Cisco Borderless Networks and Security Solutions for Partner Engineers
Cisco Confidential 2
Course ObjectivesUpon completion of this course, you will be able to:
► Describe the competitive positioning of Cisco small and midsize business solutions
► Describe the Cisco Borderless Networks and Security solutions for small and midsize customers
► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Networks and Security solutions
► Identify the appropriate Borderless Networks and Security solution to match customer needs
► Articulate the value of Cisco Borderless Networks and Security solutions over the competition
► Describe technical considerations for Cisco Borderless Networks and Security solutions for small and midsize business customers
► Describe plan, design, and build considerations for Cisco Borderless Networks and Security solutions for small and midsize business customers
Cisco Confidential 3
Course Outline
The learning objectives will be covered in the following modules:
► Cisco Borderless Network and Security Solutions Competitive Positioning for Partner Engineers
► Cisco Borderless Network Routing Solutions for Partner Engineers
► Cisco Borderless Network Switching Solutions for Partner Engineers
► Cisco Borderless Network Wireless Solutions for Partner Engineers
► Cisco Security Solutions for Partner Engineers
Cisco Confidential 4Cisco Confidential 4
Cisco Borderless Networks and Security Competitive Positioning for Partner Engineers
Cisco Confidential 5
Module Objectives
► Describe the Cisco Borderless Network and Security solutions for small and midsize customers
► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network and Security solutions
► Articulate the value of Cisco Borderless Network and Security solutions over the competition
Upon completion of this module, you will be able to:
Cisco Confidential 6
Outline
The learning objectives will be covered in the following sections:► Cisco Borderless Network and Security Solutions for Small and Midsize
Business Customers
► Benefits of Cisco Borderless Network and Security Solutions for Small and Midsize Business Customers
► Competing With Cisco Borderless Network and Security Solutions
Cisco Borderless Network and Security Solutions for Small and Midsize Business Customers
Cisco Confidential 8
Changing Environment; Shifting Borders
IT Consumerization
Device Border
Mobile Worker
Location Border
Video / Cloud
IaaS,SaaS
Application Border
External-FacingApps
Internal Apps
Cisco Confidential 9
Cisco Architectural Solutions
Borderless Networks
SecurityData Center
and Virtualization
Collaboration
Unique Approach to Customer Solutions
Cisco Confidential 10
New Architectural Approach: Business + Technical
► Business Architecture
► Enhances customer relationships
► Supports new growth models
► Provides workforce flexibility
► Solves business challenges
► Technical Architecture
► Delivers flexibility to address shifting borders
► Enhances productivity
► Improves operational efficiency
► Provides high-quality experiences
Cisco Confidential 11
Cisco architectures provide benefits customer care about
Cisco Architecture Benefits
Agility
Quickly adopt new solutions, deploy on-
premise, cloud or both
Control
Maximize security and availability
Independence
Maximize productivity by supporting Anyone. Anything, Anywhere,
Anytime
Value
Increase capabilities and operational
excellence while reducing costs
Cisco Confidential 12
Cisco solutions will address these challenges
Cisco Architectures Solve Customer Challenges
Increase ROI
Greater reliability and productivity and lower TCO provide ROI to
customer
Provide Reliability
Core hardware and OS design supports
network functionality with high uptime
Boost Productivity
Broad features set enables diverse
workloads
Lower Service & Support Costs
Reduce total cost of ownership, maximize
contribution of IT
Benefits of Cisco Borderless Network and Security Solutions for Small and Midsize Business Customers
Cisco Confidential 14
Borderless Network ArchitectureArchitecture for Agile Delivery of the Borderless Experience
BORDERLESSINFRASTRUCTURE
Application Networking/ Optimization
Switching SecurityRoutingWireless
BORDERLESSNETWORKSYSTEMS
BORDERLESSNETWORK SERVICES
BORDERLESSEND-POINT / USER SERVICES Security, Reliably, Seamlessly: AnyConnect
Mobility:Motion
AppPerformance: App Velocity
Energy Management: EnergyWise
Multimedia Optimization:
Medianet
Security:TrustSec
Next-GenWAN
Campus Core
UnifiedAccess
POLICY
MANAGEMENT
SMART PROFESSIONAL AND TECHNICAL SERVICES:Realize the Value of Borderless Networks Faster
APIs
Cisco Confidential 15
Context-Aware, Prioritized, High-Quality Voice and Video
No Resource Reservation, Degraded Voice and Video
CEO Meeting
M&A Negotiation
Sports Event
GLOBAL BUSINESS,
WORLDWIDE OFFICES
Can My Network Deliver Real-Time Collaboration Experiences?
CEO Meeting
M&A Negotiation
Sports Event
MedianetTransform Voice and Video Experiences
Cisco Confidential 16
Up to 2X Improved Response Time and 90% Reduced Bandwidth Cost
Compromisedand Costly Experience
Can My Network Optimize Performance of Applications Anytime, Anywhere?
SP C
SP D
SP D
SP A
SP B
SP C
SP D
SP D
SP C
SP D
SP D
SP A
SP B
SP A
SP B
App Velocity: Visibility, Optimization, AgilitySuperior Application Performance, Better User Experience
Shortest path selected
No applicationcontrolWasted
bandwidth
Real-time Fastest Path
Scalable App Visibility
Embedded WAN Optimization
Cisco Confidential 17
“Lean” Application Hosting Provides Branch-to-Cloud Application Survivability and Infrastructure
Agility
Unreliable WAN Leads to Poor Experience with Cloud/Data Center
Hosted Applications
Can My Network Optimize Performance of Applications Anytime, Anywhere?
Cloud
WAN
Cloud
WAN
UCS-E
App Velocity: Network and Application AgilityEnables Business Continuity and Network Reliability
Cisco Confidential 18
Managed Nightly Shutdown
$280,000
Annual Energy Costs
$770,000
EnergyWiseReducing Energy Costs
Am I Using My Network to Reduce My Energy Costs?
Countywide OfficeEnergy Management
No Energy Management
COUNTY OFFICES
10,000 PCsTotal Savings
$430,000
Additional Energy Policies
$150,000
Cisco Confidential 19
FlexibleCentralized
DIVERSEUSERS, DEVICES,
DATA
Policy and TrustSec Centralized Management, Context-Aware Enforcement
Do I Have a Consistent Access Policy ArchitectureAcross My Network for All Users and Devices?
InflexibleHard to Manage
Wired
Wireless
VPN
Complex, Multidimensional Simple
Cisco Confidential 20
Encrypted, Tamper-Proof Transactions
Clear Data and Video Streams in LAN
DD D D D D D D D
VV V V V V V V VDD D D D D D D D
VV V V V V V V VMALICIOUS GUEST USER
TrustSec TechnologyNext-Generation Security
Is My Network Ready for Current and Future Regulatory Requirements?
Cisco Confidential 21
AnyConnect Secure MobilityNext-Generation Security
Can Mobile Devices Access My Network Securely, Reliably, and Seamlessly?
Secure Mobile ConnectivityUnmanaged Devices, Risk ofData Loss, and Lack of Access
AcceptableUse
Access Control
Data Loss Prevention
MOBILEEXECUTIVE
Cisco Confidential 22
Critical Questions for your Customers to Consider
► Do I have a consistent Access Policy Architecture across my network for all users and devices?
► Can mobile devices access my network securely, reliably, and seamlessly?
► Can my network deliver real-time collaboration experiences?► Can my network deliver protection from the
premises to the Cloud?► Can my network optimize performance of
applications anytime, anywhere?► Am I using my network to reduce my energy costs?► Is my network ready for current and future
regulatory requirements?► What vendor can help me do all of the above?
Cisco Confidential 23
Delivering the Borderless ExperienceServices to Accelerate the Transformation
Enablea Smart Network
Enablethe Architecture
EnableBusiness Solutions
Where Do I Start? Network Services
DeploymentEnergyWise Services
TrustSec Services
Application Velocity Services
Video Experience Service
How Do I Keep It Current?Network Life Cycle ServicesNetwork Optimization Service
Smart Net Total Care Services
Smart Care Service
SMARTnet
IT Cost Optimization Service
Where Am I Now?Architectural Assessments
IPv6 Services
Medianet Readiness Assessment
Professional and Technical Services from Cisco and Our Partners
Cisco Confidential 24
Cisco Delivers the Platform for Your Business
Innovations
The Borderless Organization Needs a Borderless Network
Architecture
Cisco Is Uniquely Equipped to Deliver That Architecture with “Broad and Deep” Network
Innovation
Go Borderless
Cisco Confidential 25
Where do I start?
2. Invest in the architectures, professional services, & market knowledge
3. Take advantage of our channel investments
1. Customer’s are in transition – Opportunity!
4. Generate Demand with Partner Marketing Resources
Competing With Cisco Borderless Network and Security Solutions
Cisco Confidential 27
Cisco leads the marketplace in anticipating and leading transitions
The Cisco partner owns this relationship and must lead decision makers in business relevant discussions about their concerns
Cisco competitive portal has a wealth of information for tactical sales issues
Partner Competitive Concerns
How to Address:Concerns:
Market Transitions
Other Vendors
Decision Maker Concerns
http://cisco.com/go/competitive
Cisco Confidential 28
Architectural Services
and Practices
Solutions &
Business Models
Systems
Products
Technology Integration
Cust
omer
Re
leva
nce
Moving the Decision Making Point
Cisco Confidential 29
Decision Makers Overview
►Key groups that: ► Set goals and expectations
► Establish criteria for desirable solution characteristics
►Understand their concerns and responsibilities and address these in their proposals
►Three key groups:► Business Decision Maker (CxO)
► Technical Decision Maker
► Line of Business Manager
Cisco Confidential 30
Business Decision Makers (CxO) • BDMs value:
Increased profitability
Higher sales growth
New market expansion
Increased customer satisfaction
Increased revenue generation
• BDMs like to save money, but understand the value of investing to save:
Understand their business first
Identify their cost centers
Determine how the solution saves money
Place a dollar figure on new capabilities the solution enables
Cisco Confidential 31
Winning with BDMs
• How to Remove Objections
Change the goal:
The goal is not to buy a switch or a router
This is a point product approach
The goal is a solution that will:
Protect the ability to increase profit and productivity
Lower costs
• Show how Cisco solutions meet the new goal
Cisco Confidential 32
Technical Decision Makers
• TDMs value:Simplicity and functionality
Security and availability
Adaptability
Meeting business expectations
TDMs like to increase reliability and reduce operational expense:
Understand what the business expects of them
Determine how to meet those expectations
Determine how the solution saves money
Show how the solution can quickly adapt to new demands
Cisco Confidential 33
Winning with TDMs
• How to Remove Objections
Align their goals with the business decision makers:
The goal is not to buy a product that has feature “X”
This is a point product approach
The goal is a solution that will:
Provide a secure, available and agile platform that supports the business
Be manageable end to end, with visibility across all system components
Provide value through increased productivity and/or reduced total cost of ownership
• Show how Cisco solutions meet the new goal
Cisco Confidential 34
Line of Business Managers As Decision Makers
• Line of Business Managers value:Solutions to their business problems
Fast execution from problem identification to implementation
Stability and availability once solution in place
Ability to address new requirements over time
Line of Business Managers need to meet immediate needs and adapt to new ones:
Understand their unique business need
Determine how to meet that need
Determine how the solution improves their operations
Show how the solution can quickly adapt to new demands
Cisco Confidential 35
Winning with Line of Business Managers
• How to Remove Objections
Align our solution with their pressing business need
The goal is not to buy a product that solves just one need
This is a point product approach
The goal is a solution that will
Quickly solve the current problem
Be able to quickly adapt to new demands
Avoid restarting the need-solution cycle from scratch every time a new need is identified
• Show how Cisco solutions meet the new goal
Cisco Confidential 36
Costs of Different Vendor Approaches
36
Cisco Confidential 37
Benefits of Primary Vendor Approach
Cisco Confidential 38
Degree of Integration
Leve
l of
Cust
omiza
tion
VerticalSegment
CustomerSpecific
Generic
TechnicalIntegration
CommercialIntegration
Single Product
Require an
Approach
Architectural
Source: McKinsey Marketing and Sales Practice White Paper. April 2003. Solution Selling: Is the Pain Worth the Gain?
Product Push
Solution Pull
From Single Products to Integrated Solutions
Cisco Confidential 39
Competing Message In A Box► Competitive Portal on Cisco.com
► http://cisco.com/go/competitive
► Cisco Architectural Solutions on Partner Central
► http://www.cisco.com/assets/sol/xarch/asd/index.html
► Transformative Networking
► http://www.cisco.com/web/partners/sell/technology/borderless/transformative_networking.html
► Cisco Partner Community
► https://communities.cisco.com/community/partner
► Cisco Capital
► http://www.cisco.com/go/ciscocapital
► Cisco Midsize Solutions
► http://www.cisco.com/web/midsize/midsize_partners.html
Module Summary
Cisco Confidential 41
Summary
► Today’s market transitions—increasing video traffic, a wider range of access devices, and more and more mobile and remote workers are driving the need for a Borderless Organization
► A Borderless Network Architecture is an imperative if an organization wants to ensure seamless, secure, reliable communications between employees, partners, and customers
► Cisco is uniquely equipped to deliver the end-to-end architecture with its deep and broad technology heritage as well as technology and market leadership
► Partners need to understand the needs and concerns of key customer decision makers so that they can properly position Cisco Borderless Network Architecture solutions
Cisco Confidential 42
Review: Borderless Network Services
Which of the following are Cisco Borderless Network Services? (choose two)
A) ASA
B) MediaNet
C) IOS
D) TrustSec
Cisco Confidential 43
Review: Borderless Network Services
Which of the following are Cisco Borderless Network Services? (choose two)
B) MediaNet
D) TrustSec
Cisco Confidential 44
Review: BDM Concerns
What are the concerns of a Business Decision Maker? (Choose two)
A) Security and availability
B) Avoid restarting the need-solution cycle
C) Increased profitability
D) New market expansion
Cisco Confidential 45
Review: BDM Concerns
What are the concerns of a Business Decision Maker? (Choose two)
C) Increased profitability
D) New market expansion
Cisco Confidential 46
Cisco Confidential 47Cisco Confidential 47
Cisco Borderless Network Routing Solutions for Partner Engineers
Cisco Confidential 48
Module Objectives
► Describe the Cisco Borderless Network Routing solutions for small and midsize customers
► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network Routing solutions
► Identify the appropriate Borderless Network Routing solution to match customer needs
► Articulate the value of Cisco Borderless Network Routing solutions over the competition
► Describe technical considerations for Cisco Borderless Network Routing solutions for small and midsize business customers
► Describe plan, design and build considerations for Cisco Borderless Network Routing solutions for small and midsize business customers
Upon completion of this module, you will be able to:
Cisco Confidential 49
Module Outline
The learning objectives will be covered in the following modules:
► Cisco Borderless Network Routing Solutions for Small and Midsize Business Customers
► Benefits of Cisco Routing Solutions for Small and Midsize Business Customers
► Competing With Cisco Borderless Network Routing Solutions
► Technical Considerations for Cisco Borderless Network Routing Solutions
► Plan, Design, and Build Considerations for Cisco Borderless Network Routing Solutions
Cisco Borderless Network Routing Solutions for Small and Midsize Business Customers
Cisco Confidential 51
Cisco solutions will address these challenges
Customer Challenges
Increase ROI
Greater reliability and productivity and lower TCO provide ROI to
customer
Provide Reliability
Core hardware and OS design supports
network functionality with high uptime
Boost Productivity
Broad features set enables diverse
workloads
Lower Service & Support Costs
Reduce total cost of ownership, maximize
contribution of IT
Cisco Confidential 52
Cisco SMB Router Portfolio OverviewISR 800
Advanced network features
Solid Baseline Routing
VoiceData
RV Series SRP 500
Foundational and managed
Entry Level FeaturesLow TCO
Any Device HD Video
Affordable and easy to use
ISR 1900 ISR 2900, 3900
Competitive feature set at compelling
prices
Industry-leading modular routes
VDI
Innovative Services
Data Voice
Cisco Confidential 53
Small Business Routers
► Provide simplicity and affordability for small business customers
► Offer competitive feature set
► Support easy deployment and management via GUI
RV0/RV320 SeriesRV100 Series RV200 Series SRP500 Series
Entry Level Security Performance, Wi-Fi and Security
Wired, Max VPN, Load Balancing
DSL Connectivity, Embedded Intelligence
Cisco Confidential 54
Common Features
►Key Features:► Price - performance mix sets them
apart from competition
► Enhanced features: VLAN’s, ACL, QoS, IPv6
► Easy to use/simplified configuration
► Cisco quality, security and reliability
► Limited lifetime warranty
► Cisco Small Business Support Center staffed by professionals with CCNA certification
►Key Competitive Messages► Cisco RV Series routers offer
the best value/feature mix
► Priced lower than key competitors
► Customers can protect their investment with the Small Business Investment Protection trade-up program
Cisco Confidential 55
Small Business Router Warranties
► Limited Lifetime Warranty on all RV routers:► Coverage for lifetime of RV router or 5 years after End of Sale announcement
Replacement in the event of failure
► 1 Year Limited Warranty on SRP500
► Features:► Return to Factory Replacement
► 1 year of technical support from Small Business Support Center
► Lifetime OS Software Updates
Cisco Confidential 56
Evolves With Your BusinessIntelligent Services
Converged Services
Cisco ISR G2 Series Routers
Entry-Level
ISR 800 SeriesISR 1900 Series
ISR 3900 SeriesISR 2900 Series
Secure, Reliable, Concurrent Services
Modular Access, High-Performance
Embedded, Advanced Voice, Video
Pe
rfo
rma
nc
e,
Sc
ala
bil
ity,
Av
ail
ab
ilit
y
Business Agility & Value
Cisco Confidential 57
Security U.C. Data
IP Base
Cisco IOS Universal Image
► Ease of Ordering► A single IOS Universal Image will ship
with all ISR G2 platforms
► Features are activated via licensing
► No need to install a new IOS
► Four IOS enforceable licenses enable full suite of functionality that were previously offered in eight images
► Operational Simplicity► Try and Buy (60- day evaluation)
► Test drive before purchasing
► Services on Demand ► IOS feature upgrades can be done by enabling
a new license key, reducing the need fortruck-rolls to remote offices
Cisco Confidential 58
Service Modules 3-7x increase in service module
performance Existing NM support through adapter EPoE capable
Internal Services Module 3x increase in service
module performance Configurable power savings mode 802.11n Option 19xx
EHWIC 2x performance
increase HWIC/WIC/VWIC/
VIC support natively EPoE capable
Multi-core Network Processor Up to 5x performance
increase
Multi Gigabit Fabric Module to module
communications Packet prioritization
and shaping
NG DSP Modules Video ready DSP modules 4x increase in audio conferencing
and transcoding Configurable power savings modes
GbE Ports Plus GbE ports
(3 on 2911+) SFP slots on 2921
and above
USB Console over USB Convenience storage Security credentials
Services Performance Engine (3900) Upgradeable with newer
engines in the future
Cisco Integrated Services Routers G2Under the covers
Cisco Confidential 59
Simplify OperationsOptimize
Ensure Business Continuity
Fully Secure
► Scalable VPN services with data protection
► PCI compliance solution
► Zone-based firewall
► Web security with malware detection
► Secure cloud services
► IP telephony with SIP trunking
► Video to any device
► Integrated video assessment, monitoring, and troubleshooting
► Wireless LAN and WAN services
► 3G/4G wireless WAN backup
► Virtualized server for local application hosting
► Services redundancy for voice, video, and data
► Embedded WAN optimization and app visibility
► Video conferencing: planned, ad hoc
► Router integrated rich-media optimization for VXI
► Branch-in-a-Box (service integration)
► On-demand service delivery with service virtualization
► Centralized management
► Energy efficiency with slot-based power controls
Enable New Capabilities
ISR G2 Meets Business Needs
Cisco Confidential 60
ISR G2 Services Portfolio
Network and Security Services Compute Servicesand Applications
Collaboration Services
Network Services
Network and Physical Security
Unified Communications
Application Infrastructure
Industry Applications
Branch IT Infrastructure and
Management
High-performance Communication and
Collaboration
Secure, Protect, Compliance
Customized for Vertical Applications
Consolidate Branch Applications, High
Performance
► Wireless LAN Controller (WLC)
► Cisco Network Analysis (NAM)
► Cisco Wide Area Application Services (WAAS)
► Cisco Unity® Express module (voicemail, IVR)
► NICE Voice Recording (AXP)
► SingleWire Informacast (AXP)
► Video Surveillance
► Threat Defense
► ICW Healthcare Connector on AXP
► Tiani Medical Data Exchange on AXP
► Global Protocols Skipware (AXP)
► Cisco Application Extension Platform (AXP)
► Integrated Storage System
► Industry Standard Virtualization
► Windows Server
Cisco Confidential 61
Service Modules and Interface Cards
EHWICEnhanced High Speed WAN Interface Card
ISMInternal Service
Module
SMServiceModule
PVDM3Packet Voice/Data Module
Interface Cards (WAN or LAN)
Internal Module for Running Services That Don’t Require Interface Ports, Dedicated CPU and Memory
Independent CPU and Memory for Hosting Services or High Density Interface Ports.
