Catalyst 2960XXR Series Enterprise Switches

Public Channel / Cisco

Share on Social Networks

Share Link

Use permanent link to share in social media

Share with a friend

Please login to send this presentation by email!

Embed in your website

Select page to start with

112.

28. How to check ASIC to port mapping

102. DEMO

111. Please take a moment to complete the survey Thank you for Your Time!

2. Upcoming Events https://supportforums.cisco.com/expert - corner/events

105. Submit Your Questions Now! Use the Q & A panel to submit your questions and our expert will respond

5. Cisco Support Community Expert Series Webcast Roopa R Technical Leader Enterprise Access Switching Group

1. Roopashree R Technical Leader May 10, 2016 Catalyst 2960X/XR Series Enterprise Switches Cisco Support Community Expert Series Webcast

6. Santhosh Chidri Nagaraj Technical Leader Question Managers Prabha Ganesan Software Engineer

9. Submit Your Questions Now ! Use the Q & A panel to submit your questions and the panel of experts will respond. Please take a moment to complete the survey at the end of the webcast

109. More IT Training Videos and Technical Seminars on the Cisco Learning Network View Upcoming Sessions Schedule https://cisco.com/go/techseminars

92. Polling Question 3 Would you be interested in something that eases device deployment and configuration A. Yes B. Somewhat Yes C. No

58. Polling Question 2 How important is Security at the access layer? A. Very important B. Important C. Somewhat important D. Not important at all

83. Shaped SRR vs. Shared SRR • Either Shaped SRR or Shared SRR is Good! • Shared SRR is used to get the maximum efficiency out of a queuing system, because unused time slots can be reused by busier queues; Unlike standard WRR. • Shaped SRR is used when one wants to shape a queue or set a hard limit on how much bandwidth a queue can use. Shaping provides a more even flow of traffic over time and reduces the peaks and valleys of bursty traffic.

12. Polling Question 1 Which Catalyst switch comes to your mind when we speak of the Catalyst 2960 family A. 2960 B. 2960P C. 2960S D. 2960X E. 2960XR

101. Polling Question 4 How easy is it to configure Dot1x and Netflow Lite on the switch A. Very Difficult B. Difficult C. Manageable D. Easy E. Very Easy

10. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Configuration examples • Troubleshooting best practices and hints Agenda

11. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Configuration examples • Troubleshooting best practices and hints Agenda

100. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Configuration examples • Troubleshooting best practices and hints Agenda

110. Thank you for participating! . Redeem your 35% discount offer by entering code: CSC when checking out: Visit Cisco Press at: Cisco Press http :// bit.ly/csc - ciscopress - 2016

3. https://supportforums.cisco.com/expert - corner/top - contributors Participate in Live Interactive Technical Events and much more http:// bit.ly/1jlI93B Become an Event Top Contributor If you want to host an event, send an email to csc - events@external.cisco.com

4. Rate Content Now your ratings on documents, videos, and blogs count give points to the authors!!! So, when you contribute and receive ratings you now get the points in your profile. Help us to recognize the quality content in the community and make your searches easier. Rate content in the community. https:// supportforums.cisco.com/blog/154746 Encourage and acknowledge people who generously share their time and expertise

51. C2960 - X FlexStack - Plus Packet Flow, Unicast Member 1 Member 2 Member 3 Member 4 Takes the shortest path Unicast Packet I ngresses member 1 E gressing member 2 Whole Packet is transmitted No load balancing on stack ports Destination stripping

98. AutoConf Device Classification [CDP, LLDP, DHCP, MAC OUI] Interface Templates [Built - In or User Defined] AutoConf Templates are the foundation for AutoConf Templates can work without AutoConf AutoConf requires templates AutoConf Templates

20. 2960 - X / 2960 - XR Front Panel System Management Interfaces System LEDs 10/100 Out of Band Ethernet Management interface RJ45 Console Interface USB Console (type B) USB Flash (type A) Mode Button 2960 - X / 2960 - XR Front Panel System Management Interfaces

26. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Architecture • Packet Walk through • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Configuration examples • Troubleshooting best practices and hints Agenda

59. No You’re Not! IP Source Guard Dynamic ARP Inspection DHCP Snooping Port Security Catalyst Integrated Security Features Attack Catalyst Feature MAC Address Flooding Port Security DHCP Rogue Server for Default Gateway Interception DHCP Snooping ARP Spoofing or ARP Poisoning Dynamic ARP Inspection IP Spoofing or MAC Spoofing IP Source Guard

18. Switch Hibernation Mode • When the switch is not in use, Switch Hibernation Mode can be scheduled to save power. • Power off CPU Cores , ASIC and Connected PoE devices. • DRAM is in refresh mode, keeping data intact • Power to most components is off except DRAM, FANs and MCU. • Wake on Mode Button trigger • Wake on Scheduled Real Time Clock alarm / Interrupt • Mode Button trigger has precedence over all other wake on events. • On wake up alarm, The CPU Cores are powered on and DRAM is put out of self refresh.

