Cisco Catalyst 2960-24PC-L Switch
Easy Deployment and Network Management
The Cisco Catalyst 2960 LAN Lite Series offers several ease of use features, which enable fast and easy configuration and installation of the switches into the network. Lowering the total cost of ownership and simplifying network operation are primary reasons for using the Cisco Catalyst 2960 switches. These features include:
- Cisco Auto SmartPorts simplify the configuration of advanced Cisco Catalyst capabilities, encapsulating years of Cisco networking expertise. As devices connect to the switch automatic port, configuration is enabled, allowing a plug and play of the device onto the network. For example, an IP phone connecting to the switch will configure the switch port with Cisco best practices for QoS and create a voice VLAN. Cisco SmartPort macros offer a set of verified, pretested, Cisco recommended switch port configurations per connection type that are easy to apply, enabling users to consistently and reliably configure essential security, IP telephony, availability, QoS, and manageability features with minimal effort and expertise.
- Cisco Express Setup simplifies initial configuration with a web browser, eliminating the need for more complex terminal emulation programs and CLI knowledge.
- Auto Install utilizes Dynamic Host Configuration Protocol (DHCP) based auto-configuration and image upgrade. This feature automatically downloads the configuration file, Cisco IOS Software image, allocates an IP address and hostname for the switch. This feature can be used to implement a “zero touch deployment.”
- Cisco Network Assistant is a no cost, Windows-based application that simplifies the administration of networks of up to 250 users. It supports a wide range of Cisco Catalyst intelligent switches from Cisco Catalyst 2960 through Cisco Catalyst 4506. With Cisco Network Assistant, users can manage Cisco Catalyst switches plus launch the device managers of Cisco integrated services routers and Cisco Aironet WLAN access points.
- Enhanced Troubleshooting is possible with an extensive array of debug diagnostic commands and system health checks within the switch.
- Time Domain Reflectometry (TDR) to diagnose and resolve cabling problems on copper Ethernet ports.
- Autosensing on each 10/100 port detects the speed and duplex of the attached device and automatically configures the port for 10- or 100-Mbps operation, easing switch deployment in mixed 10- and 100-Mbps environments.
- Automatic medium-dependent interface crossover (Auto-MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed on a copper port.
- Multifunction LEDs per port for port status; half-duplex and full-duplex mode; and 10BASE-T, 100BASE-TX, and 1000BASE-T indication as well as switch-level status LEDs for the system and a redundant power supply provide a comprehensive and convenient visual management system.
Cisco Network Assistant is a PC-based network-management application optimized for LANs with up to 250 users. Offering centralized management of Cisco switches, routers, and wireless LAN (WLAN) access points, it supports a wide range of Cisco Catalyst intelligent switches from the Cisco Catalyst 2960 through the Cisco Catalyst 4506 Switch. Through a user-friendly GUI, you can configure and manage a wide array of switch functions and start the device manager of Cisco routers and Cisco wireless access points. You can perform tasks to configure the switch for voice, video and multicast traffic using QoS and upgrade IOS is a simple one click upgrade. The Security wizard automatically restricts unauthorized access to servers with sensitive data. Smartports and wizards save time for network administrators, reduce human errors, and help ensure that the configuration of the switch is optimized for these applications. You can download Cisco Network Assistant from the Cisco website for free http://www.cisco.com/go/cna. The easy-to-use graphical interface provides both a topology map and front-panel view of switches.
In addition to Cisco Network Assistant, Cisco Catalyst 2960 LAN Lite Switches provide for extensive management using SNMP network-management platforms such as the CiscoWorks LAN Management Solution (LMS). CiscoWorks LMS is a suite of powerful management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. It integrates these capabilities into a world-class solution for improving the accuracy and efficiency of your operations staff, while increasing the overall availability of your network. It supports more than 400 different device types, providing:
- Network discovery, topology views, end-station tracking, and VLAN management
- Real-time network fault analysis with easy-to-deploy device-specific best-practice templates
- Hardware and software inventory management, centralized configuration tools, and syslog monitoring
- Network response time and availability monitoring and tracking
- Real-time device, link, and port traffic management, analysis, and reporting
Intelligent Power over Ethernet (PoE) Management
The Cisco Catalyst 2960 LAN Lite Series can provide a lower total cost of ownership (TCO) for deployments that incorporate Cisco IP phones, Cisco Aironet wireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device. PoE eliminates the need for wall power outlets for each PoE-enabled device and significantly reduces the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments. Taking advantage of Cisco Catalyst Intelligent Power Management, the Cisco Catalyst 2960 LAN Lite 48-port PoE configurations can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between. The 24 port switch models provide Class 3 PoE or 15.4W of PoE power on all 24 ports.
Key features for PoE include:
- Cisco Discovery Protocol version 2 allows the Cisco Catalyst 2960 LAN Lite Series Switch to negotiate a more granular power setting when connecting to a Cisco powered device, such as IP phones or access points, than what is provided by IEEE classification.
- Per Port PoE Power Sensing measures actual power being drawn, enabling more intelligent control of powered devices.
- PoE MIB provides proactive visibility into power usage for monitoring and troubleshooting.