High Density Rich-Media Voice and Video DSP Modules
Cisco Confidential 62
Services Ready Engine (SRE)
Internal Service Module (ISM)Compact and Internally-Pluggable Form Factor
Supported on all 1900, 2900, and 3900 ISRsSelected Services Available
Single Model—SRE 300 ISM
Service Module (SM)Versatile and High-Performance Form Factor
Supported on 2911, 2921, 2951 and all 3900 ISRsFull Range of Services Available
Two Models—SRE 700 / 710 SM and SRE 900 / 910 SM
No Additional Cabling, Ethernet Ports, Power Supplies, and Rack Space Required
Remote Energy Management With Schedulable On/Off Times
High-performance Hardware—up to 7x Of Previous Generation
Size-, Weight- and Power-efficient Form Factor With Low Carbon Footprint
Remote Configuration and Troubleshooting, On-board Hardware Diagnostics
All Resources Are Isolated, Dedicated, And Independent of the Host Router
Cisco Confidential 63
EtherSwitch Service Modules (ESM)► 16, 24, and 48 ports of GE
or FE LAN
► Feature parity with Catalyst 3560-E and 2960
► Local Line-rate Layer 2/3 switching
► Supports Cisco EnergyWisefor green IT
► LAN traffic performance optimization between modules, with no impact on CPU/WAN performance
► Integrates the latest enterprise switch featuresinto the router
► Industry Leading Power Over Ethernet
► Industry leading security and authentication
► Auto Smartports for plug and play port configuration
Cisco Confidential 64
ISR G2 Warranties
► Standard Hardware Warranty Terms:► Coverage for 90 days (ISR 2900, 3900)
► Coverage for 1 year (ISR 800, 1900)
► 10-day Advance Replacement
► No Technical Support
► No Software Updates
► Strongly recommended that customers purchase a support contract for ISR G2 products
Cisco Confidential 65
Enhancing the Borderless Experience
ISR G2 Product Portfolio
ISR 800 Family
Small or Virtual Office
ISR 1900 Family
Secure Mobility
ISR 2900 Family
Secure Collaboration
… to provideActionable InsightISR 3900 Family
Scalable Rich Media Services
Cisco Confidential 66
Cisco 800 Series
Fixed Configuration Platform
►Secure collaboration
►Unified wireless mobility
►High availability
►Simplified operations
►1 year limited warranty
860 880 890
WAN Ports 1 FE/ADSL 1 FE/xDSL 1 FE1 GE
WAN Backup No Yes Yes
LAN Ports 4 4 8
PoE Support — — 4 ports
Optional .11n 2.4 GHz 2.4 GHz 2.4 and 5 GHz
Security Basic Advanced Advanced
Positioning Statement Entry-level, highly secure
Full featured, highly secure
Voice with survivability
Cisco Confidential 67
Cisco 1900 Series
Secure Mobility Platform► Desktop form factor► 25 Mbps WAN access
(with services)► Optional integrated
802.11n wireless► Double-wide HWIC slot► 1 year limited warranty
1941/W 1921
SM Slots 0 0
ISM Slots1 / or optional 802.11n
fixed wireless0
EHWIC Slots 2 2
WAN Ports 2 GE 2 GE
DSP Slots 0 0
Form Factor 2U 1U
Positioning Statement High performance, full featured
Flexible broadband connectivity
Cisco Confidential 68
Cisco 2900 Series
Secure Collaboration Platform► 75Mbps WAN access
(with services)► Video-ready DSP support► Second Services Module slot► 90 day limited warranty
2951 2921 2911 2901
SM Slots 2 1 1 0
ISM Slots 1 1 1 1
EHWIC Slots 4 4 4 4
DSP Slots 3 3 2 2
WAN Ports 3 GE(1 SFP)
3 GE(1 SFP) 3 GE 2 GE
Form Factor 2RU 2RU 2RU 1RU
Positioning Statement
Maximum
power and
flexibility
Midrange power and flexibility
Small and
powerful
Cisco Confidential 69
Cisco 3900 Series
Secure Mobility Platform► 150 Mbps WAN access
(with services)► Upgradeable services
performance engine (SPE)► Configurable dual Integrated
Redundant Power supplies► 90 day limited warranty
3945E 3945 3925E 3925
SM Slots 4 2 4 2
ISM Slots 0 1 0 1
EHWIC Slots 3 4 3 4
DSP Slots 3 4 3 4
WAN Ports 4 GE 3 GE 4 GE 3 GE
Form Factor 3RU 3RU 3RU 3RU
Positioning Statement
Highest density and performance
Density and performance
Cisco Confidential 70
350 Phones
3945250
Phones
3925
150 Phones
2951100
Phones
292135 Phones
2901
50 Phones
2911
Cisco Unified Communications Manager Express
Extended Modular Connectivity (EVM, ISM,
SM, WIC/VIC)
Multiple Services
High Density ServicesModularity with Performance
Optimized for “All-in-one” Solution (NM-SM, NME,
EVM, ISM, WIC/VIC)
Low Density Services
Concurrent Services and Performance (UCME 8.6)
Benefits of Cisco Routing Solutions for Small and Midsize Business Customers
Cisco Confidential 72
Borderless Networks Drive Growth and Change
Harness Video as the agent of change to realize closer customer contact, enhance customer experience and customer loyalty
Transform the workspace experience and increase productivity. Automate business processes to drive down costs
Accelerate growth by integrating innovations into the business process—bringing interactions faster to the customer
Cisco Confidential 73
Operational Complexity► Higher cost of ownership
► Lower business efficiency
Infrastructure Bottlenecks
► Inconsistent Application Performance
► Decreased employee productivity
Service Inconsistency► Poor workspace
experience
► Limited business flexibility
Consequences of Not Having a Borderless Network
Cisco Confidential 74
Operational Excellence►Operational Simplicity
► Greener technology
► Rapid ROI with Investment Protection
Video-Ready► Rich-media applications
► High performance
► Application optimization
Service Virtualization► Services “On-Demand”
► Customized Applications
► Cloud extension
Benefits of Cisco Borderless Networks
Business Innovation
Customer Experience Lowest TCO
Cisco Confidential 75
Key Stakeholder Messages
► Stakeholders focus on different issues depending on their responsibilities at work
► Key stakeholders include technical, operational and executive decision makers
► Adjust your positioning statements to take into account the different emphasis of each stakeholder
Cisco Confidential 76
Improve Capability Cisco innovations and technologies lead the market in new capabilities
Reduce Downtime
Cisco end-to-end integration and unified management tools keep complexity under control
Reduce Complexity and Simplify Management
Cisco reliability and TAC support minimize downtime
IT Manager Concerns
Cisco Benefit:Concerns:
Cisco Confidential 77
Improve Sales Pipeline Cisco agility and flexibility support new business initiatives
Improve Operational Processes and Efficiency
Cisco integration with collaboration and social tools keep customers close
Improve Customer Service
Cisco performance and features speed up work while reducing costs
Operations / Business Manager Concerns
Cisco Benefit:Concerns:
Cisco Confidential 78
Generate New Revenue Streams
Cisco product breadth provides solutions for the widest range of needs
Increase Profit
Cisco positions the network for future growth and capabilities
Make Intelligent Investments
Cisco solutions provide reduced TCO and improved ROI
Finance/CEO/Owner Concerns
Cisco Benefit:Concerns:
Cisco Confidential 79
Network Investment Requirements
► Intelligent investment in the network is required to ensure network security and flexibility
► Migration to a highly resilient foundation is critical to current and future network needs
► Integration of advanced solutions for security, media transport, wireless LAN, storage and energy use
Cisco Confidential 80
Consequences of Not Investing
► When companies fail to upgrade to a borderless network:
► Deploying new applications and services takes longer
► Security becomes more difficult to achieve
► Network availability degrades and downtime increases
► New applications and traffic types fail to perform properly
Cisco Confidential 81
Success Story
► Opresa transforms sales and distribution operations and becomes more profitable with Cisco Borderless Network solution
Cisco Confidential 82
Success Story
Business Challenges Manual sales reporting with
inadequate communications facilities between sales outlets and headquarters
• Inefficient supply chain processes and inability to take advantage of economies of scale with major suppliers or implement real time sales promotions
Cisco® Solution Company-wide adoption of
retail ERP system supported by secure Cisco Borderless Network foundation
GSM connections for remote locations
Business Results Maximized stock control
efficiencies with real time sales reporting and forecasting
Increased profitability from lower administrative overheads, better stock control, and ability to tap into new markets such as mobile top-ups
Catpulting Supply Chain into 21st CenturyOpresa
“We wanted a flexible architecture with room for future growth ”
—Arben Gagani, Chief IT Officer, Opresa
Competing With Cisco Borderless Network Routing Solutions
Cisco Confidential 84
Compete by Understanding Buyers’ Needs
Cisco Confidential 85
Key Messages for Each Buyer
Cisco Confidential 86
Winning With Product Buyers
► View of Business► Discriminating small and midsize enterprises view business
connectivity as critical to improving efficiencies
► View of Technology► Depend on real-time access to mission-critical apps to mobilize
business; less client interaction on the network
► Win with Cisco by Emphasizing► Cisco offers products and services that help ensure simplified and
scalable business connectivity:
► The right features and expandability options
► Ready to use setup
► Operational out of the box
► 24-hour tech support
► Flexible and affordable financing
Cisco Confidential 87
Winning With Solution Buyers
► View of Business► Discriminating small and midsize enterprises view workforce
productivity as critical to better serving more customers
► View of Technology► Growth is thrust upon them; they are pressured to better serve more
customers, increasing customer interaction on the network
► Win with Cisco by Emphasizing► Cisco helps create a workspace environment with flexible and
responsive solutions:
► End-to-end solutions and expandability options
► Flexible on-premises, hybrid, and cloud deployments
► Simplified design and installation
► Greater network visibility and control
Cisco Confidential 88
Winning With Architectural Buyers
► View of Business► Create competitive advantage in today’s rapidly changing
marketplace through dynamic business models
► View of Technology► Network is the business – heavy customer and employee interaction;
they are pressured to offer differentiated products and services
► Win with Cisco by Emphasizing► Cisco offers an architecture that is a dynamic and scalable service
delivery platform that enables:
► Personalized and pervasive engagement
► Agile and efficient operations
► Open and protected IT environment
► Rapid and repeatable services provisioning
Cisco Confidential 89
Compete by Understanding the Environment
Converting Asserting
Establishing Defending
Using Competitor
Considering Competitor
Cisco Neutral Cisco Friendly
Cisco Confidential 90
Using Competitor, Considering Cisco
Convert Customers
► Customer has strong relationship with other vendor
► Goal: Demonstrate Cisco superior routing and switching solutions
► How: Competitor likely won on price - show how Cisco solutions save money by consolidating devices, integrating management and enabling borderless network capabilities
Converting
Cisco Confidential 91
Using Competitor and Cisco
Assert Cisco Benefits
► Customer has mixed-vendor environment and strong relationships with both vendors
► Goal: Demonstrate the benefits of a single-vendor solution based on Cisco Borderless Networks
► How: Show how Cisco routing solutions integrate security at the core, support new services via MediaNet, reduce costs through EnergyWise and unify the network via the broad Cisco portfolio
Asserting
Cisco Confidential 92
New or No Vendor Commitment
Establish Cisco Strength
► Customer has new location or old equipment in existing location and weak relationship with other vendor
► Goal: Introduce Cisco networking strengths, product breadth and support capabilities
► How: Show how Cisco routing and switching solutions solve IT challenges, help adopt new business tools, save on costs, and improve network performance
Establishing
Cisco Confidential 93
Using Cisco, Considering Competitor
Refresh the Base
► Customer has existing Cisco relationship and equipment that is approaching retirement
► Goal: Refresh their network with up-to-date Cisco solutions
► How: Show how Cisco solutions provide long-term benefits, and how Cisco Services make the transition simple and smooth
Defending
Cisco Confidential 94
Questions to Start Conversations
How do you use the network in your business?
How long will your next investment last?
Does your network allow you to easily add new services or business applications?
Does the network hinder your ability to implement new business priorities?
Is your network borderless, providing secure anywhere, anytime, any-device access? Can you network:
–– Provide protection from the premises to the cloud?–– Optimize performance of applications anytime, anywhere?–– Enable mobile users to securely and transparently connect from any location?–– Help your organization reduce energy costs?
Are you able to scale your resources to all your remote locations?
Cisco Confidential 95
Routing Message In A Box► Cisco Routing on Cisco.com
► http://cisco.com/go/router
► Cisco Routing on Partner Central
► http://www.cisco.com/en/US/partner/products/hw/routers/partner.html
► Programs and Incentives
► http://www.cisco.com/go/vip
► http://www.cisco.com/go/oip
► Cisco Borderless Networks Partner Community
► https://communities.cisco.com/community/partner/borderlessnetworks
► Cisco Capital
► http://www.cisco.com/go/ciscocapital
► Cisco How to Create A Trade-in Quote
► http://www.cisco.com/web/partners/downloads/partner/WWChannels/sales_marketing_resources/ctmp/quick_quote.pptx
Technical Considerations for Cisco Borderless Network Routing Solutions
Cisco Confidential 97
Cisco ISR G2
Cisco Confidential 98
Central Site Router Selection ConsiderationsFactors to consider when choosing a router:
► Bandwidth and Throughput► How much traffic needs to be routed on the LAN?
► How much traffic needs to be routed on the WAN?
► Traffic Types and Needs► What kind of traffic is being routed?
► Are there any special needs?
► LAN/WAN Connectivity Options:► How are we connecting to the LAN/WAN?
► Is redundancy required?
Cisco Confidential 99
Central Site Router Selection Considerations (Cont.)
Factors to consider when choosing a router:
► CPU Load► Do we need to run multiple simultaneous services?
► What services do we need to run?
► Routing protocol requirements► Do we need to static or dynamic routing?
► What protocols do we need to run?
► Security requirements► Will the router be providing security as well?
► What security services will be required?
Cisco Confidential 100
Branch Site Router Selection ConsiderationsFactors to consider when choosing a router:
► Users and Applications► How many users / devices are at the branch location?
► What type of applications are they using?
► Voice and Video► Will IP phones be used at the branch?
► Where is call control located?
► Is there a PSTN gateway at the branch?
► Are there legacy devices to integrate?
Cisco Confidential 101
Branch Site Router Selection Considerations (Cont.)Factors to consider when choosing a router:
► Security requirements► What security services are required?
► Is tight integration with central site security required?
► Compliance requirements► Are there compliance considerations at the branch?
► Is compliance monitoring required?
► Connectivity► Is WLAN a requirement at the branch?
► What LAN and WAN technologies are needed?
Cisco Confidential 102
ISR 800 Series Capabilities
Cisco Confidential 103
ISR 1900 Series Capabilities
Cisco Confidential 104
ISR 2900 Series Capabilities
Cisco Confidential 105
ISR 3900 Series Capabilities
Cisco Confidential 106
ISM-VPN Test PerformanceISR G2 IPsec IMIX Performance Comparison
Cisco 1941
Cisco 2901
Cisco 2911
Cisco 2921
Cisco 2951
Cisco 3925
Cisco 3945
Onboard VPN ISM
IPS
ec T
hro
ug
hp
ut
(Mb
ps)
60 60 65 80
150215
245
170 170 170215
395
715 715
2.8X 2.8X 2.6X2.7X
2.6X
3.3X 2.9X
1. Single stream of IPsec traffic with AES encryption is used for the throughput measurement
2. Performance numbers are captured @ NDR (No Drop Rate)
3. IMIX composition: 61% 90-byte, 24% 594-byte, 15% 1418-byte packets
Plan, Design, and Build Considerations for Cisco Borderless Network Routing Solutions
Cisco Confidential 108
Plan, Design, Build for Partner Engineers
► There are three major responsibilities of the partner engineer during the customer engagement:
► Plan the feature requirements and assess product choice against features
► Design a solution based on understanding of required functions and best practices
► Build a solution by deploying, configuring and managing it
• Feature Requirements
• Product AssessmentPlan
• Determine Function
• DesignDesign
• Deploy• Configure• Manage
Build
Cisco Confidential 109
Planning
► In the case of Cisco routers, one of our key planning steps is to determine the required version of IOS and the features it will support
► Use Cisco Software Advisor to assist in feature research
• Feature Requirements
• Product Assessment
Plan
Cisco Confidential 110
Licensing Overview Prior to IOS 15.0
► Prior to Cisco IOS Release 15.0, a software image was selected based on the required feature set of the customer
► There were eight software packages that satisfied requirements in different categories
Cisco Confidential 111
Licensing Overview
► Since the introduction of Cisco IOS Software Release 15.0, the universal image contains all packages and features in one image
► Multiple technology package licenses can be installed and activated on the Cisco 1900, 2900 and 3900 series Integrated Services Router platforms
► Individual features can be enabled or disabled by license keys, including:
Technology Package License Features
IP Base Entry-level Cisco IOS functionality
Data MPLS, ATM, and multiprotocol support
Security Cisco IOS Firewall, IPS, IPSec, 3DES, and VPN
Unified Communications VoIP and IP Telephony
Cisco Confidential 112
Technology License Packages
DataMPLS, BFD, RSVP,
L2VPN, L2TPv3, IP SLA etc.Devices 1900,2900,3900
SecurityCisco IOS Firewall,
SSL VPN, DMVPN, IPS,GET VPN, IP sec etc.
Devices 1900,2900,3900
IPBaseBGP, OSPF, EIGRP, ISIS, RIP, PBR, IGMP, Multicast
Default image for Access RoutersDevices: 1900, 2900, 3900
Unified CommunicationsCUBE, SRST, Voice Gateway,
CUCME, DSP, VXML etc.Devices 2900,3900
Cisco software activation process identified at http://www.cisco.com/go/sa.
Cisco IOS Software licensing and packaging details at http://www.cisco.com/go/g2licensing.
Cisco Confidential 113
Standard vs No Payload Encryption
► Cisco Universal IOS supports two images for each router platform:
► Universalk9: Offers all the Cisco IOS features including strong payload cryptography features such as IPSec VPN, SSL VPN, and Secure Unified Communications
► Universalk9_npe: Does not support any strong crypto functionality such as payload cryptography or secure voice – designed for import into CIS countries
Platform Image Name
1905/1921/1941/1941W c1900-universalk9-mz, c1900-universalk9_npe-mz
2901/2911/2921 c2900-universalk9-mz, c2900-universalk9_npe-mz
2951 c2951-universalk9-mz, c2951-universalk9_npe-mz
3925/3945 c3900-universalk9-mz, c3900-universalk9_npe-mz
Cisco Confidential 114
Licensing Overview From IOS 15.0
Cisco Confidential 115
Cisco Feature Navigator Overview
http://tools.cisco.com/ITDIT/CFN/
Cisco Confidential 116
Cisco Feature Navigator Example
Cisco Confidential 117
Cisco Feature Navigator Example (Cont.)
Cisco Confidential 118
Permanent License Installation
Cisco Confidential 119
Evaluation License Installation
Temporary licenses available at http://www.cisco.com/go/license
Cisco Confidential 120
License Backup
Cisco Confidential 121
Disabling an Active Permanent License
Cisco Confidential 122
Uninstalling a Permanent License
Cisco Confidential 123
Licensing Verification
Cisco Confidential 124
Designing
► Correct design requires understanding router capabilities:
► Router Architecture► Router Role► Static and Dynamic Routing
► Design best practices:► Best Practices for Inter VLAN Routing► Hierarchical Design
• Determine Function
• DesignDesign
Cisco Confidential 125
Router Architecture
► Logical Diagram of Internal components of a Cisco router
Cisco Confidential 126
Role of a Router
► Routers are required to reach hosts that are not in our local network
► Routers use a routing table to reach those networks
Cisco Confidential 127
Static and Dynamic Routing
Static Routing
►Static routers are entered manually by the administrator
►Particularly useful in small networks
►A network topology change requires a manual update
►Routing behavior is simple and can be precisely controlled
►A network routing protocol is used to adjust automatically to changes
►Particularly useful in larger networks
►Routers learn and maintain routes in a routing table to reach all destinations
►More complex to manage, but also more scalable
Dynamic routing
Cisco Confidential 128
Dynamic Routing Protocols
►EIGRP ► Cisco Proprietary
► Loop free classless routing
► Reduced overhead and bandwidth usage
► Easy to configure no area design requirements
►OSPF ► Developed By IETF
► Loop free classless routing
► More processor and memory intensive
► More complicated to configure but supports a wide range of special use cases
Cisco Confidential 129
Inter-VLAN Routing
► A VLAN creates a logical subnet and broadcast domain
► Inter-VLAN routing facilitates communication between multiple VLAN
► Layer-3 switches and routers support inter-VLAN routing
Cisco Confidential 130
Best Practices for Inter-VLAN Routing
Solutions that can provide inter-VLAN routing:
► Router with separate physical interface for each VLAN
► Router with a trunk link and separate logical interface for each VLAN
► Routing With a Layer-3 switch
Cisco Confidential 131
Router with Separate Interface Per VLAN
► Simple and straightforward
► Does not scale well
► Requires one interface per
VLAN
Cisco Confidential 132
Router with Trunk Link and Virtual Interfaces
► More complex, but also more scalable
► Requires interface that supports
trunking
► Create sub-interfaces
for each VLAN
Cisco Confidential 133
Routing With a Layer-3 Switch
► Provides fast packet forwarding rates
► Minimal additional expense
Cisco Confidential 134
Hierarchical Model for Design
Cisco Confidential 135
Router Design Considerations
►Determine if core layer is needed
►Determine performance and capacity requirements
►Determine redundancy requirements
►Determine if WAN connectivity is to core or data center
►Determine what IP routing protocol to configure
►Number of users or ports
►Cabling
►Performance
►Connectivity speed for hosts
►Router – switch uplinks
►VLAN deployment
►Additional features such as QoS and IP multicast
Cisco Confidential 136
IP Addressing Design Steps
► Define the IP addressing requirements
► Develop a hierarchical IP addressing plan► Determine private addresses inside organization
► Determine public addresses facing the Internet
► Determine NAT or PAT translation as needed
► Develop a plan for deploying DHCP and DNS
► Configure EIGRP or OSPF, based on organizational requirements
Cisco Confidential 137
Build
► Building a solution requires knowledge of the appropriate configuration and administration tools:
► Cisco Configuration Professional
► CLI
• Deploy• Configure• Manage
Build
Cisco Confidential 138
Configuring Cisco RoutersCCP Professional Express
CCP Professional
Console CLI
Cisco Confidential 139
Cisco Configuration Professional
► Configure and monitor Cisco routers without using CLI
► GUI –based configuration tool for routers and switches
► Provides assistance for non-experts through easy-to-use smart wizards
► Assists you through comprehensive online and video help
Cisco Confidential 140
Cisco Configuration ProfessionalCCP Professional CCP Professional Express
►One-click router lockdown and smart wizards
► Innovative voice and security auditing capabilities to check and recommend changes to router configurations
►Configure NAT, FW, IPS, VPN, QoS
►Troubleshooting of WAN and VPN connectivity issues
►Fewer settings, easier to use
►Basic configuration of router WAN and LAN interfaces
►Hostname,DNS, and DHCP configurations
►User Management for the router
►Dashboard, basic troubleshooting, and command line interface (CLI) tool
Cisco Confidential 141
Cisco Command Line Interface
►The CLI is used to enter commands
►Commands will vary based on different devices and IOS
►Administrators can type or paste commands in the console
►Execution privileges can be controlled for security purposes
►Command modes have distinctive prompts
Cisco Confidential 142
Device Configuration Sources
Cisco Confidential 143
Saving Configuration Files in CLI
► Copy command is used to save configurations
► Same command is used on both Cisco switches and routers
Cisco Confidential 144
Additional Resources► Design Zone:
► http://www.cisco.com/en/US/partner/netsol/ns741/networking_solutions_program_home.html
► Design for Borderless Networks► http://www.cisco.com/en/US/partner/netsol/ns1063/networking_solutions_program_home.