53. C2960 - X FlexStack - Plus Packet Flow, BCAST Member 1 Member 2 Member 3 Member 4 Passive Link prevents Fwd of packet between members 3 & 4 Bcast Packet ingresses member 1 BCAST packet egresses on all interfaces FWDing on that vlan for all members

60. Problem Port Security Campus LAN 132,000 Bogus MACs Catalyst Integrated Security “Script Kiddie” hacking tools enable attackers to flood switch CAM tables with bogus macs; turning the VLAN into a “hub” and eliminating privacy Campus LAN Only One MAC Address Allowed on the Port: Shutdown if Exceeds Solution Catalyst Security Toolkit recognizes MAC flooding attack and locks down the port and sends an SNMP trap

94. Network PnP – Server Discovery Options 1. DHCP Options DHCP Server configured with IP address of the PnP in Options 60 & 43, Consistent with Cisco LWAPP 2. Domain Name Uses customer Domain Name returned by DHCP server. PnP Agent adds pre - defined hostname “ pnpserver.localdomainname ” eg . pnpserver.cisco.com 3. Neighbor Assisted Provisioning (NAPP) When no DHCP, a NAP server which is one of the devices already up using PnP, acts as proxy for new devices

17. 2960 - X Power Redundancy – RPS 2300 • Protection against device Power Supply Failure • Seamless Failover < 600 - μs • Increases availability of data and PoE 22 Pin connector RPS 2300 C2960 - X CAB - RPS2300 - E=

52. C2960 - X FlexStack - Plus Packet Flow, Unicast Member 1 Member 2 Member 3 Member 4 Unicast Packet Ingresses member 1 Egressing member 3 Packet traverses Hop by Hop Ingress Look - ups ignored if received on stack port Egress Loop - ups ignored if sent out of stack port Stack Port 1 Stack Port 2 Shortest Path Conflict – Use Stack Port 1

79. Egress Buffers Allocation Q1 4 MB/ASIC 1 Buffer = 256B 16384 Buffers Q2 Q3 Q4 Q1 Q2 Gig1/0/1 Gig1/0/2 140 KB Common Pool Reserved Pool CPU Pool Downlinks Uplinks Stack Ports • Every Port has reserved egress buffers • 10G uplinks reserved buffers = ~ 4 * 1G downlink reserved buffers • Dedicated Common pool for uplink & Stack ports

70. Probably Time to Think About Ipv6 in Your Network Your Host • IPv4 is protected by your favorite personal firewall... • IPv6 is enabled by default (Vista, Linux, Mac OS/X, ...) Dual Stack with IPv6 Enabled by Default Your Network • Does not run IPv6 Your Assumption • I’m safe Reality • You are not safe • Attacker sends Router Advertisements • Your host configures silently to IPv6 • You are now under IPv6 attack IPv6 First Hop Security

89. Automation with Cisco AutoQoS S witch Platform • Single command at the interface level configures interface and global QoS • Support for Cisco IP Phone & Cisco IP Soft Phone • Support for Cisco Telepresence, IP video surveillance camera & Media Player • Trust Boundary is disabled when IP Phone is moved / relocated • Buffer Allocation & Egress Queuing dependent on interface type (GE/FE) • Supported on Static, dynamic - access, voice VLAN access, and trunk ports • CDP must be enabled for AutoQoS to function properly • Cisco Catalyst 2960 supports SRR, Strict Priority Scheduling, and Strict Priority Queuing

96. AutoConf and Interface Templates Current Challenges Port - Based Only Usability/Bloated Config Inflexible Next - Gen Auto Smartports Simplified running - config Parsed at definition time Built - in templates Config rollback Precedence management Integrated with session - aware networking Lower TCO Easy to Use and Intuitive

46. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • FlexStack - Plus Architecture • FlexStack - Plus Packet Flow Examples • Overview on various features on the 2960X/XR • Configuration examples • Troubleshooting best practices and hints Agenda

56. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Security • QoS • Netflow • Ease of USE • Configuration examples • Troubleshooting best practices and hints Agenda

57. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Security • QoS • Netflow • Ease of USE • Configuration examples • Troubleshooting best practices and hints Agenda

72. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Security • QoS • Netflow • Ease of USE • Configuration examples • Troubleshooting best practices and hints Agenda

75. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Security • QoS • Netflow • Ease of USE • Configuration examples • Troubleshooting best practices and hints Agenda

91. • Comparison and differences in Cisco Catalyst 2960X and 2960XR series switches • Switches Architecture – 2960X/XR • Flex Stack Plus in 2960X/XR • Overview on various features on the 2960X/XR • Security • QoS • Netflow • Ease of USE • Configuration examples • Troubleshooting best practices and hints Agenda

95. Image Install Service Workflow • PnP server sends image location based on the UDI of the device • PnP agent  Checks if the path is valid  Calculates disk space on the destination, if not finds an alternate disk space on the device  D ownloads the image to the right destination where enough space is available  Checks the integrity of the image  Installs the image to all the applicable hardware (Standalone unit, HA unit, Stacked unit)  Notifies the server that image installation was successful  Reloads the device  If any error occurs in between the process of Image installation, the agent aborts and reports back to the server on the error

50. FlexStack - Plus Architecture Overview • Both Stack Links are active and Forwarding • Not a Ring Architecture – hop by hop • Local switching support • Packet path determined using “SPF” • No load balancing on stack ports • All members see flooded packets once • Passive link prevent Broadcast storm • 38 byte stack header – contains the ingress member

71. First Hop Security: RA Guard HOST Device - role RA RA RA RA RA ROUTER Device - role Identify “Trusted” Ports – where router will reside Only allow Route Advertisements from that Port Protection against DOS Attacks • On Address Configuration • On Duplicate Address Detection • Flooding attacks IPv6 First Hop Security

8. If you would like a copy of the presentation slides, click the PDF file link in the chat box on the right or go to : https :// supportforums.cisco.com/document/13017986/webcast - slides - cisco - catalyst - 2960 - x - and - 2960 - xr - series - switches - overview Thank You For Joining Us Today!

