One Combined Software Release for switches Cisco SE René … · June 2015 One Combined Software...
Transcript of One Combined Software Release for switches Cisco SE René … · June 2015 One Combined Software...
IOS and IOS-XE releases
June 2015
One Combined Software Release for switches
Cisco SE René Andersen / Søren Dulong Andreasen
Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential – For NDA use only, not for further disclosure or distribution
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 CY2015
CY2012 CY2013 CY2014
Catalyst Access Switching - Software Roadmap
EM Release
EM: Extended Maintenance Release
Darya rebuild
3.3.2SE
C3850 Fiber
Catalyst 4500E/X
Release
Catalyst 2K/3K Feature
Release
IOS-XE NG3K Releases
2K/3K/4K One Release
Amur
XE 3.6.0E/15.2(2)E Beni
XE 3.7.0/15.2(3)E
One Combined
Release for
Cat2K/3K/4K/5760
Yap XE 3.3.0SG/ IOS 15.1.(1)SG
Texel XE 3.4.0SG/ IOS 15.1(2)SG
Indus XE 3.5.0E/IOS 15.2(1)E
4K Release
Nile
15.0(2)SE
2960-SF
Launch
XE 3.2.0SE Darya
3.3.0SE
3K-X UPOE
Launch
C3850 Launch
2K/3K Release
C3850/5760 FCS
Release
Sup-8E Launch
15.0(2)EX
2960X/XR
Launch
IOS XE 3.3.0XO
EM Release
EM Release
C3650 C3850 Fiber
Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Customer benefits of combined release ?
• One release to Qualify, Deploy and Maintain for Cat2K/3K/4K
• Lower TCO
What combined release does not provide ?
• Merging of IOS to IOS-XE or vice-versa
• Change in existing platform behavior
4 © 2014 Cisco and/or its affiliates. All rights reserved. BRKARC-3438 Cisco Public
IOS
IOS XE 3 .x
Management Interface
Module Drivers
Common Infrastructure / HA
IOS-XE
• Modern IOS to enable multi-core CPU
• Easy customer migration
• While maintaining IOS functionality and look and feel
• Allow hosted applications like Wireshark
Management Interface
Module Drivers
Linux Kernel
Common Infrastructure / HA
IOSd
Features Components
Hosted Apps
Features Components
WCM
Kernel
IOS XE Evolution
Wireshark
IOS 15.x
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
SM Rebuilds EM Rebuilds
• Total 3 rebuilds spanned over 18 months.
• Last rebuild is PSIRT only.
• Total 9 rebuilds spanned over 44 months.
• Last 2 rebuilds are PSIRTS only.
• Extended Maintenance (EM) and Standard Maintenance (SM)
• Two feature releases every year, alternating between SM and EM
3.x/15.x SM SM EM SM EM EM
Release Guidelines
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
IOS-XE 3.6.0E/ IOS15.2(2)E Release
Wired Features Infrastructure • Active and Passive CX1 SFP, Active CX1 SFP+,
• Sup8-E wired feature parity w/ SUP7E (except IPv6 PBR)
• Migration enablers for 3850 & 3650* (See next slide for details)
• TDR in Lan Base (4K,parity with 3K), WCCP in IP-base (3K), IPv6 PIM in IP-lite(2960XR)
Layer 3 • IPv6 VRF (Sup8E, 3850/3650)
• IPv6 uRPF, IPv6 PBR (3850/3650)
• IPv4 & IPv6 SDM Templates (3850/3650)
• VRRPv3 (Sup8E, 3850/3650)
IT Simplicity • PnP Agent, PnP Smart Install Proxy
• Smart Install Client (4K)
• Auto Conf and Interface Templates
• Easy VSS, Auto Secure
Services • Device Sensor w/ISE – Wired & Wireless
• Service Discovery Gateway Ph II (Location, Static service,,HA)
• IP4 FQDN ACL, Secure CDP, IPv6 CTS, Bidir SXP
Application Experience • Medianet on 3850 & 3650 (Perf Mon, Mediatrace, Metadata)
Wireless Features
Infrastructure • New AP Support: AP700I, AP700W, AP2700
• Outdoor AP1530 series (Centralized Mode Only)
Mobility Services • AVC-Wireless Ph II ( QoS tie-in with Policy) • Service Discovery Gateway Ph II (location static
service) • Device Sensor (Policy Classification Engine)
Interop • Prime 2.1, ISE 1.2/1.3, MSE 8.0
Compliance for Wired and Wireless
• Wired & Wireless FIPS 140-2, CC, UCAPL
Shipping
Last Release for Sup6E/L-E, 2960S/SF,
2K/3K Gig compact
Cisco Confidential 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Compliance & Certifications
