44
© 2012 Cisco and/or its affiliates. All rights reserved. 1 Next Generation Campus Backbone Enabling BYOD and Collaboration Scott Hodgdon Technical Marketing Engineer

Next Generation Campus Backbone, Enabling BYOD and Collaboration

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 1

Next Generation Campus Backbone Enabling BYOD and Collaboration Scott Hodgdon Technical Marketing Engineer

Page 2: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 2

Application Performance Security Operational

Simplicity Multimedia Mobility IPv6 Cloud Connect

Page 3: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 3

a

15 billion new networked mobile

devices by 2015

3/4 of employees uses

MULTIPLE DEVICES for work

56% of information workers

spend time working OUTSIDE THE OFFICE

Page 4: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 4

Page 5: Next Generation Campus Backbone, Enabling BYOD and Collaboration

5 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 6: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 6

Lead with Catalyst 6500 Sup2T

Backbone

Lead with Catalyst 6500 Sup 2T

Distribution

Lead with Catalyst 4K / 3K

Access

Engineering Investments and Roadmap Follows Positioning

Lead with Nexus 7000

Backbone

Lead with Nexus 7000

Aggregation

Lead with Nexus 5000/2000

Access

Mobility/ BYOD

Security

Video Workload Mobility VM

10G/ Virtualization

Energy Efficiency

Page 7: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 7

User Access Control / Segmentation 802.1X / Easy Virtual Networks (EVN)

Video Intelligence Medianet

Wired / Wireless Convergence Wireless Controller Integration

Application Visibility Flexible NetFlow, NAM-3 (NBAR2)

Power over Ethernet UPOE, EnergyWise

Cloud Security and VM Awareness Nexus 1000v, VSG, ASA, 1000v

VM Mobility LISP, VXLAN, OTV

LAN / SAN Convergence Unified Ports, FCoE

Fabric Scale & Resilience FabricPath, vPC, Wire Speed 10/40/100G

Data Center Consolidation VDC, FEX, DCNM

Customer Requirements/Needs Ultimately Drive the Sale

Page 8: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 8

*Assuming Dell’Oro as a baseline for industry total modular

25%

Cat 6500E

Rest of Market

Investment surrounding Sup2T development

Compare with Tesla Motor’s $150M investment for first fully electric sports car

$200+ Million

$200+ Million Investment planned over next 3 years

alone Rich network services, Ethernet evolution, Lower TCO,

Investment protection

750,000+ Chassis Shipped 1.2 Million Supervisors Shipped 110 Million Ports Shipped 45,000+ Catalyst 6500 Customers

Page 9: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 9

Sup2T

WiSM2

NAM-3

ASA-SM

Fiber

High-Perf. Access

6824

6848

6848

6148 45AT

Copper Access

6904 FourX LR4 SR4

40G/Slot

80G/Slot

6816 6816

6908 6904

Page 10: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 10 Items in PURPLE are BYOD, Collaboration and Video enablers.

L2 MAC Table 96K 128K

Bridge Domains 4K 16K

TrustSec / SGT – Yes

VNET Trunk (EVN) – Yes

40G Interfaces – Yes

System Bandwidth 720 Gbps 2 Tbps

L3 Interfaces 4K 128K

NetFlow Table 128K/256K 512K/1M

Flexible NetFlow – Yes

Hitless ACL Updates 32K Yes

Medianet 2.2 – Yes

VPLS / A-VPLS Requires WAN Module

Yes (no WAN module)

VSS Quad Sup SSO – Yes

4X Scalability 3X Performance

Cisco Prime

New PFC4 Featuring Improved Levels of Performance and Scalability Along with New Enhanced Hardware Features

USB-Based Console Support

Connectivity Management Processor (CMP)

New MSFC5 Supporting Dual Core CUP and Single IOS Image

Improved Switch Fabric Providing 80G/Slot

Page 11: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 11

Supported

Special TMP Program for Upgrade

WS-F6K-DFC4-E

WS-F6K-DFC4-A

6148E, 6148A, 6148-SFP, 6196

NAM/-1/2/3, ACE20/30, WiSM-1/2 FWSM, ASA-SM

Not Supported (Use Sup720-10G or ASR for WAN)

Not Supported (ASA-SM to get IPSEC VPN)