22. IP Lite - Basic L3 features in Catalyst 2960 Series IP Base IP Lite Lan Base Lan Lite IP Lite L3 features • RIPv1, RIPv2 • OSPF Routed Access • EIGRP (IPv4) • Policy Based Routing • Host Standby Router Protocol (HSRP) • VRRP • PIM (SM, DM, SDM) • IPv6 PIM (SM, SSM) IP Lite is subset of IP Base features

104. Catalyst 2960 - X Series Access Switches Next Generation Catalyst 2960 Access Switches Most Deployed Switch Just Got Better 2 x Doubling Everything Stack units, bandwidth & more Investment Protection Stack with Existing 2960 - S/SF Application Visibility & Control Layer 3 Routing Greenest Switch Ever Future - Proof Scalable Smart Intelligent & Green Simple Reduce TCO Secure One Policy

65. Auto Secure • 1 Line – ‘ auto security ’ applies 3 simple security features • DHCP Snooping • Dynamic ARP Inspection • Port Security • Global Config enables on all ports as well • Based on port mode – access OR trunk, it applies host config or uplink config Catalyst Integrated Security

86. Eight Egress Queues Configurable - map 24 traffic classes Output Q Map Q1 Q2 Q3 WTD WTD WTD SRR (Shaped/ Shared) Q4 WTD 1P7Q3T/ 8 Q3T Q5 Q7 Q6 Q8 WTD WTD WTD WTD Only on Standalone* * Roadmap to support eight queues in stack

7. Now through May 20 Ask the Expert Event following the Webcast Join the discussion for these Ask The Expert Events : http://bit.ly/events - webinar https://supportforums.cisco.com/discussion/12982571/ ask - expert - catalyst - 2960 - x - and - 2960 - xr - switches - overview - configuration - and

15. 2960 - X Fan Less Model Silent Operation : co - locate with end users (WS - C2960X - 24PSQ - L) ) First 8 ports PoE / PoE + (110W PoE Budget) 4 uplink ports 2 * SFP + 2 * 1G BT LAN Base only Non - Stackable Front Vents Heat Sinks Top Vents

48. Why FlexStack or FlexStack - Plus? • Manages all the switches as single virtual switch • Allows access to all switches with a single IP address • Automatic Master selection & backup 1:N redundancy • Automatic IOS versioning and Update! • Automatic configuration of new members • Automatic unit replacement (configuration of old switch retained) • Stateful switch over in case of master failures • Sub - millisecond Master failover • Smart Multicast – Local Replication of multicast packets • Cross - stack features (Etherchannel and QoS)

49. Stack Master Election Criteria • The stack (or switch) whose master has the higher user configurable mastership priority 1 – 15 Switch ( config )# switch 3 priority 15 • The stack (or switch) whose master is not using the default configuration • The stack (or switch) whose master has the longest uptime • The switch or stack whose master has the lowest MAC address

106. Now through May 20 Ask the Expert Event following the Webcast Join the discussion for these Ask The Expert Events : http://bit.ly/events - webinar https://supportforums.cisco.com/discussion/12982571/ ask - expert - catalyst - 2960 - x - and - 2960 - xr - switches - overview - configuration - and

108. Cisco has support communities in other languages! Spanish https :// supportforums.cisco.com/community/spanish Portuguese https :// supportforums.cisco.com/community/portuguese Japanese https :// supportforums.cisco.com/community/csc - japan Russian https :// supportforums.cisco.com/community/russian Chinese http :// www.csc - china.com.cn If you speak Spanish, Portuguese, Japanese, Russian or Chinese we invite you to participate and collaborate in your language

39. Within the ASIC – Single Data Path MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Egress Path Universal Packet Buffer (UPB ) (Shared for all 4 Data paths )

16. Redundant Inline Power with 2960 - XR Field - replaceable Power Supplies for Resilient Switching & PoE Non - stop power in 1 RU Optional power redundancy with dual supplies Easy field replacement Of failed PSU or integrated fans Standby Mode PoE budget does not increase with second PS 3 F R U P S U o p t i o n s Non - PoE 370W PoE 740W PoE 250 W AC 640 W AC 1025 W AC

29. Within the ASIC – Single Data Path MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Ingress Path Egress Path Universal Packet Buffer (UPB ) (Shared for all 4 Data paths )

76. Network Interface Catalyst 2K - QoS Model Trust Status Service - Policy Policer / R eMarker Output Q Map Q1 Q2 Q3 Q4 WTD WTD WTD WTD SRR (Shaped/ Shared) 1P3Q3T/ 4Q3T Universal Packet Buffer (UPB)

21. Dynamic Routing with 2960 - XR New IP Lite Feature Set Delivers basic Layer - 3 Functionality LAN Lite LAN Base IP Lite IP Base IP Services Basic L2 Complete L2 Basic L3 Complete L3 + CA(o) Advanced L3 + CA(o) 2960 - plus / 2960 - S/SF 2960 - X 2960 - XR 3650 / 3850/3750/35 60

74. NetFlow - Lite Characteristics on 2960 - X Series • NetFlow - Lite is supported on LAN Base and IP Lite SKUs only. • NetFlow - Lite is supported in Mixed Stack, on 2960 - X series ports only. • Only Sampled NetFlow is supported. • Ingress flows are only monitored. • Flows are monitored on Physical Ports and VLAN Interfaces(SVI). • One monitor per interface is supported. • NetFlow Version 9 is supported for Exporter. • Deterministic Sampler is not shared. Every attachment with same Deterministic Sampler uses up one free sampler. • Random Sampler is shared. Only one sampler is used when Random Sampler is attached to different Ports or SVIs.