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Compliance - Catalyst 2K, Compact, 3K-X, 3850, 3650, 5760 Certified In Progress with 3.6.0E
2960S/SF, 2960X/XR 2960S/SF All
2960C, 3560C All All
3K-X, 3K-X UPoE 3K-X All
Wired & Wireless
3850, 3650, 3850-UPoE, 5760 All
2960S/SF, 2960X/XR 2960S/SF All
2960C, 3560C 2960C, 3560C All
3K-X, 3K-X PoE 3K-X All
Wired & Wireless
3850, 3650, 3850-UPoE, 5760 All
2960S/SF, 2960X/XR 2960S/SF All
2960C, 3560C 3560C All
3K-X, 3K-X PoE 3K-X All
Wired & Wireless
3850, 3650, 3850-UPoE, 5760 All
2960S/SF, 2960X/XR 2960S/SF 2960X/R
2960C, 3650C All
3K-X, 3K-X PoE All
Wired & Wireless
3850, 3650, 3850-UPoE, 5760 3850, 3850-UPoE 3650
NA
Certified NA
Not Applicable Not Certified
NA
Products
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Compliance - Catalyst 4500E/X,49xx Series Switches Currently Certified In Progress with 3.6.0E
Sup2, Sup4, Sup5, Sup6E, Sup6LE Sup2, Sup4, Sup5
Sup7E, Sup7LE, 4500X Sup7E,7LE,4500X All
Sup8E Sup8E (Wired)
49xx 4900M, 4948E, 4948EF
Sup2, Sup4, Sup5, Sup6E, Sup6LE
Sup7E, Sup7LE, 4500X Sup7E,7LE, 4500X All
Sup8E Sup8E (Wired)
49xx
Sup2, Sup4, Sup5, Sup6E, Sup6LE Sup6E, Sup6LE
Sup7E, Sup7LE, 4500X Sup7E,7LE,4500X All
Sup8E Sup8E (Wired)
49xx
Sup2, Sup4, Sup5, Sup6E, Sup6LE Sup6E, Sup6LE
Sup7E, Sup7LE, 4500X Sup7E,7LE,4500X
Sup8E Sup8E (Wired)
49xx 4900M, 4948E, 4948EF
Certified NA Not Applicable
Product
NA
NA
NA
Not Certified
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Feature Details: SIMPLICITY!
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Easy VSS
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Easy VSS Configuration
1 Line – ‘switch convert mode easy-vss’
Zero touch on Standby (No Config Needed)
Mismatch Discovery & Fix
Needs an L3 Reachability to the pair for communication
Option to choose VSL Link
Easy VSS
Access Switch
Multi-Chassis Etherchannel
Access Switch
#(easy-vss)#VSL ?
Local Interface Remote Interface Hostname Standby-IP
GigabitEthernet3/5 TenGigabitEthernet1/1 4K-DEMO 2.2.2.4
GigabitEthernet3/6 TenGigabitEthernet1/2 4K-DEMO 2.2.2.4
GigabitEthernet3/7 TenGigabitEthernet1/1 4K-DEMO2 2.2.2.5
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
AutoSecure
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Auto Secure
Generally Applied Security Configuration
• 3 Simple Security Features
• DHCP Snooping
• Dynamic ARP Inspection
• Port Security
• Several Lines of Configuration
• Difficult to Validate
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Auto Secure
Auto Security Config
• 1 Line – ‘auto security’
• Uplinks & Downlinks
• Global & Per Port Option
• Global Config enables on all ports as well
• Based on port mode – access OR trunk, it applies host config or uplink config
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Interface Templates
Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Auto Conf and Interface Template
Port based only Usability/Bloated config Inflexible
• Simplified running-config
• Parsed at definition time
• Built-in templates
Lower TCO
• Config rollback
• Precedence management
• Integrated with session aware networking
Easy to use &
Intuitive
Next Gen Auto Smart Port
Current Challenges
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Interface Templates: Built-in Templates
11 Built-in Templates based on common end devices
3750X# show template interface brief
Template-Name Source Bound-to-Interface
------------- ------ ------------------
AP_INTERFACE_TEMPLATE Built-in No
DMP_INTERFACE_TEMPLATE Built-in No
IP_CAMERA_INTERFACE_TEMPLATE Built-in No
IP_PHONE_INTERFACE_TEMPLATE Built-in No
LAP_INTERFACE_TEMPLATE Built-in No
MSP_CAMERA_INTERFACE_TEMPLATE Built-in No
MSP_VC_INTERFACE_TEMPLATE Built-in No
PRINTER_INTERFACE_TEMPLATE Built-in No
ROUTER_INTERFACE_TEMPLATE Built-in No
SWITCH_INTERFACE_TEMPLATE Built-in No
