Architectural approach innovations

Local Edition

Architectural Approach –Innovations across Wired, Wireless, and WAN

Joel A. Cochran, CCIE# 5448

Product Manager, Market Strategy

Enterprise Networking Group

© 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco PublicLocal Edition

Agenda

• Introduction

• Industry Trends

• Unified Access Architecture

• Technology Enablers

• Summary

2

© 2014 Cisco and/or its affiliates. All rights reserved. 3

Before we begin…Discussion Time

• What challenges are you facing today?

• How many devices do you see on your network?

- What is growth rate of these devices?

• Do you have visibility of applications running on your network?

- If so, which application is most common in your network?

• What percentage of your network traffic is video?

• How much time are you spending troubleshooting?

• What’s the impact if your network goes down?

…In the end, it is not about features but how the solution will help overcome your challenges


Deliver an Uncompromised User Experience

on Any Workspace

I T R e q u i r e m e n t

Evolving User Workspace

Mobility• Seamless roaming• Optimal client performance• Cloud access/VXI

Video• Multicast streaming• Video conferencing• Reliable performance

BYOD• Secure access• Customized experience• Guest access


Wireless Standards – Past, Present, and Future

Early 2000 2002 2004 2006 2008 2010 2012 2014 2016

CL

IEN

TS

/ B

AN

DW

IDT

HMedia Rich ApplicationsPervasive Mission CriticalNice to Have

10Gbps

11Mbps

802.11n450 Mbps

802.11a, 802.11b11 Mbps

802.11g54 Mbps

802.11ac-11 Gbps

802.11ac-23.5 Gbps

Future


Unified Access

Unified Access

LAN/WLAN

LAN/WLAN

LAN/WLAN

BYOD, Unified Policy & Network

Management

Location,Application

Prioritization, High

Availability

802.3 Gigabit

Ethernet

802.11b Autonomous

Access Points

802.310 Gigabit

Ethernet and 13 Watt PoE

802.11abg, Controller-

Coordinated Access Points

802.325 Watt PoE and Energy

Efficient Ethernet

802.11abgn, Advanced RF Management

802.3100 Gigabit

Ethernet

Internet of Things,

Software-Defined Networks

1X Network Devices Than People

2X Network Devices Than People

5.0 GHz 2.4 GHz

802.340 Gigabit Ethernet

Gigabit Wi-Fi, Controller

as a Function

20151997 2012

Unified Access: IT Trends


IT Top of Mind

Is Your Network Ready?

Can I offer secure, mission critical wired/wireless access services?

2

Am I investing in an architecture future-proofed for scale?

3

1 How do I manage complexity toreduce costs?


Cisco Vision of Enterprise Network

The Intelligent Platform for a Connected World

Connecting People

Connecting Clouds

Connecting Things

Simple

Secure

LowerTCOSimple

Secure

LowerTCO


Traditional Overlay Network with Mgmt Applications

• Traditional deployment

Centralized WLC

Multiple mgmt apps

• Wireless traffic CAPWAP tunneledto WLC

Wireless ControlSystem

Access ControlServer

LAN MgmtSolution

Identity Mgmt

NACProfiler

GuestServer

InternalResources

Cisco Firewall

Cisco Access Point

Catalyst Switch

Corporate Network Internet

Cisco Wireless

LAN Controller


One Policy and One Management

• ISE and Cisco Prime simplify the management



LAN MgmtSolution

Identity Mgmt

NACProfiler

GuestServer

InternalResources

Cisco Firewall

Cisco Access Point

Catalyst Switch


One ManagementPrime

One PolicyISE

Cisco Wireless

LAN Controller


One Network Converged Wired / Wireless • Wired and Wireless

data traffic converge at the access.

• AP mgmt traffic separated fromdata traffic

• WLC - distributed,or centralized

• Enables scaling wireless devicesand bandwidth



LAN MgmtSolution

Identity Mgmt

NACProfiler

GuestServer

InternalResources

Cisco Firewall

Cisco Access Point

Catalyst Switch


One ManagementPrime

One PolicyISE

Cisco WirelessLAN Controller

Converged Access Mode• Integrated wireless

controller

• Distributed wired/wireless data plane (CAPWAP termination on switch)

One Network


Cisco Unified Access PortfolioRobust Converged Wired and Wireless Solution

Cisco Unified Access

Controllers and Access Switches

Access Points

Identity Services Engine (ISE)