html
► Cisco CCNA Career Certification► http://cisco.com/go/ccna
Summary
Cisco Confidential 146
Module Summary
► Small and midsize business customers are looking to their routing solution to provide increased ROI, reliability, productivity and lower service and support costs
► The Cisco Small and Midsize business router portfolio includes routers from the entry level RV family all the way up to the ISR G2 family
► Cisco routers help customers accelerate growth, transform the workspace experience and provide a lower TCO
► Cisco routers help all key stakeholders including IT departments, business managers and CxOs, to meet their business needs
► Router selection factors including: bandwidth and throughput, traffic type and needs, and LAN and WAN connectivity options
► With the introduction of Cisco IOS Software Release 15.0, the universal image contains all packages and features in one image
Cisco Confidential 147
Review: Cisco Small Business Routers
Which Small Business Router provides wired-only connectivity, maximum VPN connectivity and WAN load balancing? (choose one)
A) RV0 Series
B) RV100 Series
C) RV200 Series
D) RV500 Series
Cisco Confidential 148
Review: Cisco Small Business Routers
Which Small Business Router provides wired-only connectivity, maximum VPN connectivity and WAN load balancing? (choose one)
A) RV0 Series
Cisco Confidential 149
Review: Service Module Support
What is the lowest end family of ISR G2 routers that provides a Service Module slot? (choose one)
A) 800 Series
B) 1900 Series
C) 2900 Series
D) 3900 Series
Cisco Confidential 150
Review: Service Module Support
What is the lowest end family of ISR G2 routers that provides a Service Module slot? (choose one)
C) 2900 Series
Cisco Confidential 151
Review: Service Ready Engine
Which of the following best describes the ISR G2 Service Ready Engine? (choose one)
A) It allows ISR G2 routers to connect to cloud services
B) It is a server running Unified Communications Manager
C) It is an installable server and software module
D) It is a performance enhancing engine for routing services
Cisco Confidential 152
Review: Service Ready Engine
Which of the following best describes the ISR G2 Service Ready Engine? (choose one)
C) It is an installable server and software module
Cisco Confidential 153
Cisco Confidential 154Cisco Confidential 154
Cisco Borderless Network Switching Solutions for Partner Engineers
Cisco Confidential 155
Module Objectives
► Describe the Cisco Borderless Network Switching solutions for small and midsize customers
► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network Switching solutions
► Identify the appropriate Borderless Network Switching solution to match customer needs
► Articulate the value of Cisco Borderless Network Switching solutions over the competition
► Describe technical considerations for Cisco Borderless Network Switching Solutions for small and midsize business customers
► Describe plan, design and build considerations for Cisco Borderless Network Switching Solutions for small and midsize business customers
Upon completion of this module, you will be able to:
Cisco Confidential 156
Module Outline
► The learning objectives will be covered in the following sections:► Cisco Borderless Network Switching Solutions for Small and Midsize Business
Customers
► Benefits of Cisco Switching Solutions for Small and Midsize Business Customers
► Competing With Cisco Borderless Network Switching Solutions
► Technical Considerations for Cisco Borderless Network Switching Solutions
► Plan, Design, and Build Considerations for Cisco Borderless Network Switching Solutions
Cisco Borderless Network Switching Solutions for Small and Midsize Business Customers
Cisco Confidential 158
Cisco solutions will address these challenges
Customer Challenges
Increase ROI
Greater reliability and productivity and lower TCO provide ROI to
customer
Provide Reliability
Core hardware and OS design supports
network functionality with high uptime
Boost Productivity
Broad features set enables diverse
workloads
Lower Service & Support Costs
Reduce total cost of ownership, maximize
contribution of IT
Cisco Confidential 159
Cisco Small / Midsize Business Switch Portfolio
500 Series
Stackable with advanced network
features
Solid Baseline Switching
VoiceData
100 Series 200, 300 Series
Foundational, smart and managed
Entry Level FeaturesLow TCO
Any Device HD Video
Affordable and easy to use
Catalyst 2960Catalyst
3560-X, 3750-X
Competitive feature set at compelling
prices
Industry-leading fixed switching
VDI
Innovative Services
Data Voice
Cisco Confidential 160
Small Business Switches
► Provide simplicity and affordability for small business customers
► Offer competitive feature set
► Support easy deployment and management via GUI
100 Series 200 Series 300 Series 500 Series
Unmanaged Smart Managed
Cisco Confidential 161
Smart vs Managed Switch Comparison
Smart Switch Managed Switch
General Approach Entry level, managed switches with basic features Advanced, managed switches with advanced features
Quality of Service Basic QoS, trusts user/device to set packet priority Advanced QoS, allows switch to set priority level for packets and prioritize users and applications
Layer-2 Features Basic port security, VLAN, link aggregation, spanning tree
Control all aspects of network security (ACLs, VLANs, STP), and allow/disallow traffic
Management Basic web management, some with SNMP Advanced web and CLI management with SNMP
Cisco Confidential 163
Common Features of Small Business Switches
► Limited Lifetime Warranty
► Support provided by Small Business Support Center
► Good product selection including your choice of:► Port densities
► Fast and Gigabit Ethernet interfaces
► Fanless designs
► PoE support
► QoS and energy efficiency features
► Modular uplink options in models with dedicated uplink ports
Cisco Confidential 164
Small Business Switch Warranties
► Limited Lifetime Warranty on all 100, 200, 300 and 500 switches:► Coverage for lifetime of switch
► Or 5 years after End of Sale announcement
► Replacement in the event of failure during normal use► 100 & 200: Return to Factory Replacement
► 300 & 500: Next Business Day Advance Replacement
► 1 year of technical support from Small Business Support Center
► Lifetime OS Software Updates
► Terms may vary by theatre and may change over time, always refer to cisco.com for the most up to date information
Cisco Confidential 165
Tailored to Meet Business NeedsEvolves With
Your BusinessIntelligent ServicesConverged
Services
Catalyst Switches
Entry-LevelCatalyst 3K-X
IP Base
Catalyst 3K-XIP Services
SustainabilityBorderless Experience
Ease of Operations
Catalyst 2K-X LAN BaseCatalyst 2K-X
LAN Lite
Catalyst 3K-XLAN Base
Borderless Security
Bu
sin
es
s C
on
tin
uit
y
Business Agility and Investment
Cisco Confidential 167
Enterprise / IP Services• Full Routing Protocols• Designed for distribution and core
IP Base • Layer 3 for access• Netflow for security and
capacity planning• Scalable identity-aware networking with
integrated switch sensor• Data confidentiality using MACsec• Video readiness with built-in traffic
simulator & MediaTrace• High Availability with ISSU, StackPower &
rolling stack upgrade
LAN Base• Layer 2+• PoE/PoE+• Flex Stack• Advanced QoS• Advanced Security
LAN Lite• Layer 2 • PoE• Basic QoS• Basic Security
Co
st
Features
Catalyst Switch IOS Versions► IOS version dramatically impacts feature set
► Critical to understand differences between versions
► Four major types of images
Cisco Confidential 168
Unified Access Switch Features
Unified Policy Unified ServicesUnified Management
Single pane of glass management for wired and wireless networks
Single policy definition and deployment for all users, devices and applications
Consistent Borderless Services
Cisco Prime Network Control System
(NCS)
Cisco IdentityServices Engine (ISE)
TrustSec
Medianet
EnergyWise
Cisco Confidential 169
Unified Management: Cisco Prime
Prime LAN Management System
► Provides a consistent web-based user experience that simplifies complete lifecycle management
► Simplify the deployment of Cisco differentiated switching features: EnergyWise, Auto Smartports, Smart Install, and TrustSec
► Utilize Cisco knowledge base and best practices to reduce errors and improve network availability
► Quickly isolate and fix client access issues with a single user interface and workflow for wired and wireless connectivity
Cisco Confidential 170
Auto SmartPortPlug and Play
for End Devices
Smart Call Home Identify and
Resolve Network Issues
Unified Management: SmartOperations
Smart InstallZero Touch Deployments
and Maintenance
New Switch is Connected
Software image downloaded; Configuration automatically applied
New Switch is Connected
Port Configuration: AppliedQoS Policy:EnforcedSecurity Policy: Enforced
Anomaly Detected
Proactive diagnosticsAlert created in real-timeWeb-based reportsRouted to correct TAC teamRemediation initiated
Save Time and Money for Customers
Director
Switches
Cisco Confidential 171
Unified Policy: Identity Services Engine
ISE is available via the Authorized Technology Provider program
Cisco Confidential 172
Unified Services: Cisco TrustSec► Scalable, Policy-Based Platform:
► Integrated posture, profiling and guest services
► Flexible authentication methods
► Identifies and classifies devices
►Centralized Management:► Coordinated policy creation
► Consistent enforcement
► Data integrity and confidentiality
► Benefits:► Improved business productivity
► Security and compliance risk mitigation
► Improved IT operational efficiency
Cisco Confidential 174
Unified Services: Cisco EnergyWise
Sustainability
► Provides company wide power visibility
► Any network connected device can be
made more energy efficient
► Proactively control rising operating costs
while reducing emissions
► Help enable intelligent policy control
► Uses open technology
► Meets regulatory mandates
Battery
Temperature
Phone
PC
WLAN
Lights
Cisco Confidential 175
Unified Services: Cisco MediaNet
Borderless Experience
► Rich media and collaboration drive
business transformation
► Enables anytime anywhere collaboration
► Provides scalability for video growth—10
Gig and full PoE+
► Optimizes for real-time voice and video
applications
► Simplifies and accelerates deployment
► Based on the Cisco unified network vision
Branch Office Deployment
Live Encoded Video
Cisco Confidential 176
Product Product Warranty Software Update Policy
Cisco Catalyst 2960 and 3560-E, 3750-E Series Switches
Cisco Limited Lifetime Hardware Warranty
Unlimited maintenance updates for LAN Base and LAN Lite IOS Images
Service Contract required for IOS Premium Images
Cisco Catalyst 2960-S, 2960SF and 2960-X Series Switches
Cisco Enhanced Limited Lifetime Hardware Warranty
Unlimited maintenance updates for LAN Base and LAN Lite Images
Service Contract required for IOS Premium Images
Cisco Catalyst 3560-X Series Switches Cisco Enhanced Limited Lifetime Hardware Warranty
Unlimited maintenance updates for Base IOS Images
Service Contract required for IOS Premium Images
Cisco Catalyst 3750-X Series Switches Cisco Enhanced Limited Lifetime Hardware Warranty
Unlimited maintenance updates for Base IOS Images
Service Contract required for IOS Premium Images
Warranty and Software Update Policy
Cisco Confidential 177
Cisco Services Comparison
Service Element Limited Lifetime Warranty Enhanced Limited Lifetime Warranty
Duration of Coverage
As long as the original End User continues to own or use the Product, provided that: fan and power supply warranty is limited to five (5) years.
As long as the original End User continues to own or use the Product, provided that: fan and power supply warranty is limited to five (5) years.
Cisco Technical Assistance Center (TAC) Support Not included Business hours access for 90-days
Online Support / Web Access Unregistered access only Unregistered access only
Advance Hardware Replacement 10 business days Next business day
On-site Support No No
Cisco Confidential 178
Cisco Catalyst Switches for Every Customer Need
Catalyst Switch Product Portfolio
Catalyst 2960 Family
Basic and Advanced Layer-2 Functionality
Catalyst 3560 Family
Multi-Layer Switching
Catalyst 3570 Family
Exceptional Stacking Capability
… to provideActionable Insight
Catalyst 3850 Family
Wired and Wireless Convergence
Cisco Confidential 179
Catalyst 2K Campus Portfolio
FAST ETHERNET ENTRY LEVEL
GIGABIT ETHERNET SCALABLE
Entry Level Entry Level Stackable Stackable Enhanced Networking
Catalyst 2960
1G UplinksPoELLW
Catalyst 2960-SF
1G UplinksPoE/ PoE+FlexStackE-LLW
Catalyst 2960-S
1G/10G UplinksPoE/PoE+FlexStackE-LLW
Catalyst 2960-X / XR
1G/10G UplinksPoE/PoE+FlexStack+E-LLW
Cisco Confidential 180
Catalyst 2960 Series
10/100 PortsFull PoE 2x1G uplinksLow power consumption
KEY FEATURESOPERATIONAL
SIMPLICITYLimited Lifetime Warranty2 Software Options: LAN
Base and LAN Lite modelsSmart Ports
Cisco quality at competitive price
EASE-OF-USE 20MPORTS
500K+UNITS
ENERGY EFFICIENCY
LOWERTCO
Cisco Confidential 181
Catalyst 2960-SF Series
Same as 2960 with addition of:FlexStack up to 20 GBPoE+ support
KEY FEATURESOPERATIONAL
SIMPLICITYEnhanced Limited Lifetime
Warranty2 Software Options: LAN
Base and LAN Lite modelsSmart Ports
Adds key features to the Fast Ethernet portfolio
EXTENDING THE SUCCESS OF CATALYST 2960
Cisco Confidential 182
Catalyst 2960-S Series
100/100/1000 PortsFlexStack up to 20GBPoE on all 48 portsPoE+ support10G uplinks available
KEY FEATURES OPERATIONAL SIMPLICITY
Enhanced Limited Lifetime Warranty
LAN Base required for FlexStack
Auto Smart Ports
Stacking capability with Gigabit to the desktop
10GB UPLINKS PROVIDE MAXIMUM THROUGHPUT
Cisco Confidential 183
Catalyst 2960-X Series
FlexStack+ up to 80GBPoE on all 48 portsPoE+ support10G uplinks availableNetFlow Lite
KEY FEATURES OPERATIONAL SIMPLICITY
Enhanced Limited Lifetime Warranty
Universal IOS Image
FlexStack+ adds stacking capability for up to 8 switches
NEXT GENERATION CATALYST SWITCH
Cisco Confidential 184
Catalyst 2960-XR Series
Equal to 2960-X plus:High availability Layer 3 routingSupport for 2 power supplies
KEY FEATURES OPERATIONAL SIMPLICITY
Enhanced Limited Lifetime Warranty
1 Software Option: IOS IP Lite
Auto Smart Ports
Dual field replaceable power supplies for maximum uptime
ENHANCED RELIABILITY
Cisco Confidential 185
Cisco FlexStack
► Consists of a hardware and a software component:►FlexStack module and cable►FlexStack protocol implemented in LAN
Base / IP Lite
► Supports 40 Gbps of throughput
► Stacking of up to four switches
► Provides redundancy and single point of configuration
Cisco Confidential 186
Cisco FlexStack Plus► Based on FlexStack technology
► Doubles throughput and number of stack members
► Offers 80 Gbps of throughput (vs 40 Gbps) and stacking of up to 8 switches
► Cross-compatible with FlexStack, permits mixing switch models
► Falls back to FlexStack capabilities of 40Gbps across 4 switches in mixed environments
2960-S
2960-X
2960-X
2960-SF Existing
New
New
Existing
Cisco Confidential 187
Catalyst FlexStack Stack Modules► Purchase FlexStack modules for Catalyst 2960-S, SF, X and XR models
► Requires at least LAN Base level of IOS
► FlexStack Module:► Hot swappable with two wire-speed 10G ports
► Copper cables – not fiber - no SFP needed
► Up to four switches in a stack (2960-S, 2960-SF)
► FlexStack Plus Module:► Hot swappable with two wire-speed 10/20G ports
► Copper cables – not fiber - no SFP needed
► Up to eight switches in a stack (2960-X, 2960-XR)
► Provide ease of operation and management with a single configuration and simplified switch upgrade
Cisco Confidential 188
Catalyst 3K Campus Portfolio
Stand-Alone Switch Portfolio Stackable Switch Portfolio
Fast Ethernet Gigabit Ethernet Fast Ethernet Gigabit Ethernet
Network And Service Modules
C3KX-NM-1G C3KX-NM-10G C3KX-NM-10GT C3KX-SM-10G
Catalyst 3560 v2
Data or PoEFixed 1G UplinksSingle PSLLW
Catalyst 3560-X
Data / PoE(+)Modular 1G/10G Dual PS E-LLW
Catalyst 3750 v2
Data or PoEStackWiseFixed 1G UplinksSingle PSLLW
Catalyst 3750-X
Data / PoE(+)StackWise PlusStackPowerModular 1G/10GDual PSE-LLW
Aggregation Switch
WS-C3750X-12S-SWS-C3750X-12S-E
WS-C3750X-24S-SWS-C3750X-24S-E
LAN BaseIP BaseIP Services
Service Module
Cisco Confidential 189
Catalyst 3560 v2 Series Switches
► Universal POE on Catalyst 3K Series
► Full EnergyWise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs
► Compatible with Cisco Redundant Power System(RPS) 2300
► IPv6 routing included in the IP Services feature set
► DC powered stand-alone model
Cisco Confidential 190
Catalyst 3560-X Series Switches
► Universal POE (30W per port) to power attached devices
► Full Energy Wise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs
► Four hot swappable network modules
► Two hot-swappable power supplies for redundancy
► Data confidentiality and integrity with
MACsec hardware-based linerate encryption
► Enables IP telephony, wireless and video
Cisco Confidential 191
Catalyst 3750 v2 Series
► Automated Configuration & Management
► Cisco StackWise™ Technology
► Wire-Speed Switching and Routing
► Cisco EnergyWise technology
► Enterprise-Class Services
► Advanced security services
► Multilayer QoS
Cisco Confidential 192
Catalyst 3750-X Series
► Enterprise-Class Services
► Cisco StackWise™ Technology
► Facilitates converged network deployment
► 10/100/1000 ports
► 4 optional uplinks
► Wire-Speed Switching and Routing
► Automated Configuration & Management
► Multilayer QoS supports rich media
► Cisco EnergyWise technology
Cisco Confidential 193
Catalyst 3850 Series
I n tegra ted Wi red and Wi re less Access
Wireless CAPWAP Termination
Up to 50 APs per stack
480 Gbps Stacking Bandwidth
FRU Fans, Power Supplies
Stackpower
40 Gbps Uplink Bandwidth
Line Rate on All Ports
Granular QoS/Flexible NetFlow
Full POE+
Up to 2000 Clients per Stack
Cisco Confidential 194
Increased network redundancy Consolidate UPS infra and eliminate battery backup
Energy Efficient Ethernet (IEEE 802.3az) “sleep mode” on idle links Average power saved per EEE link is 0.74 watts
60W of Power Uses standard RJ45 connectors and Category 5e or higher cabling
Save up to $128/port over five years* with Cisco EnergyWise Lowers CapEx and OpEx
Resilient EEE
Universal Efficient
New UPOE Switches
New hardware switchesSame power supplies as existing X-series switches
UPOE Budget24-ports 48-ports
Max. # of UPOE ports 24(full UPOE)
Up to 30
Required power supply config.