TP_INTERFACE_TEMPLATE Built-in No
Good Defaults
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
BUILTIN_AUTOCONF_POLICY - AutoConf policy
that identifies parameter map
AutoConf: default Hierarchy
AutoConf Policy
Parameter Map
Container relationship
Mapping Device type A to
interface template X
Mapping Device type B to
interface template Y
Mapping Device type C to
interface template Z
3750X# show parameter-map type subscriber attribute-to-service all
Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE
Map: 10 map device-type regex "Cisco-IP-Phone"
Action(s):
20 interface-template IP_PHONE_INTERFACE_TEMPLATE
Map: 20 map device-type regex "Cisco-IP-Camera"
Action(s):
20 interface-template IP_CAMERA_INTERFACE_TEMPLATE
Map: 30 map device-type regex "Cisco-DMP"
Action(s):
20 interface-template DMP_INTERFACE_TEMPLATE
All builtin by default
3750X# show policy-map type control subscriber BUILTIN_AUTOCONF_POLICY
BUILTIN_AUTOCONF_POLICY
event identity-update match-all
10 class always do-until-failure
10 map attribute-to-service table BUILTIN_DEVICE_TO_TEMPLATE
Cisco Confidential 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Parameter Map: Brains behind autoconf
Parameter Map role
Maps device-type to interface template
BUILTIN_DEVICE_TO_TEMPLATE
Automatically created when autoconf enabled
Not shown in running-config unless modified
Easy to modify
Ways to map device to template
device-type specify device-type
mac-address specify mac-address
oui specify oui
user-role specify user-role
username specify username
AutoConf: default parameter map
3750X# show parameter-map type subscriber attribute-to-service all
Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE
Map: 10 map device-type regex "Cisco-IP-Phone"
Action(s):
20 interface-template IP_PHONE_INTERFACE_TEMPLATE
Map: 20 map device-type regex "Cisco-IP-Camera"
Action(s):
20 interface-template IP_CAMERA_INTERFACE_TEMPLATE
Map: 30 map device-type regex "Cisco-DMP"
Action(s):
20 interface-template DMP_INTERFACE_TEMPLATE
Map: 40 map oui eq 00.0f.44
Action(s):
20 interface-template DMP_INTERFACE_TEMPLATE
Map: 50 map oui eq 00.23.ac
Action(s):
20 interface-template DMP_INTERFACE_TEMPLATE
Map: 60 map device-type regex "Cisco-AIR-AP"
Action(s):
20 interface-template AP_INTERFACE_TEMPLATE
Map: 70 map device-type regex "Cisco-AIR-LAP"
Action(s):
20 interface-template LAP_INTERFACE_TEMPLATE
Map: 80 map device-type regex "Cisco-TelePresence"
Action(s):
20 interface-template TP_INTERFACE_TEMPLATE
Map: 90 map device-type regex "Surveillance-Camera"
Action(s):
10 interface-template MSP_CAMERA_INTERFACE_TEMPLATE
Map: 100 map device-type regex "Video-Conference"
Action(s):
10 interface-template MSP_VC_INTERFACE_TEMPLATE
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What template is bound to interface? Show template interface
binding
show template binding
AutoConf In Action: Dynamic Binding to Interface (3) 3750X# show template interface binding all
Template-Name Source Method Interface
------------- ------ ------ ---------
IP_PHONE_INTERFACE_TEMPLATE Built-in dynamic Gi1/0/2
3750X# show template binding target gi1/0/2
Interface Templates
===================
Interface: Gi1/0/2
Method Source Template-Name
------ ------ -------------
dynamic Built-in IP_PHONE_INTERFACE_TEMPLATE
Service Templates
=================
Interface: Gi1/0/2
Session Source Template-Name
------- ------ -------------
Gig1/0/2
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Simplicity
Plug-N-Play– Simplified Day 0/ Day 1 Provisioning
Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing
Network Admin
1
Campus-
Bldg-2
Smart Install Proxy
PnP Agent
Smart Install-Client
PnP Agent
PnP Agent
PnP Agent
PnP Server
Installer
Remote Installer • Mount and cable devices • Power-on
2
APIC EM
3
• Network Admin remotely monitors status of install while in progress.