Prime Infrastructure

One Policy

1600

Small-Mid Enterprise

2600

Feature-OptimizedEnterprise

3600

Mid-LargeEnterprise

3700 W/ HDX

High-DensityEnterprise

1530

LowProfile

1550

Larger Deployments

8500, 5760, 5508

WirelessControllers

Backbone Switches

Catalyst 4500

Converged Access Switches

Catalyst3650

Catalyst3850

One Network

MDM/MAM SIEM

Catalyst 6800Catalyst 6500Catalyst 2960-X

AccessSwitch

One Management


End-User Devices

Access Infrastructure

Management and Troubleshooting

IT Focus

Policy Enforcement

LAN Wireless Security

Wired Policies Wireless Policies Guest / VPN Policies

LAN Mgmt. Wireless Mgmt. Identity Mgmt.

Access SwitchAccess Switch Wireless Controller

Access Point

Wireless Controller

Access Point

Wired Devices Laptops Mobile Phones Tablets BYOD Growth

Before Unified Access

Access Point Access Point

Application Mgmt.


One Unified Access Security

Access Point

End-User Devices

Access Infrastructure

Management and Troubleshooting

IT Focus

Policy Enforcement

LAN Wireless

LAN Mgmt. Wireless Mgmt. Identity Mgmt.

Access SwitchAccess Switch Wireless Controller

Access Point

Wireless Controller

Wired Devices Laptops Mobile Phones Tablets BYOD Growth

With Cisco Unified Access

One Policy


One Management

Catalyst 3850One Network

IT Focus to Business InnovationsIT Focus on Business Innovation

Wired Policies Wireless Policies Guest / VPN PoliciesCisco ISE

Access PointAccess Point

Access Point

Application Mgmt.

IT

End-User

Simplified BYOD

Lower TCO

New Innovative Services

New Connected Experiences

Increased Productivity


What Technologies are critical in the network

• High Availability – because the network is mission critical

• Network Visibility and Control – Because one can’t control what one can’t see

• Scale / Performance – Always need for more speed and scalability

• Management – Need to do more with less resources. Work Smarter

• Security – Provide secured access any where, any place, any time


What Technologies are Critical in The Network

• High Availability – because the network is mission criticalHow to build a resilient network in the wired and wireless network






Access Points (AP)

• RF design to ensure single AP failure does not create WiFi hotspots

Resilient Infrastructure Design

Access Switching

•No architectural resiliency in this layer – ensure system level HA (SSO)

•Spread AP across stack-members/line-cards to avoid WiFi hotspots

•ISSU for hitless software upgrades

Backbone Switching

•VSS for Multi Chassis Etherchannel (MEC)

•Intra-Chassis: SSO, Multicast HA, EFSU

•Resiliency Protocols: Fast-UDLD, BFD, NSF, VRRP, HSRP, MPLS-HA

WLAN Controller

•AP and Client SSO for sub-second recovery

•No client re-authentication & on-boarding required


Cisco Confidential

Wireless Controller High Availability

Sub-Second Recovery of WLAN

WLAN Sub Second Recovery/Convergence

Client Application Session Maintained

1:1 SSO—AP Stateful

Switchover

L3 Network AP State Sync

N:1 Redundancy

L3 NetworkAP Failover

HA Controller

Primary Controller’s

AP SYNC

Primary Controller

HA Controller

(Release 7.5 ) 1:1 SSO—AP and *Client* Stateful

Switchover State Sync Over Any L2 Network

L3 Network

AP SYNC

AP and Client State Sync

Primary Controller

HA Controller

L2 Network

Client State SYNC

• Needs only 1 set of AP Licenses

• Fastest recovery time in the industry

• Seamless Recovery through

– Share security keys (PMK)

– Share RF information


Catalyst 3850/3650: Fixed Access High Availability

• Improved Stack Bandwidth:

•480 Gbps with spatial reuse (160Gbps on 3650)• Stateful Switch Over (SSO):

• Faster Convergence (vs 3750-X)

• Active-Standby model

• Central synch on Active Switch for Wired/Wireless• Tunnel SSO ensures AP & MA-MC

connectivity during failover

• Dual power supply with Power Resiliency

HA “pool of power” available to all stack members • Provides “Zero-footprint” RPS

Power supply redundancy without an RPS• Intelligent power shedding

Turn off low priority PoE devices in the event of apower supply failure

Stackwise-480 StackPower (Only on 3850)

Cisco Confidential Sub-Second Recovery of LAN


In Service Software Upgrade (ISSU)• Comprehensive, non-intrusive software upgrade

• Transparent to end users — no loss of user sessions

• Upgrades at anytime — even during business hours!