1100W and 715W
Two 1100W
StackPower
Mixed stack (PoE and UPOE) is supported
Universal POE on Catalyst 3K Series
Cisco Confidential 195
Encryption & Netflow Service Module
C3KX-SM-10G
► Enabling Line Rate Services ► Line rate (40G) Flexible NetFlow for Application Performance solutions
► Line rate (40G) MACSec encryption
► Operational Simplicity► Investment protection and extensibility of 3K-X family
► SFP+ allows use as 1G or 10G
► High performance ► Custom Hardware for NetFlow monitoring
► No impact on packet forwarding performance & latency
► Flexibility► User-defined flow records reusable in different flow monitors for different applications
► Supports Flexible NetFlow version 9
Cisco Confidential 196
Cisco StackWise Technology► Unites up to nine switches
► Stack-interconnects cables support up to 32Gbps throughput
► Optimized for Gigabit Ethernet
► Mix and match 3750 and 3750-E series
► Stack behaves as single switching unit
► Master switch automatically creates andupdates layer-2 and layer-3 forwarding tables
► New members can join or old ones leave without disruption
StackWiseCables
Cisco Confidential 197
StackPower – Now in LAN Base
► StackPower available on all 3750-X LAN Base switches
► Aggregates and shares available input power capacity in a Stack
► Up to 4 switches can be part of StackPower
► Independent from Stackwise / Stackwise+
► Flexible arrangement of power supplies in a stack► Up to 8.8Kw power in a stack► Decouples a PS from its physical location
► Supports a “zero-footprint” RPS deployment
Cisco Confidential 198
Catalyst Compact Switches
Can be powered via PoE(+) or UPOEPass through PoE for end devicesUplink & Downlink Data Encryption12 models to choose from
KEY FEATURES OPERATIONAL SIMPLICITY
Zero-touch deploymentAuto Smart Ports
Enhanced Limited Lifetime Warranty
Ideal for retail check stands, classrooms, conference rooms, hotel suites, and more
8 & 12 PORTMODELS
QUIET(FANLESS)
EXTEND THE CISCO
NETWORK
FULL-SIZE CAPABILITIES
LOWERTCO
Cisco Confidential 199
Catalyst Compact Switch Portfolio3560-C IP Base Portfolio 2960-C LAN Base Portfolio
Fast Ethernet Gigabit Ethernet
IP Base8 and 12 port FEData or PoE+2 x 1G UplinksE- LLW
3560-C Portfolio
IP Base8 port GE Data or PoE+2 x 1G UplinksE- LLW
Fast Ethernet Gigabit Ethernet
LAN Base8 and 12 port FEData or PoE2 x 1G UplinksE- LLW
2960-C Portfolio
LAN Base8 port GE Data Only2 x 1G UplinksE- LLW
PoE Pass Through Switch
WS-C3560CPD-8PT-S WS-C2906CPD-8PT-L
Benefits of Cisco Switching Solutions for Small and Midsize Business Customers
Cisco Confidential 201
Network Downtime
Is Expensive
Struggling to Keep up
With Security
Operational Complexityand Costs
Traffic Volume
and Bandwidth Expanding
Network Access Layer Challenges
Cisco Confidential 202
Configuration Simplicity
Cisco Network Assistant
Simplifies network management for up to 80 devices
Tackle day-to-day management tasks without using the CLI
View & troubleshoot your network even if managed by a service provider
Zero TCO graphical network management
Customer Challenges 100-500 Series, Catalyst 2K, 3K• Concurrent port configuration on multiple devices and
families (2k/3k/4k)
• CLI preview for every action
Simplify Deployments
• Configuration wizards and best practices• Drag & Drop IOS upgrade• PC or Mac based, no server to install
Monitor & Troubleshoot
• Front panel & topology views, bandwidth graphs• Event notifications with recommended action• Health monitoring
Network Optimization
• Deep dive L2/L3 with utilization tests, port & link tests, ACL reports & much more
• Config archive & scheduled software upgradeBenefitsSimplified Deployment & Management Reduces TCO
Zero TCO, PC or Mac based
Complete Coverage of 2K, 3K, and 4K Products
Cisco Confidential 203
Simplify Deployments
Cisco Prime LAN Management Solution
Simplifying configuration, compliance, monitoring, troubleshooting, and administration
Sustaining network operations with minimal IT staff
Reduces need to operate multiple management tools
Deploying and troubleshooting new network services
Customer Challenges Catalyst 2K, 3K
Improve Manageability
Automate Troubleshooting
• Error free deployment with Auto Smart Ports and Smart Install
• Error free deployment with user centric workflows and Smart Business Architecture templates
• User-oriented experience with intuitive workflow
• Automated lifecycle management
• Manage EnergyWise, Medianet , and TrustSec
• Use Device Center to quickly identify and remediate problems
• Automated, context-based self-help troubleshooting and TAC support with Cisco Smart Interactions
Improved Operational Efficiencies
Reduced Operating Expenses
Lowered Capital
Expenses
Benefits
Cisco Confidential 204
Measure Power of Various Devices
Energy Management with EnergyWise
Benefits
Enterprise-wide energy management solution
Measuring and controling of the use of power by network devices as well as end devices
Reducing increasing energy costs
Measuring and quantifying energy use, proactively reducing TCO and maintaining compliance
Customer Challenges Catalyst 2K, 3K
Easy Deployment and Management
Investing in Technology’s Future
• Control power of PoE powered devices via Catalyst switch ports
• Manage 3rd party IT devices: phones, APs, PCs, printers
• Manage non-IT devices via partnerships: Building Mgmt Systems, meters, PDUs, HVAC, lighting
• Built into IOS, no endpoint installation, auto-configuration for attached end-points
• Easily managed with EnergyWise Orchestrator, CiscoWorks LMS plus a variety of partner applications
• Over 80 partners in EnergyWise CDN partner program
• Driving industry-wide standardization in energy management through IETF
Comprehensive Visibility Across IT Devices
Lower’s Opex Via Intelligent Policy Control
Driving IndustryWide Change
Cisco Confidential 205
Simplify 802.1x Identity Deployments
Security with TrustSecCustomer Challenges Catalyst 2K, 3K
Protect Against Malicious Behavior
Prevent Eavesdropping With Link Layer Encryption Management and Policy
• Automatic collects device data and classifies devices
• Authorizes network demands using specific policies
• Flexible NetFlow for real-time traffic flow analysis
• Identify internal and external attacks as well as compromised end-points
• MACsec for line-rate HW encryption
• Hop-by-hop encryption on both downlinks and uplinks
Eliminate Data Snooping, Tampering and Attacks
Comply With Security Regulations
EffortlessSecurity Rollouts
Benefits
Simplifying identity deployments through integrated posture, profiling and guest services
Ensuring you know who’s on the network and providing the right level of access
Meeting compliance requirements (PCI, SOX, HIPPA)
Cisco Confidential 206
Enhance Security and Services
Network Resiliency
Enable self healing, high-availability capabilities with StackWise and StackWise Plus
Provide network resiliency
Run securely without downtime
Increase employee productivity, revenue and profitability
Customer Challenges Catalyst 2K, 3K
Proactive Management
Automate Configuration
• Upgraded IOS versions and feature sets deliver security patches, bug fixes, enhancements, and new services
• Boosts uptime, reacts quickly to business needs
• Smart Call Home provides smart, detailed diagnostics and real-time alerts for proactive maintenance
• TAC provides 24x7, follow the sun support
• Auto SmartPorts and Easy Install simplify installation
• Embedded Event Manager automatically triggers actions in response to network events
Benefits
Improved Features and Services
Greater UptimeLowered
Total Cost of Ownership
Cisco Confidential 207
Ensure Network Readiness
Video with Medianet
Benefits
Enabling efficient deployment and management of video traffic on the network
Keep up with video growth while delivering high quality of experience
Enabling easy deployment of video and troubleshooting of application vs network issues
Customer Challenges Catalyst 3K
• Built-in network calibration and assessment with Traffic Simulator and Mediatrace
Simplify Deployments
• Auto-configuration • Plugging in a device triggers identification and and
self-configuration
Provide Optimal Experience
• Traffic identification and differentiated QoS • Prioritize Business Video traffic with Strict Priority
Queuing
Monitor and Troubleshoot
• Mediatrace for hop-by-hop analysis & Traffic Simulator for problem recreation
Scalable/High Quality Video
Simplified/RapidDeployments
Easily Integrate New Video Applications
Cisco Confidential 208
Product to Position Reasons to Purchase
Target Customer ProfilesIT
Str
ate
gis
ts Brand, experience End-to-end solutions Reliability, services Future proof
Ba
rga
in B
uye
rs All-in price Low TCO, High ROI Included support Today’s needs
Latest, best features High performance
and ease of use Interest in systems
capabilities
Be
st o
f B
ree
d
Business agility and continuity Deliver new services Regulatory compliance Lower complexity and costs Energy management
More for less—Cisco value Converged networks at
affordable price Lowest TCO Simplify operations
Expanding volume and bandwidth requirements
Maximum business uptime Pervasive security Optimized operations
Catalyst 3750-X and 3560-X
Catalyst 2960-S/SF/X100, 200, 300, 500
Catalyst 3850, 3560-X, and 2960-XR
Cisco Confidential 209
Addressing Best of Breed
Feature Benefit
Medianet , Video Anytime, anywhere, any device access to applications and resources Scalable and reliable video for communications with customers and
employees and business innovation beyond communications
EnergyWise Substantial cost savings - reduce energy consumption and GhG emissions
company-wide
TrustSec , Identity-Based Policy
Authentication, authorization and resources based on user Avoid fraud, downtime, damaged reputation or breach of customer privacy Comply with PCI, SOX and HIPPA regulations
Smart Operations Simplified deployment and provisioning of service
Borderless Network Architecture
Solution policy and management
Business agility and continuity Global expansion Deliver new services Regulatory compliance Lower operational complexity/costs Future-proof – innovations that enable
differentiation, adaptability
End-to-end solutions Reliability, services Future proof
(BN story)
IT S
tra
teg
ists
Product & Services to Position Reasons to Mitigate
Catalyst 3750-X & 3560-X
Fallback: 3750-X, 3560-X LAN Base Smart Care, SMARTnet, SP Base,
Focused Technical Support, Remote Management Service
Cisco Confidential 210
Product & Services to Position Reasons to Mitigate
Addressing Best of Breed
Feature Benefit
StackPower Resiliency, scalability, and efficiency
PoE+ Support for new devices (pan-tilt zoom surveillance cameras,
video signage) Future proofing
Medianet, Video,EnergyWise
Anytime, anywhere, any device access to applications and resources Technology innovation delivers better control, cost savings, future-proof
Smart Operations Simplified deployment and provisioning of service
TrustSec, Identity-Based Policy
Authentication, authorization and resources based on user
Catalyst 3850 and 3560-X
Fallback: 2960-XR, 3850 and 3560-X LAN Base
SMARTnet , SP Base
Expanding volume and traffic bandwidth requirements
Business innovation Maximum business uptime Pervasive security
Latest, best Features High performance
and ease of use Interest in systems
capabilities
Be
st
of
Bre
ed
Cisco Confidential 211
Product & Services to Position Reasons to Mitigate
Addressing Bargain Buyers
Feature Benefit
Enhanced LLW Lower TCO Minimum downtime
LAN Base Feature Set Affordable entry point to Catalyst 3750-X and 3560-X platforms Entry point to Cisco-level brand
FlexStack Ease of management Resiliency and performance
PoE PoE on every port
Smart Operations Simplified deployment and provisioning of service
Bar
gai
n B
uy
ers
Catalyst 2960-S
Fallback: 100, 200, 300, 500 Smart Foundation, SMARTnet, SPBase,
Small Business Support
More for less—Cisco value Converged networks at affordable
price Lowest TCO Simplify operations
All-in-one price Low TCO, High ROI Included support Today’s needs
Cisco Confidential 212
Business Value and Customer Benefits
Security, Video, High Availability, and PoE capabilities as well as operational efficiencies to best address business challenges
Cisco innovations combine to deliver lower TCO
Innovations to Address BusinessChallenges
Lower TCO
ComprehensivePortfolio
Cisco’s comprehensive Unified Access portfolio provides the right solution for any network
Cisco Confidential 213
Success Story
Business Challenges Save costs
Reduce energy costs
Improve operational efficiency
Address environmental initiative through “Go Green” program
Improve information sharing and communications
Cisco® Solution End-to-end Cisco network
with Cisco Catalyst® switches
Wireless in every school
Connected energy systems managed from anywhere
Cisco EnergyWise: next step
Business Results Energy consumption
reduced by 42.7% (US $5.3 million savings)
Cisco EnergyWise expected to bring US$85,000 energy savings
Network uptime increased from 67% to over 99.9%
Improved Services at Reduced Costs for Today and TomorrowCouncil Rock School District
“Our Energy conservation project has had an outstanding impact on our district, not just the school, but the community as well.”
—Matthew Fredricksen, Director of Information Technology, Council Rock School District
Competing With Cisco Borderless Network Switching Solutions
Cisco Confidential 216
Focus on Solving Business Problems
Collaboration Operations MobilityEvolve with Changing Business Needs
Business Challenges
TechnologyEnablers
Access Solutions
Video
High Availability
Security
PoE Leadership
100 - 500, Catalyst 2K/3K
Cisco Confidential 217
Questions to consider
Is Supporting Secure Business Communications A Priority?
Can You Implement A Scalable and Comprehensive Identity Solution?
Can Your Network Deliver Real-time Collaboration Experiences?
Are You Using Your Network to Reduce Your Energy Costs?
Do You Have an Always-on Resilient Network?
Is Your Network Ready for Current And Future Regulatory Requirements?
Can You Deploy Network Changes Based on Proven Design Guides ?
Encourage Customers To See The Big Picture To Appreciate Cisco Value
Cisco Confidential 218
Quantifiable Savings
EnergyWise
• Reduce power utilization on all IT devices connected to the network
• Range is based on the customer deployment scenario (greater desktop usage generally lead to higher savings) and the customer’s discount rate applicable to the cash flows
$10–65
Platform Longevity Savings
• Extend refresh cycle from 3 to 5 years
• Driven by 3K / 4K capabilities in security, video, HA, and PoE leadership, and competitive advantages in IPv6 and QoS
$20-45
Additional Operational Savings
• Smart Operations: Smart Install and
Auto Smart Ports
• Ease of deployment for video and
security
• Advanced troubleshooting capabilities
• Advanced network and policy
management: LMS, ISE, Medianet.
$$May Vary
$/P
ort
5-ye
ar S
avin
gs
* Note: Platform longevity savings are based on 3K-X platform; EnergyWise savings assume full PoE and mix of deployment scenario’s. Details in notes
Cisco Confidential 219
Smart Operations=Cost Savings
Auto Smart Ports
Plug and Play for End Devices
Smart Call Home
Quickly Identify and Resolve
Network Issues
New Switch is Connected:
Configuration automatically applied
New Device Attached to Switch:
QoS—EnforcedSecurity—Enforced
Anomaly Detected:Proactive diagnostics
Alert created in real-timeRouted to correct TAC team
Remediation
Port Configuration—Applied
Smart Install
Zero Touch Deployments
and Maintenance
Software image is downloaded
Partner BenefitsScenario
Cisco Confidential 220
Smart Operations=Cost Savings
Auto Smart Ports
Plug and Play for End Devices
Smart Call Home
Quickly Identify and Resolve
Network Issues
Cost SavingsSignificant savings for large/remote networks: $15,000 (or 230 hours) / 100 switches*
New Switch is Connected:
Configuration automatically applied
New Device Attached to Switch:
QoS—EnforcedSecurity—Enforced
Anomaly Detected:Proactive diagnostics
Alert created in real-timeRouted to correct TAC team
Remediation
Port Configuration—Applied
Smart Install
Zero Touch Deployments
and Maintenance
Software image is downloaded
Partner BenefitsScenario
Smart Install
Lower your costs in product staging and installation
Auto Smart Ports
Provide better customer experience
Smart Call Home
Focus on strategic, higher value services
Cisco Confidential 221
Cisco Switches Reduce Energy Costs
Total Energy Savings up to $80-per-port or more over 5 Years*
Power-Efficient Hardware on The 2K-S Platform
EnergyWise: Enterprise-Wide Energy Management Solution
$15-per-port Savings Over 5 Years $65-per-port Savings Over 5 Years
12010080604020
0Catalyst 2960-S Other Vendor
63W Less!
Cisco Confidential 222
Positioning Cisco Solutions
• Architectural play—
unique Cisco end-to-
end value propositionSecurity
Video
High Availability
PoE Leadership
Investment Protection and Lower TCO
• Highlight Cisco
advantagesLower TCO
Full IPv6
Power Scalability
Business critical traffic
Strategic Sell1 Tactical Sell2
Overcome Competitive Obstacles
Cisco Confidential 223
Strategic Sell
WHEN
HOW
• You can set the agenda• Customer is open to taking a broad view of how
the network can support business initiatives
• Architectural approach: leverage Borderless Network services
• Prepare for counter positioning of products from other vendors
Cisco Confidential 224
Tactical Sell
WHEN
HOW
• Customer has just issued an RFP with short turn-around
• Customer has specific and narrow requirements
• Customer requirements have been shaped by your competitor
• Highlight Cisco’s strengths vs. competition effectively
• Recognize and counteract your competitor’s tactics
• Position the appropriate products
Cisco Confidential 225
Switching Message In A Box
Technical Considerations for Cisco Borderless Network Switching Solutions
Cisco Confidential 227
Cisco Switch Management Comparison
Out of the box connectivity or easy setup with CCA or built in device configuration
utility, TextView in some models
Catalyst 2960-X, 3560-X, 3750-X
Full manageability Full manageability500 has embedded
GUI or TextView
100, 200, 300, 500 Series
200, 300 are managed via
embedded GUI
100 is non-managed
Best in class granular control from Cisco IOS CLI, CCP and
CNA
Cisco Confidential 228
Cisco Small Business Switch ComparisonManaged Stackable
Cisco® 500 Series Stackable switch
►Configured from CCA, TextView CLI, Built in device configuration utility
►Easy to configure with multiple options
►Stackable
►Manage entire stack as one
►500-X models include 10Gbps uplink SFP ports
►Enhanced QoS, security, and availability
►8- to 48-port 10/100 and 10- to 52-port 10/100/1000 models
►PoE options
►Simplified configuration and troubleshooting
►Designed for smallofficewide infrastructure
ManagedCisco® 300 Series Managed Switches
►Basic QoS, security,and availability
►Simple, basic web-managed interface
►24- to 48-port 10/100 and 18- to 50-port 10/100/1000 models
►PoE options
►Ideal for building basic network
Smart Cisco 200 Series Smart Switches
►5- to 24-port 10/100 and 10/100/1000 models
►Desktop and rack-mount
►Do-it-yourself small business
UnmanagedCisco 100 Series
Unmanaged Switches
►Ready-to-use simplicity,no device management
►Zero configuration, zero customization
►No security or VLANs
Pric
e, P
erfo
rman
ce
Cisco Confidential 229
Small Business Switch Feature Comparison
100 Series 200 Series 300 Series 500 Series
Basic QoS Standards Based QoS,, 802.1x, IGMP
VLANs, Auto Voice VLAN, IPv6 Host, CDP, Bonjour Discovery
PoE Half Ports PoE All Ports
Guest VLAN, Trusted Device VLAN
Flow-based QoS and Security, L3 Priority
Static Routing
Dynamic Routing - RIP
Stacking
Advanced Security
Cisco Confidential 230
Catalyst Switch Comparison
Evolves With Your Business
Catalyst 3K-XIP Base
Tailored to Meet Business Needs
Catalyst 3K-XIP Services
Essential FunctionIOS VersionPort Density
Converged Services
Catalyst 2K-X LAN Base
Entry-Level
Catalyst 2K-X LAN Lite
Intelligent Services
Catalyst 3K-XLAN Base
PoE Budget
Bu
sin
es
s C
on
tin
uit
y
Business Agility and Investment
Cisco Confidential 231
Cisco Catalyst 2960-X Series
Cisco Confidential 232
Cisco Catalyst 2960-XR Series
Cisco Confidential 233
Cisco Catalyst 3560-X Series
Cisco Confidential 234
Cisco Catalyst 3750-X Series Switch
Plan, Design, and Build Considerations for Cisco Borderless Network Switching Solutions
Cisco Confidential 236
Plan, Design, Build for Partner Engineers
► There are three major responsibilities of the partner engineer during the customer engagement:
► Plan the feature requirements and assess product choice against features
► Design a solution based on understanding of required functions and best practices
► Build a solution by deploying, configuring and managing it
• Feature Requirements
• Product AssessmentPlan
• Determine Function
• DesignDesign
• Deploy• Configure• Manage
Build
Cisco Confidential 237
Planning
► In the case of Catalyst switches, one of our key planning steps is to determine the required version of IOS and the features it will support
► Use Cisco Software Advisor to assist in feature research
• Feature Requirements
• Product Assessment
Plan
Cisco Confidential 238
Enterprise / IP Services• Full Routing Protocols• Designed for distribution and core
IP Base • Layer 3 for access• Netflow for security and
capacity planning• Scalable identity-aware networking with
integrated switch sensor• Data confidentiality using MACsec• Video readiness with built-in traffic
simulator & MediaTrace• High Availability with ISSU, StackPower &
rolling stack upgrade
LAN Base• Layer 2+• PoE/PoE+• Flex Stack• Advanced QoS• Advanced Security
LAN Lite• Layer 2 • PoE• Basic QoS• Basic Security
Co
st
Feature Breadth
Catalyst Switch IOS Versions
Cisco Confidential 239
LAN Base vs IP Base vs IP ServicesFunctions LAN Base IP Base IP ServicesLayer 2+ Enterprise access Layer 2
Wide range of Layer 2 access features for enterprise deployments supports Cisco StackPower technology
Complete Access Layer 2
Supports all Cisco Catalyst 2000 and Cisco Catalyst 3000 Layer 2 features, including hot standby protocols
Layer 3 Static IP routing support
Support for SVI
Enterprise access Layer 3
RIP, static and stub PIM, and EIGRP stub OSPF for routed access
Complete access Layer 3
OSPF, EIGRP, BGP, IS-IS
VRF-lite, WCCP, and PBR
Mobility Supports Cisco Unified Wireless Networking mobility architecture
Supports Cisco Converged Access mobility architecture with CAPWAP termination at the access
Supports Cisco Converged Access mobility architecture with CAPWAP termination at the access
Manageability Basic manageability
Support for a wide range of MIBs, IPSLA Responder, and RSPAN
Enterprise access Layer 3, Flexible NetFlow for wired and wireless traffic
EEM, GOLD-Lite, and Smart Install Director
Complete access Layer 3 including Flexible NetFlow for wired and wireless traffic
Security Enterprise access security
DHCP Snooping, IPSG, DAI, PACLs, Cisco Identity 4.0, NAC and 802.1x features
Complete access security
Router and VLAN ACLs, private VLANs, complete identity and security; TrustSec SXP and IEEE 802.1AE capable in hardware
QoS Enterprise access QoS
Ingress policing, Trust Boundary, AutoQoS, and DSCP mapping
Complete access QoS
Support for all Cisco Catalyst 2000 and Cisco Catalyst 3000 QoS features, including per-VLAN policies
Cisco Confidential 240
Cisco Software Advisor
► Provides tools to:► Find software compatible with my hardware
► Find software with the features I need
► Compare the features in different software releases
► Research a software release
► Available at: http://tools.cisco.com/Support/Fusion/ FusionHome.do
Cisco Confidential 241
Designing► Correct design requires understanding switch
capabilities:► Layer-2
► Layer-3
► Design best practices:► Spanning Tree
► HSRP
► VLAN
► VTP, CDP, LLDP
► QoS
► SPAN and RSPAN
► NetFlow
► PoE and PoE+
► 802.1x
• Determine Function
• DesignDesign
Cisco Confidential 242
Basics of Layer-2 Switching
► Primary function is to forward, filter and flood frames
► Builds its MAC address table by analyzing the source MAC address as frames come in the switch, the destination is then found in the MAC address table or the frame is flooded out all ports except the originating port if no entry is found in the table
► Broadcast and Multicast are flooded out all ports except the originating port
Cisco Confidential 243
Basics of Layer-3 Switching
► Has the ability to make forwarding decisions based not only on Layer-2 information but also on Layer-3 and above
► Provide a very high speed, low latency method of transporting traffic from one VLAN to another
Cisco Confidential 244
Redundancy in a Switched Network FIX
Cisco Confidential 245
Spanning Tree Protocol Best Practices
► Spanning Tree is on by default on all Cisco Switches
► Leave Spanning Tree on and fine tune it
► Configure parameters: PortFast, Uplink Fast, Backbone Fast, and BPDU Guard
► Dramatically reduces waiting time before normal traffic is forwarded
Cisco Confidential 246
Hot Standby Routing Protocol Best Practices