- Link Layer Discovery Protocol (LLDP) link layer discovery protocol for interoperability in multivendor networks. Switches exchange speed, duplex, and power settings with end devices such as IP phones.
Integrated Service Delivery with QoS and Multicast:
Prioritization of traffic is critical to many network services such as voice, video and wireless and the Catalyst Cisco Catalyst 2960 LAN Lite Switches help ensure that network traffic congestion is avoided allowing business critical applications to perform without degradation. To implement QoS, the Cisco Catalyst 2960 Series Switches first identify traffic flows or packet groups, and then classify or reclassify these groups using Class of Service (CoS). The Cisco Catalyst 2960 LAN Lite Switches support hardware based QoS with no performance degradation including four egress queues per port, giving your network administrators more control in assigning priorities for the various applications on the LAN. At egress, the switches perform congestion control and scheduling, the algorithm or process that determines the order in which queues are processed. The Cisco Catalyst 2960 LAN Lite Switches support Shaped Round Robin (SRR) and Strict Priority Queuing. The SRR algorithm helps ensure differential prioritization and helps ensure excellent network performance with line rate traffic loads.
Multicast is a key capability available in the Catalyst switches that can efficiently deliver high bandwidth applications across the network and optimize network performance saving bandwidth. It supports distributed applications and enables next generation multimedia applications including: Corporate Communications, E-learning, IP Video Surveillance, High Definition Video, and distribution of data to desktops in a scalable, reliable and efficient manner. Cisco Catalyst 2960 LAN Lite Switches support layer 2 Multicast traffic and use protocols to allow customer to deploy streaming video applications in the network and benefit from bandwidth saving provided.
Key features for integrated service delivery include:
- Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
- Cisco VLAN Trunking Protocol (VTP) supports dynamic VLANs and dynamic trunk configuration across all switches.
- Standard 802.1p CoS and DSCP field classification are provided, using marking and reclassification on a per-packet basis by source and destination IP address, source and destination MAC address, or Layer 4 TCP or UDP port number.
- Four egress queues per port enable differentiated management of up to four traffic types.
- Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by intelligently servicing the ingress and egress queues.
- Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress queues before a disruption occurs.
- Strict priority queuing guarantees that the highest-priority packets are serviced ahead of all other traffic.
- Internet Group Management Protocol Version 3 (IGMPv3) snooping provides fast client joins and leaves of multicast streams and limits bandwidth-intensive video traffic.
- IGMP filtering provides multicast authentication by filtering out no subscribers and limits the number of concurrent multicast streams available per port.
The Cisco Catalyst 2960 LAN Lite Switches support security features that can help your business protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation.
The Cisco Identity-Based Networking Services (IBNS) solution provides authentication, access control, and security policy administration to secure network connectivity and resources. Cisco IBNS in the Cisco Catalyst 2960 LAN Lite Series prevents unauthorized access and helps ensure that users get only their designated privileges.
With Cisco IBNS you can dynamically administer granular levels of network access. Using the 802.1x standard and the Cisco Secure Access Control Server (ACS), you can assign users a VLAN upon authentication, regardless of where they connect to the network. This setup allows your IT department to enable strong security policies without compromising user mobility, and with minimal administrative overhead.
You can use port security to limit access on an Ethernet port based on the MAC address of the device to which it is connected. You also can use it to limit the total number of devices plugged into a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the risks of rogue wireless access points or hubs.
You can use the MAC Address Notification feature to monitor the network and track users by sending an alert to a management station so that your network administrators know when and where users entered the network. Secure Shell Protocol Version 2 (SSHv2) and SNMPv3 encrypt administrative and network-management information, protecting your network from tampering or eavesdropping. TACACS+ or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering the configurations. Alternatively, you can configure a local username and password database on the switch itself. Fifteen levels of authorization on the switch console and two levels on the web-based management interface allow you to give different levels of configuration capabilities to different administrators.
Key security features include:
- IEEE 802.1x allows dynamic, port-based security, providing user authentication.
- IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
- IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port.
- IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses, including those of the client.
- IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the guest VLAN.
- MAC Auth Bypass (MAB) for voice or data devices allows controlled network access without 802.1x supplicant to get authenticated using their MAC address.
- Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.
- SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSHv2 and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
- TACACS+ and RADIUS authentication enables centralized control of the switch and restricts unauthorized users from altering the configuration.
- MAC address notification allows administrators to be notified of users added to or removed from the network.
- Per-port broadcast, multicast, and unicast storm control and CPU queues prevents faulty end stations from degrading overall systems performance and denial of service attacks.
Intelligent Layer 2 Availability and Scalability
The Cisco Catalyst 2960 LAN Lite Series is equipped with a robust set of features that allow for network scalability and higher availability with a complete suite of Layer 2 protocols including Spanning Tree Protocol enhancements aimed maximizing availability in a Layer 2 network.
Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), Uplink Fast, and PortFast, maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design. Uplink Fast, PortFast, and BackboneFast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time. Loop guard and bridge-protocol-data-unit (BPDU) guard provide Spanning Tree Protocol loop avoidance.