• Booting devices call out to PnP Server, requesting instructions
XE 3.7 IOS 15.2.(3)
Enterprise Networking Group
Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
3.7.0E/15.2(3)E - Platform Support
Wired 4K: Catalyst 4500E - Sup7-E/7L-E, Sup8-E, 4500X-16, 4500X-32, 4900M, 4948E, 4948E-F 3K: 3850, 3850 SFP, 3650, 3750-X, 3560-X 2K: 2960-X, 2960-XR, 2960-Plus Compact: 2960-C IE: IE2000, IE3000, IE 3010, CGS 2520, GRWICDES, IE2000U
Wireless Controllers: WLC 5760 APs: 700, 1040, 1140, 1260, 1530 (local mode), 1600, 2600, 2700, 3500, 3600, 3700
Interoperability Cisco Prime 2.2, ISE 1.2/1.3, MSE 8.0
Platforms not supported Sup6L-E, Sup6-E, 2960 S/SF/CG, 3560 C/CG NOTE: 2960C is still supported!
New Platforms NG Compact - 2K-CX, 3K-CX (Q4CY14) 3850 mGig (H1CY15) 4K mGig Line Card (H1CY15) AP 1570 (local mode), AP 1700
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Private
VLANs
IPv6 FHS:
Source/Prefix
Guard
IEEE 802.1AE MACsec (SAP)
IPv6 FHS: Destination
Guard
3.7.0E
Q4CY14
3.7E
Rebuild
H1CY15
XPS
Support
IEEE 802.1AE MACsec (MKA)
3.7E – Catalyst 3850/3650 New Features
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
3.7.0E - Catalyst 4K New Features
• IPv6 FHS on EtherChannel (also on 3K/2K)
• VRF-aware IPv6 PBR
• TrustSec on WS-X47xx (1G Fiber Line Cards) Core
• Q in Q
• L2PT
• VLAN Translation (1:1 and Selective)
• WCCP*
VSS
• Wired and Wireless Convergence
• Support on 7 & 10 Slot R-E Chassis
• Sup7-E Uplink Mode to enable WS-X46xx LCs (K5 ASIC) in Slot10
• IPv6 PBR (Parity with Sup7-E)
Sup8-E
* Targeted in 3.7E Rebuild
Cisco Confidential 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
MAC Security on 3850/3650
• Switch-to-Switch MACSec supported with 3.7.0E
• Downlink and Uplink ports support Switch-to-Switch encryption
• 128-bit AES-GCM,10Gb line-rate encryption
• Manual (SAP) + Dot1x (NDAC+SAP) modes
• Switch-to-Host MACSec (MKA) currently NOT supported, targeted for 3.7E rebuild (H1CY15)
Switch-to-Host Switch-to-Switch
MACSec MACSec MACSec
Switch-to-Switch
Encrypt Encrypt Encrypt
Decrypt Decrypt Decrypt
&^*RT&*J%^*&*sd#J &^*RT&*J%^*%#&*sd#J &^*RT&*J%^*&*sd#J
Switches have visibility
Encrypted Data Encrypted Data Encrypted Data
Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Wireless with Supervisor 8-E
NEW
IOS-XE 3.7.0E
4503-E, 4506-E, 4507R+E, 4507R-E,
4510R+E, 4510R-E
700, 1040, 1140, 1260, 1530, 1570, 1600, 1700, 2600, 2700, 3500, 3600, 3700
Wireless not supported in
VSS mode
* MC Managing MA targeted for 3.7.0E Rebuild
Sup-8E Rommon Version: 15.1(r)SG4
IP Base license
Standard AP licenses required if running as MC
Requirements
20G Wireless Termination
50 APs as MA or MC
2000 clients
Feature Parity with 3850/3650*
CoPP for Wireless
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
MC
MAs
Configuration push
(MC MA)
Troubleshooting scripts
output gathering
(MA MC)
MC Managing MA Prime CA Templates
Internet
5760-GA-1
DC
CPI ISE
5760-GA-2
MC/MA MC/MA MC/MA
Branch – 1
3850
Branch – 2
3650-StackWise
Branch – 3
SiSiSiSiSiSi
4500E-Sup8E
Addressing & Mobility
WLANs
Security
Bandwidth (%)
App Visibility
Available
starting from CPI 2.2.1 with Wireless TechPack 1.0
LAN
Only
Simplified CA Management Available on Cat 3850/3650 starting from IOS-XE 3.7.0
Cat 4500/Sup-8E
availability coming in IOS-XE 3.7.1
Dec 2014 H1 2015
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
3.6 features & hardware needed (Improved Web-UI, AVC, AP2700, AP1530, AP700, CleanAir on AP1600 etc)