► HSRP is a high availability feature of Cisco ISRs and Catalyst switches
► Ensures packet forwarding in the event of the failure of a gateway
► Load balancing can be configured using multiple HSRP Groups
Cisco Confidential 247
Problems With a Poorly Designed Network
► This topology represents an example of a poorly designed network, one where all devices are on the same subnet
► This network suffers from the following problems:► Unbounded failure domains
► Large broadcast domains
► Large amount of unknown MAC unicast traffic
► Security difficult to deploy and enforce
► Management and support challenges
► Better LAN segmentation will solve these problems
Cisco Confidential 248
VLAN Best Practices
► Use VLANs to separate Voice, Data, Video and Management traffic so that each VLAN’s traffic is kept separated from another
► Do not use VLAN 1, remove all ports from VLAN 1
► Ports not in use should be deactivated
► When possible use a L3 switch to provide a high speed, low latency path between VLANs
► Communication paths between devices should have the least amount of latency possible
Cisco Confidential 249
VLAN Trunking Protocol Best Practices
► Minimizes configuration inconsistencies such as:
► duplicate VLAN names
► incorrect VLAN-type
► security violations
► Make configuration changes centrally and automatically communicate changes to other switches
► All switches in the network must run the same version of VTP
► Introduce new switches into the network in transparent mode if unsure
► Protect the VTP domain with a VTP domain name and password
► Enable VTP pruning to reduce total amount of traffic
► Disable DTP on any port that should not be a trunk port
Cisco Confidential 250
Neighbor Discovery with CDP and LLDPCDP:
► Cisco proprietary neighbor discovery protocol that allows Cisco devices to advertise and discover other Cisco devices on the network
► On by default on Cisco routers and switches and can be turned off if required
► Uses periodic updates to advertise presence
► CDP frames are not routed so neighbor discovery is limited to layer 2
LLDP:
► Standards-based neighbor discovery protocol that allows Cisco and non-Cisco devices to advertise information
► Can be enabled and disabled as needed
► Uses periodic updates for advertisements
► Provides accurate network mapping, inventory data, and network troubleshooting information
Cisco Confidential 251
QoS Best Practices► The major types of traffic to consider are Voice, Video and Data
► Successful QoS deployment includes three key phases:
► Strategically defining the business objectives to be achieved via QoS
► Analyzing the service level requirements of traffic classes
► Designing and testing QoS policies
► Use the AutoQoS feature when possible to expedite the setup and deployment
Cisco Confidential 252
SPAN and RSPAN Best Practices
► Switch Port Analyzer (SPAN) is used to monitor local switch network traffic as well as assist in troubleshooting issues on the local network
► Remote SPAN (RSPAN) is used to monitor source ports from remote switches, all monitored traffic is directed back to the same mirrored port for centralized collection and analysis
► A collection device must be connected to a mirrored port, have protocol analysis software, like Wireshark, and be enabled to receive all frames
► If SPAN is not enabled the protocol analyzer will only see traffic with a source or destination address of your local machine
Cisco Confidential 253
NetFlow and NetFlow Service Module
► NetFlow service module offers enhanced security and Flexible NetFlow features on Catalyst 3750-X and 3560-X
► Traffic exported with NetFlow can be used for:
► Application performance monitoring
► Top talkers analysis
► Security anomaly detection
► Network planning and trend analysis
► Use NetFLow to monitor parameters like:
► Active Timeout
► Inactive Timeout
► Octet Flow Direction
► Missed Flow Sequence numbers
Cisco Confidential 254
PoE and PoE+ Best PracticesPoE
► POE can be used to power endpoint devices such as a Cisco IP Phone with up to 15.4 Watts
► Plan for sufficient power availability before deployment
► Use the Cisco PoE Calculator to determine if the desired switch has a power budget to support the expected PoE demand
► PoE Calculator is here: tools.cisco.com/cpc/ (Requires login)
PoE+
► PoE+ can provide up to 34.2 Watts of power
► Useful for more demanding devices like :Wireless Access Point, full-featured video phones, pan-tilt-zoom security cameras or certain Catalyst switches
Cisco Confidential 255
802.1x Authentication Best Practice
► 802.1x Port Based Authentication can prevent unauthorized devices (clients) from gaining access to the network
Cisco Confidential 256
Build
► Building a solution requires knowledge of the appropriate configuration and administration tools:
► Embedded GUI
► TextView
► CLI
► Cisco Prime
• Deploy• Configure• Manage
Build
Cisco Confidential 257
Cisco Small Business Switch Configuration Tools
Cisco Confidential 258
Cisco Confidential 259
Cisco IOS Command Line Interface (CLI)
► Administrators type or paste entries into the Command line interface (CLI)
► Each mode has a unique prompt
► Very granular by nature
Cisco Confidential 260
Cisco Prime LAN Management Solution LMS
Cisco Confidential 261
Additional Resources► Catalyst Switches: www.cisco.com/go/switching► Small Business Switches:
http://www.cisco.com/cisco/web/solutions/small_business/products/routers_switches/index.html-tab-Switches
► SAFE Design: http://www.cisco.com/go/safe ► CNA Download: www.cisco.com/go/cna► Branch Office Design:
ttp://www.cisco.com/web/about/ciscoitatwork/network_systems/branch_office_network_design.html
► Cisco on Cisco: http://www.cisco.com/go/ciscooncisco
Module Summary
Cisco Confidential 263
Module Summary► The Catalyst series of switches provide a wide variety of port density, port speeds, form
factors and software feature sets
► Cisco Small Business switches are designed for cost-conscious customers who are looking to address their immediate and near future needs
► While basic hardware considerations like speeds and feeds play a role in switch selection, the true power of a switch is expressed in its operating system
► The primary function of a layer-2 switch is to forward, filter and flood frames
► Layer-3 switches combine the functionality of Layer-2, Layer-3 and Layer-4 into one single device
► TextView CLI provides a full CLI interface for configuring all product features
► The Cisco Command line interface provides the most detailed method for administrators to configure Cisco Catalyst Switches as well as many other Cisco products
Cisco Confidential 264
Review: Small Business Switch Selection
What Cisco Small Business switches support flow-based QoS and security? (choose two)
A) 100 Series
B) 200 Series
C) 300 Series
D) 500 Series
Cisco Confidential 265
Review: Small Business Switch Selection
What Cisco Small Business switches support flow-based QoS and security? (choose two)
C) 300 Series
D) 500 Series
Cisco Confidential 266
Review: Small Business Switch Selection
What Cisco Stacking technology supports up to 8 switches in a stack with speeds of up to 80Gbps? (choose two)
A) Cisco EtherStack
B) Cisco FlexStack
C) Cisco StackWise+
D) Cisco PowerStack
Cisco Confidential 267
Review: Small Business Switch Selection
What Cisco Stacking technology supports up to 8 switches in a stack with speeds of up to 80Gbps? (choose two)
C) Cisco StackWise+
Cisco Confidential 268
Cisco Confidential 269Cisco Confidential 269
Cisco Borderless Network Wireless Solutions for Partner Engineers
Cisco Confidential 270
Module Objectives
► Describe the Cisco Borderless Network Wireless solutions for small and midsize customers
► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network Wireless solutions
► Identify the appropriate Borderless Network Wireless solution to match customer needs
► Articulate the value of Cisco Borderless Network Wireless solutions over the competition
► Describe technical considerations for Cisco Borderless Network Wireless solutions for small and midsize business customers
► Describe plan, design, and build considerations for Cisco Borderless Network Wireless solutions for small and midsize business customers
Upon completion of this module, you will be able to:
Cisco Confidential 271
Outline
The learning objectives will be covered in the following sections:
► Cisco Borderless Network Wireless Solutions for Small and Midsize Business Customers
► Benefits of Cisco Wireless Solutions for Small and Midsize Business Customers
► Competing With Cisco Borderless Network Wireless Solutions
► Technical Considerations for Cisco Borderless Network Wireless Solutions
► Plan, Design, and Build Considerations for Cisco Borderless Network Wireless Solutions
Cisco Borderless Network Wireless Solutions for Small and Midsize Business Customers
Cisco Confidential 273
Cisco solutions will address these challenges
Customer Challenges
Increase ROI
Greater reliability and productivity and lower TCO provide ROI to
customer
Provide Reliability
Core hardware and OS design supports
network functionality with high uptime
Boost Productivity
Broad features set enables diverse
workloads
Lower Service & Support Costs
Reduce total cost of ownership, maximize
contribution of IT
Cisco Confidential 274
Cisco Small and Midsize Business Wireless Portfolio
Meraki MR
Cloud Managed Wireless
Centralized cloud management
Wireless LAN Controllers
WLC 2500, SRE
Centralized on-premise management
Prime Network Control
Enterprise wide visibility and control
Network Management
100, 300, 500
Entry Level
Small Business APs
700, 1600, 2600, 3600
Advanced network features
Aironet APs
Cisco Confidential 275
Cloud Managed Wireless
► Powerful and intuitive centralized management via the cloud► Seamlessly manages campus-wide WiFi deployments and distributed
multi-site networks► Zero-touch access point provisioning, network-wide visibility and control,
cloud-based RF optimization, seamless firmware updates► 24x7 demo at: https://account.meraki.com/login/new_simulated_network
High Density, Performance
MR 24
General Purpose
MR 16
0Small Branch &
Teleworker
MR 12
Rugged / Outdoor APs
MR 62, 66
Cisco Confidential 276
Cisco Small Business Wireless Solutions
► Securely access network resources just as safely as with wired access
► Easy to use configuration tools
► Clustering support enables efficient management for larger deployment
100 Series
Single Band
300 Series
Selectable Band
500 Series
Single or Dual Radio
Cisco Confidential 277
Cisco Aironet Wireless Solutions
► Support entry-level to advanced feature sets
► Support centralized or autonomous management
► Secure and reliable wireless connections
► Integrated or external antenna models
High Density, Performance
2600
General Purpose
1600
0Small Branch &
Teleworker
700
Rugged / Outdoor APs
3600
Cisco Confidential 278
Cisco Aironet 700 Series Access Point
Key Features► Designed for value-minded customers looking to modernize
► Provides low TCO and investment protection
► Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz
► 2 receivers / 2 senders / 2 spatial streams (2x2:2 MIMO)
► Supports up to 100 connected clients per access point
► Six times more capacity than legacy 802.11a/b/g networks
► Integrated features include:
► Cisco BandSelect
► Cisco VideoStream
► Rogue Detection, and Wireless IPS
Cisco Confidential 279
Cisco Aironet 1600i/e Series Access Point
Key Features► Offers small and midsized enterprises great performance,
functionality, and reliability at a competitive price► Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz ► 3 receivers / 3 senders / 3 spatial streams (3x3:2 MIMO)► Supports up to 128 connected clients per access point► Customers looking to move up in feature set from the 700► World-class integrated features using custom-designed silicon:
► Internal / external antenna models
► ClientLink 2.0
► CleanAir Express
► BandSelect
► Wireless VideoStream
Cisco Confidential 280
Cisco Aironet 2600i/e Series Access Point
Key Features►Offers greater performance at a competitive price
►Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz
►4 receivers / 3 senders / 3 spatial streams (3x4:3 MIMO)
►Supports up to 200 connected clients per access point
►Extended range for 450 Mbps per Band
►World-class integrated features using custom-designed silicon:► Internal / external antenna models
► ClientLink 2.0
► CleanAir Express
► BandSelect
► Wireless VideoStream
Cisco Confidential 281
Cisco Aironet 3600i/e Series Access Point
Key Features► Offers 30% faster performance with 3 spatial streams► Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz
► 4 receivers / 4 senders / 3 spatial streams (4x4:3 MIMO)
► Supports up to 200 connected clients per access point
► Extended range for 450 Mbps per Band
► World-class integrated features using custom-designed silicon:► Wireless Security and Spectrum Intelligence
► 802.11ac
► Cisco Small 3G Cell modules
► Cisco CleanAir
► Plus all of the features of the Aironet 2600
Cisco Confidential 282
Cisco Aironet Antennas and Accessories
Key Features► Cisco is committed to providing a complete wireless
solution
► Cisco has the widest range of antennas, cable, and accessories available from any wireless manufacturer
► Installers seeking customized options can choose from:► Directional and omnidirectional antennas, ► Low-loss cable, ► Mounting hardware► Other accessories,
► More details can be found at:► http://www.cisco.com/en/US/products/hw/wireless/ps469/i
ndex.html
Cisco Confidential 283
Limited Lifetime Warranty on 802.11n APs
► All 802.11N APs are covered with a Limited Lifetime Warranty
► Includes 10-day Advance Replacement
► TAC support and Next Business Day replacement require a support contract
► Non-802.11n Access Points will continue to be covered by the standard 1 year warranty.
Cisco Confidential 284
Autonomous AP Cloud Managed Centralized Converged Access
• Intended for static installations
• Common LAN & WLAN OS
• LAN & WLAN feature consistency
• No Controller on premises
• Optimized for distributed enterprise
• Premise-based Controller
• Controller at every location
• Optimized for campus deploymet
• Common LAN & WLAN OS
• Optimized for high performance
• Optimized for campus & branch
• Aironet Access Points
• Catalyst Switches
• MR Access Points
• MS Switches
• MX Security
• Dashboard
• Aironet Access Points
• Centralized Controllers
• Catalyst Switches
• Aironet Access Points
• Catalyst 3850 Switch
Dashboard
Intranet
Cisco Wireless LAN Deployment Options
Cisco Confidential 285
Cisco Centralized Wireless LAN Controllers
► Provide simplicity and affordability for small and midsize business customers
► Offer competitive feature set
► Leverages existing ISR installed-base
2500 Series
Stand-alone
SRE WLC
ISR-based
Cisco Confidential 286
Wireless LAN Controller 2500
► WLC 2500 supports up to 75 access points and 1000 clients
► Built for 802.11n performance
► 4 GigE Ports – 2 Non-PoE and 2 PoE ports
► CAPWAP, DTLS encryption, and OfficeExtend solution
► Supports BandSelect, ClientLink, and VideoStream
Cisco Confidential 287
WLC on Services Ready Engine (SRE)
► WLC on SRE supports between 5 and 50 APs.
► Available for the new ISR G2 routers (1900, 2900, and 3900).
► Comes on both the Internal Service Module and the Service Module.
► ISM-300 supports to 10 APs, SM-700 and SM-900 support up to 50 APs
► On-demand remote application provisioning
► Dedicated onboard processing, memory, and hard drive (SM only)
► Same licensing options as the WLC 2500
► Supports BandSelect, ClientLink, and VideoStream.
ISM-300 SM-700SM-900
Cisco Confidential 288
Optionally add either a 5 or 25 AP add-on license
50 AP License
Support up to 50-75 APs 5, 15, 25 AP License
Flexible Licensing Options Provide Choice
Note: ISM-300 WLC on SRE will only support a total of 10 APs
WLC 2500 ISM 700/900
Cisco Confidential 289
► Monitor one or more controllers, switches and associated access points
► Centralized discovery, configuration, performance monitoring, security, fault management, and accounting options
► Customizable best practices & validated design configuration
► Benefits:► Simplifies management
► Reduces time required to manage environment
► Lowers operational expenses
End-to-End Management with Cisco Prime
Benefits of Cisco Wireless Solutions for Small and Midsize Business Customers
Cisco Confidential 291
Benefits of Cisco Wireless: Ubiquitous Mobility
Ubiquitous mobility experience• High performance of a wired network, the flexibility of a wireless network• 802.11n-based CUWN makes WLAN feasible for mission-critical apps• Integrated & seamless data, voice, and video traffic experience
Reduced reliance on IT resources• Simplified and intuitive WLAN management and troubleshooting• Integrated security with wireless threat detection & mitigation• Improved WLAN reliability
Rapid ROI from mobile applications• Simplified wireless guest access improves collaboration• Comprehensive communication and collaboration experience• Optimized asset and network visibility
Cisco Confidential 292
Benefits of Cisco Wireless: Reduced Reliance on IT Resources
Ubiquitous mobility experience• High performance of a wired network, the flexibility of a wireless network• 802.11n-based CUWN makes WLAN feasible for mission-critical apps• Integrated & seamless data, voice, and video traffic experience
Reduced reliance on IT resources• Simplified and intuitive WLAN management and troubleshooting• Integrated security with wireless threat detection & mitigation• Improved WLAN reliability
Rapid ROI from mobile applications• Simplified wireless guest access improves collaboration• Comprehensive communication and collaboration experience• Optimized asset and network visibility
Cisco Confidential 293
Benefits of Cisco Wireless: Rapid ROI From Mobility
Ubiquitous mobility experience• High performance of a wired network, the flexibility of a wireless network• 802.11n-based CUWN makes WLAN feasible for mission-critical apps• Integrated & seamless data, voice, and video traffic experience
Reduced reliance on IT resources• Simplified and intuitive WLAN management and troubleshooting• Integrated security with wireless threat detection & mitigation• Improved WLAN reliability
Rapid ROI from mobility• Simplified wireless guest access improves collaboration• Comprehensive communication and collaboration experience• Optimized asset and network visibility
Cisco Confidential 294
WLC 2500 and WLC on SRE Features and Benefits
Features Benefits
Scalability Scale as you grow with support for up to 75 APsSupport up to 1000 clients, depending on model
Performance Improved throughput from 100 Mbps to 1Gbps for 802.11n wireless networks
Comprehensive End-to-End SecurityOffers CAPWAP-compliant Datagram Transport Layer Security (DTLS) encryption to help ensure full-line-rate encryption between access points and controllers across remote WAN/LAN links
OfficeExtend (WLC 2500 only) Extends the corporate network to remote locations with minimal setup creating secure wired tunnels to the Cisco Aironet 600, 1130, or 1140, 3500 APs
Services Ready Engine (WLC on SRE only) Provision the WLC applications on the module remotely at any time
Extended Aironet AP Support Supports the following Aironet APs: 1040, 1130, 1140, 1240, 1250, 1260, 1500, 1520, 1550, and 3500
Cisco Confidential 295
Cisco Prime Features and BenefitsFeatures Benefits
Ease of UseSimple, intuitive user interface eliminates complexity. Designed from the ground-up with focus on workflow optimization.Modularized interface supports user-defined customization to display only the most relevant information.
ScalabilityComplete lifecycle management of hundreds of Cisco WLAN controllers and 15,000 Cisco Aironet lightweight APs from a centralized location. Additionally, manage up to 5000 autonomous Cisco Aironet APs.
Wired Management Comprehensive monitoring and troubleshooting support for Catalyst switches allows for visibility into critical performance metrics for interfaces, ports, users, and basic switch inventory on up to 5000 switches.
WLAN Lifecycle Management Extensive wireless LAN lifecycle management includes a full range of planning, deployment, monitoring, troubleshooting, remediation, and optimization capabilities.
Cisco Confidential 296
Business Priorities Drive IT Needs
Business Growth
Efficiency & Cost Reduction
Workforce Productivity
Customer Experience
Business Priorities
How can my network scale?
How do I manage many devices?
How do I keep my data secure
How do I ensure a consistent experience?
Key IT Wireless Initiatives
Cisco Confidential 297
Cisco Addresses Customer Needs
► Can my network scale to meet the growing number of devices and increased traffic?
► Can I ensure a consistent and reliable user experience however users connect to my network?
► Can I enforce policies to manage network access and keep my data secure?
► Can I manage many devices on my network?
► Cisco Access Point and WLC choices provide scalability and upgrade path
► Cisco CleanAir, ClientLink, BandSelect and Wireless VideoStream provide consistent, stable communications
► Cisco Prime provides consistent wired and wireless policy
► Cisco Prime provides company wide visibility
Competing With Cisco Borderless Network Wireless Solutions
Cisco Confidential 299
One Network (Predictability) One Policy &
One Management
Chip level proactive and automatic electronic beamforming
ClientLink
CleanAir Chip level proactive and automatic interference mitigation
Automatic advanced RF shaping and management
Radio Resource
Management
Always-On context-aware VPN connectivityAnyConnect
Prime(Visibility)
Who? What? When? Where? How?
ISE(Control)Wired multicast efficiency for video over a
Wireless network VideoStream
Apple Bonjour discovery, advertisement, and policyBonjour Services
Identify, analyze, and optimize application traffic Application Control &
Visibility
Purpose-built WiFi chipset entailing Industry leading RF design
Award WinningDesign
Cisco Wireless Innovations
Cisco Confidential 300
Audience Key Messages
IT Strategist• Cisco understands the new “mobility experience” users demand• Business agility via architectural approach – addresses network access needs• Pioneer and market leader in networking, with 70% of 802.11n WLAN market • The only strategic partner that can offer end-to-end network access solutions
Best of Breed
• Lower TCO: integration across wired & wireless, single support andservices structure, Cisco Validated Designs
• Reduced operational expense through simplified network configuration • Seamless collaboration with guest access • Solutions ensure security and compliance
Bargain Buyer
• Flexible and scalable deployment with buy-as-you-grow purchase models• Lower Operational Expense• Comprehensive, integrated product portfolio to meet specific business needs• Strong, global channel partner community • Capital financing available to ease adoption
IT Strategist Concerns
Cisco Confidential 301
Audience Key Messages
IT Strategist• Cisco understands the new “mobility experience” users demand• Business agility via architectural approach – addresses network access needs• Pioneer and market leader in networking, with 70% of 802.11n WLAN market • The only strategic partner that can offer end-to-end network access solutions
Best of Breed
• Lower TCO: integration across wired & wireless, single support andservices structure, Cisco Validated Designs
• Reduced operational expense through simplified network configuration • Seamless collaboration with guest access • Solutions ensure security and compliance
Bargain Buyer
• Flexible and scalable deployment with buy-as-you-grow purchase models• Lower Operational Expense• Comprehensive, integrated product portfolio to meet specific business needs• Strong, global channel partner community • Capital financing available to ease adoption
Best of Breed Concerns
Cisco Confidential 302
Audience Key Messages
IT Strategist• Cisco understands the new “mobility experience” users demand• Business agility via architectural approach – addresses network access needs• Pioneer and market leader in networking, with 70% of 802.11n WLAN market • The only strategic partner that can offer end-to-end network access solutions
Best of Breed
• Lower TCO: integration across wired & wireless, single support andservices structure, Cisco Validated Designs
• Reduced operational expense through simplified network configuration • Seamless collaboration with guest access • Solutions ensure security and compliance
Bargain Buyer
• Flexible and scalable deployment with buy-as-you-grow purchase models• Lower Operational Expense• Comprehensive, integrated product portfolio to meet specific business needs• Strong, global channel partner community • Capital financing available to ease adoption
Bargain Buyer Concerns
Cisco Confidential 303
What network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)
Can your network support the increasing demands of new applications, like video and collaboration tools, on both the wireless and wired network?
