Cisco catalyst 4500
Group 4
Cisco Catalyst 4500
Contents
1
Overview
2
Hardware
3
Feature
4
Design guide
2
Cisco Catalyst 4500
1 – Over View Multitiered Networks: high-capability modular switch series can play multiple roles in the network such as access, distribution, and core. Secure unified communication: PoE, Inteligent services, Scalability Resiliency: Hardware resiliency, Software resiliency, Extensive security Simplified operation Deployment flexibility
3
Cisco Catalyst 4500
1 – Over View
Investment protection: Backware and forward compatibility, Investment enhancement, IPv4 & IPv6 Layer 3 Campus Backbone Minimize Spanning Tree and Use Routing Protocols Server Farm Attached to Campus Backbone 4
Cisco Catalyst 4500
2 – Hard Ware
Business Resiliency
5
Cisco Catalyst 4500
2 – Hard Ware
6
Cisco Catalyst 4500
Differences Between Catalyst 4500 Series Modular and FixedConfiguration Switches
7
Cisco Catalyst 4500
2- Hard ware Core Switches Cisco Catalyst 4506 or 4507R Switch with Supervisor-IV
Distribution Switches Cisco Catalyst 4503 Switch with Supervisor-IV
Access Switches Cisco Catalyst 4503 Switch with Supervisor-II-Plus-TS Cisco Catalyst 4506 with Supervisor-II-Plus Cisco Catalyst 3750 and 3550 Series
Server Farm Access Switches Cisco Catalyst 4948
Additional Network Elements
Cisco ISR (for WAN connectivity and firewall function) Cisco IP Phones Cisco Wireless Access Points Cisco CallManager 8
Cisco Catalyst 4500
3 - Feature Scalability Allows network growth by adding new line cards Support from 64 Gbps to 136 Gbps switching capacity and 96 to 384 Ethernet ports in a single Chassis Support up to 32,000 to 55,000 Unicast MAC entries and 16,000 Multicast MAC entries simultaneously Supervisor cards are interchanged to enable further switching robustness PoE: support for a broad range of PoE end device, incl 802.11n access point & up to 30W PoE per port. 9
Cisco Catalyst 4500
3 - Feature Scalability 10/100/1000 (BaseT) port density—12 (on the Supervisor), 60 with one line card (12 on the supervisor and 48 on the line card), 108 with two line cards (12 on the supervisor and 48 on each line cards). PoE port density—12 (on the supervisor), 60 with one line card (12 on the supervisor and 48 on the line card), 108 with two line cards (12 on the supervisor and 48 on each line card). (With PoE power supply) Uplink GigE (Optical) port density—8 on the supervisor (additional ports can be added using line cards) Switching and forwarding capacity—64 Gbps and 48 million packets per second layer-2 through Layer 4 switching
10
Cisco Catalyst 4500
3 - Feature High Feature Capacity Scalability of these intelligent network services is made possible with dedicated specialized resources known as ternary content addressable memory (TCAM). Ample TCAM resources (up to 192,000 entries) enable “high feature capacity,” which provides wire-speed routing/switching performance with concurrent provisioning of services such as QoS and security. This helps ensure scalability for today’s network requirements with ample room for future growth.
11
Cisco Catalyst 4500
3 - Feature Resiliency Harware resiliency: All critical components, such as supervisors, power supplies, fans, are redundant. Software resiliency: Subsecond supervisor switchover (SSO) and Cisco In Service Software Upgrade (ISSU) occur without drop IP calls Extensive security feature: Network disruptions from security threats are minimized
12
Cisco Catalyst 4500
3 - Feature High Availability
In Service Software Upgrade (ISSU) None-Stop Forwarding with Stateful Swithover (NFS/SSO) Control Plane Policing (CoPP) Hot Swappable Line cards High Feature Capacity
Security Access Security (Port Security, ACL, IEEE 802.1x, DHCP Snooping, DAI, IP Source Guard) on Access Switches Access Control Lists (PACL, VACL, RACL) on access and core/distribution switches
Manageability and Ease of use Auto QoS
13
Full Image In-Services Software Upgrade (ISSU)
Cisco Catalyst 4500
NSF/SSO Active/standby SUP are synchronized at all times Rapid SUP switchover in case of failure (<150ms) No interruption to packet forwarding Protection from HW/SW failure Layer 2 = Stateful Switchover (SSO) Layer 3 = Non stop Forwarding (NSF/SSO)
Cisco Catalyst 4500
Cisco Catalyst 4500
3 - Feature Security Security feature
Functional Description
Port Security
Restrict input to an interface by limiting and identifying MAC addresses of the workstations that are allowed to access the port.