Shipping Recommended release is 3.6.2
Converged Access
Software recommendations for Converged Access
3.3.5 If your Network runs IOS-XE 3.3.x Shipping Recommended release is 3.3.5
3.6.2 3.6.3
Maximum stability needed
Recommended release is 3.6.3*
*availability planned for Q3 CY15
Recommendations for April 2015 / subject to change
3.7.0
3.7 features & hardware needed
(CA on Cat4K/Sup-8E, 1700AP, 1570AP,
D/F/Z/S/M and World reg domains, AP Pass-through auto, MC manages MA)
Shipping Recommended
release is 3.7.0
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
IOS XE 3.6 (Amur) – Extended Release New releases and roadmap items
November CY14
3.6.1 – MR1
Support for Device Sensor (LAN Base)
Support for Cisco Aironet 1700 Series Access Points
MAC Authentication per WLAN
Support for Cisco Prime Infrastructure 2.1.2
March CY15
3.6.2 – MR2
Improved Web-UI
AVC
Support for: AP2700, AP1530, AP700
Support for CleanAir on AP1600
August CY15
3.6.3 – MR3
Code Hardening Only
This will be the new default image when shipping new
products
Shipping Shipping Plan
Cisco Confidential 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
What Release to use? TAC Recommended Guidelines MD vs ED Releases
Best Practices – Recommended Release
http://www.cisco.com/c/en/us/products/collateral/wireless/5700-series-wireless-lan-
controllers/bulletin-c25-733697.html
Software Release Upcoming Releases Recommended Release
Release 3.2 No more MRs planned 3.3 release train
Release 3.3.5 (MD Release Train) No more MRs planned
3.3 release train for 802.11n/11ac deployments(safe harbor release)
Release 3.6.2 3.6 MR3 – July/August 802.11ac deployments to 3.6 ED
Release 3.7 3.7 MR1 (April CY15) 802.11ac deployments to 3.7 ED
Cisco Confidential 33 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access Workflow Matrix
Platform System Mode IOS-XE
S/W Version
Agent
(MA)
Controller
(MC)
Guest Anchor
(GA)
Catalyst
3650/3850
Standalone and
StackWise
3.6.0 and
above ✔ ✔
Catalyst
3850 Fiber (1GE)
Standalone and
StackWise
3.6.0 and
above ✔
Catalyst
4500E – Sup8E
Single and Dual-Sup
(Non-VSS Mode)
3.7.0 and
above ✔ ✔
CT5760 Standalone and
StackWise
3.6.0 and
above ✔ ✔
IOS-XE Supported Platforms
Cisco Confidential 34 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
IOS-XE Solution Interoperability
5760 3850 3650 4K 5508 MSE ISE ACS Prime
3.2.0SE 3.2.0SE - - 7.3.112 - 1.1.1MR 5.2 -
3.2.1SE 3.2.1SE - - 7.3.112 - 1.1.3,1.1.2 5.2, 5.3 -
3.2.2SE 3.2.2SE - - 7.3.112/7.5+ - 1.1.3,1.1.2 5.2,5.3 -
3.2.3SE 3.2.3SE - - 7.3.112/7.5+ 7.4 1.1.3,1.1.2 5.2, 5.3 2.0
3.3.0SE 3.3.0SE 3.3.0SE - 7.3.112/7.5+ 7.5 1.2 2.1
3.3.xSE 3.3.xSE 3.3.xSE - 7.3.112/7.5+ 7.5 1.2 2.1
3.6.xSE 3.6.xSE 3.6.xSE - 7.6/8.0 8.0 1.2/1.3 2.1
3.7.xSE 3.7.xSE 3.7.xSE 3.7.xSE 8.0 8.0 1.2/1.3 2.2
PI/MSE/ISE needs to be aligned with correspondent IOS-XE Releases
Cisco Confidential 35 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
IOS XE 3.7 (Beni) – Standard Release New releases and roadmap items
December CY14
3.7.0
New AP: Access Point 1700(2 SS 802.11ac),
Outdoor AP1570/11ac (Centralized Mode) Cat4K/Sup-8E wireless support
Regulatory domains:
India(D), Indonesia(F), Brazil(-Z mapping T to
Z), Singapore & HongKong (-S mapping N to S),
Iraq(-M for outdoor) World Regulatory Domain
WebAuth Sleeping Client
Wireless AVCTop N AP Pass-through Automation
MC Management of MA (3650,3850)
AutoQoS for Wireless
AFD visibility
Prime CA Templates
MACSec SW-to-SW (3850/3650) - SAP