14. FlexStack+ 80Gbps stacking NetFlow Lite on all ports 4 or 8 queues per port EEE downlinks Redundant FRU PS option (2960 - XR ) Dual - Core CPU MACsec Ready 4 MB of Buffers Power Saving Switch Hibernation 2 x10G or 4 x 1G Signed IOS images Cisco Catalyst 2960 - X & 2960 - XR Mac based VLAN

55. C2960 - X Drop Table - 2 Member stack • 2 member stack – special case • Stack port 1 on both members forward data packets. • Stack port 2 unused except for FlexStack protocol packets C2960X# show platform dtm drop - table Stack Port 1 Drop Tables: Node ID BLOCK/FORWARD 1 FORWARD 2 BLOCK Stack Port 2 Drop Tables: Node ID BLOCK/FORWARD 1 FORWARD 2 BLOCK Member 1 drop table 2 1 2 2 1 1

88. C2960 - X Stack Port Queue Set - Buffers per Stack ports is fixed - Buffers to Queues is configurable • Applies to all stack ports in stack. • Separate Common buffer pool for stack ports C2960XR# show mls qos stack - qset Queueset : Stack Queue : 1 2 3 4 ---------------------------------------------- buffers : 25 25 25 25 C2960XR#configure terminal C2960XR( config )# mls qos stack - qset buffers 10 60 20 10

45. Packet walk - Egress On the way Out MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB) 9 9 Final packet sent to the egress port .

54. C2960 - X FlexStack - Plus 4 Member Stack Link Neighbor Table 4 3 2 1 2 2 2 2 1 1 1 1 C2960X#show switch neighbors Switch # Port 1 Port 2 -------- ------ ------ 1 2 4 2 3 1 3 4 2 4 1 3 Stage 1 : Stack Neighbor Discovery Stage 2 : Topology Discovery

47. FlexStack - Plus Stack Module – 2960X/2960XR • FlexStack - Plus module provides an option for stacking • FlexStack - Plus module are Hot Swappable – Plug & Play • Powered using the switch - based power supply • Stack bandwidth of 8 0Gbps bi - directional traffic • FlexStack - Plus Supports stacking up to 8 members • FlexStack - Plus Technology is backward compatible with FlexStack . • FlexStack - Plus and FlexStack modules are not inter changeable.

30. Switch Database Management (SDM) Templates • Flexibility to configure system resources • Optimize system resources for various deployments – Switching, Routing SDM Template Default VLAN IPv4 L2 - MAC 16K 32K 16K L3 - Routes 5.25K 0.5K 24K Multicast (v4/v6) 1K / 1K 1K / 1K 1K / 0 QoS ACE (v4/v6) 500 / 250 500 / 500 500 / 0 Security ACE (v4/v6) 1K / 500 1K / 500 875 / 60 2960 - XR SDM templates

36. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB ) (Shared for all 4 Data paths ) 9 Update the NetFlow result table entry pointed by the Index 10 9 10 Look up to the NetFlow record. Index retuned

27. Slice 1 Data Path1 Slice 1 Data Path2 Shared Fwd Ctlr Stack ports Octal Phy Octal Phy Octal Phy 2960 - X Architecture Slice 2 Data Path1 Slice 2 Data Path2 Shared Fwd Ctlr Universal Packet Buffer (UPB) 4MB 2 * 10G SFP+/ 4 * 1G SFP Octal Phy Octal Phy Octal Phy Forwarding ASIC PoE 24 Ports PoE 24 Ports EDC Phy

35. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB ) (Shared for all 4 Data paths ) 7 Policing information returned 8 7 8 Look up to the policer . How much policing to do?

41. Packet walk - Egress On the way Out MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB) Packets egresses and is stored in the Transmit FIFO for egress processing 3 3

62. DHCP Snooping Switch#show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 00:0C:29:3D:75:B2 172.20.100.1 370008 dhcp - snooping 100 GigabitEthernet1/1 Catalyst Integrated Security Protected Resources Rogue DHCP Server 10.1.1.1 TRUSTED PORT UNTRUSTED PORT UNTRUSTED PORT ip dhcp snooping DHCP Server DHCP DISCOVER DHCP DISCOVER OFFER/ACK/NACK • Table is built by “snooping” the DHCP reply to the client • Entries stay in the table until DHCP lease time expires

25. How to read the PID WS - C2960 X - 48 FP D - L Switch Type Options: X = X series Port Type Options: FP = Full Inline Power ( 740W ) LP = Partial Inline Power ( 370W ) P = Inline Power Model T = Non - Inline Power model L = LAN Base LL = LAN Lite Number of Downlink ports D = 10Gig SFP+ uplink S = 1Gig SFP uplink Q = Quad / Four uplinks How to read the PID

42. Packet walk - Egress On the way Out MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB) 4 4 First 200 bytes & descriptor sent to the Forwarding Controller for egress processing

107. Collaborate within our Social Media Facebook - http:// bit.ly/csc - facebook Twitter - http:// bit.ly/csc - twitter You Tube http:// bit.ly/csc - youtube Google + http:// bit.ly/csc - googleplus LinkedIn http:// bit.ly/csc - linked - in Instgram http://bit.ly/csc - instagram Newsletter Subscription http ://bit.ly/csc - newsletter Learn About Upcoming Events

85. C2960XR# show mls qos queue - set 1 Queueset : 1 Queue : 1 2 3 4 ---------------------------------------------- buffers : 25 25 25 25 threshold1: 100 200 100 100 threshold2: 100 200 100 100 reserved : 50 50 50 50 maximum : 400 400 400 400 Four Egress Queues Default Configuration - map 12 traffic classes Output Q Map Q1 Q2 Q3 WTD WTD WTD SRR (Shaped/ Shared) Q4 WTD 1P3Q3T/ 4Q3T C2960XR#configure terminal C2960XR ( config )# mls qos srr - queue output queues 8

78. Egress Queuing & Scheduling Output Q Map Q1 Q2 Q3 WTD WTD WTD SRR (Shaped/ Shared) • Queuing – Default Four egress queues/ port – Configurable Eight egress queues/port – Queues assigned based on QoS label – 2 Queue - sets – 2 Queue configurations • Dropping – WTD used for congestion avoidance • Scheduling – Per Interface configuration – Strict Priority – SRR used to manage the queues WTD 1P3Q3T/ 4Q3T Q4