What new devices are entering your workforce?
What are the mobility needs of your business?
What regulatory environment does your business face?
Questions to Ask the Customer
Cisco Confidential 304
What network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)
Can your network support the increasing demands of new applications, like video and collaboration tools, on both the wireless and wired network?
What new devices are entering your workforce?
What are the mobility needs of your business?
What regulatory environment does your business face?
Questions to Ask the Customer
Cisco Confidential 305
Questions to Ask the CustomerWhat network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)
Can your network support the increasing demands of new applications, like video and collaboration tools, on both the wireless and wired network?
What new devices are entering your workforce?
What are the mobility needs of your business?
What regulatory environment does your business face?
Cisco Confidential 306
Questions to Ask the CustomerWhat network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)
Can your network support the increasing demands of new applications, like video and collaboration tools, on both the wireless and wired network?
What new devices are entering your workforce?
What are the mobility needs of your business?
What regulatory environment does your business face?
Cisco Confidential 307
Questions to Ask the CustomerWhat network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)
Can your network support the increasing demands of new applications, like video and collaboration tools, on both the wireless and wired network?
What new devices are entering your workforce?
What are the mobility needs of your business?
What regulatory environment does your business face?
Cisco Confidential 308
Wireless Message In A Box
Cisco WebsitesWireless Productshttp://www.cisco.com/go/wirelessWireless Promotions www.cisco.com/go/partnermotion802.11n Competitive Performance Results http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/comp_test_results_wp_c11-558406.pdf
Technical Considerations for Cisco Borderless Network Wireless Solutions
Cisco Confidential 310
Cisco Small and Midsize Business Wireless Portfolio
Meraki MR
Cloud Managed
Deployment
Centralized cloud management
700, 1600, 2600, 3600
Advanced network features
Unified Wireless Deployment
WLC 2500, SRE
Centralized on-premise management
100, 300, 500
Entry Level
Small Business
Standalone Deployment
Prime Network Control
Centralized administration and
monitoring
Cisco Confidential 311
Cisco Small Business Access Point Features Cisco Small Business 802.11n Access Points
100 Series 300 Series 500 Series
Product image
Wi-Fi standards b/g/n a/b/g/n a/b/g/n
RF band 2.4 GHz 2.4 or 5 GHzSelectable or dual
concurrent 2.4/5 GHz
MIMO support 2x2:2 2x3:2 3x3:3
Maximum active clients 16 32 64 per radio
Number of SSID supported 4 8 16
Ethernet port speed 10/100 10/100/1000 10/100/1000
Captive portal No Yes Yes
Maximum access points in cluster 4 8 16
Cisco Confidential 312
Cisco Aironet Access Point FeaturesCisco Aironet 802.11n G2 Access Points
700 SeriesSmall Business
1600 SeriesEnterprise Class
2600 SeriesMission Critical
3600 SeriesBest in Class
Product image
Ideal for Small office Small or midsize
companySmall, midsize or large
companyMidsize or large
company
Application performance profile
value-minded customers looking to
modernize their networks
Enterprise class performance,
functionality, and reliability at a
competitive price
AnyDevice/BYOD-optimized
Client scalabilityRF interference
mitigation
High client densityHD Video
802.11ac migrationComprehensive security
Future-proof modularity
No No No 802.11ac or Cisco 3G Small Cell modules
Cisco Confidential 313
Cisco Aironet Access Point Features (Cont.) Cisco Aironet 802.11n G2 Access Points
700 Series 1600 Series 2600 Series 3600 Series
Crowded areas No No Yes Yes
Number of radios 2.4 and 5 GHz 2.4 and 5 GHz 2.4 and 5 GHz 2.4 and 5 GHz
Max data rate per radio 300 Mbps 300 Mbps 450 Mbps1.3 Gbps
(with 802.11ac module)
MIMO : spatial streams 2x2:2 3x3:2 3x4:3 4x4:3
Client count / ClientLink 100/na 128/32 per radio 200/128 per radio 200/128 per radio
ClientLink Hardware-based beam forming Yes Yes Yes
CleanAir No CleanAir Express CleanAir Express Yes
VideoStream Yes Yes Yes Yes
BandSelect Yes Yes Yes Yes
Rogue access point detection Yes Yes Yes Yes
Cisco Confidential 314
Cisco Wireless Security and Spectrum Intelligence Module
► Allows the AP to concurrently serve clients and scan all channels
► Offloads CleanAir Monitoring & WIDS/WIPS Security capabilities to the Monitor Module
► Independent integrated antennas 0x4(0 Tx antennas x 4 Rx Antennas)
► No configuration requiredModule automatically scans all channels on 2.4 and 5 GHz bands
► Module powered from APAP-Power requirement remains unchanged
This module eliminates the need for an extra cable pull and additional infrastructure costs, if full WIPS scanning or CleanAir Spectrum Analyses is required
Cisco Confidential 315
Cisco 802.11ac Wave Module
► 5 GHz, IEEE 802.11ac► 3 receivers / 3 senders / 3 spatial streams (3x3:3 MIMO)► 1.3 Gbps throughput► Together with Host-AP the module supports b/g/n on 2.4
GHz and a/ac/n on 5 GHz► Supports “Explicit Beam forming” as per the 802.11ac
standard► Module powered from AP
► AP-Power requires ~20W► Enhanced PoE► IEEE 802.3at► Power-Injector► Local Power-Supply
This field-upgradable IEEE 802.11ac module add-on to the AP3600 allows today investment protection for this emerging Wireless-Standard
Cisco Confidential 316
Cisco 2500 Series Wireless LAN Controller Features
►Entry-level wireless LAN controller for 802.11n environments
►Supports up to 75 access points
►Provides 2 PoE ports for directly connected APs, connects to external switch for larger deployments
►Supports key Cisco technologies:► CleanAir► VideoStream► Application Visibility and Control► Wireless Intrusion Prevention System
►Supports Apple Bonjour Service Advertisement
Cisco Confidential 317
Cisco Wireless LAN Controller on SRE Features
► Hardware upgrade to existing ISR G2 that provides WLC services similar to WLC 2504
► Three models:► ISM-SRE-300 – supports 10 access points► SM-SRE-700 – supports 50 access points► SM-SRE-900 – supports 50 access points
► Supports key Cisco technologies:► CleanAir► VideoStream► Application Visibility and Control► Wireless Intrusion Prevention System
Cisco Confidential 318
Cisco Virtual Wireless LAN Controller► Cisco Wireless LAN Controller delivered as a
virtual machine that runs in a hypervisor-controlled server environment
► Features:► Ability to control up to 200 branch locations
► Configure and manage up to 200 access points and 3000 clients
► Secure guest access
► Rogue detection, PCI compliance, in-branch Wi-Fi
► Consolidates virtualized infrastructure and complements a virtualized Cisco Prime Infrastructure managed environment
Plan, Design, and Build Considerations for Cisco Borderless Network Wireless Solutions
Cisco Confidential 320
Plan, Design, Build for Partner Engineers
► There are three major responsibilities of the partner engineer during the customer engagement:
► Plan the feature requirements and assess product choice against features
► Design a solution based on understanding of required functions and best practices
► Build a solution by deploying, configuring and managing it
• Feature Requirements
• Product AssessmentPlan
• Determine Function
• DesignDesign
• Deploy• Configure• Manage
Build
Cisco Confidential 321
Planning
► In the case of Wireless, one of our key planning steps is to determine the correct access point and wireless LAN controller
► We will assume a controller-based solution
► Solutions without controllers can bypass the selection of Wireless LAN Controllers and centralized management
• Feature Requirements
• Product Assessment
Plan
Cisco Confidential 322
Ser
vice
s an
d F
un
ctio
nal
ity
Upgrade Path
Size of the Deployment
Autonomous
Ideal for small and medium business requiring reliable, secure coverage for data in branch, enterprises
Customers purchase autonomous access points with the ability to convert to controller-based in the future
UNIFIED
Standalone
Ideal for a partner-led, small carpeted office that needs business-class connectivity integrated with Small Business Products
Ideal for all businesses requiring industry leading advanced functionality, robustness, mobility services and scale
Customers upgrade from autonomous deployments or purchase a new controller-based solution for maximum functionality
Controller-based
Cisco Wireless Deployment Paths
Cisco Confidential 323
Pervasive Wireless Coverage
CentralizedControl
Centralized Visibility
Virtual Wireless LAN Controller
2504 Wireless LAN Controller
AP700, AP1600 & AP2600
Aironet Access Point
Cisco Prime
Infrastructure
PrimeInfrastructure
Choosing Wireless Solutions
Cisco Confidential 324
When to Choose Cisco Aironet 700► Entry-level access point designed for small to midsize
networks
► Good choice for customers who want entry level devices but also want to preserve future options
► Benefits of Deployment:► Pervasive wireless coverage with low-cost wireless entry point
► Up to 6X network performance increase with 802.11n from lower-bandwidth 802.11a/b/g
► Maximum uptime with reliable design
► Upgrade to controller-based operation for enhanced functionality and simplified management
Cisco Confidential 325
When to Choose Cisco Aironet 1600► Mid-level access point designed for small to midsize networks
► Good choice for customers who want more sophisticated features and greater client density than Aironet 700 series
► Benefits of Deployment
► Pervasive wireless coverage with low-cost wireless entry point
► Up to 6X network performance increase with 802.11n from lower-bandwidth 802.11a/b/g
► Maximum uptime with reliable design
► Upgrade to controller-based operation for enhanced functionality and simplified management
► Enhancements over Aironet 700:
► External antenna model available for challenging RF environments
► Supports ClientLink and CleanAir Express
► Supports more clients (128 vs 100)
Cisco Confidential 326
When to Choose Cisco Aironet 2600 ► Mid to High-level access point designed for small to midsize networks
► Good choice for customers requiring a significant upgrade in bandwidth and client density above the Aironet 1600 series
► Benefits of Deployment:
► Pervasive wireless coverage with low-cost wireless entry point
► Provides 30-60% more upstream performance than competitive products
► Optimized throughput with spectrum intelligence RF interference mitigation
► Upgrade to controller-based operation for enhanced functionality and simplified management
► Enhancements over Aironet 1600:
► Provides greater bandwidth (450 Mbps vs 300Mbps)
► Supports more clients (200 vs 128)
Cisco Confidential 327
When to Choose 2500 Series WLC► Entry-level wireless controller designed for small to midsize wireless networks
► Traditional appliance-based hardware device
► Benefits of Deployment:
► Affordable, centralized control of 5 to 75 access points and 1000 clients
► Optimized performance coverage with 802.11n
► Automatic access point configuration control
► Simplified operation of wireless networks
► Payment Card Industry (PCI) support enables certification for retail deployments
► Support for advanced mobility technologies:
► FlexConnect
► ClientLink
► VideoStream
► CleanAir
Cisco Confidential 328
When to Choose Cisco Virtual Wireless Controller
1 vCPU, 2GB RAM, 8 GB HDD
► Entry to Mid –level controller designed for small to midsize wireless network
► Deployed as a virtual machine on a VMware hypervisor controlled server
► Benefits of Deployment
► Automatic access point configuration control
► Simplified operation of wireless networks
► Payment Card Industry (PCI) support enables certification for retail deployments
► Support for advanced mobility technologies: FlexConnect, ClientLink, VideoStream, and CleanAir
► Enhancements over 2500 Series Wireless Controller:
► Affordable, centralized control for up to 200 access points and 3000 clients
► Optimized performance coverage with 802.11n and 802.11ac
Cisco Confidential 329
4 vCPU, 8 GB RAM, 200 GB HDD
When to Chose Prime Infrastructure► Mid-level management software with enterprise-level functionality
► Wired and wireless network management with application performance monitoring
► Benefits of Deployment:
► Improved operational efficiencies:
► Reduced network errors
► Speed troubleshooting
► Improve the delivery of network services
► Reduced operating expenses:
► Speed deployments
► Minimize IT staffing
► Easy-to-use tools, workflows, and automated best practices that simplify network management
► Lower capital expenditures:
► Converged management and cross-integration with existing operations
Cisco Confidential 330
Designing
► Correct design requires understanding switch capabilities:
► Wireless Concepts► Deployment Mode► Wireless Topologies
► Design best practices:► Questions to Ask► General Office Layout► Best Practices
• Determine Function
• DesignDesign
Cisco Confidential 331
Wireless Concepts: Standards► Wireless is evolving to meet needs
for high performance connectivity
Mobile Data►Email►Web browsing
802.11b11Mbps
802.11n600Mbps
High Speed Wireless►Ubiquitous mobile
computing
802.11ag54Mbps
Business Ready►Voice, Video, Data
802.11ac1.3Gbps
5th Gen Wireless►High speed Voice,
Video, Data
Cisco Confidential 332
Wireless Concepts: LAN vs WLAN
►WLANs use radio waves as the physical layer
►WLANs transmit data over the air instead of over the wires
►Current transmission techniques approximate behavior of a hub
►Future transmission techniques will approximate behavior of a switch
►WLANS must meet country specific RF regulations
Cisco Confidential 333
Wireless Concepts: Challenges and Solutions
►Wireless networks have problems that are not encountered in wired networks:► Signal strength issues
► Signal security
► Interference and noise
►Cisco technologies address these problems:► ClientLink
► Rogue Detection
► CleanAir
Cisco Confidential 334
• Autonomous WLAN solution
Autonomous access points
• Controller - based WLAN solution
Lightweight access points
WLAN controller
Cisco WLAN Deployment Mode
Cisco Confidential 335
Autonomous Deployment
► Autonomous APs are configured individually via Cisco IOS command line or graphical user interface
► Each access point is managed individually
► Most suitable for smaller deployments
► Cisco clustering provides centralized configuration and scalability to 4, 8 or 16 devices
► Both Cisco Small Business Access Points and Cisco Aironet Access Points can be considered
Cisco Confidential 336
Controller – Based Deployment
► Lightweight APs are managed centrally via the Lightweight Access Point Protocol (LWAPP)
► A WLAN controller system creates and enforces policies across many different lightweight APs
► Suitable for larger environments or ones desiring centralized control and advanced features
► Cisco Aironet Access Points support autonomous deployment
► Customers purchasing Cisco Aironet Access Points for autonomous deployments can protect their investment when upgrading to controller – based deployments
Cisco Confidential 337
Wireless LAN Topology
► Properly designed wireless LAN can provide access to end users from anywhere in a campus environment
► Users can roam seamlessly from one location to another without losing connection
► Design considerations for deployment include:► SSID
► Service Area
► Roaming
► VLAN support
► Voice Support
Cisco Confidential 338
Wireless Topology: Service Set Identifier
►Service Set Identifier (SSID) is used to logically separate WLANs
►A single access point can advertise multiple SSIDs
►Multiple access points can advertise the same SSIDs
►SSIDs are case sensitive, a maximum of 32 characters, and no spaces allowed
►The SSID must match on client and access point
►Guest networks provide access to clients and separate their traffic from corporate network
►Clients can automatically connect to network SSIDs or manually configure settings
Cisco Confidential 339
Wireless Topology: Service Sets and Modes
► Ad hoc mode► Independent Basic Service Set (IBSS)
► Mobile clients connect directly without an intermediate access point
► Infrastructure mode► Basic Service Set (BSS)
► Mobile clients use a single access point for connecting to each other or to wired network resources
► Extended Services Set (ESS)► Two or more Basic Service Sets are connected by a common
distribution system
Cisco Confidential 340
Wireless Topology: Basic Service Set► Basic Service Set is a single access point
together with associated stations
► The area of wireless coverage provided by this setup is called the Basic Service Area
► Access point is attached to Ethernet switch and also communicates to all wireless clients
► All client communications goes through the access point
► Ethernet switch is attached to network backbone and allows communications to common network resources
Channel 1
Cisco Confidential 341
Wireless Topology: Extended Service Set► Two or more
interconnected BSS that share the same SSID
► Extends coverage and throughput for the SSID via the Extended Service Area
► 10% – 15% overlap of cells is recommended for data
► Bordering cells should be on non-overlapping RF channels
Channel 1 Channel 610
%
to1
5%
Cisco Confidential 342
Wireless Topology: Roaming
► Roaming without interruption requires the same SSID on all access points
Roaming
Cisco Confidential 343
Wireless Topology: Why Clients Roam
► Client searches for another access point and sends reauthentication request
► Reasons for roaming:► Maximum data retry count
exceeded
► Too many beacons missed
► Data rate shifted
Cisco Confidential 344
Wireless Topology: VLAN Support
• An SSID can be associated with a VLAN
• Client devices connecting to that SSID will then be on the associated VLAN
• VLANs propagate across access points and can be used in ESS environments
• Supports roaming
Cisco Confidential 345
Wireless Topology: Voice Architecture
► Converged networks combine data, voice, and video applications
► Because clients in wireless networks are mobile, capacity planning is not enough
► Goal is to minimize end-to-end delay and jitter for voice and video applications
► Cisco provides QoS for optimum performance:
► VideoStream
► CoS and DSCP tagging
► Wireless MultiMedia and QoS profiles
Cisco Confidential 346
Antenna Types
►Directional:► Send transmissions to target areas
►Omni-directional:► Broadcast transmissions that are
not aimed at a specific target area
Cisco Confidential 347
Build
► Building a solution requires knowledge of the appropriate configuration and administration tools:
► Controller Management Interface
• Deploy• Configure• Manage
Build
Cisco Confidential 348
Configuring Wireless LAN Controllers: Interface Review
Cisco Confidential 349
Configuring WLC Controller Interfaces► The first step when deploying a controller-based solution is to configure
the appropriate interfaces on the Wireless LAN Controller
► Interfaces are the virtual communication pathways
► Ports are the physical connectors
► WLC Interfaces include:► AP Management Interface
► Virtual Interface
► Service Port Interface
► Dynamic Interface(s)
► Definition and configuration guidance follows
Cisco Confidential 350
WLC Controller AP Management Interface
Cisco Confidential 351
WLC Controller Virtual Interface
Cisco Confidential 352
WLC Controller Service-Port Interface
Cisco Confidential 353
WLC Controller Dynamic Interfaces
Cisco Confidential 354
Additional Resources
► http://www.cisco.com/en/US/netsol/ns741/networking_solutions_program_home.html
► http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns820/landing_ent_mob_design.htm
► http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml
► http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Module Summary
Cisco Confidential 356
Module Summary
► Customers can choose wireless solution deployments from cloud managed, to standalone deployment, to unified wireless deployments
► Unified Wireless deployments separate the control and management of access points into a separate wireless LAN controller enabling centralized management and configuration
► The Cisco 700 series access point is a good fit for small business deployments, while the 1600 and 2600 series are suitable for larger customers
► The Cisco 2500 Series Wireless Controller is an entry-level wireless LAN controller designed for small to midsize networks
► Properly designed wireless LANs can provide access to end users from anywhere in a campus environment
Cisco Confidential 357
Review: AP Selection Guidance
What Cisco Small Business Access Point supports dual radios and dual bands? (choose one)
A) 100 Series
B) 300 Series
C) 500 Series
D) 700 Series
Cisco Confidential 358
Review: AP Selection Guidance
What Cisco Small Business Access Point supports dual radios and dual bands? (choose one)
C) 500 Series
Cisco Confidential 359
Review: Wireless Deployment
What wireless deployment mode uses lightweight access points? (choose one)
A) Ad-Hoc Deployment
B) Autonomous Deployment
C) Controller-based Deployment
D) BSS Deployment
Cisco Confidential 360
Review: Wireless Deployment
What wireless deployment mode uses lightweight access points? (choose one)
C) Controller-based Deployment
Cisco Confidential 361
Cisco Confidential 362Cisco Confidential 362
Cisco Security Solutions for Partner Engineers
Cisco Confidential 363
Module Objectives
► Describe the Cisco Security solutions for small and midsize business customers
► Describe the business benefits for small and midsize business customers of adopting Cisco Security solutions
► Identify the appropriate Cisco Security solution to match customer needs
► Articulate the value of Cisco Security solutions over the competition
► Describe technical considerations for Cisco Security solutions for small and midsize business customers
► Describe plan, design and build considerations for Cisco Security solutions for small and midsize business customers
Upon completion of this module, you will be able to:
Cisco Confidential 364
Module Outline
The learning objectives will be covered in the following sections:
► Cisco Security Solutions for Small and Midsize Business Customers
► Benefits of Cisco Security Solutions for Small and Midsize Business Customers
► Competing With Cisco Security Solutions
► Technical Considerations for Cisco Security Solutions
► Plan, Design, and Build Considerations for Cisco Security Solutions
Cisco Security Solutions for Small and Midsize Business Customers
Cisco Confidential 366
Cisco solutions will address these challenges with secure network solutions
Customer Challenges
Increase ROI
Greater reliability and productivity and lower TCO provide ROI to
customer
Provide Reliability
Core hardware and OS design supports
network functionality with high uptime
Boost Productivity
Broad features set enables diverse
workloads
Lower Service & Support Costs
Reduce total cost of ownership, maximize
contribution of IT
Cisco Confidential 367
Cisco SMB Security Portfolio Overview
Appliance-based
ISR G2
Integrated with routing
Web and Email Security
Web and content control
Email security and data loss prevention
Client software, secure VPN
Cloud, On-Premise and HybridFirewall / VPN / IPS / Content End Device
Cisco has security software and appliances that scale up through the enterprise.This module will focus on the portions of the portfolio that serve Small and Midsize Business customers
ASA 5500/5500-X AnyConnect
Cisco Confidential 368
Cisco ISR G2 Security Solutions
► Universal IOS provides baseline security that can be upgraded to include advanced security features
► Increase performance through hardware upgrades like Intrusion Prevention Services Network Module
► Extend security capabilities without purchasing additional hardware
Software License
Easy Activation
IPS Network Module
High Performance
Web Security Connected
Expandable Services
Cisco Confidential 369
Cisco ISR G2 IOS-based Security
► Built-in router security
► Additional protection without deploying new hardware
► Boost security where you need it most
► Save time and money
► Software services available for:► Firewall
► Intrusion Prevention Service
► IPSec and SSL VPN
► Content Security
Software Licenses for
Security Services
Cisco Confidential 370
Cisco ISR G2 IPS Network Module Upgrade
► Powerful IPS for branch offices and small businesses
► Identifies, classifies and stops malicious traffic
► Stops worms, spyware, adware, network viruses and application abuse
► Helps ensure business continuity and minimize intrusions
► Customers can easily upgrade their ISR G2 with the IPS Network Module
Hardware Upgrades for
Maximum Performance
Cisco Confidential 371
Cisco ISR G2 Web Security Connected
► Combines best in class web security with best in class network security
► Integrates with Cisco ASA firewalls, ISR G2 and AnyConnect mobility client
► Protect users regardless of location
► No performance impact on local Cisco security devices
► Application control, management and reporting fully integrated into cloud-based service
Cloud-based Security for Maximum
Flexibility and Coverage
Cisco Confidential 372
Cisco ASA 5500/5500-X Security Solutions
► Provides firewall and application control services plus:► Web security
► Intrusion Prevention Services
► Remote access
► Botnet protection
5505
Entry Level
5515-X 5525-X
Midsize Office
5512-X
Small Office
Cisco Confidential 373
ASA 5500-X Series Common Features
Meet growing network security performance demands:► 4x more firewall throughput► Increased IPS, VPN throughput
More Powerful Performance
Maximize investment—customers can add-on new security services without purchasing additional hardware:► IPS► VPN
Next-Gen Services Ready ► AnyConnect
► Botnet Protection
Run multiple security services on enterprise-class hardware without sacrificing performance: ► Multi-core Multi-threaded CPUs► 4X memory
Accelerated Integrated Services
► Hardware dedicated to accelerating IPS► Hardware dedicated to accelerating VPN
Cisco Confidential 374
Cisco ASA 5500-X Context Security (CX)
Context Aware:► Comprehensive control over
applications, users, and devices► URL filtering and web reputation
protection► Application visibility, including peer-to-
peer and social networking, and per-user control and reporting
Subscriptions:► Web Security Essentials (WSE)► Application Visibility and Control (AVC)► AVC + WSE Bundle
Robust Stateful Inspection and Broadest Context-Aware Controls
Co
nte
xt-
Aw
are
Po
licy
En
gin
e
Plu
gg
ab
le C
on
text
Sto
res
Context-Aware Data Plane
Virtual Packet Rings
nScan Array
TLS & SSL
HTTP MS-RPC
FTP
Scanner ‘N’
Cisco Confidential 375
Business Problem Addressed By ASA CX
Enforcing HR acceptable use policyBlock certain web site categories for everyone: Adult, Gambling, Hate Speech, Illegal Activities and others as needed
Creating a safe learning environmentDeny students but allow faculty access to the following web site categories: Entertainment, Arts, Online Trading
Maintaining employee productivityDeny employees access to the following web site categories: Sports and Recreation, Travel, Photo Search and Images
Controlling bandwidth-hungry sitesDeny users access to the following web site categories: File Transfer Services, Freeware and Shareware, Illegal Downloads, Internet Telephony
Controlling users circumventing policy Block proxies that allow you to surf the internet anonymously
CX: Web Security EssentialsUse Case: URL Filtering
Cisco Confidential 376
Business Problem Addressed By ASA CX
Zero-day malware getting through traditional defenses
Malware gets constantly tweaked so that desktop/network AV does not detect it. New malware is released in the wild for <24 hours. Web Reputation is always able to block it even if the payload had changed.