• Image Roll-Back < 200ms

Cisco ConfidentialSub-Second Recovery of LAN with In Service Software Upgrade (ISSU)

Redundant Power

Supplies

“Transparent” line card design

Dual Supervisors with SSO & NSF

Power Circuit Redundancy

Pwr Rail 1 Pwr Rail 2

X

Redundant Fans

Unique redundant uplinksAll uplinks (active & standby Sup.)

active, even when a Sup. fails

Lin

e C

ard

Lin

e C

ard

Lin

e C

ard

AC

TIV

E

STA

ND

BY

Redundant Supervisors

Sub Second ISSU

AC

TIV

E

Catalyst 4500E: Modular Access High Availability


Backbone Switching High Availability

Only onCatalyst 6500 and 6807-XL

Catalyst 6500 & 6807-XLCatalyst 6880

Catalyst 4500E/X

VSS

LACP or PagP LACP

MonitoringServer

Access Switch orToR or Blades

10GE

SSO Sync

VSS Quad-Sup SSODeterministic and Automated recovery

- Maximize throughput even after failure

- HA for single and dual attached devices

- Together with EFSU offers industry leading HA in campus backbone

100%

50%

Avai

labl

e Ba

ndw

idth

Time

200ms

Sup Failure

VSS Simplified Network Design

- Spanning tree and FHRP Eliminated

- Maximize b/w utilization with MEC

- Single touch-point manageability

- VSS with EFSU guarantees 50% b/w during s/w upgrades

Avai

labl

e Ba

ndw

idth

100%

50%

Time

Sup Failure

Maximize LAN B/W Utilization with Sub-Second Recovery


What Technologies are Critical in The Network


• Network Visibility and Control – Because one can’t control what one can’t see• Application Visibility & Control

• Flexible Netflow on wired

• Nbar 2 on wireless

• Bonjour Services





When Users Complain About Application Problem

Wireless Network Issue

Increased Latency

WAN Network Issue

Application Problem

Server Problem

User Problem

Your network is so slow I cannot

get any work done today

I do not see anything wrong

End Users

Network Admin

What users see What network admins see What can happen

ping – OKshow ip route - OKtraceroute - OKshow interface - OK


How Can My Network Infrastructure Help Me?Granularly identify the applications

Understand the user experience

Understand the network condition and capacity

Deliver consistent performance to critical applications

Maximize use of available resources

Control unwanted traffic


What do we want to monitor?

Traffic Statistics

•Application Usage per client IP/subnet/site•Top clients per application

Application Response Time•Per-application end-to-end latency•Application response time & transaction time•Application processing time•Top conversation per application

Media Performance•Per-stream jitter and packet loss•RTP conversations

URL Visibility

•Most visited web-site•Per-URL application response time


High

Med

Low

Reporting Tools

NFv9/IPFIX

Application Visibility and Control

Advanced reporting tool aggregates and reports application

performance

App Visibility & User Experience Report

Management Tool

Perf. Collection & Exporting

Collect application performance

metrics, and export to management tool

Identify applications using L3 to L7 information

ApplicationRecognition

Control application network usage to

improve application performance

Control

App BWTransaction

Time…

SAP 3M 150 ms …

Sharepoint 10M 500 ms …

What is needed

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ











High

Med

Low

Reporting Tools

NFv9/IPFIX

Application Visibility and Control

Advanced reporting tool aggregates and reports application

performance

App Visibility & User Experience Report

Management Tool

Perf. Collection & Exporting

ApplicationRecognition Control

App BWTransaction

Time…

SAP 3M 150 ms …

Sharepoint 10M 500 ms …

Cisco Prime Infrastructure

Unified MonitoringTraffic StatisticsResponse Time

Voice/Video MonitoringURL Collection

NBAR2Metadata

QoS (w/ NBAR2)PfR

Enabled Technologies












AVC (NBAR2) Across Cisco Portfolio

Branch Headend Campus

IOS 15.2(2)T1 IOS XE RLS 3.4S

ISR G2 ASR 1000 Cisco Wireless Controllers

7.4

Catalyst 65xx Series NAM Blade (NAM3)