Al

6704, 6724, 6748 with CFC

6708-10G Fiber

6716-10G/10T with DFC3

6704, 6724, 6748 with DFC3

61xx Series

Service Modules

WAN Modules

VPN SPA

Consult the Catalyst 6500 IOS Release Notes for the latest hardware support

Page 12: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 12

Next-Generation WiSM Blade: WiSM-2

Next-Generation NAM Blade: NAM-3

Next-Generation Firewall Blade: ASA-SM

Monitoring Performance Up to 15 Gbps

Capture to External Disk Up to 5 Gbps

Deep Packet Inspection NBAR-2 Support

HW Filters/Packet Captures Rapid Troubleshooting

64 Gbps System Performance 16 Gbps Performance/Service Mod.

10,000,000 Concurrent Sessions 300,000 Connections per Second

250 Security Contexts 1,000 VLANs

Performance 20 Gbps Access Points 500–1,000

Clients 15,000 Concurrent AP Upgrade/Joins Up to 500

Mobility, Domain Size Up to 18,000 APs

OS / Feature Parity with Appliances

Page 13: Next Generation Campus Backbone, Enabling BYOD and Collaboration

13 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 14: Next Generation Campus Backbone, Enabling BYOD and Collaboration

14 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 15: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 15

Monitoring and Troubleshooting

Security-Related Configuration

Initial Install, Config., and Testing

Upgrade of Older Equipment

Traffic Optimization

Other

0% 5% 10% 15% 20% 25% 30%

Source: The Total Economic Impact™ of Cisco Catalyst Access Switching, A Commissioned Study Conducted by Forrester Consulting on Behalf of Cisco Systems, January 2012.

On Average, How Do Your Network Administrators and Other Network IT Professionals Spend Their Time on Your Access (Edge) Switches?

Page 16: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 16

Simple New Install Example

TFTP, DHCP servers

CDP DHCP TFTP

Client

Director

Page 17: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 17

Automate End Device Installs •  Access Points, IP cameras, printers

Uncommon devices •  Cisco Best practices with built-in macros

Plug and Play for End Devices

Built-In Macros (with Best Practices) •  IP phones •  Access Points (LW and autonomous) •  Switches •  Routers •  Digital media players •  IP cameras Customizable for All Edge Devices •  Laptop, desktop, badge reader,…

End Device Classified On: •  CDP •  LLDP •  MAC OUI

Page 18: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 18

ISE Classifies End Device Using: •  CDP •  LLDP •  MAC OUI •  DHCP options

ISE Dynamically Configures Edge Port •  TLV to access switch with macro name

Built-In Macros •  IP phones •  Access Points (LW and autonomous) •  Switches •  Routers Digital media players •  IP cameras

Plug and Play for End Devices

Page 19: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 19

•  Automate operational activities done manually Scanning syslogs looking for network errors Collecting CDP information

•  Customize behavior of Catalyst switch Automatically apply workarounds (a.k.a. Fix bugs) e.g., Change interface configuration dynamically based on SFP type

•  Proactively manage events e.g., Send email on temperature threshold crossing e.g., Detailed statistics capture on CPU threshold crossing

•  It’s FREE !!

Page 20: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 20

Page 21: Next Generation Campus Backbone, Enabling BYOD and Collaboration

21 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 22: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 22

Cisco Catalyst Switch

Network Device

IP Phones Authorized Users

Guests Tablets

Monitor Mode •  Unobstructed access •  No impact on productivity •  Gain visibility Flexible Authentication Sequence •  Enables single configuration for most use cases •  Flexible fallback mechanism and policies

IP Telephony Support for Virtual Desktop Environments •  Single host mode •  Multihost mode •  Multiauth mode •  Multidomain authentication Critical Data/Voice Authentication •  Business continuity in case of failure

Page 23: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 23

Device Sensor Gleans into Protocol Data to Classify Endpoints Based on Device Type, User Identity, and Location

1

1

2 1 1

Corp PC Doctor Office

Personal Laptop Doctor Office

Personal Laptop Patient Hotspot

Smartphone Admin Office

IP Phone N/A Office

TelePresence N/A Conf. Room

Page 24: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 24

Radius accounting

Radius Probe

ISE

1

1 Device connects to the network

2

2 Switch collects info from control packets (CDP, LLDP, DHCP, MAC OUI)

3

3 Switch transmits device info to ISE via RADIUS Accounting messages

Notification is sent only if a change in device info is detected

4

4 ISE analyzes the data and identifies device using profile library & conditions

5

5

Policy (ACL, VLAN, SGT etc.) downloaded to switch

CDP LLDP

MAC OUI DHCP

Page 25: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 25

1

1

2 1 1

Corp PC Doctor Office

Personal Laptop Doctor Office

Personal Laptop Patient Hotspot

Smartphone Admin Office

IP Phone N/A Office

TelePresence N/A Conf. Room

Once Endpoints Are Profiled, ASP Applies Port Configuration Based on Predefined Rules