87. Eight Egress Queues Configurable - map 24 traffic classes Output Q Map Q1 Q2 Q3 WTD WTD WTD SRR (Shaped/ Shared) Q4 WTD 1P7Q3T/ 8 Q3T Q5 Q7 Q6 Q8 WTD WTD WTD WTD C2960XR #show mls qos queue - set 1 Queueset : 1 Queue : 1 2 3 4 5 6 7 8 -------------------------------------------------------------------------- - buffers : 10 30 10 10 10 10 10 10 threshold1: 100 1600 100 100 100 100 100 100 threshold2: 100 2000 100 100 100 100 100 100 reserved : 100 100 100 100 100 100 100 100 maximum : 400 2400 400 400 400 400 400 400 * Roadmap to support eight queues in stack

31. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM 1 1 Packets entering the switch are received by the Receive FIFO after VLAN decapsulation Universal Packet Buffer (UPB ) (Shared for all 4 Data paths )

64. Solution IPSG Automatically configures a Port ACL for IP address and adds a MAC address to port security based o n DHCP snooping binding table. Rouge traffic is blocked Campus LAN IP: 10.1.1.3 MAC: 0001:0002:00AA MAC: 0001.0002.00BB IP: 10.1.1.2 IP: 10.1.1.1 MAC: 0002.0001.1111 Gi1/1 Gi1/2 MAC: 0001.0002.00BB IP: 10.1.1.2 IP Source Guard Catalyst Integrated Security Campus LAN IP: 10.1.1.1 MAC: 0002.0001.1111 Problem Illegitimate hosts can spoof IP addresses and MAC addresses of authorized hosts and gain illegal access into the network IP: 10.1.1.3 MAC: 0001:0002:00AA ip dhcp snooping ip arp inspection (if) ip verify source DHCP Snooping Table 10.1.1.2 = 0001.0002.00BB Gi1/1 Spoofed IP

63. Solution Dynamic ARP inspection (DAI) prevents ARP attacks by interception all ARP requests and responses at the access Campus LAN IP: 10.1.1.3 MAC: 0001:0002:00AA MAC: 0001.0002.00BB IP: 10.1.1.2 DG: 10.1.1.1 ARP Cache 10.1.1.1 = 0001.0002.1111 ARP Cache 10.1.1.2 = 0001.0002.00BB Campus LAN CISF: Dynamic ARP Inspection (DAI) IP: 10.1.1.1 MAC: 0002.0001.1111 Catalyst Integrated Security Problem Attackers can poison the ARP cache on the destination devices and engineer the network traffic to gain visibility into it IP: 10.1.1.3 MAC: 0001:0002:00AA Attacker Gains Visibility DATA MAC: 0001.0002.00BB IP: 10.1.1.2 DG: 10.1.1.1 ARP Cache 10.1.1.1 = 0001.0002.00AA ARP Cache 10.1.1.2 = 0001.0002.00AA ARP 10.1.1.1 / 0001.0002.00AA IP: 10.1.1.1 MAC: 0002.0001.1111 ip dhcpsnooping ip arp inspection DHCP Snooping Table 10.1.1.2 = 0001.0002.00BB

67. Authorized Access Zero Downtime When Implementing 802.1X with Monitor Mode Discovery — Allows connection regardless of device types Correct — View failed reports on ACS or ISE; troubleshoot and resolve issues; ensure future authorization Add Authorization — Block unauthorized access; add policy for restricted resources Deploy Access Control The Solution Deployment Scenario — Cisco Access Switch Implement in Monitor Mode ! ! FAILURE MAC Address 00:18:F8:46:53:D7 802.1x CONNECTED MAC Address 00:18:F8:46:60:D7 802.1x CORPORATE RESOURCES REPORT ANALYSIS ALLOW ALLOW ALLOW ISE ALLOWED POLICY Si Si Si Si Si Si Si Si 2 K - X 15.0(2)EX

37. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB ) (Shared for all 4 Data paths ) 11 Search Engine in Forwarding Controller does L2/L3 Forwarding Look up in TCAM. Index returned Forwarding Controller sends Index to the SRAM for destination details. Destination information returned 12 11 1 2

61. Solution The DHCP snooping feature filters messages and rate limits rogue DHCP traffic from untrusted sources & builds DHCP binding table Protected Resources Rogue DHCP Server 10.1.1.1 TRUSTED PORT UNTRUSTED PORT UNTRUSTED PORT ip dhcp snooping DHCP Server Problem Rogue DHCP servers are often used in man - in - the - middle or denial of service attacks for malicious purposes DHCP Snooping DHCP Server Protected Resources DHCP DISCOVER Rogue DHCP Server IP: 10.1.1.1 DHCP DISCOVER DHCP REQ DHCP ACK IP: 10.1.1.2 DG: 10.1.1.1 DHCP OFFER DG:10.1.1.1 Attacker Gains Visibility DHCP DISCOVER DHCP DISCOVER OFFER/ACK/NACK DATA Catalyst Integrated Security

73. NetFlow Lite with 2960 - X & - XR Built - in Sampled NetFlow Flexible NetFlow Export Configurable key fields including L2 , L3, L4 ASIC - based capture At line - rate with minimal CPU impact Covers all ports North - South and East - West traffic Detect anomalies Identify top users and applications Catalyst 2960 - X NetFlow Lite • v9 Export • 16K flows • Sampled • Random • Deterministic from 1:1022 to 1:32