Prime 2.2, MSE 8.0
April CY15
3.7.1 – MR1
SGT and Destination SGT for Flexible Net Flow2
XPS for 3850
SFP BiDirectional (BiDi) Optics (40/80 KM)
SFP+ BiDirectional (BiDi) Optics
Converged Access Scale
MC mgmt of MA on 4500 Sup8E
July CY15
3.7.2 – MR2
Auto-LAG for APs
MACSec SW-to-Host (3850/3650)
DAI with Static Host
HW GRE for 3650 and 3850
Shipping Shipping Plan
Cisco Confidential 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Converged Access Scalability Guidelines
3650 3850 Cat4500/Sup-8E CT5760 CT5508 WiSM2
3.3.x SE
(Supported /
Recommended)
3.3.x SE
(Supported /
Recommended)
3.7.0 SE
(Supported /
Recommended)
3.3.x SE
(Supported /
Recommended)
AireOS 7.6.x
& 8.0.x
AireOS 7.6.x
& 8.0.x
Mobility Controller Mode Yes Yes Yes Yes Yes Yes
AP number supported today 25 50 50 1,000 / 600 500 1,000
AP number will be supported
from 3.7.1 release 50 100 100 1,000 / 600 - -
Clients Supported 1,000 2,000 2,000 12,000 / 7,000 7,000 15,000
Mobility Agent Mode Yes Yes Yes N/A N/A N/A
Number of MC in Mobility
Domain 8 / 2 8 / 2 8 / 2 72 / 2 72 72
Number of MAs in Sub-
domain (per MC) 16 / 8 16 / 8 16 / 8 350 / 32 350 350
AP Scale (Per-Domain) 200 / 50 (100) 250 / 100 (200) 250 / 100 (200) 72,000/1,200 36,000 72,000
Converged Access Design Recommendation Summary
CT5760 is the preferred appliance to operate as External MC
MC functionality on AireOS WLC will be deprecated starting from AireOS 8.1 (New Mobility will continue to work)
AireOS devices IOS-XE devices
Cisco Confidential 37 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst 4500(E & X) Software Roadmap New releases and roadmap items
Q2CY2014
IOS XE 3.6.0E (Amur)
Sup8E : Feature Parity with SUP7-E
Active Optics Cable
FnF Export over IPv6
IPFIX flow export for SUP8-E
Plug n Play (PnP)
Auto Configuration
Interface Templates
Easy VSS
Service Discovery Gateway Phase II (Location aware)
Govt Certifications: FIPS, Common Criteria, UCAPL, USGv6
ISE 1.2/1.3
Prime 2.1 & MSE 8.0
Q4CY2014
IOS XE 3.7.0E (Beni)
Sup8E Converged Access Support
mGig Line card*
R-E chassis support for Sup8-E
100FX support* (4500X)
AVC Wireless on SUP8-E
IPv6 ACL Masking
IPv6 PBR on Sup8E
BFD for ISIS v4 & v6
SDN - OpenFlow1.3*
VSS: QinQ, VLAN Translation, L2PT, WCCP*
AP Pass through
MC Management of MA*
Increased AP scale (50->100)*
Trustsec on 47xx1G Fiber cards
Object Group ACL*
HW GRE*, NHRP*
Govt Certifications for Wireless SUP8-E
Prime 2.2
Shipping Shipping Plan
* 3.7.1E release in 1HCY15 ** Rebuild releases in 1HCY16
Cisco Confidential 38 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst 2K Software Roadmap New releases and roadmap items
June CY14
15.2(2)EX (Amur)
USGv6
FIPS/CC (Dec certificate)
IPv6 FHS PH II
VRF-aware IPv6 (OSPFv3, EIGRPv6,BGPv6)
PnP Agent
Auto Security
Auto Config
IPv6 PBR (2960-XR)
EIGRPv6-Stub (2960-XR)
WCCP
SFP Active Optics
8 Queues (2960-X)
December CY14
15.2(3) (Beni)
FNF O/P Interface Map
IPv6 FHS support on Etherchannels
PnP Server
CDP Bypass
VLAN Name Extensions (32 chars -> 128 chars)
Shipping Shipping Plan
Cisco Confidential 39 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The New Catalyst 3850 10G Fiber Switches
# 10G Ports 12 16 24 32 48 Future
Total Capacity 160G 160G 320G 320G 640G
Network
Modules
Supported
C3850-NM-4-10G Slot Used
C3850-NM-4-10G
C3850-NM-8-10G
C3850-NM-2-40G
Slot Used 4x40G fixed
(No FRU Network
Module)
Key Features Stacks with C3850 family – Stackwise and StackPower
Availability Q4FY15 Q1FY16
NOW!