Page 26: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 26

1

1

2 1 1

Corp PC Doctor Office

Personal Laptop Doctor Office

Personal Laptop Patient Hotspot

Smartphone Admin Office

IP Phone N/A Office

TelePresence N/A Conf. Room

VLAN100

VLAN200

VLAN300

VLAN100

ACL 500

VLAN10

•  Does not require switch port ACL management

•  Requires topology redesign (IP address change)

•  Less disruptive to endpoints (no IP address change required)

•  Larger ACL TCAMs in the newest hardware

VLAN300

VLAN10

VLAN100 Routed Interface

VLAN300 Routed Interface

CDP LLDP DHCP MAC

VLAN100 VLAN100 VLAN200

ACL 500 permit tcp <src> <dst> eq sip Permit udp <src> <dst>eq domain Permit udp <src> <dst> eq tftp Permit udp <ssrc> <dst> eq 8080 ….

VLAN10 Routed Interface

ISE Maintains a Centralized View of Device Inventory and Policy Assignment

Page 27: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 27

•  Topology-based •  Manual configurations •  Error prone •  Unscalable •  Difficult to maintain

IT 3.1.1.1

Finance 2.1.1.1

Doctor 1.1.1.1

permit tcp any 200.1.1.1 eq https permit tcp any 200.1.1.1 eq 8081 deny ip all

permit tcp any 150.1.1.1 eq https permit tcp any 150.1.1.1 eq 8081 permit tcp any 150.1.1.1 eq 445 deny ip all

permit tcp any 100.1.1.1 eq https deny ip all

permit tcp 3.1.1.1 100.1.1.1 eq https permit tcp 3.1.1.1 100.1.1.1 eq 8081 deny ip 3.1.1.1 200.1.1.2

permit tcp 2.1.1.1 150.1.1.1 eq https permit tcp 2.1.1.1 150.1.1.1 eq 8081 permit tcp 2.1.1.1 150.1.1.1 eq 445 deny ip 2.1.1.1 150.1.1.1 permit tcp 2.1.1.1 200.1.1.2 eq https deny ip 2.1.1.1 200.1.1.2

permit tcp 3.1.1.1 100.1.1.1 eq https permit tcp 3.1.1.1 100.1.1.1 eq 8081 deny ip 3.1.1.1 200.1.1.2

permit tcp 2.1.1.1 150.1.1.1 eq https permit tcp 2.1.1.1 150.1.1.1 eq 8081 permit tcp 2.1.1.1 150.1.1.1 eq 445 deny ip 2.1.1.1 150.1.1.1 permit tcp 2.1.1.1 200.1.1.2 eq https deny ip 2.1.1.1 200.1.1.2

permit tcp 1.1.1.1 100.1.1.1 eq https permit tcp 1.1.1.1 100.1.1.1 eq 8081 permit tcp 1.1.1.1 100.1.1.1 eq 445 deny ip 1.1.1.1 100.1.1.2 permit tcp 1.1.1.1 100.1.1.2 eq https deny ip 1.1.1.1 100.1.1.2 permit tcp 1.1.1.1 150.1.1.2 eq https deny ip 1.1.1.1 150.1.1.2 permit tcp 1.1.1.1 200.1.1.1 eq https deny ip 1.1.1.1 200.1.1.1

permit tcp 1.1.1.1 100.1.1.1 eq https permit tcp 1.1.1.1 100.1.1.1 eq 8081 permit tcp 1.1.1.1 100.1.1.1 eq 445 deny ip 1.1.1.1 100.1.1.2 permit tcp 1.1.1.1 100.1.1.2 eq https deny ip 1.1.1.1 100.1.1.2 permit tcp 1.1.1.1 150.1.1.2 eq https deny ip 1.1.1.1 150.1.1.2 permit tcp 1.1.1.1 200.1.1.1 eq https deny ip 1.1.1.1 200.1.1.1

Page 28: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 28

IT 3.1.1.1

Finance 2.1.1.1

Doctor 1.1.1.1

•  Role-based •  Topology-independent •  Scalable •  Easy to administer •  One Policy