103. REFERENCES • 2960X Configuration Guide - http://www.cisco.com/c/en/us/support/switches/catalyst - 2960 - x - series - switches/products - installation - and - configuration - guides - list.html • 2960XR Configuration Guide - http://www.cisco.com/c/en/us/support/switches/catalyst - 2960 - xr - series - switches/products - installation - and - configuration - guides - list.html • 2960X/XR Getting Started Guide – http ://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960 xr/hardware/quick/guide/b_gsg_2960xr.html

38. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM 13 Descriptor 13 Descriptor with lookup results is a ppended to the original packet and stored in UPB Native Packet Descriptor Universal Packet Buffer (UPB ) (Shared for all 4 Data paths )

24. 2960 GE model Comparison Capability 2960 - S (LAN Base) 2960 - X (LAN Base) 2960 - XR (IP Lite) Active VLANs 255 1k 1k STP Instances 128 128 128 Etherchannel Groups 6 24 48 Queues per port 4 4 / 8* (configurable) 4 / 8* (configurable) Ingress Policers 64 256 256 Egress Buffer 2MB 4MB 4MB SPAN sessions 2 4 4 NetFlow - Lite No Yes Yes For Your Reference *available in standalone mode only

44. Packet walk - Egress On the way Out MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB) 7 8 7 Packet Header prepared in the Forwarding Controller 8 Forwarding Controller sends the header info to the TXT FIFO where the final packet is assembled

23. 2960 GE model Comparison Capability 2960 - S (LAN Base) 2960 - X (LAN Base) 2960XR (IPLITE) CPU Single Core @400MHz Dual Core @600MHz Dual Core @600MHz Stacking Technology FlexStack FlexStack - Plus FlexStack - Plus Stacking BW/ Members 40Gbps / 4 80Gbps / 8 80Gbps / 8 Power Supply Single Fixed Single Fixed Redundant Flash On board 64MB 128MB 128MB DRAM 128MB 512MB 512MB EEE downlinks No Yes Yes Switch Hibernation Mode No Yes Yes For Your Reference

33. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM 3 4 Search Engine in the Forwarding Controller does Learning lookup in TCAM and receives the index The Forwarding Controller queries the SRAM with the index to get the L2 Address table info for learning . 3 4 Universal Packet Buffer (UPB ) (Shared for all 4 Data paths )

19. Energy Efficient 2960 - X & 2960 - XR PID AC Power (W) 100% traffic AC Power (W) HW Sleep % Saving C2960X - 48FP 66.7 26.0 61% C2960X - 48LP 62.0 23.1 63% C2960X - 24P 53.1 22.6 58% C2960X - 48T 47.8 8.7 82% C2960X - 24T 33.1 6.4 81% Switch Hibernation Mode Powers down components EnergyWise Switch and endpoint monitoring and control Energy Efficient Ethernet Reduced power draw on downlinks Efficient Power Supply less power usage - energy savings

40. Packet walk - Egress On the way Out MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB ) (Shared for all 4 Data paths) 1 2 P ointer to the frame is placed on targeted Transmit Queue 1 2 Native Packet Descriptor Frame data from UPB is transferred to Transmit FIFO

32. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM 2 2 The whole packet is sent to UPB Copy of the first 200 bytes is sent into the Forwarding Controller for processing (forwarding, ACL, QOS lookups) Universal Packet Buffer (UPB ) (Shared for all 4 Data paths )

43. Packet walk - Egress On the way Out MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB) 5 Search Engine in Forwarding Controller sends Destination Lookup to TCAM . Index returned . 6 Forwarding Controller uses index to get the L 2 /L 3 forwarding info 5 6

82. A Q2 Weight 2 Q1 Weight 1 Q3 Weight 3 Q4 Weight 4 Shaped SRR vs. Shared SRR B B A B A A Shaped Shared Q2 Weight 2 Q1 Weight 1 Q3 Weight 3 Q4 Weight 4 A B A A Shared Queuing drains queues more efficiently! SRR Non - shared SRR Shared Packet Order Wait Wait Wait B B C C D A Room for more traffic, draining the buffers! SRR Shared Lesser weight queues sit idle and wait to transmit, even if higher weight queues are empty If higher weight queues are empty, lesser weight queues can continue to send while the higher weight queues are empty

81. A 4 Q2 Weight 2 Q1 Weight 1 Q3 Weight 3 Q4 Weight 4 Q2 Weight 2 Q1 Weight 1 Q3 Weight 3 Q4 Weight 4 WRR vs. SRR SRR is an evolution of WRR that protects against overwhelming buffers with huge bursts of traffic by using a smoother round - robin (SRR) mechanism A B D A B C A B C 3 3 2 2 2 1 1 1 5 WRR SRR SRR WRR Packet Order SRR has a more even traffic flow – Low Priority traffic won’t starve! Each queue empties immediately as it is weighted Each queue empties a weighted number of packets over a given period of time

93. Network Admin Remotely Monitors Status of Install While in Progress Booting Devices Call Out to PnP Server, Requesting Instructions Pre Provision Projects/Sites • Policies • Match Rules • Configs /Image • IP Addressing NETWORK ADMIN PnP Server Campus, Bldg - 2 Smart Install - Client PnP Agent PnP Agent PnP Agent PnP Agent Smart Install Proxy APIC EM Remote Installer • Mount and cable devices • Power - on INSTALLER UNSKILLED INSTALLER GUI BASED CONSISTENT FOR DEVICES AND PIN (CAMPUS/BRANCH) SECURE GREENFIELD AND BROWNFIELD RMA USE CASE Network Plug - N - Play with APIC - EM Automates Switch Deployment & Configuration