ACL
ACLs allow a user to specify Access lists to filter traffic on a per Port, VLAN or IP Routed interface basis.
IEEE 802.1x
IEEE 802.1x is a client-server-based access control and authentication protocol that restricts unauthorized devices from connecting to a LAN.
DHCP Snooping and Option-82
DHCP snooping is a DHCP security feature that provides security by filtering un-trusted DHCP messages and by building and maintaining a DHCP snooping binding table. An un-trusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within the network. The Option-82 allows the access switches to add the origination port ID of the switch on the DHCP request to the DHCP server.
DAI
Dynamic ARP inspection (DAI) uses the binding information that is built by DHCP snooping to enforce the advertisement of bindings to prevent “man-in-the-middle” attacks. These attacks can occur when an attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entries in a communication association. DAI adds an extra layer of security to ARP inspection by verifying that the ARP packet’s MAC address and IP address match an existing DHCP snooping binding in the same VLAN.
IP Source Guard
IP source guard provides per port IP traffic filtering of the assigned source IP addresses by binding IP address to ports.
PVLAN
Allows multiple VLANs with Layer 2 isolation to exist within a single subnet. Provides security by preventing access to an entire network through a single server; also can save address space. 16
Cisco Catalyst 4500
3 - Feature Cost Effectiveness Support various types of network connectivity Upgrade the Supervisor Engines while reusing all the existing line cards instead of a forklift upgrade of the whole chassis. The Supervisor and Line cards are also shared across the various form factors of the Cisco Catalyst 4500 Series Switches.
17
Cisco Catalyst 4500
Server Farm Attached to Campus Backbone
A server farm consists of a logical group of networked servers that are usually housed in one location The server farms require high availability The Layer 2 design requires spanning tree to avoid flooding loops Root Guard, BackboneFast, UplinkFast, and LoopGuard needs should be considered for the network design and implementation 18
Cisco Catalyst 4500
4.- Layer 3 Campus Backbone The backbone layer is typically a collapsed core and distribution Use the Layer 3 protocols such as HSRP, IGP, and load balancing. Limits the flooding domain, eliminates spanning tree topologies
19
Cisco Catalyst 4500
4 – Design Guide The standard Cisco network architecture is a multitiered model: Access layer Distribution layer Core layer
20
Cisco Catalyst 4500
4-Design Guide: Minimize Spanning Tree and Use Routing Protocols
Help avoid broadcast loops and flooding in the campus network The Layer 2 flooding domain and VLANs are kept smaller for predictable and manageable network performance Use Per VLAN Spanning Tree [PVST] or Multiple Spanning Tree [MST] to optimize network link utilization
21
Cisco Catalyst 4500
4.2.3-Minimize Spanning Tree and Use Routing Protocols
Campus Backbone with Layer 3 Switching
22
Cisco Catalyst 4500
4 – Design Guide: Midsize Market Campus Network Deployment Scenarios
There are four common deployment scenarios based on the number of users in the network: Small Office—Up to 108 users Small to Medium Campus—Up to 250 users Single Building Medium Campus—Up to 500 users Medium Campus—Up to 1,500 users
23
Cisco Catalyst 4500
4 – Design Guide: Network Elements Access, Distribution, and Core switches Cisco Catalyst 4503 Switch with Supervisor-II-PlusTS
Additional Access Switches Cisco Catalyst Express 500 Series Switches (for 1020 additional Ethernet ports)
Additional Network Elements Cisco ISR (for WAN connectivity, firewall and call processing function) Cisco wireless access points Cisco IP phones 24
Cisco Catalyst 4500
4 – Design Guide: Small Office (up to 108 Users)
25
Cisco Catalyst 4500
4 – Design Guide: Small to Medium Campus (up to 250 Users)
26
Cisco Catalyst 4500
4 – Design Guide: Single Building Medium Campus (up to 500 Users)
27
Cisco Catalyst 4500
4 – Design Guide: Medium Campus (up to 1,500 Users)
28
Cisco Catalyst 4500
Thanks you very much!