Doctors IMAP No Access File Share

IT Allow All SQL SQL

Finance IMAP Web No Access

Page 29: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 29

1

1

2 1 1

Corp PC Doctor Office

Personal Laptop Doctor Office

Personal Laptop Patient Hotspot

Smartphone Admin Office

IP Phone N/A Office

TelePresence N/A Conf. Room

Doctor

Patient

Admin

Doctor

Video

Voice

•  Simplifies ACL management •  Uniformly enforces policy independent

of topology or protocol •  Fine-grained access control

CDP LLDP DHCP MAC

Patient Record Internet Facility

Doctor Permit Permit Permit

Patient Deny Permit Deny

Voice Deny ACL_v Deny

ISE Maintains a Centralized View of Device Inventory and Policy Assignment

Page 30: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 30

Cisco TrustSec Domain

SGT SGT SGT SGT SGT

cts role-based permissions from 1110 to 3200 permit tcp dst eq 443 permit tcp dst eq 80 permit tcp dst eq 22 permit tcp dst eq 3389 permit tcp dst eq 135 permit tcp dst eq 136 permit tcp dst eq 138 permit tcp des eq 139 deny ip

Manual or Dynamic VLAN Mapping

VLAN 110 VLAN 120 VLAN 130

cts role-based sgt-map VLAN-list 110 sgt 1110

cts role-based sgt-map VLAN-list 120 sgt 1120 cts role-based sgt-map VLAN-list 130 sgt 1130

cts role-based sgt-map 192.168.10.0/24 sgt 10 cts role-based sgt-map 192.168.20.0/24 sgt 20 cts role-based sgt-map 192.168.30.0/24 sgt 30

Can Forward Existing SGT Traffic or Map

SGTs Manually

Identity Service Engine

Page 31: Next Generation Campus Backbone, Enabling BYOD and Collaboration

31 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 32: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 32

Typical causes of poor application performance : Bandwidth/capacity bottleneck Unauthorized use of network resource Security Monitoring Monitor Non-Corporate Devices

Campus Building A

1

2

3

2

3

4

Internet

Campus Building B

Campus Building C

1

1

2

2

3

4

Campus Core

2

Flexible NetFlow provides the application visibility needed to answer questions on the “who, what, when, where, how” of network activities in order to:

  Identify root cause easier, faster, more accurate   Assign problem ownership   Increase operational efficiency   Lower TCO

NOC

3

4

Page 33: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 33

Flexible Netflow

Increased customization by selecting the fields to match and collect for both IPv4 and IPv6

CPU Friendly Export

Optimal CPU utilization with Yielding Netflow Data Export, direct export from a module

Up to 13M Flows/ System

Bigger tables mean more entries per system, up to 13 million entries with a 13 slot chassis, giving you better visibility in your network

Sampled Netflow in Hardware

To optimize the Netflow tables utilization and minimize load on analyzers

Egress Netflow

Allow to use netflow after ingress lookup is done (NetFlow on CoPP)

Allow to account for multicast traffic per destination instead of per group

Sup2T Netflow

Page 34: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 34

•  Each flow monitor can export to multiple collectors (flow export)

•  Each flow monitor can be associate to one set of records (flow record)

•  Flow monitor attachment to interface is uni-directional, i.e. to monitor bi-directional traffic, need to apply for both ‘in’ and ‘out’ directions

Interface

Monitor 1 (Dir = ‘in’)

Record Set A

Exporter 1

Exporter 2

Monitor 2 (Direction =

‘out’)

Record Set B

Exporter 1

Exporter 1 IP = 10.0.0.1

Exporter 2 IP = 192.168.0.1

Record Set A Record Set B

Exporter

Record

Page 35: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 35

NDE increases export rate until threshold reached

Wait 5 seconds and then step up export rate again

When threshold reached, NDE quickly backs off export rate

CPU

30%

70%

Yielding NDE threshold CPU before NDE begins

Protect CPU with CPU Yield Netflow Scale Netflow with Distributed Export

Netflow Collector

EOBC

WS-X6848-TX-2T\2TXL

NetFlow Data

WS-X6908-10G-2T\2TXL

NetFlow Data

Supervisor

NetFlow Data

NetFlow Export

Page 36: Next Generation Campus Backbone, Enabling BYOD and Collaboration

36 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 37: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 37

•  Seamless Access Network Expansion

•  High-speed 64Gbps Bi-Directional Switching Stack-Ring

•  Single Logical Unit To Manage Nine Switches and 450 Ports

•  Centralized Control and Management Architecture

•  Reduces VLANs/Subnets •  9X Operational Simplicity

•  Distributed and Resilient Forwarding Architecture

•  Single Network Per Layer •  Deterministic Network

Operation With Non-Stop Forwarding

VSL

Page 38: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 38

•  All power supplies in the stack are used to form a common input power pool regardless their size, AC/DC source and location

