Download  Print this page

Cisco Catalyst 6500-E Series Manual

Switch as the backbone of a unified access campus architecture
Hide thumbs

Advertisement

Guide
Cisco Catalyst 6500-E Series
Switch as the Backbone of a
Unified Access Campus
Architecture
Guide
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 28

Advertisement

Table of Contents
loading

  Also See for Cisco Catalyst 6500-E Series

  Related Manuals for Cisco Catalyst 6500-E Series

  Summary of Contents for Cisco Catalyst 6500-E Series

  • Page 1 Guide Cisco Catalyst 6500-E Series Switch as the Backbone of a Unified Access Campus Architecture Guide © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 28...
  • Page 2: Table Of Contents

    ................. 24 OSPF Nonstop Routing ............................26 Virtual Switching System (VSS).......................... 26 Multichassis EtherChannel..........................26 Quad-Supervisor SSO............................ 27 Conclusion ................................28 © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 28...
  • Page 3: Overview

    2600 and 3600 Series Access Points. These connect to (from left to right) access layer switches from the Cisco Catalyst 3850, 4500-E, and 3750-X Series of switches. The Cisco Catalyst 3850 is a new concept in switching, offering converged wired and wireless in a single platform so that organizations can scale the wireless infrastructures that will be needed to support the proliferating BYOD requirements that are emerging in the industry.
  • Page 4: Services Integration

    The Cisco Catalyst 6500-E with Supervisor Engine 2T is capable of supporting up to 4 terabits per second of data forwarding in a virtual switching system (VSS) configuration while maintaining a level of availability that can deliver 99.999 percent uptime to make sure of operational continuity. The Supervisor Engine 2T supports advanced features that allow an organization to build a highly scalable, secure, converged wired and wireless campus network.
  • Page 5: Application Security Appliance Service Module (Asa-Sm)

    Campus Wireless Deployment Scenarios In the hybrid deployment model, an organization will have a mix of Cisco Catalyst 3850 Series (shown as the two switches on the left) in addition to Cisco Catalyst 4500-E (shown) or 3750-X Series in the access layer. This could be in a network where there is a mix of highly mobile users, who will need some of the advanced capabilities of the Cisco Catalyst 3850 Series, and back-office users, who will be more stationary and will not need those services.
  • Page 6: Network Analysis Module 3 (Nam-3)

    If you have ever been to a Cisco office and requested access to the wireless network, this is how it is done. The wireless infrastructure presents different Service Set Identifiers (SSIDs) based upon user type. After the user is associated and authenticated, that user is placed into a virtual LAN (VLAN) for that user alone, with Virtual Route Forwarding (VRF)and firewall context to maintain isolation between the two groups.
  • Page 7: Smart Operations

    BYOD, video, and collaboration. Smart Operations Cisco Catalyst Smart Operations are a set of tools, capabilities, and management applications that network administrators can use to simplify deployment, management, and troubleshooting of the unified access campus architecture.
  • Page 8: Smart Install

    If a Cisco IOS Software upgrade of existing switches is needed, the director can push down a new software version to a single client or to all clients in a group (for example, all Cisco Catalyst 3850 switches).
  • Page 9: Generic Online Diagnostics (Gold)

    BYOD, video, and collaboration. The Cisco Catalyst 6500-E with Supervisor Engine 2T meets this requirement through the support of the Embedded Event Manager (EEM). Cisco IOS Software EEM is a powerful and flexible subsystem that provides real-time network event detection and onboard automation that gives the network administrator the ability to adapt the behavior of network devices to align with their business needs.
  • Page 10 EEM supports more than 20 event detectors that are highly integrated with different Cisco IOS Software components to trigger policies in response to network events. These policies are programmed using either a simple (CLI or a scripting language called Tool Command Language (Tcl). Figure 8 shows the EEM architecture and operational model.
  • Page 11: Security

    Security Group Access Control Lists (SGACLs) The Cisco Catalyst 6500-E with Supervisor Engine 2T can act as both a security group tag (SGT) imposition point and an SGACL enforcement point. SGTs are usually applied at the access layer of the unified access campus architecture, using an ISE to assign the tags based on user authentication, device profiling, or a combination of the two.
  • Page 12 SGTs at the Access Layer Figure 10 shows how the Cisco ISE can communicate with the access layer switch to apply SGTs based on user and device type. After the SGTs are assigned by the access layer switch, the Cisco Catalyst 6500-E with Supervisor Engine 2T can enforce the access policies that the network administrator configures in the Cisco ISE.
  • Page 13 To support Cisco TrustSec Layer 3 SGT transport, the Cisco Catalyst 6500-E with Supervisor Engine 2T that will act as a Cisco TrustSec ingress or egress Layer 3 gateway must maintain a traffic policy database that lists eligible subnets in remote Cisco TrustSec domains as well as any excluded subnets within those regions. You can configure this database manually on each device if they cannot be downloaded automatically from the Cisco ISE.
  • Page 14: Network Device Admission Control (Ndac)