Cisco Brings Entire Portfolio of Multi-Gigabit Access Switches
Catalyst 3850 48 / 24 port Multi-
Gigabit Switch
24 / 12 ports Multi-Gigabit Capable
Also Introducing: 40G Uplinks
Stackable
Converged Wired & Wireless
Catalyst 3560-CX 8 port Multi-Gigabit
Switch
2 ports Multi-Gigabit Capable
Compact
Wired
Catalyst 4500E 48 port Multi-Gigabit
Line Card
12 ports Multi-Gigabit Capable
Modular
Converged Wired & Wireless
June/July15
Cisco Confidential 41 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
IP Services
Full OSPF, BGP, IS-IS, IPv6 PBR, VRFs…
Cat3k SW Packages
LAN Base
ACL, L2, StackPower, 802.1X, DHCP Server, SXP, PnP, Static Routes, IGMP…
IP Base
PVLAN, SGT, SGACL, Converged Access, EEM, Wireshark, Flexible NetFlow, Service Discovery Gateway, Device Sensor, HSRP, VRRP, WCCPv2, PBR, RIP, OSPF for Routed
Access, PIM, EIGRP Stub…
This is a starting point, not an exhaustive list.
42 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Confidential 43 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Journey of 6800 New Hardware Releases Every 3–4 Months
Continuous
HW and SW
innovation
Dec’14
15.2(1)SY
6800
10G LC
Dec’14
15.2(1)SY
6800
1G LC
Dec’14
15.2(1)SY
IA Compact
Consistent
and Effective
Execution
Mar’14
15.1(2)SY2
6880-X
Multirate
Port Card Aug’14
15.1(2)SY3
C6800IA-
48FPDR
2013
15.1(2)SY
15.1(2)SY1
6807-XL
6880-X
6800IA
The MONSTER
Switch
Embarks
on its Journey
Cisco Confidential 44 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Instant Access Scale Update
15.1(2)SY (Shipping) 15.2(1)SY (December 2014) Feature 15.2(1)SY1 (April 2015)
Port Scale
Fabric Link
Stacking
Supervisor 2T
15.1(2)SY (Shipping) 15.2(1)SY (December 2014) Feature
Port Scale
Fabric Link
Stacking
6880-X
1,000
12
3
2,000
42
5
1,000
12
3
1,200
25
5
1,500
32
5
Cisco Confidential 45 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst Instant Access Client Portfolio
C6800IA-48TD C6800IA-48FPD C6800IA-48FPDR C6800IA-48TD C3560-CX
PoE/PoE+
48 ports, 740W
48 ports, 740W
12 ports, 240W
Down Link Ports 48x1G Cu 48x1G Cu 48x1G Cu 12x1G
Uplink Ports 2x10G SFP+ 2x10G SFP+ 2x10G SFP+ 2x10G SFP+ (for IA mode) ,
2x1G Cu
FEX ID 1242/32* 1242/32* 1242/32* 42/32*
Access Ports
Scalability 10002000/1500* 10002000/1500* 10002000/1500* 300-500**
Stack 35 35 35 0
Dual Power Supply
Standalone Mode
FCS December
2014
*see previous slide as accurate reference for scalability ** Depending on the platform, 300 for sup2T, 500 for 6880
Cisco Confidential 46 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Investment Protection • All E-Series Chassis and 6807-XL
• DFC4 Upgrade Option for 67xx Line Cards Fortifying Enterprise Backbones with the Catalyst 6500 & Catalyst 6800
15.2(1)SY Release – Highlights
Compact IA
Interface template and
autoconf
IPv6 First Hop Security
8, 16, and 32p
10G/1G cards
10/1G mixed mode
48p 1 Gig line card
40G adapter*
OF1.0 and 1.3
Includes topology, IPv4/v6
tables, QoS marking, flow
stats, multiple controllers,
interfaces (routed and
switched)
PnP Agent
OSPFv3 area filter
DHCPv6 LDRA
LDP inbound label filter
VRF-aware DHCP relay
VRF-aware DNS
VRRPv3
Instant Access
New Hardware
Innovative Features
200 New
BACKBONE
Features Customer Solutions
FCS
Q4CY14
Cisco Confidential 47 © 2013-2015 Cisco and/or its affiliates. All rights reserved.