34. Packet walk - Ingress On the way in MAC Port 1 MAC Port 2 MAC Port 4 MAC Port 3 MAC Port 24 TXT Queues Forwarding Controller RCV FIFO TXT FIFO To CPU MAC Port 5 TCAM SRAM Universal Packet Buffer (UPB ) (Shared for all 4 Data paths ) 5 Search Engine in Forwarding Controller does QOS and ACL Look up in TCAM . Index returned Forwarding Controller queries the SRAM for the respective Ingress ACL and QOS response 6 5 6

80. Queue Sets & Thresholds C2960 - X#show mls qos queue - set 1 Queueset : 1 Queue : 1 2 3 4 ---------------------------------------------- buffers : 15 25 40 20 threshold1: 50 125 100 60 threshold2: 100 125 100 150 reserved : 50 100 100 50 maximum : 200 400 400 200 C2960 - X#show mls qos queue - set 2 Queueset : 2 Queue : 1 2 3 4 ---------------------------------------------- buffers : 25 25 25 25 threshold1: 100 100 100 100 threshold2: 100 100 100 100 reserved : 50 50 50 50 maximum : 400 400 400 400 C2960 - X( conf ) # mls qos queue - set output 1 buffers 15 25 40 20 C2960 - X( conf ) # mls qos queue - set output 1 threshold 4 60 150 50 200

68. 802.1X Is Not Just a Check Box Cisco Simplifies 802.1X Deployments Deployment Hurdle Feature How do you support n on 802.1X clients and Guest users/devices? • Guest VLAN • MAC Authentication Bypass, Web Authentication • Monitor Mode How do you handle failed access? • Failed Authentication VLAN • Monitor Mode How do you support m ultiple users or devices on the same port? • Multi domain Authentication • Multi - Authentication • MAC based VLAN assignment How do you support various kinds of devices with different authentication mechanisms? • Flexible Authentication via Automated 802.1X, MAB, web Auth • Different Supplicant types for different Client Operating Systems • Wake On LAN • IOS Sensor How do you handle devices moving in your network? • MAC Move/Replace How do you handle Device proliferation ? • IOS Sensor • Monitor Mode Cisco Has Many Features to Enhance 802.1x and Make Identity Networking Truly Deployable, Not Just a Check - Box

69. Multi - Auth - MAC based VLAN Assignment \ 2960 - X Access Switch Access VLAN 10 Ethernet Hub PC 0011 - 5678 - 1111 Campus Network AAA Server ADC DHCP, DNS Deployment Cases • LAN extension beyond wiring closet • Differentiated host access • Segmentation of virtual machines If PC, Then data VLAN 5 If IP Phone , Then voice VLAN 200 If Telepresence, Then video VLAN 100 MAC VLAN 0011 - 5678 - 1111 5 0022 - 5678 - 2222 200 0033 - 5678 - 3333 100 IP Phone 0022 - 5678 - 2222 Telepresence 0033 - 5678 - 3333 VLAN 5 VLAN 200 VLAN 100

97. Interface Templates Benefits Overview - Configuration file Readability and Manageability - Smaller Configuration files - Built - in Interface Templates for ease of use - All Interface Templates are Customizable Advantages over Auto Smart Ports  Templates updates immediately ripple to interfaces  Per session or Per port templates  No change to running - config  Full rollback and precedence management  Compatible with AutoConf Switch# show template interface brief Template - Name Source ----- -- ---------------- - --------- AP _INTERFACE_TEMPLATE Built - in DMP _INTERFACE_TEMPLATE Built - in IP_CAMERA _INTERFACE_TEMPLATE Built - in IP_PHONE _INTERFACE_TEMPLATE Built - in LAP _INTERFACE_TEMPLATE Built - in MSP_CAMERA _INTERFACE_TEMPLATE Built - in MSP_VC _INTERFACE_TEMPLATE Built - in PRINTER _INTERFACE_TEMPLATE Built - in ROUTER _INTERFACE_TEMPLATE Built - in SWITCH _INTERFACE_TEMPLATE Built - in TP _INTERFACE_TEMPLATE Built - in 11 Built - in Templates based on common end devices

84. Queue level Bandwidth Allocation C2960 - X# sh mls qos int gig1/0/3 queueing GigabitEthernet1/0/3 Egress Priority Queue : enabled Shaped queue weights (absolute) : 25 0 0 0 Shared queue weights : 10 10 60 20 The port bandwidth limit : 85 (Operational Bandwidth:100.0) The port is mapped to qset : 2 C2960 - X# sh mls qos int gig1/0/1 queueing GigabitEthernet1/0/1 Egress Priority Queue : disabled Shaped queue weights (absolute) : 3 0 0 0 Shared queue weights : 1 70 2 5 5 The port bandwidth limit : 100 (Operational Bandwidth:100.0) The port is mapped to qset : 1 C2960 - X( config ) # interface GigabitEthernet 1/0/1 C2960 - X( config - if)# srr - queue bandwidth share 1 70 25 5 ! Q2 gets 70% of remaining BW; Q3 gets 25% and Q4 gets 5% C2960 - X( config - if)# srr - queue bandwidth shape 3 0 0 0 ! Q1 is limited to 33% (1/3) of the total available BW C2960 - X( config ) # interface GigabitEthernet 1/0 / 3 C2960 - X( config - if)#priority - queue out