Social engineering attacksYou get a URL link in Facebook chat, saying “Check out this cool video!”. You click the link. Web Reputation blocks that specific transaction, while allowing general access to Facebook.
Infected machines sending data outASA’s Botnet Traffic Filter detects and blocks all attempts to contact command-and-control centers / Botnet masters.
CX: Web Security EssentialsUse Case: Web Reputation Filtering
Cisco Confidential 377
Business Problem Addressed By ASA CX Example Apps
Bandwidth misuse View and control usage of Peer-to-Peer applications
Sensitive company data uploaded to the cloud
Control usage of file sharing applications
Employee productivityBlock non-productivity-related applications, while still allowing general access to social networking
Malware writers taking control of machines through remote control apps
Block remote control applications, while allowing WebEx
Malware masquerading as a well-known app
Identify and control applications that operate on well-known open ports
CX: Application Visibility and ControlUse Case: User and Application Visibility
Cisco Confidential 378
ASA Software Benefits
► ASA 9.1 Software:► On-box Management software version
is ASDM 7.1.3
► Offers integrated IPS, VPN and Unified Communications capabilities
► Delivers high availability for high resiliency applications
► Provides context awareness with Cisco TrustSec security group tags and Identify Based Firewall
► Facilitates dynamic routing and site-to-site VPN on a per-context basis
Cisco Confidential 379
Cisco ASA 5505
Security Services Card
AIP SSC-5
Serial Console
2 USB 2.0
ports
8 Ports of10/100 Ethernet
Power Supply
2 PoE Ports
• FW Throughput: 150 Mbps• IPS Throughput: 150 Mbps with AIP SSC-5• VPN Throughput: 100 Mbps• Memory: 512 MB RAM• Does NOT support Context Security
Service Capabilities
• For small businesses• Base license does not support following (must upgrade to Security Plus license)
• Active/Standby Failover• Dual ISP• DMZ Support
• If customer wants IPS, they must purchase the AIP SSC-5 hardware upgrade
When to Position
Cisco Confidential 380
Cisco ASA 5512-X
Expansion I/O Card
6 GE Cu,6 GE Fiber
Serial Console
2 USB 2.0 ports
Integrated I/O6 GE Cu
Fan
Power Supply
Dedicated GE Management Port • FW Throughput: 1 Gbps
• IPS Throughput: 250 Mbps• VPN Throughput: 200 Mbps• Memory: 4 GB RAM• Supports Context Security
Service Capabilities
• For small to midsize businesses• Base model does not support following (separate
license is required)• High Availability• VPN clustering• Security Contexts
• If customer wants to turn on services like IPS, web security simultaneously with performance, upsell the ASA 5515-X
When to Position
Cisco Confidential 381
Cisco ASA 5515-X
Expansion I/O Card
6 GE Cu,6 GE Fiber
Serial Console
2 USB 2.0 ports
Integrated I/O6 GE Cu
Fan
Power Supply
Dedicated GE Management Port • FW Throughput: 1.2 Gbps
• IPS Throughput: 400 Mbps• VPN Throughput: 250 Mbps• Memory: 8GB RAM• Supports Context Security
Service Capabilities
• For small to mid-sized businesses• If customer requires either of following upsell
from 5512-X • High Availability• Security Contexts• VPN Clustering• Next-gen services running at the
same time
When to Position
Cisco Confidential 382
Migration from ASA 5500 to ASA 5500-XASA 5510 Through ASA 5550 ASA 5512-X Through ASA
5555-X
Firewall Throughput 300 Mbps–1.2 Gbps 1 Gbps–4 Gbps (4X)
IPS Throughput 150 Mbps–650 Mbps 250 Mbps–1.3 Gbps
Expansion Slot UseIPS, Content Security, or
I/O ExpansionOnly for I/O Expansion
IPS Requires extra hardware moduleNo hardware module required
(runs as a service on ASA)
Content Security Requires extra hardware module No hardware module required
Redundant Power Supply
No Yes (5545-X, 5555-X)
Cisco Confidential 383
Cisco Email Security Overview
► High availability email protection against rapidly changing threats: ► Fights spam, viruses, and blended threats for organizations of all sizes
► Enforce compliance and protects reputation and brand assets
► Reduces downtime and simplifies administration of corporate mail systems
► Deployed by more than 40 percent of the world's largest enterprises
C170 C000v Hosted Hybrid
Appliance Virtual Cloud
Cloud Hybrid Cloud
Cisco Confidential 384
► Ready to plug-in and install in the right size for your environment
► For organizations that require sensitive data to remain physically on-premise
► Protection against risk of performance degradation
► Dedicated, easy-to-manage, and suitable for the small and midsize business customer
Appliance Deployment with C170
Cisco Confidential 385
► Leverage existing investments
► Quicker deployments
► Improved capacity planning
► Enhanced business continuity
► Deployment flexibility
Model Disk Memory Cores
C000v 200GB 4GB 1
ESX | ESXi Hypervisor
Cisco UCSConsolidation | Automation | Virtualization
Other Hardware
Virtual Deployment with C000v
Cisco Confidential 386
Cisco Email Security Services
Providing industry-leading email security in the cloud:
99.999% Uptime
99+% Spam catch rate
<1 in 1M false positives
100% known virus catch rate
Key Service Attributes Dedicated Infrastructure
Co-managed access
Capacity assurance
Email SaaS
Redundant Data Centers
1
Inbound Hygiene:Removes spam and viruses
Customer
Outbound Control: Apply DLP and
encryption policies
Pass Clean Email 2
3
Cisco Cloud Email Security
Cisco Confidential 387
Cisco Email Security Services
Combining email security inbound in the cloud with outbound control in the customer’s network:
Scan and control content before it exits the network
Encryption happens before the message hits the customer’s network border
Key Service Attributes Single pane of glass reporting
Greater control for customers who need or desire it
Email SaaS
Redundant Data Centers
1
Inbound Hygiene:Removes spam and viruses
Customer
Pass Clean Email 2
Cisco Hybrid Cloud Email Security
3
Cisco Confidential 388
Cisco Web Security Overview
► Provides web URL filtering, reputation filtering and user control:► Proactive security, application visibility, and control for all users
► Extend real-time protection and policy enforcement to remote employees
► Use deployment flexibility to meet your business and network needs
► Integrate with existing Cisco investments for reduced complexity
ASA/S170 WSAV Hosted Connectors
Appliance Virtual Cloud
Cloud Hybrid Cloud
Cisco Confidential 389
ASA Web Security Essentials
URL Filtering Granular Categories and Dynamic Classification Updated by SIO
Application Visibility and Control*1000+ Applications,
150,000+ Microapplications
Reputation-Based Malware Protection Only Vendor to Examine IP, Domain, URL, and Sender Reputations
Policy Management Flexible Control of Use, Applications, Social Media, etc.
Actionable ReportingOn-Box, Off-Box, or Hosted in the Cloud
(Varies by Deployment Choice)
Security Intelligence Operations (SIO) Updates100 TB of Daily Threat Telemetry
Updated Every 3 to 5 Minutes
*The Cisco® ASA 5500-X with WSE requires a separate license for AVC.
DLPIntegrated with Existing DLP Solutions or via Content
Filtering Rules
Layer 4 Traffic Monitoring Available on Appliance or Virtual Appliance
Cisco Confidential 390
Advanced Web Security
Web Security EssentialsURL Filtering, Application Visibility and Control,
Reputation-Based Malware Protection, Data Loss Prevention, Layer 4 Traffic Monitoring, Reporting, SIO
Real-Time Malware Scanning Layered, Multiple Engines
Plus
Cisco Confidential 391
Cisco Web Security ApplianceSimplified Deployment and Management
Firewall
Users
Web Proxy
Multiple Malware Engines
URL Filtering
AVC
Web Reputation
SIO Updates
Layer 4 Traffic Monitoring
SIEM/DLP/SOCKS/FTP
Policy Management
Reporting
Cisco Web
Security Appliance
InternetInternet
Firewall
Internet
Users
Consistent policy, security, and reporting for all users
Single-box solution for faster deployments, reduced complexity
Uses Cisco AnyConnect™ for remote and mobility
Integrates easily into your existing Cisco® infrastructure
Web Proxy
1 Malware Engine
URL Filtering
Policy Management
Reporting
Traditional Appliances
Cisco Confidential 392
Cisco Web Security Virtual ApplianceSimplified Deployment Without Additional Hardware
End Users
Same capabilities as Web Security Appliance, plus:
Self-service provisioning
Instant provisioning
Included with software bundle
User-based term licenses with unlimited VM instances
Mix-and-match deployment
Cisco Web Security Virtual Appliance
Internet
Firewall
UCS +
► Simplification Eliminates capacity planning, logistical, and budgetary headaches
► Faster DeploymentsInstant provisioning eliminates long lead times
► Rapid ResponseInstant provisioning means instant response to spikes
► Better Security Provide security to locations that were formerly difficult or too expensive to protect
Cisco Confidential 393
Cisco Cloud Web SecuritySimplified and Scalable Cloud-Based Deployments
Direct to CloudCisco ASA
Cisco ISR-G2Cisco® WSA
Cisco AnyConnect™
Cloud Web Security
Branch to enterprise URL filtering
Application Visibility and Control
Multiple malware engines
SIEM/DLP/SOCKS/FTP
SIO updates
Policy management
Reporting
Multiple connector options
Eliminates desktop agentReduces vendorsEliminates backhaul
Reuses appliances
Cisco Confidential 394
Cloud Web Security ConnectorsRapid Deployment Without Adding New Hardware or Complexity
ASA►Run integrated web security and intrusion prevention system (IPS) on the same equipment
►Eliminate software-based web filtering from other vendors
►Integrate with Cisco AnyConnect® to protect remote/roaming users
ISR G2►Eliminate backhaul from branch offices
►Cost-effective solution for public Wi-Fi initiatives
►Provide web security to small offices
WSA
►First step toward hybrid solution
►Cisco® Cloud Web Security for enforcement and reporting
►WSA for security information and event management
►DLP integration, advanced proxy
Cisco Confidential 395
VPN Connectivity Challenges
Dramatically increasing complexityTrying to keep up► Massive increase in devices, browsers, applications, data, and mobility
► Current remote-access products are too complicated for the end user
Requirements compromises Productivity or security► Demand for anytime and anywhere access to any data by anyone on
any device
► Security enforcement or easing workforce enablement
Limited options Client or clientless, TLS or DTLS, IPsec or SSL, etc.► Limited protocol support leads to fragmented implementation options
► Constant influx of new technologies and standards
Cisco Confidential 396
Cisco AnyConnect Secure Mobility Client
• Acceptable use policies
• Always-on protection
WSA
ASA
On-Premises
Cisco AnyConnect® Client
Redirect to Premises or Cloud
Cloud
Mobile User
Cisco® CloudWeb
Security
• Malware threat protection
• CWS: User choice of towers when traveling
• Application usage controls
Cisco Confidential 397
Secure VPN ConnectivityInternationalized► IPv6 support
► UI translated into major languages
► International sales and support
Simplified connectivity► Optimal gateway selection
► Automatic hotspot negotiation
► Enterprise connection enforcement
Next-generation unified security► User and device identity
► EASmartcard SSO
► Posture validation and remediation
► Integrated web security
Flexible deployment► Scalability and high availability
► Low TCO and increased productivity
Branch Office Mobile User Home Office
Secure, Consistent Access
Wired Wi-Fi
Cellular and Wi-Fi
Partner HQ
Site to Site
Cisco® ASA
Corporate HQ
Cisco ASA
Cisco Confidential 398
Cisco AnyConnect LicensesTo Meet a Range of Customer Needs
Flex License
Good for Short Periods of High Demand (Emergencies, Events, etc.)
Mobile License
at Low Cost Mobile License
at Low Cost
Advanced Endpoint
Assessment License
Shared License
Premium Licenses Shared by Multiple Cisco® ASA Devices
Essentials LicenseAt Low Cost
Basic Remote Access
Connectivity
Or
Premium License
Posture Assessment and Clientless
Benefits of Cisco Security Solutions for Small and Midsize Business Customers
Cisco Confidential 400
Cisco’s Global Security Footprint
► Protecting Over 150 million endpoints globally
► Over 250 certifications, 1,000s publications,25 books authored, and >100 security patents
► Number one in network security appliancesFirewall
Email security
NAC
VPN
Network IPS
Router security
► Technology innovation: Global Correlation, Botnet Traffic Filters, Virus Outbreak Filters, Reputation Filters, Alert Services
Cisco Confidential 401
Cisco Security Intelligence OperationsThree Defense Pillars
SensorBase
Comprehensive Threat Intelligence
Threat Operations Center
Researchers and Automated Analysis
Real-Time Updates and Best Practices
Dynamic Updates
Cisco Confidential 402
Benefits of Threat IntelligenceThreat Intelligence: Benefits:
►Over 1.6M global devices
►1,000 servers process 500G/day
►Historical library of 40,000 threats
►35% of global email traffic seen per day
►360 degree dynamic threat visibility
►Understanding of vulnerabilities and exploit technologies
►Visibility into highest threat vehicles
►Latest attack trends and techniques
Cisco Confidential 403
Benefits of Researchers and AnalystsResearchers and Analysts: Benefits:
►600+ Engineers, technicians, and researchers
►80+ PhDs, CCIEs, CISSPs, MCSEs
►Pen testing, botnet infiltration, malware reverse engineering
►Human-aided rule creation and QC
►95% of Internet languages covered
►Network security best practices and mitigation techniques
►Insight into threat trends and future outlook
►Quality assurance, reduced false positives
►Around-the-clock global coverage
Cisco Confidential 404
Benefits of Dynamic UpdatesSIO Updates: Benefits:
►Automated updates delivered to Cisco security devices every 3–5 minutes
►8M+ Rules per day
►Reputation updates for real-time protection
►Reduces exposure window
►Minimizes security management overhead
Cisco Confidential 405
IPS Reputation Filtering Powered by Global Correlation
Leading-Edge SecurityCisco IPS with Global Correlation
Coverage: Twice the effectiveness of signature-only IPS
Accuracy: Reputation analysis decreases false positives
Timeliness: 100x faster than traditional signature-only methods
Cisco Confidential 406
Cisco Email Security Value
Best performance Lowest TCO Future focus
• Fastest to block new, email-sent viruses
• Best-in-class at stopping or encrypting sensitive outbound email
• Unrivaled threat identification infrastructure leveraging Cisco’s global presence
• First to protect email proactively with sender-based filtering
• Least false positive email classifications
• No ongoing administration
• Low network impact
• Built-in compliance capabilities
• Easiest to install and manage
• World’s leading email security support
• Fewest appliances required
• Demonstrates financial commitment to email security investment and innovation
• Most flexible email security:
on-premise, in the cloud, hybrid and virtual
• Smarter and better anticipation of threats
• Best ability to scale threat analysis as global data explodes
Cisco Confidential 407
StabilitySecurity as part of the networkCisco® architecture and developmentWorld-class support and services
Cisco Web Security Value
Single user interface simplifies managementChoice of protection to meet security needsSimpler integrated architecture is easier to deploy and maintainCisco integration reduces complexity and multivendor overhead
Simplicity
SecurityMultiple layers of malware defense are built in, not added onBroadest threat telemetry network with SIOEnforces web security policies to enable your businessProtects any user on any device in any location
Cisco Confidential 408
Cisco AnyConnect Value
User Centric and BYOD Enabled► Supports user devices with client or clientless access► Optimal transparent user experience with always-on connectivity► SCEP proxy and pre-deployment device identification
Extensive Support► Broad support for desktop and mobile client OSs and clientless browsers► Broad support for protocols and authentication methods► Broad support for security gateways (Cisco® ASA, ASR, and ISR)
Security Focused► Broad authentication options (IEEE 802.1X, certificate, LDAP, etc.)► Posture and vault capabilities to secure client devices► Web security integration with Cisco WSA or Cloud Web Security
Enterprise Proven► Reliable, proven, scalable, load balanced, and highly available► Strong International presence and support 24 hours a day► Single appliance: client and clientless remote access, site-to-site VPN, and
firewall
1
2
3
4
Competing With Cisco Security Solutions
Cisco Confidential 410
Sell Cisco Remote Access to New Clients
Customer Situation Customer needs a remote-access solution
Customer Business Problem Customer wants to enable remote access for employees, contractors, and partners on their devices (PCs, tablets, and smartphones)
Solution Install Cisco® ASA with Cisco AnyConnect®
Products
• Cisco ASA 5500-X• Cisco AnyConnect Essentials or Premium license• Cisco AnyConnect Mobile license• Cisco SMARTnet® support
Customer Benefit Customer gains the most widely deployed remote-access solution with the broadest support for platforms and protocols
Cisco Confidential 411
Cisco ASA Upgrade Opportunity
Customer Situation Customer has installed prior-generation Cisco® ASA
Customer Business Problem Customer wants to upgrade to the latest Cisco ASA appliance
Solution Cisco ASA 5500-X platform
Products
• Cisco ASA 5500-X• Cisco AnyConnect® Essentials or Premium license• Cisco AnyConnect Mobile license• Cisco SMARTnet® support
Customer BenefitCustomer gains new hardware features (including performance improvements) and capabilities on latest Cisco ASA 5500-X platform appliances with Release 9.x software
Cisco Confidential 412
When to Sell ASA and Web Security
When to Sell Customer Situation
VPN Security Gateway
Cisco ASA Adaptive Security Appliance
Customer needs to support more users, add failover capability to a single Cisco ASA to replace a competitive VPN security gateway, or replace a Cisco VPN 3000 security gateway.
Web Security (Provides always-on security functions for laptops and mobile devices)
Cisco Cloud Web Security
Customer has Cisco AnyConnect and wants to add cloud-based web security for its users.
Cisco Web Security Appliance (WSA)
Customer has Cisco AnyConnect and wants to add appliance-based web security for its users.
