces

Manages a single device


Web
-
based

HTML


Router, switch,

IP phone, wireless…


Web
-
based

Java

Cisco Catalyst Device Manager

Cisco Network Assistant

Manages a 40
-
device


network

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

38

Express Setup

1.
Power up the switch and hold the
mode button for a few seconds until
all the mode LEDs are green.

2.
Connect the PC into the Ethernet
port and launch the browser.

3.
Launch the Express Setup page by
entering the IP address of 10.0.0.1
in the browser.

4.
Assign the switch IP address and
management VLAN; enable the
secret password, (optional) Telnet
password, and SNMP configuration.


© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

39

Cisco Catalyst Device Manager


Embedded in the switch


View and configure a single switch using a web browser


Display switch trends, status, and port statistics


Integrated Smart Ports for simple port configuration

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

40

Cisco Network Assistant


Release 5.0


Multi
-
product, multi
-
technology management tool


Supports up to
40 devices

Switches, Routers and
Firewalls and
unlimited
IP
Phones and Access points


Interactive topology and front
panel views


Configuration, Monitoring,
Troubleshooting & Network
Optimization


Highlight your VLANs, Telnet
to devices, Drag
-
n
-
Drop IOS
upgrades


Localized in French, Italian,
German, Spanish, Chinese
and Japanese


Free

download

www.cisco.com/go/cna

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Presentation_ID

41