NAM 2300 Series Appliance

Cisco Prime NAM for ISR G2 SRE

NAM Product Portfolio


Control withEEM Integration

Visibility

CapabilitiesBenefits

Flexible NetFlow - Unprecedented Application Visibility

Lower CAPEX• Better insight for capacity planning, network upgrade

Lower OPEX• Better service and user experience• Increased IT staff productivity

IP, PortsTCP

FlagsL2

MACL2

VLANUDP Flags

IPv6IP

OptionsMulticast …

Day0 Attacks

Detect Anomaly

Compliance

SLA

App. M&T

Capacity Planning

Mobility, Unified Communications, Network Virtualization

Flexible NetFlow

CampusBranch

Collector Ecosystem

• Unprecedented visibility w/ new L2~7 fields

• Scalable, flexible flow monitors

• On-box Customizable policy action w/ EEM

• Broad collector partner ecosystem

Available across Catalyst 6K/4K/3K, Wireless & Routing Portfolio


New Flexible NetFlow Solution

Non-Cisco Catalyst 4500E/3850

$50

$12

76%

Per Port Cost of Collector Application Solution with LeadingNetFlow Collectors


Bonjour Protocol

What is it?Bonjour is a discovery protocol used by Apple devices

• Relies on multicast DNS (mDNS, RFC 6762)

• Apple devices use 224.0.0.251 (IPv6 FF02::FB) to announce or discover services

CAPWAP Tunnel

Apple TVVLAN X

AP WLC L2 Switch

Anyone doing Airprint?

224.0.0.251

I do Airplay

224.0.0.251

VLAN X


Bonjour Protocol

So what are we really trying to solve?• 224.0.0.251 (IPv6 FF02::FB) is multicast…

• And cannot be routed (belongs to the ‘non-routable’ part of multicast,as per RFC 5771 defining multicast addresses)

– No cross-subnet discovery

CAPWAP Tunnel

Apple TVVLAN X

AP WLC L3 Switch

VLAN Y


In 8.0 you can create groups: users (roles and identity), devices, services

And then you decide how these groups interact

Bonjour Service ControlOrganize by using policies

Policy Components

Location Device Type

Student

Teacher

Admin

John

User-Role Identity

Bonjour Devices

WLC


Teacher Student

Location

Device Type

User-Role

Classroom

iPad

StudentTeacher

Bonjour Service Control

Policy Example


Open Discussion on Bonjour

• Are you using the Bonjour protocol?

• What are your typical deployments?

• What challenges do you see?

• How do you manage Bonjour advertisements on the wired?

• What would like to see from Cisco?





• Scale / Performance – Always need for more speed and scalabilityWireless driving higher scale requirements in your infrastructure




• >50% of enterprise traffic will originate on Wi-Fi by 2017

• 50% of all new Wi-Fi devices in 2014 will be 802.11ac capable (ABI Research)

• Wave 1 802.11ac has 5+ years of affectivity for Smartphones and Tablets

• Wave 1 802.11ac improves battery efficiency by 2X for Smartphones, Tablets, and Laptops

2007200319991997 20152013

802.11 802.11n802.11b 802.11a/g802.11acWave 1

802.11acWave 2

Std

Max

Pro

duct

M

ax

Typi

cal

Minimum

1 SpatialStream

3Spatial

Streams

8Spatial

Streams

2 G

iga

bit

E

the

rnet

Up

lin

ks

211

54

24

65

600

450

300

6900**

1300*

870*

290* 290*

6900**

3500**

2340**

**Assuming 160 MHz Is Available and Suitable

Gig

ab

it

Eth

ern

et U

pli

nk

1730** 2 SpatialStream

4Spatial

Streams

4SS Desktops

3SS Desktops / Laptops

2SS Laptops / Tablets

1 SS Tablets / Smartphones

*Assuming 80 MHz Is Available and Suitable

Gigabit Wi-Fi as Primary ConnectivityGigabit Ethernet as fallback


Cisco Aironet 3700 Access Point Series

Best-in-Class 802.11ac

with Integrated 802.11ac (4x4:3SS)

• Industry’s first 4x4 MIMO:3 SS 802.11ac AP

• 3X performance of 802.11n 5Ghz Wi-Fi • Higher performance at a greater distance

• RF Excellence enabled in hardware

• High Density Experience Technology • Higher Client density, scale and performance

• Future proofed design• Modular Architecture = investment protection• Security, 3G Small Cell or Wave 2 802.11ac

module options

*Assuming 160 MHz is available and suitable


Cisco AP Design

DRAM(512Mb)

CPU(800 MHz)

384 MHz CPU

Radio – 2.4GHz

4x4 Antennas for Reliability

On-Radio Cache for Speed

Competitor’s AP Design

DRAM(512Mb)

CPU(800 MHz)