    The Cisco Catalyst 6500-E with Supervisor Engine 2T supports the NDAC capability as part of its support of the broader Cisco TrustSec suite of features. Using NDAC, Cisco TrustSec authenticates a device before allowing it to join the network, thereby making sure that no unauthorized devices are plugged into the backbone of the unified access campus architecture.
  • Page 15: Easy Virtual Networks (Evns)

    ISP network, and yet the need for data integrity and security is the same as if the locations were on the same physical campus. For these cases, the Cisco Catalyst 6500-E with Supervisor Engine 2T offers the ability to pass 802.1AE MACsec encrypted traffic across a provider’s Multiprotocol Label Switching (MPLS) backbone, as seen in...
  • Page 16 With Cisco IOS Software Release 15.0(1)SY1 and newer software, the Cisco Catalyst 6500-E with Supervisor Engine 2T supports the EVN feature. EVN simplifies deployment and management of MPLS VPNs and VRF-Lite to allow network administrators to more easily and quickly adopt these technologies, which can sometimes seem daunting to implement.
  • Page 17: Control Plane Policing (Copp)

    (QoS) CLI (MQC) to provide filtering and rate-limiting capabilities, enforced by the PFC4 and DFC4, for the control plane packets. Figure 18 shows the operation of CoPP with the Supervisor Engine 2T. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 17 of 28...
  • Page 18: Application Visibility And Control

    All of the previously highlighted security features demonstrate why the Cisco Catalyst 6500-E with Supervisor Engine 2T is the best choice for the backbone of the unified access campus architecture. When it comes to the...
  • Page 19: Mini-Protocol Analyzer (Mpa)

    The Cisco Catalyst 6500-E with Supervisor Engine 2T supports a wide array of features that enable the network administrator to gain the necessary visibility into the network to make sure of delivery of a consistent end-to-end user experience.
  • Page 20: Flexible Netflow (Fnf)

    The monitoring of IP traffic flows increases the accuracy of capacity planning and makes sure that resource allocation supports organizational goals. The Cisco Catalyst 6500-E with Supervisor Engine 2T supports Flexible NetFlow with Cisco IOS Software Release 12.2(50)SY and newer. The gathering of flow information is done by all forwarding engines (PFC4s/DFC4s) individually for both IPv4 and IPv6 traffic, allowing the system to collect up to 13 million flow entries in a 6513-E system.
  • Page 21 If an entry is not unique, then no new entry is created, and the existing entry is updated. Figure 22 shows an example of this operation. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 21 of 28...
  • Page 22: Medianet

    Cisco Medianet is an end-to-end architecture for a network including advanced, intelligent technologies and devices in a platform optimized for the delivery of rich-media experiences.
  • Page 23: Performance Monitor

    Performance Monitor Cisco Performance Monitor provides the ability to monitor the flow of packets in the network and to become aware of any issues that might affect the flow before it starts to significantly affect the performance of the application in question.
  • Page 24: Resiliency

    BYOD, video, and collaboration means that the infrastructure must achieve the highest possible level of availability and reliability to guarantee that these applications function properly. The Cisco Catalyst 6500-E with Supervisor Engine 2T delivers more resilient capabilities than any other backbone platform.
  • Page 25 NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of Cisco NSF is to prevent an unnecessary change in the routing topology as a result of a control-plane failure.
  • Page 26: Ospf Nonstop Routing

    OSPF Nonstop Routing Starting with Cisco IOS Software Release 15.1(1)SY and newer, the Cisco Catalyst 6500-E with Supervisor Engine 2T supports the OSPFv2 Nonstop Routing (NSR) feature, which increases the availability of any infrastructure running OSPFv2 (OSPFv3 NSR will be added in a later code release).
  • Page 27: Virtual Switching System (Vss)

    As a result, the access layer can form what it thinks is a regular EtherChannel with the backbone switch. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 27 of 28...
  • Page 28 Supervisor Engine 2T can be replaced. How long that will be depends ® on whether or not a replacement is on site, how far away the site is, what the Cisco SMARTnet Service contract replacement details are, and so on.
  • Page 29: Conclusion

    The trends of BYOD, video, and collaboration are forcing IT organizations to rethink how they architect their infrastructures. The proliferation of wireless devices and speeds in the enterprise is causing a shift in how Cisco approaches the design of a campus network, moving toward a converged wired/wireless architecture referred to as a unified access campus architecture.