Cisco Confidential 413
Deployment Option Strengths► SIEM/DLP integration► Larger HQ► Advanced proxy/bandwidth controls
WSA
► Same capabilities as WSA► Virtual/cloud/capacity planning initiatives► Remote offices without IT staff
vWSA
► Many branch offices or roaming users► Cloud initiatives► Backhaul issues
CWS
► Reusing investments► Backhaul or private network issues► Public Wi-Fi initiatives
ISR G2 Connector
► Cost considerations► Next-generation firewall► Network bandwidth controls
ASA 5500-X Series
► Reusing investments► Integrated web security and IPS► Many remote users
ASA Connector
Cisco Confidential 414
When to Sell AnyConnect
When to Sell Customer Situation
Cisco AnyConnect® Licenses (on Cisco® ASA)
Essentials Customer wants only simple VPN remote access. License is applied to Cisco ASA.
PremiumCustomer needs clientless VPN browser-based access, desktop or mobile posture, or Suite B cryptography, in addition to VPN remote access. License is applied to Cisco ASA.
MobileCustomer wants to enable VPN remote access for mobile devices. License is in addition to the Essentials or Premium license. Both licenses require application to Cisco ASA .
Advanced Endpoint Assessment
Customer needs remediation capabilities. This license is an add-on to the Premium license.
Shared Customer needs Premium licenses across multiple Cisco ASA devices to support many users.
FlexCustomer needs capability to temporarily burst on a day-to-day basis to the maximum number of users supported by Cisco ASA.
Cisco Confidential 415
Technology-savvy mobile workers need access on all their mobile devices anytime and anywhere they are in the world.
Many mobile workers have a mix of corporate and personally owned devices that they use interchangeably to do their jobs.
This means that sometimes they need safe clientless access from kiosks, loaner laptops,or a home PC that does not have a client.
Wherever they are, mobile workers need safe access to their corporate applications and data from any device and through any browser from any network worldwide.
Business Challenge: Mobile Workers
Situation
Cisco Confidential 416
Business Challenge: Mobile Workers
► Can we provide VPN client and clientless access through asingle Cisco® ASA device?
► How can we support users on many different OSs witha single solution?
► Do we have to choose between IPsec and SSL for client connections?
► How can we support the growing adoption and use of IPv6?
► How can we authenticate our users with certificates orother methods?
► How can we provide our users with transparentpersistent connectivity?
► How can the VPN session be suspended when the useris in the office?
► How can we simplify the enrollment of BYOD devices?
► How can users have the best connection while traveling?
► How can we help ensure that users are using only a single network connection at a given time?
Questions
Cisco Confidential 417
Business Challenge:Contractors and Partners
Situation
Companies regularly outsource functions to partners or hire contractors for specific needs.This process has become commonplace for organizations of all types and sizes.
These individuals and organizations need connectivity. Often they work remotely and are not in a company’s physical building, and they often require connectivity through either a site-to-site VPN or a remote-access solution connecting them to one or more users.
Cisco Confidential 418
Business Challenge:Contractors and Partners
Questions
► How can we easily provide secure connectivity to new contractors and partners?
► How can we limit corporate resource access levels for contractors and partners?
► How can we provide corporate resource access to a group of contractors or partners without downloading any software on their laptop or mobile devices?
Cisco Confidential 419
Business Challenge: Risk-Averse Organizations
Situation
Some organizations have a low tolerance for risk due to regulations, information policies, or the financial impact of a security breach.
These organizations go beyond standard best security practices to protect their networks, data, devices, and users from potential threats.
They may be interested in protecting particular departments, users, or devices to a greater degree.
Typical organizations that are risk averse include government organizations and contractors, financial firms, and companies that cannot accept a security breach.
Cisco Confidential 420
Business Challenge:Risk-Averse Organizations
► How can we help ensure that devices connecting to the network have the latest antivirus updates and VPN client?
► How can we help ensure that users connect only to corporate Wi-Fi networks?
► How can we protect our user devices from web-based threats?
► Can we use policies to enforce authentication and access rules?
► Can we apply a higher security policy to a group of users or devices?
► How do we deploy the best encryption available?
► How can we provide secure connectivity from each desktop on the LAN?
► Can we authenticate users using different methods?
► How do we help ensure that users are using a certificate for authentication?
► Is Cisco AnyConnect™ or the Cisco® ASA FIPS compliant or certified?
Questions
Cisco Confidential 421
Security Message In A Box
• http://www.cisco.com/go/anyconnect
• http://twitter.com/anyconnect
• http://www.facebook.com/anyconnect
• http://twitter.com/ciscosecurity
• http://www.facebook.com/ciscosecurity
• http://blogs.cisco.com/category/security
• http://blogs.cisco.com/category/borderless
• http://www.youtube.com/user/Cisco
Technical Considerations for Cisco Security Solutions
Cisco Confidential 423
Cisco Small and Midsize Business Security Portfolio
ISR G2ASA 5500/5500-
X
Appliance-based
Broad Services Solution Portfolio
Integrated with routing
CiscoWeb Security
Appliance-based, content control
Specific Services Solution Portfolio
CiscoEmail Security
Appliance-based, data loss prevention
AnyConnect
Client software, secure VPN
End Device Solution
Cisco Confidential 424
Cisco ASA 5500 Series PortfolioComprehensive Solutions from SOHO to the Data Center
Per
form
ance
and
Sca
labi
lity
CampusBranch Office Internet Edge
ASA 5585-X SSP-20(10 Gbps, 125K cps)
ASA 5585-X SSP-60(40 Gbps, 350K cps)
ASA 5585-X SSP-40(20 Gbps, 200K cps)
ASA 5585-X SSP-10(4 Gbps, 50K cps)ASA 5555-X
(4 Gbps,50K cps)
ASA 5545-X (3 Gbps,30K cps)
ASA 5525-X (2 Gbps,20K cps)
ASA 5512-X (1 Gbps, 10K cps)
ASA 5515-X (1.2 Gbps,15K cps)
ASA 5510 ASA 5510 +
ASA 5520
ASA 5540
ASA 5550
SOHO
ASA 5505
Enterprise
Cisco Confidential 425
Cisco ASA 5500-X ImprovementsSignificant improvements include:
► Multi-Gigabit performance:
► Meets growing throughput requirements
► Accelerated integrated services:
► Avoids hardware upgrades as business needs change
► Next-generation services enabled platform:
► Supports multiple services on one platform, providing investment protection
ASA 5512-X1 Gbps Firewall Throughput
ASA 5525-X2 Gbps Firewall Throughput
ASA 5515-X1.2 Gbps Firewall Throughput
Cisco Confidential 426
4X Firewall Throughput
1 Gbps Firewall250 Mbps FW+IPS200 Mbps VPN
ASA 5512-X
1.2 Gbps Firewall 400 Mbps FW+IPS 250 Mbps VPN
ASA 5515-X
2 Gbps Firewall600 Mbps FW+IPS300 Mbps VPNASA 5525-X
ASA 5510
300 Mbps Firewall300 Mbps FW+IPS170 Mbps VPN
ASA 5510+
300 Mbps Firewall300 Mbps FW+IPS170 Mbps VPN
ASA 5520
450 Mbps Firewall450 Mbps FW+IPS225 Mbps VPN
Cisco ASA 5500-X: Multi-Gigabit Performance
Cisco Confidential 427
Cisco ASA 5500-X: Accelerated Integrated Services
► Enterprise-class hardware architecture designed to support multiple services
► Multi-core Multi-threaded CPUs
► 4X memory
► Dedicated IPS hardware accelerator
► Dedicated VPN hardware accelerator
► Services Supported
► IPS (does not require additional hardware module)
► Botnet Protection
► Real-time threat information for protection provide protection against complex threat
► VPN & AnyConnect
► Enables BYOD with security besides providing always-on remote access
Cisco Confidential 428
Cisco ASA 5500-X: Next-Generation Services
► New Services can be turned on without requiring additional hardware
► Enterprise class hardware design supports superior performance with multiple services
► Superior investment protection
FeatureASA
5500-X
User-Identity based firewall policies ✔
Application-Visibility and Control ✔
URL Filtering ✔
Integrated IPS ✔
Cisco Confidential 429
ASA 5512-X ASA 5515-X ASA 5525-X
Firewall Throughput (Max) 1 Gbps 1.2 Gbps 2 Gbps
Firewall Throughput (EMIX) 500 Mbps 600 Mbps 1 Gbps
IPS Throughput (Media Rich) 250 Mbps 400 Mbps 600 Mbps
VPN Throughput 200 Mbps 250 Mbps 300 Mbps
Packets per second (64 byte) 450,000 500,000 800,000
Connections (Max) 100,000 250,000 500,000
Connections per Second 10,000 15,000 20,000
Security Contexts (Incl/Max) 0/0 2/5 2/20
VLANs 50 100 200
High Availability & VPN Clustering No A/S A/A A/S A/A
Maximum Site-to-Site and IPSec IKEv1 Client VPN User Sessions 250 250 750
Maximum AnyConnect or Clientless VPN User Sessions 250 250 750
Bundles SSL VPN User Sessions 2 2 2
Premium AnyConnect VPN Peer License Levels 10,25,50,100,250 10,25,50,100,250 10,25,50,100,250,500,750
Jumbo-Frame Support Yes Yes Yes
OS 64-bit 64-bit 64-bit
Cisco ASA 5500-X Performance Positioning
Cisco Confidential 430
Cisco ASA 5500-X Hardware Specs ASA 5512-X ASA 5515-X ASA 5525-X
Form-Factor 1 RU 19-in rack mountable
1 RU 19-in rack mountable
1 RU 19-in rack mountable
Rack-Mounting Options Brackets included(Slide rails optional)
Brackets included(Slide rails optional)
Brackets included(Slide rails optional)
Dimensions (HxWxD) 1.67 x 16.7 x 15.6 In (4.24 x 42.9 x 39.5 cm)
1.67 x 16.7 x 15.6 In (4.24 x 42.9 x 39.5 cm)
1.67 x 16.7 x 15.6 In (4.24 x 42.9 x 39.5 cm)
Weight 13.39 lb(6.07 kg)
13.39 lb(6.07 kg)
14.92 lb(6.77 kg)
CPU Multi-core enterprise-class
Multi-core enterprise-class
Multi-core enterprise-class
RAM 4 GB 8 GB 8 GB
Flash 4 GB 8 GB 8 GB
Integrated Network Ports (GE) 6 6 8
Maximum Network Ports (GE) 12 12 14
Dedicated OOB Mgmt. Port (GE) Yes Yes Yes
Interface Card Options 6 GE Copper or6 GE SFP SX,LH,LX
6 GE Copper or6 GE SFP SX,LH,LX
6 GE Copper or6 GE SFP SX,LH,LX
Interface Card Slots 1 1 1
USB 2.0 Ports 2 2 2
Console Port Yes, RJ-45 Yes, RJ-45 Yes, RJ-45
Redundant power No No No
Dedicated IPS Hardware Accelerator No No Yes
Power Supply AC, 400W AC, 400W AC, 400W
Cisco Confidential 431
Cisco ASA 5500-X Front-View
ASA 5515-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
ASA 5512-X
1 RU Appliances
Hard Drive Slots(Used with Context Security Upgrade)
Cisco Confidential 432
Cisco ASA 5500-X Back-View 6 GE ports 8 GE ports
ASA 5512-X
ASA 5515-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
1 Expansion Slot6-port GE or 6-port SFP
Redundant Power Supplies
Plan, Design, and Build Considerations for Cisco Borderless Network Switching Solutions
Cisco Confidential 434
Plan, Design, Build for Partner Engineers
► There are three major responsibilities of the partner engineer during the customer engagement:
► Plan the feature requirements and assess product choice against features
► Design a solution based on understanding of required functions and best practices
► Build a solution by deploying, configuring and managing it
• Feature Requirements
• Product AssessmentPlan
• Determine Function
• DesignDesign
• Deploy• Configure• Manage
Build
Cisco Confidential 435
Planning
► In the case of ASA security, one of our key planning steps is to determine the license requirements and deployment mode
• Feature Requirements
• Product Assessment
Plan
Cisco Confidential 436
Cisco ASA 5500-X Security Services
► Next Generation security services incorporated into ASA software:► Base License:
► Stateful Firewall
► VPN (choose between DES or 3DES/AES version)
► Optional Licenses:► Application Visibility and Control
► Web Security Essentials
► Intrusion Prevention Services (sold as combo at time of purchase)
► Cloud Web Security
► Botnet Traffic Filter
► SSL VPN
Cisco Confidential 437
Context and Threat AwarenessNext-Generation Context-Aware Firewall and Proven Cisco Technology
Classic Cisco ASA Firewall
DistributedAppliance Integrated Virtual
Cisco® ASA CX
► End-to-end network intelligence
► Comprehensive access control
► Deep application control
► Exceptional remote access
► Best-in-class web security
Context Aware
► Near-real-time threat protection
► Comprehensive reputation analysis
► Analysis of email, IPS, and web vectors
► Largest global footprint
► Most frequently updated feeds
Threat Aware
Cisco Confidential 438
Cisco IPS► Uses both traditional signature-based and reputation-based methods
to prevent threats
► Determines reputation of an IP address through complex algorithms based on 75 TB of data received per day shared by:
► 1.6 million deployed security devices
► 35% of worldwide email traffic
► 150 million deployed endpoints
► 13 billion web requests
► Helps catch zero-day threats and advanced persistent threats
► Helps meet regulatory compliance (PCI, HIPPA, Sarbanes-Oxley, etc.)
► Provides superior threat mitigation with passive OS fingerprinting and reputation
► Offers deployment flexibility by using user identity-based security policies
Cisco Confidential 439
Cisco IPS Threat Defense
Multilayer Attack Defense
Patented Cisco® Traffic Cleansing Technology
Cisco Vulnerability-Based Signatures
Detects all major protocol evasion techniques, provides anomaly
detection
Protects against 25,000 exploits and countless more
► IP packet fragmentation► TCP stream segmentation► RPC fragmentation► URL obfuscation► HTML evasion ► FTP evasion
Network OS ApplicationsRPC MSFT DatabasesUDP Linux Web serversHTTP Mac P2PSMB Cisco SkypeIPV6 H.223/5MPLS ApacheGRE P2PIPV4 in IPV6 SharePointIPV4 in IPV4
Signature
Twice a Week
Updates
Cisco Confidential 440
Cisco ASA Botnet Traffic Filter
• Scans all traffic, all ports, and all protocols
• Monitors command and control traffic from internal bots to external hosts
• Detects infected clients by tracking rogue phone-home traffic
Cisco® ASA Botnet Traffic Filter feature
• Provides guidance now for blocking botnet communication
• Dynamic discovery provides real-time identification of malware communication flexibility by using user identity-based security policies
Powerful antimalware data promotes accuracy
Cisco ASA
Antimalware
Cisco Confidential 441
ASA CX Integration with AnyConnect
► ASA CX delivers end-to-end network visibility for superior security control, including:
► Robust authentication: Active authentication via Active Directory, LDAP, Kerberos or NT LAN Manager
► Device information: Cisco AnyConnect provides information on the specific types of user devices attempting to gain access to the network, as well as whether the device is located locally or remotely
► Reputation-based threat defense: Threat intelligence feeds from Cisco SIO using the global footprint of Cisco security deployments ► Leveraging more than 2 million devices
► Analyzing approximately one-third of the world's Internet traffic
Cisco Confidential 442
Designing
► Correct design requires understanding security services as well as design best practices:
► Guidelines for Designing Security Policy
• Determine Function
• DesignDesign
Cisco Confidential 443
Guidelines for Designing Security Policy
Implementing and Maintaining a Comprehensive IT Risk Mitigation Strategy:
► What assets are you trying to protect?► Security Architecture Review
► What are the relevant threats?► Security Posture Assessment
► How comfortable are you with your ability to detect and respond to these threats?
► Gap Assessment and Remediation Consulting
► Security Product Design and Implementation Services
Cisco Confidential 444
Cisco Security Architecture Review
Activities► Analyze network security solution goals,
objectives, and requirements
► Evaluate the existing security infrastructure identifying architecture, design, and implementation gaps
► Provide a detailed configuration analysis of critical security components
► Identify vulnerabilities and deviations from best practices and policy
► Recommend improvements to the security topology, components, functions, and features
Security Architecture Review Report
1. What assets are you trying to protect?
Cisco Confidential 445
Cisco Security Posture Assessment
Activities► Discovery to identify systems and services visible to the
Internet
► Penetration testing to confirm the presence of vulnerabilities
► Detailed analysis to identify critical vulnerabilities
► Comparison with recommended industry best practices and policies
► Development of a prioritized list of discovered risks with recommended actions
2. What are the relevant threats?
Security Posture Assessment Report
Cisco Confidential 446
3. How comfortable are you with your ability to detect and respond to these threats?
Cisco Security Design Support
Activities► Analyze security solution design goals, objectives, and
requirements
► Review the customer’s design including specifications for scalability, redundancy, and performance
► Review hardware and software requirements including network security management tools
► Assist in the development of a common set of design principles, policies, and practices
► Provide recommendations for ongoing management and maintenance
Detailed Security Design Report
Cisco Confidential 447
3. How comfortable are you with your ability to detect and respond to these threats?
Cisco Security Performance Tuning
Activities► Perform security device discovery
► Analyse customer’s baseline configuration templates including tuning requirements
► Compare configuration and policy implementation to industry best practices and your organization’s security policy
► Review findings and provide recommendations for improved policy configuration and tuning
Security Recommendations Report
Cisco Confidential 448
Build
► Building a solution requires knowledge of the appropriate configuration and administration tools:
► Cisco Adaptive Security Device Manager
► Cisco Security Manager
• Deploy• Configure• Manage
Build
Cisco Confidential 449
Cisco Adaptive Security Device Manager
► Ideal for small or simple deployments
► Configure, monitor and troubleshoot ASA devices
► Easy to use setup wizards make installation and initial management easy
► Real-time log viewer and monitoring dashboards for at-a-glance status
► Troubleshooting features and powerful debugging tools such as packet trace and packet capture
Cisco Confidential 450
Cisco ASDM: Packet Tracer
Benefits
► Enables rapid troubleshooting
► Enables policy tuning and refining
► Simplifies fault isolation in complex policy environments
► First Pro-active Debugging Tool
PACKET TRACING
Enables the injection of arbitrary packets through the system to audit policy configuration and enforcement
Cisco Confidential 451
Cisco ASDM: Syslog Viewer► Structured real time syslog viewer
► Provides optional coloring of events based on severity
► Offers real-time interpretation of log messages, with plain English explanations and recommended actions for each log message
Cisco Confidential 452
Cisco Security Manager 4.4
Centralized Policy AdministrationCentrally provision policies for firewalls, VPNs, and IPS
Very scalable
Policy inheritance feature enables consistent policies across enterprise
Powerful device grouping options
Configure policies for ASA, Cisco® PIX® FW, FW SM and Cisco IOS® Software
Single rule table for all platforms
Intelligent analysis of policies
Sophisticated rule table editing
Compresses the number of access rules required
Firewall Administration
Superior Usability
Jumpstart help: an extensive
animated learning tool
Flexible management views:
•Policy-based
•Device-based
•Map-based
•VPN Manager
•IPS Manager
•Deployment Manager
VPN Administration
VPN Wizard setup site-to-site, hub-spoke, and full-mesh VPNs
Configure remote-access VPN, DMVPN, and Easy VPN devices
IPS Administration
Automatic updates to the IPS sensors
Support for outbreak prevention services
Cisco Confidential 453
Cisco Security Manager: Policy Based Management► Create and reuse security rules and
objects
► Monitor security threats throughout the deployment
► Minimize errors and maximize efficiency
► Implement security settings on-demand or on a scheduled basis
► Roll back to previous configurations
► Import and export security configurations
► Role-based access control and deployment workflows ensure security and consistency
Cisco Confidential 454
Cisco Security Manager: Event Manager► Support for syslog
► Real-time and historical event viewing
► Cross-linkages to firewall access rules and IPS signatures
► Prebundled set of views for firewall, IPS, and VPN
► Customizable views
► Intuitive GUI controls
► Tools such as ping, traceroute, and packet tracer
Cisco Confidential 455
Additional Resources► Security
► www.cisco.com/go/security► SAFE Design
► http://www.cisco.com/go/safe ► Branch Office Design
► http://www.cisco.com/web/about/ciscoitatwork/network_systems/branch_office_network_design.html
► Cisco on Cisco
► http://www.cisco.com/go/ciscooncisco
Module Summary
Cisco Confidential 457
Summary► Cisco partners should consider the ISR G2 series and ASA 5500-X
series products as their primary solution for customer security solutions across a broad spectrum of needs
► The enterprise class hardware design of the ASA 5500-X series supports superior performance with multiple services and provides superior investment protection
► The Cisco ASA CX capability provides next generation context-aware firewall capability on the proven ASA firewall platform
► The Cisco ASA Botnet Traffic Filter detects infected clients by tracking rogue phone-home traffic and stops that traffic to protect the network
Cisco Confidential 458
Review: ASA 5500-X Improvements
Which of the following is a new feature of the ASA 5500-X series? (choose one)
A) Hardware-based Upgrades
B) Context Security
C) Gigabit Ethernet
D) Firewall, VPN and IPS Services
Cisco Confidential 459
Review: ASA 5500-X Improvements
Which of the following is a new feature of the ASA 5500-X series? (choose one)
B) Context Security
Cisco Confidential 460
Review: Security Management
Which of the following is the embedded management tool for ASA 5500series devices? (choose one)
A) Cisco Prime
B) Cisco Security Manager
C) ASDM
D) CCP
Cisco Confidential 461
Review: Security Management
Which of the following is the embedded management tool for ASA 5500series devices? (choose one)
C) ASDM
Cisco Confidential 462
Course Summary
Cisco Confidential 464
Course Summary
► Cisco Borderless Networks and Security solutions include: routing, switching, wireless, and security solutions
► Cisco Borderless Network and Security solutions provide the best choice for customers because they support an overall vision of how the network needs to work together to address business needs
► Cisco Borderless Network and Security solutions solve problems for customers struggling with operational complexity and costs, security challenges, network downtime and expanding bandwidth needs
► Understanding the technical and design considerations of Cisco Borderless Networks and Security solutions is essential to mapping these solutions to customer needs
Cisco Confidential 465