Radio – 2.4GHz

Radio – 5GHz

3x3 Antennas

Cisco: Custom Radio Firmware with additional memory results in total capacity of 90,000 packets per second (because of Host CPU

and Radio CPU working together)

DRAM (128Mb)

512 MHz CPU

DRAM (128Mb)

Radio – 5GHz


Cisco Aironet 2700 Access Point Series

Enterprise Class 802.11ac

• Industry’s first 3x4 MIMO:3 SS 802.11ac AP

• 3X performance of 802.11n 5Ghz Wi-Fi • Higher performance at a greater distance

• RF Excellence enabled in hardware

• High Density Experience Technology • Higher Client density, scale and performance

• 2 Gig Gigabit Ethernet Uplink ports

*Assuming 160 MHz is available and suitable


802.11ac ready interference detection

PREDICTABLITY PERFORMANCE

Beam forming for 802.11a/g/n/ac

UNMATCHED SCALE

Optimized for high density performance

High Density Experiences = Solve for BYOD at Scale

CLEAN AIR CLIENT LINK

TURBO BOOST

n

n

AP

ac

ac

n

ac

High Density Experiences


Cisco Aironet 700W Access Point SeriesWall Mount, Dual Radio with 4 (four) integrated GbE ports

• Enterprise class RF performance, integrated antennas, Dual Radio 2x2:2

• 4x GbE local ports with 1x PoE out• Sleek design in a small form factor • Purpose-built bracket for ease of mounting

to numerous wall-box standards• Physical security enhancements: Torx

screw or Kensington lock• Designed for in-room Wi-Fi coverage –

Hospitality, Education, Multi-dwelling units

Near Future: Basic wired port management


Tomorrow Starts Here on the 3850 and 4500EUni f ied Access Data Plane (UADP) ASIC

F i r s t A S I C f o r W i r e d a n d W i r e l e s s Tr a f f i c P r o c e s s i n g

C i s c o O N E ( O p e n N e t w o r k E n v i r o n m e n t ) R e a d y

P r o g r a m m a b l e f o r f a s t f e a t u r e r o l l o u t


Tomorrow Starts Here on the 3850 and 4500EIOS-XE

D e c o u p l e s I O S c o m p o n e n t s f o r i n c r e a s e d e f f i c i e n c y

M o d u l a r a n d o p t i m i z e d f o r m u l t i -c o r e C P U s

D e s i g n e d t o h o s t 3 r d p a r t y a p p l i c a t i o n s l i k e W i r e s h a r k

S D N r e a d y


• Traditional Controllers can continue to terminate APs centrally and be used as MC for Converged Access switches

• Catalyst 3650/3850 can play the role of both MA and MC• Valid for Branch and small-medium campus type

deployments

• Distributing only the CAPWAP termination (MA) to the Catalyst 3850/3650 helps with:• Improved Scalability – larger mobility domains • Increased wireless bandwidth• Uniform wired/wireless policy enforcement

AP Capwap Tunnels Mobility Tunnels

ISE Prime

Access Points

Catalyst 3850/3650

Catalyst 3750

5760, 5508, WISM2 with SW upgrade to 7.5

MA

MC

Capwap Termination

Better Scale and Bandwidth with Converged Access Separation of MA and MC


Tbps

Gbps

Wireless Scalability with Converged AccessSmall Campus or Branch (192

users)

Total Wireless Bandwidth (Gbps)

Number of Switches: 4

UA 3850

46Employee Guest

Total Wireless Bandwidth (Tbps)

Campus (3840 users)

Number of Switches: 80

Future Proof ing your Network for 802 .11ac and beyond

Max scale without 5760 WLC: 250 APs,16k clientsMax scale with 5760 WLC: 72k APs, 864k clients


802.11ac Wave2 & Key Switch Requirements

Standard Compliant 10G Copper for >1G, Needs Cat6a minimum for 100m

POE+Cisco Innovation over 10GT Standard to support POE+

Maintain Switch to AP Length Reach100m of reach

Infrastructure Investment Protections Support Cat 5e cabling

Catalyst 3850Catalyst 4500E

Architected to see you through this transitionInvestment Protection: No Rip & Replace

Cisco-on-Cisco: No Infrastructure Upgrade


Catalyst Switches Built with Scale

Access Aggregation Core

Feature Catalyst

3850

Catalyst 4500E

(SUP8E)

Catalyst 6880

Catalyst 6807

Line Card Slots /

Boxes per stack

9 members / stack

8 Slots 4 Slots 5 Slots

Number of Ports (GE)

