2600 and 3600 Series Access Points. These connect to (from left to right) access layer switches from the Cisco Catalyst 3850, 4500-E, and 3750-X Series of switches. The Cisco Catalyst 3850 is a new concept in switching, offering converged wired and wireless in a single platform so that organizations can scale the wireless infrastructures that will be needed to support the proliferating BYOD requirements that are emerging in the industry.
The Cisco Catalyst 6500-E with Supervisor Engine 2T is capable of supporting up to 4 terabits per second of data forwarding in a virtual switching system (VSS) configuration while maintaining a level of availability that can deliver 99.999 percent uptime to make sure of operational continuity. The Supervisor Engine 2T supports advanced features that allow an organization to build a highly scalable, secure, converged wired and wireless campus network.
Campus Wireless Deployment Scenarios In the hybrid deployment model, an organization will have a mix of Cisco Catalyst 3850 Series (shown as the two switches on the left) in addition to Cisco Catalyst 4500-E (shown) or 3750-X Series in the access layer. This could be in a network where there is a mix of highly mobile users, who will need some of the advanced capabilities of the Cisco Catalyst 3850 Series, and back-office users, who will be more stationary and will not need those services.
If you have ever been to a Cisco office and requested access to the wireless network, this is how it is done. The wireless infrastructure presents different Service Set Identifiers (SSIDs) based upon user type. After the user is associated and authenticated, that user is placed into a virtual LAN (VLAN) for that user alone, with Virtual Route Forwarding (VRF)and firewall context to maintain isolation between the two groups.
BYOD, video, and collaboration. Smart Operations Cisco Catalyst Smart Operations are a set of tools, capabilities, and management applications that network administrators can use to simplify deployment, management, and troubleshooting of the unified access campus architecture.
If a Cisco IOS Software upgrade of existing switches is needed, the director can push down a new software version to a single client or to all clients in a group (for example, all Cisco Catalyst 3850 switches).
BYOD, video, and collaboration. The Cisco Catalyst 6500-E with Supervisor Engine 2T meets this requirement through the support of the Embedded Event Manager (EEM). Cisco IOS Software EEM is a powerful and flexible subsystem that provides real-time network event detection and onboard automation that gives the network administrator the ability to adapt the behavior of network devices to align with their business needs.
EEM supports more than 20 event detectors that are highly integrated with different Cisco IOS Software components to trigger policies in response to network events. These policies are programmed using either a simple (CLI or a scripting language called Tool Command Language (Tcl). Figure 8 shows the EEM architecture and operational model.
Security Group Access Control Lists (SGACLs) The Cisco Catalyst 6500-E with Supervisor Engine 2T can act as both a security group tag (SGT) imposition point and an SGACL enforcement point. SGTs are usually applied at the access layer of the unified access campus architecture, using an ISE to assign the tags based on user authentication, device profiling, or a combination of the two.
SGTs at the Access Layer Figure 10 shows how the Cisco ISE can communicate with the access layer switch to apply SGTs based on user and device type. After the SGTs are assigned by the access layer switch, the Cisco Catalyst 6500-E with Supervisor Engine 2T can enforce the access policies that the network administrator configures in the Cisco ISE.
To support Cisco TrustSec Layer 3 SGT transport, the Cisco Catalyst 6500-E with Supervisor Engine 2T that will act as a Cisco TrustSec ingress or egress Layer 3 gateway must maintain a traffic policy database that lists eligible subnets in remote Cisco TrustSec domains as well as any excluded subnets within those regions. You can configure this database manually on each device if they cannot be downloaded automatically from the Cisco ISE.
The Cisco Catalyst 6500-E with Supervisor Engine 2T supports the NDAC capability as part of its support of the broader Cisco TrustSec suite of features. Using NDAC, Cisco TrustSec authenticates a device before allowing it to join the network, thereby making sure that no unauthorized devices are plugged into the backbone of the unified access campus architecture.
ISP network, and yet the need for data integrity and security is the same as if the locations were on the same physical campus. For these cases, the Cisco Catalyst 6500-E with Supervisor Engine 2T offers the ability to pass 802.1AE MACsec encrypted traffic across a provider’s Multiprotocol Label Switching (MPLS) backbone, as seen in...
With Cisco IOS Software Release 15.0(1)SY1 and newer software, the Cisco Catalyst 6500-E with Supervisor Engine 2T supports the EVN feature. EVN simplifies deployment and management of MPLS VPNs and VRF-Lite to allow network administrators to more easily and quickly adopt these technologies, which can sometimes seem daunting to implement.
All of the previously highlighted security features demonstrate why the Cisco Catalyst 6500-E with Supervisor Engine 2T is the best choice for the backbone of the unified access campus architecture. When it comes to the...
The Cisco Catalyst 6500-E with Supervisor Engine 2T supports a wide array of features that enable the network administrator to gain the necessary visibility into the network to make sure of delivery of a consistent end-to-end user experience.
The monitoring of IP traffic flows increases the accuracy of capacity planning and makes sure that resource allocation supports organizational goals. The Cisco Catalyst 6500-E with Supervisor Engine 2T supports Flexible NetFlow with Cisco IOS Software Release 12.2(50)SY and newer. The gathering of flow information is done by all forwarding engines (PFC4s/DFC4s) individually for both IPv4 and IPv6 traffic, allowing the system to collect up to 13 million flow entries in a 6513-E system.
Performance Monitor Cisco Performance Monitor provides the ability to monitor the flow of packets in the network and to become aware of any issues that might affect the flow before it starts to significantly affect the performance of the application in question.
BYOD, video, and collaboration means that the infrastructure must achieve the highest possible level of availability and reliability to guarantee that these applications function properly. The Cisco Catalyst 6500-E with Supervisor Engine 2T delivers more resilient capabilities than any other backbone platform.
NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of Cisco NSF is to prevent an unnecessary change in the routing topology as a result of a control-plane failure.
OSPF Nonstop Routing Starting with Cisco IOS Software Release 15.1(1)SY and newer, the Cisco Catalyst 6500-E with Supervisor Engine 2T supports the OSPFv2 Nonstop Routing (NSR) feature, which increases the availability of any infrastructure running OSPFv2 (OSPFv3 NSR will be added in a later code release).
Supervisor Engine 2T can be replaced. How long that will be depends ® on whether or not a replacement is on site, how far away the site is, what the Cisco SMARTnet Service contract replacement details are, and so on.
The trends of BYOD, video, and collaboration are forcing IT organizations to rethink how they architect their infrastructures. The proliferation of wireless devices and speeds in the enterprise is causing a shift in how Cisco approaches the design of a campus network, moving toward a converged wired/wireless architecture referred to as a unified access campus architecture.