•  Redundant mode option allows 1+n protection of the largest power supply in the stack, by reserving a portion of the input power pool

•  The remaining power pool is allocated to the power clients: the switches and PoE devices

•  In case of power line failure, power supply failure or power supply replacement, the input power deficit is backed up by the reserved power, allowing continuity to the allocated power budget and non-stop business communication

Input Power Pool

2865W

Power Budget

Allocated

Reserved 1100W

350W

715W

350W

1100W

350W

Power Failure

Power Failure

Find out more on whitepaper: Calculating Power for Cisco StackPower

Page 39: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 39

•  Simplified System Operation •  Single Neighbor and

Network Per Layer •  Simplified and Highly

Redundant Network Topologies

•  Optimized Network Design •  Double Switching Capacity •  Deterministic Application and

Network Performance

•  Complex Network Design and Operation

•  Underutilize Network Resource

•  Sub-Optimal Application and Network Performance

Page 40: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 40

Standalone Switch 1 (Coordinated Configuration)

! Enable 802.1d per VLAN spanning tree enhancements. spanning-tree mode pvst spanning-tree loopguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree uplinkfast spanning-tree backbonefast spanning-tree vlan 2,4,6,8,10 priority 24576!

! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address 10.120.4.3 255.255.255.0 no ip redirects no ip unreachables ! Reduce PIM query interval to 250 msec ip pim query-interval 250 msec ip pim sparse-mode load-interval 30 ! Define HSRP default gateway with 250/800 msec hello/hold standby 1 ip 10.120.4.1 standby 1 timers msec 250 msec 800 ! Set preempt delay large enough to allow network to stabilize before HSRP ! switches back on power on or link recovery standby 1 preempt delay minimum 180 ! Enable HSRP authentication standby 1 authentication cisco12

VSS (One Simplified Configuration)

! Enable 802.1d per VLAN spanning tree enhancements spanning-tree mode rapid-pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree vlan 2-11 priority 24576

! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address 10.120.2.1 255.255.255.0 no ip redirects no ip unreachables ip pim sparse-mode load-interval 30

Standalone Switch 2 (Coordinated Configuration)

! Enable 802.1d per VLAN spanning tree enhancements. spanning-tree mode pvst spanning-tree loopguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree uplinkfast spanning-tree backbonefast spanning-tree vlan 3,5,7,9,11 priority 24576!

! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address 10.120.4.3 255.255.255.0 no ip redirects no ip unreachables ! Reduce PIM query interval to 250 msec ip pim query-interval 250 msec ip pim sparse-mode load-interval 30 ! Define HSRP default gateway with 250/800 msec hello/hold standby 1 ip 10.120.4.1 standby 1 timers msec 250 msec 800 ! Set preempt delay large enough to allow network to stabilize before HSRP ! switches back on power on or link recovery standby 1 preempt delay minimum 180 ! Enable HSRP authentication standby 1 authentication cisco123

Spanning Tree Configuration

L3 SVI Configuration (sample for 1 VLAN)

Page 41: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 41

10GE

Si Si

LACP or PagP LACP

Monitoring Server

Access Switch or ToR or Blades

10GE

Si Si

LACP or PagP LACP

Monitoring Server

Access Switch or ToR or Blades

Simplified Network Design •  Spanning Tree and First-Hop

redundancy protocols eliminated •  Single touchpoint manageability

Double Bandwidth Utilization

•  With Active-Active Multichassis EtherChannel (LACP/ PagP)

•  1+1 Supervisor redundancy for dual-attached devices

Page 42: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 42

•  eFSU Provides Real-Time Dual-Chassis Software Upgrade. Reduces MTBF

•  Protects Network Services and Availability At Access Layer with Redundant Paths

•  Network impact ~1sec for entire upgrade process

VSL

•  Dual-Supervisor Requires Software Consistency

•  ISSU Provides Real-Time Single-Chassis Software Upgrade. Reduces MTBF

•  Protects Network Services, Capacity and Availability for Wired and WLAN End-Points

eFSU

Mismatch IOS Version During

Software Upgrade

ISSU

4500E 6500E

Page 43: Next Generation Campus Backbone, Enabling BYOD and Collaboration

43 © 2011 Cisco and/or its affiliates. All rights reserved.

Page 44: Next Generation Campus Backbone, Enabling BYOD and Collaboration

© 2012 Cisco and/or its affiliates. All rights reserved. 44