432 (GE) 384 (GE) 80 (10GE)240(GE) / 84 (10GE)

Switching Bandwidth

480G Stack + 56G

System928G 400G 400G

Slot Bandwidth

56G / per switch

48G 80G880G

Capable

IPv4 Routes

24K 256K 2M 1M

ACL Entries

3K 128K 256K 64K

Buffer 12MB 32 MB 72MB / port256MB /

port

Key Trends Requirements Catalyst Switching Scale

Mobility (802.11ac)

• Line-rate access• High density 10G in backbone

• 40G Wireless Bandwidth • 96 x 10G Ports

BYOD• ACL Scale to set policies per

user/device/location• VLAN/Route scalability

• 256K ACL Entries supported • 4K VLANs

User Experience

• High Bandwidth for application support

• Per port QoS Support

• 480G Stack Bandwidth• 8 Queues per port in HW

Collaboration• Multicast replication rate• Deep packet buffering to absorb

bursty traffic

• 1M Multicast Routes • 256MB of Packet Buffer

Infrastructure consolidation

(BMS)

• Access port scalability• Virtualization scale

• 432 GE Access Ports• 4K VRFs / VLANs

Security• High ACL Scale to set policies per

user• MACSec support in Hardware

• 256K ACL Entries• Line Rate MACSec in

Hardware

Application Visibility &

Control

• Netflow Support and ability to do Deep Packet Inspection

• QoS Support

• Flexible Netflow in HW, 1M flows support

Manageability • CPU Scale to support features like

PnP • Quad CPU Support

Catalyst 3K Catalyst 4500E Catalyst 6880 Catalyst 6807






• Ease of Use/Management – Need to do more with less resources. Work Smarter– Speeding Up Installations & Configuration

– Troubleshooting

– Simplified management across wired, wireless, and VPNs

– SDN / Openflow



Director – Catalyst 6K, 4K, or 3K

Access Switches

Smart Operations - Increase Productivity, Lower TCO

Sleep Sleep Sleep

Zero Touch Deployments and Maintenance

New Switch Connected• Software image

downloaded;• Wired + Wireless

Configuration automatically applied

• On-going Image Update and Configuration Back-up

Smart Install

New Device Attached• Port Configuration:

Applied• QoS Policy:

Enforced• Security Policy:

Enforced

Plug and Play for End Devices

Auto Smart Ports

Anomaly Detected• Packet Capture for Wired

and Wireless• Proactive diagnostics• Real time Alerts• Web-based reports• Routed to TAC team

Monitor & Troubleshoot

Smart Call HomeIPSLA, WireShark

• Ability to take custom actions based on syslogs/triggers

• Enhanced Flexibility and control

Control Your Network

EEM, XML Programmability

• EEE ready• Energywise – Time of

the day policy based on/off of access devices

• 0 $ SKUs for energy management

Reduced Energy Consumption

Energywise and EEE

Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases


Optimize Troubleshooting with Wireshark

• Built-in packet sniffer for remote troubleshooting

• Real-time packet capture and decode for wired/wireless*

• Capture and Display Data and Control Packets

• PCAP Storage options SD card or USB

*Roadmap H2CY14 on Sup8E

Switch# show monitor capture file bootflash:nflow.pcap detailedFrame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal<..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits)<..SNIP..> [Protocols in frame: eth:ip:udp:data]Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)

CLI Packet Capture


What Does Cisco EnergyWise Suite do?

Note: No facilities focused interfaces to building management systems (BMSs); enabling BMS partners to reach into IT assets

Energy Intelligence • Energy cost• Energy use• Energy reduction• Carbon emissions

• Date and time• Location cost center• Energy-use simulation• ROI modeling

SEE

Measure

Manage

IT EnergyManagement

On-premises and cloud-based software for IT energy management

Cisco EnergyWise™: Energy management based on Cisco IOS® Software

1 2

• Software for energy management and analytics focused on IT assets

The network: Routing, switching, and access points

Distributed enterprise networks: PCs, Macs, VoIP phones, copiers, printers, etc.

Data centers: Physical and virtual servers, routers, switches, storage, etc.

• Use the network to measure, monitor, and manage energy.

• Allow the network to be the command and control plane for power management

• Use the Cisco® switch or router as the arbiter or timer for energy management

• Use the network to aggregate power-use reporting

• Allow the network to provide secure, reliable energy management


Time-Based Data Center Location BasedEvent Based

Example: Example: Example: Example:

Power management of devices VoIP phones , PCs , printer servers, etc. based on work patterns

• Response to external triggers: Respond to energy events with policies

• Systems management: Integration with systems management tools and user-authentication events

• Smartphone location coupled with badge management app

• Access control triggers office environment to power on

• Data center infrastructure management

• Capacity management of power and device lifecycle in data centers

• Ties physical to logical environment

What Does Cisco EnergyWise Suite Do?