Simplicity with Auto Conf and Interface Template
Configuration Challenges for Catalyst 6K Instant Access
Easy to Use and Intuitive
Up to 2,000 ports to configure and manage
Huge Running-configuration to maintain
Manual configuration of Access ports is complex and
error prone
AUTO
CONFIGURATION
Simplified
Running
Configuration
Parsed at
Definition Time
Build-in
Templates
Configuration
Rollback
Precendence
Management
Integrated with
Session Aware
Networking
Cisco Confidential 48 © 2013-2015 Cisco and/or its affiliates. All rights reserved.
Catalyst 6K Software Roadmap
15.2(1)SY Q4CY2014
• WS-C3560CX-8XPD-S (mGig Switch)
as IA Client
• IA scale to 1500 for Sup2T
• Mode Change (FEX to Normal) for
C3560CX Switches
• Easy FEX/ Auto FEX/ Easy VSS
• NEAT for IA (Compact Switches)
• IP Fast ReRoute (OSPF/ EIGRP)
• MoFRR
• Multicast Flow based MoFRR
15.2(1)SY Q4CY2014
• REP Support for 6500/ 6800/ 6880
Hardware
Application Experience &
Security
IT Simplicity
Mobility
Layer3 Leadership
• 32x10G
• 16x10G
• 8x10G
• NG Compact IA (12x GE)
• C6800 1G copper/fiber cards
• IA Hi Scale (2K ports/ 42-FEX ID/ 5-Stack)
• IA Phase 2 – AutoConf,
• IBNS Phase 2.0: • Service/ Interface Templates • Critical ACL/ MAB • Concurrent/ Differentiated Auth
• OSPFv3 GR/ NSSA/ Area Filter
• BGP GR/ Local AS
• Netflow for COPP and full MPLS support
• IPv6 support for Trustsec
• mDNS Service Delivery Gateway Ph 2 • Location Awareness • Service Enumeration • Static Service Definition • High Availability
• LISP ASM
• VRF Aware DHCP Relay(v4 and v6) /
DNS
• MPLS LDP local label filtering
• IPv6 FHS
15.2(1)SY1 Q2CY2015
15.2(1)SY2 & 15.2(2)SY Q3CY2015
• 10G to 40G adapter
Shipping Coming
soon
1H’CY2016+ 15.2(1)SY Q4CY2014
Cisco Confidential 49 © 2013-2015 Cisco and/or its affiliates. All rights reserved.
C6800IA-48FPDR C6800IA-48TD C6800IA-48TD C3560-CX-12PD-S
PoE/PoE+ ✗ 48 ports, 740W
48 ports, 740W
12 ports, 240W
12 ports, 240W
Down Link Ports 48 x 1G RJ45 48 x 1G RJ45 48 x 1G RJ45 12 x 1G RJ45 6 x 1G RJ45 + 2 x mGig
Uplink Ports 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+
Stack 3 5 3 5 3 5 ✗ ✗ Dual Power
Supply ✗ ✗ ✗ ✗
Stand-Alone
Mode ✗ ✗ ✗
*will be released with 15.2(1)SY1
Catalyst Instant Access Client Portfolio
C3560CX-8XPD-S* C6800IA-48FPD
Cisco Confidential 50 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Active Advisor- Coming NOW (June 2015)
www.ciscoactiveadvisor.com
Troubleshooting - CAA