PnP – Solving the Scale Issue

Good News!!!

Refresh Switches have arrived

Bad News

Rack and Install process begins

Good News!!!

Smart Install is on the team!!

Solving the repetitive tasks!!


Network Deployment – Challenges

Direct Costs• Shipping and preparing costs for staging• Travel costs of IT staff or hiring of highly

skilled installers at branch locations

Complexity• Copy-pasting configs results in errors• Different products - Routers, switches,

Wireless need to be handled

Security• Configs with sensitive info handled by 3rd

party• Rouge devices joining the network• Unavailability of trusted partners, installers

Time/Productivity• Manual process X number of devices X

locations, slows deployment• Additional shipping and staging results in

longer lead time for 1st day of operational network

Today’s Process Business Challenges

Site-1

IT Admin Customer Staging facility• Install OS• Install base config

Installer

Ships Equipment

Re-Ships equipment

Reseller/Partner

Site-2 Site-3


Next Gen Plug and Play Solution :Customer experience overview

Pre Provision Projects/Sites• Policies• Match Rules • Configs/Image• IP Addressing

IT Admin

Site 1Installer

1

23

PnP Server

IT Admin

Unskilled Installer Connects Device on-site

Under the Hood1. New device is pre-provisioned in PnP

server2. Installer connects the cables and

powers on the device3. Device discovers PnP server and

sends it’s SUDI certificate4. PnP server authenticates the device.

A secure communication channelis created

5. PnP server sends the right configuration, image, licenses andfiles to the device

6. Device reloads executes post install actions (script or CLI)

7. Install success/failure notifications are sent by the PnP server as needed.

IT Admin Checks Status


Cloud PnP Redirection

Service

4

PnP App for Installer

2

Next Gen Plug and Play Solution :Architecture


ENG Controller

Third PartyApplications

Internet

3G/4G access to NOC

PnP Agent1

PnP Server in DMZ (PnP gateway + UX)

3

Options for PnP Server

Console/Bluetooth access to device

Unskilled Installer

GUI Based

Consistent for devices & PIN(Campus/Branch)

SecureRMA Use

CaseGreenfield

& Brownfield


Auto Smartports –What It Is

Auto Smartports: Dynamically Configures Ethernet Ports Based on the Device Type Detected

Problems? Solutions

Manual configuration of every port• Devices move

Configuration moves with device

Wasted Ports – pre-configured dedicated interfaces and no device

Interfaces in ready state waiting for adevice to attach.• More efficient use of valuable ports

Unsure how to mix multiple features together Cisco Best Practices for mixing interfacelevel configurations

Not knowing what is connected• Which interface has the printer?

Device classification. What is attached onevery interface


Challenge: Managed Nodes Explosion

• 94 Total Devices for Image and Configuration Management

• 168 Access Trunks/Port-Channels

• 4032 User Ports

Considerations:• STP Loop Prevention• FHRP Tuning• CAM/ARP Tuning• PIM Tuning/DR priority• Routing Protocol Tuning

• 94 Separate Configurations of SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname

SiSi SiSi

SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi

Building 1 Building 2 Building 3 Building 4

Core


Benefits

Operational Simplicity with Catalyst Instant Access

RE

DU

CE

D T

CO

A Single Image to deploy and manage across Distribution POD

Agile Infrastructure to add new features uniformly across Access Layer

Highly Fault Tolerance with Quad-Sup-VSS SSO

Consistent Features at Access

Single Point Of Management, Configuration and troubleshooting

Cisco Prime Managed Devices =

20+Managed Devices = 1

ISE

1000 Port Campus Distribution POD

SiSi SiSi


One Management with Cisco Prime Infrastructure

Integrated Wired/Wireless Lifecycle and Assurance Management

• Regulatory and best practice policies

• Automated audit and reporting

• Centralized remediation

PrimeInfrastructure

User Productivity

Regulatory & Operational Compliance

Operational ProductivityUser, Site & App Experience

• Application performance visibility

• User & site-level visibility

• Proactive monitoring

• Real-time troubleshooting

• “Prime 360” diagnostic views

Automated Best Practices

• Wired/wireless, Branch/WAN

• Integrated lifecycle

• Cisco best practices built in

• “Day 1” device support


Many Purpose-Built Architectures

SWITCHING, ROUTING, WIRELESS

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Unique Services

Purpose-Built ASICs

IOS Variants

Custom HW

Multiple Products on Common Architecture

SIMPLE, SECURE, REDUCED TCO

UADP and USCP ASIC

Standard Platforms

Common Services

IOS-XE

Cisco ONE Architecture

AGILE SOFTWARE MODEL

Software-Defined Services

Management and Policy

Standard Platforms

UADP and USCP ASIC

IOS-XE

Cisco ONE

Yesterday Today Tomorrow

Cisco's Enterprise Networks Strategy for SDN


Introducing:Cisco ONE Enterprise Network Controller

• Open Daylight SDNController Architecture

• Consistent API to all Cisco Controllers

• North: RESTful, OSGI

• South: CLI, OpenFlow, OnePK

• Runs on Any Physical x86 or Virtual Server

• Offered as Software Solutionor Dedicated Appliance

• New Agile Continuous Integration Model

Physicalor Virtual

Open

• No Programming Skills Required

• Simplify Complex/Tedious Configuration Tasks

• Integrated Analytics and Business Intelligence

• Greenfield and Brownfield Networks (CLI)

• Supports Catalyst Switches, ISR and ASR Routers

Investment Protection

Easy

Mask Network Complexity, Expose Network Intelligence


Cisco ONE Platform Enabling Fast IT

Physical and Virtual

Common Policy Engine

Network WideSecurity and

Services

Investment Protection

Flexible Licensing

CISCO ONE PLATFORMConsistent Policy-Based Management and Security

DC

Cisco Application Policy Infrastructure Controller (APIC) Cloud InterCloud

Northbound APIs (ONE DevKit)

WAN

Southbound APIs (OpenFlow, onePK, CLI)

NEW

NEW

ACCESS

NEW

DC Module Enterprise Module NEW


•Easy QoS

•Follow Me QoS

•Compliance Assurance

•Network-Wide Rapid Threat Detection and Mitigation (Sourcefire)

•ACL Management Automation

QoSProvisioning

Solving the Most Pressing, Complex and Tedious IT Problems

•Automated Performance Routing (PfR) Configuration

•Automated WAN Policy Compliance Assurance

QoS

SecurityAutomation

IWAN: Path Optimization

Cisco APIC - Enterprise Module :Initial Deployment Scenarios


Effective Management

Exceptional Control

Comprehensive Visibility

• Data Center• Intranet• Internet• Security Zones

• Remote VPN• Wireless/Guest• Employee• VM Client• IP Devices

Identity andContext Aware Infrastructure

One Policy with Identity Services Engine (ISE)Securely Enables Your Business and BYOD with Policy-Based Access Control

Leverage Network to Secure AccessYour Critical Resources

• Policy-Based Access Control

• Enforcement through: VLANs, Access Control Lists,Secure Group Tags, MACSec Encryption

Centralized Managementof Secure Access Services and Scalable Enforcement• ISE enables centralized management and enforcement

• Security Group Tags managed by user type,regardless of IP address or location

BYOD - Comprehensive Contextual Awarenessof the Who, What, Where, When, How

with flexibility, monitor mode, and support for VDI

• Guest Access• Profiling• Posture• WebAuth

• MAC Auth Bypass


Summary

• Trends impacting your network– BYOD

– Mobility

– Video

• Critical Technologies to enable your network– High Availability – because the network is mission critical

– Network Visibility and Control – Because one can’t control what one can’t see

– Scale / Performance – Always need for more speed and scalability

– Management – Need to do more with less resources. Work Smarter

– Security – Provide secured access any where, any place, any time


Technologies Critical in Your Network







Industry LeadershipMarket Leadership

Cisco Unified Access = Market Leadership

• 20+ years of market share leadership

• 400,000+ mobility customers

• 1,000,000+ switch customers

• Broadest mobility portfolio in the industry

• Broadest switching portfolio in the industry

• 95% Fortune 1000 have selected Cisco

• 10+ years of Gartner MQ leadership

• Leader in new Unified Access Gartner MQ

• Ongoing IEEE, IETF, Wi-Fi Alliance leadership

• Largest patent portfolio in the industry

• Largest development team in the industry

• FIPS, Common Criteria, PCI-certified

Local Edition

Architectural approach innovations

Technology

11acap 3x

fi higher

11n 5ghz wi

scale performance

network high

cisco energywise

application

collection