13. Catalyst 2960 - S 10G/1G SFP+/SFP 4 0G FlexStack Full PoE, PoE+ IPv6 FHS Advanced Layer 2 STACKABLE Catalyst 2960 - XR 2960 - X Features plus: IP Lite – L3/Routing Redundant PSU Advanced Layer 2/3 STACKABLE + RESILIENT The New Catalyst 2960 Family F e a t u r e L e a d e r s h i p a n d C i s c o Q u a l i t y a t C o m p e t i t i v e P r i c e s EASE - OF - USE ROBUST SECURITY ENHANCED LIFETIME WARRANTY ENERGY EFFICIENCY LOWER TCO Catalyst 2960 1G SFP/BASE - T Uplinks 802.3af PoE Layer 2 Stand - alone Catalyst 2960 - Plus 1G SFP/BASE - T Uplinks 802.3af PoE Layer 2 Stand - alone Catalyst 2960 - X 10G/1G SFP+/SFP 80G FlexStack+ Full PoE, PoE+ IPv6 FHS NetFlow Lite Advanced Layer 2 STACKABLE Catalyst 2960 - SF 1G SFP Uplinks 40G FlexStack Full PoE, PoE+ IPv6 FHS Advanced Layer 2 STACKABLE F a s t E t h e r n e t Catalyst 2960 - S 10G SFP+ Uplinks 40G FlexStack Full PoE, PoE+ IPv6 FHS Advanced Layer 2 STACKABLE G i g a b i t E t h e r n e t

99. AutoConf In Action Dynamic Binding to Interface 2960X # show run interface gi1/0/2 Current configuration : 38 bytes ! interface GigabitEthernet1/0/2 source template IP_PHONE_INTERFACE_TEMPLATE End Gig1/0/2 2960X # show derived int gi1/0/2 Derived configuration : 616 bytes ! interface GigabitEthernet1/0/2 switchport mode access switchport block unicast switchport port - security maximum 3 switchport port - security maximum 2 vlan access switchport port - security aging time 1 switchport port - security aging type inactivity switchport port - security violation restrict switchport port - security load - interval 30 srr - queue bandwidth share 1 30 35 5 priority - queue out mls qos trust cos storm - control broadcast level pps 1k storm - control multicast level pps 2k storm - control action trap spanning - tree portfast spanning - tree bpduguard enable ip dhcp snooping limit rate 15 end 2960X # show template interface binding all Template - Name Source Method Interface ------------- ------ ------ --------- IP_PHONE_INTERFACE_TEMPLATE Built - in dynamic Gi1/0/2 2960X # show template binding target gi1/0/2 Interface Templates =================== Interface: Gi1/0/2 Method Source Template - Name ------ ------ ------------- dynamic Built - in IP_PHONE_INTERFACE_TEMPLATE No change in run - config Full Configuration displayed with derived command What template is bound to interface?

66. Auto Secure – Actual Config & show Commands auto security ! interface GigabitEthernet3/3 description Connected to wired PC switchport access vlan 11 switchport mode access auto security - port host ! interface TenGigabitEthernet1/1 description Trunk Port switchport mode trunk auto security - port uplink Switch#sh auto security configuration % AutoSecure provides a single CLI config 'auto secure' to enable Base - line security Features like DHCP snooping, ARP inspection and Port - Security Auto Secure CLIs applied globally: --------------------------------- ip dhcp snooping ip dhcp snooping vlan 2 - 1005 no ip dhcp snooping information option ip arp inspection vlan 2 - 1005 ip arp inspection validate src - mac dst - mac ip Auto Secure CLIs applied on Access Port: ---------------------------------------- switchport port - security maximum 2 switchport port - security maximum 1 vlan access switchport port - security maximum 1 vlan voice switchport port - security violation restrict switchport port - security aging time 2 switchport port - security aging type inactivity switchport port - security ip arp inspection limit rate 100 ip dhcp snooping limit rate 100 Auto Secure CLIs applied on Trunk Port: -------------------------------------- ip dhcp snooping trust ip arp inspection trust switchport port - security maximum 100 switchport port - security violation restrict switchport port - security Switch#sh auto security Auto Secure is Enabled globally AutoSecure is Enabled on below interface(s): ----------------------------------- --------- TenGigabitEthernet1/1 GigabitEthernet3/1 GigabitEthernet3/3 GigabitEthernet3/4 GigabitEthernet3/5 GigabitEthernet3/6 Switch# 2 K - X 15.2(2)E

90. ! mls qos map cos - dscp 0 8 16 26 32 46 48 56 mls qos srr - queue output cos - map queue 1 threshold 3 5 mls qos srr - queue output cos - map queue 2 threshold 3 3 6 7 mls qos srr - queue output cos - map queue 3 threshold 3 2 4 mls qos srr - queue output cos - map queue 4 threshold 2 1 mls qos srr - queue output cos - map queue 4 threshold 3 0 mls qos srr - queue output dscp - map queue 1 threshold 3 40 41 42 43 44 45 46 47 mls qos srr - queue output dscp - map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr - queue output dscp - map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr - queue output dscp - map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr - queue output dscp - map queue 3 threshold 3 16 17 18 19 20 21 22 23 mls qos srr - queue output dscp - map queue 3 threshold 3 32 33 34 35 36 37 38 39 mls qos srr - queue output dscp - map queue 4 threshold 1 8 mls qos srr - queue output dscp - map queue 4 threshold 2 9 10 11 12 13 14 15 mls qos srr - queue output dscp - map queue 4 threshold 3 0 1 2 3 4 5 6 7 mls qos queue - set output 1 threshold 1 138 138 92 138 mls qos queue - set output 1 threshold 2 138 138 92 400 mls qos queue - set output 1 threshold 3 36 77 100 318 mls qos queue - set output 1 threshold 4 20 50 67 400 mls qos queue - set output 2 threshold 1 149 149 100 149 mls qos queue - set output 2 threshold 2 118 118 100 235 mls qos queue - set output 2 threshold 3 41 68 100 272 mls qos queue - set output 2 threshold 4 42 72 100 242 mls qos queue - set output 1 buffers 10 10 26 54 mls qos queue - set output 2 buffers 16 6 17 61 mls qos ! ! interface GigabitEthernet0/1 srr - queue bandwidth share 10 10 60 20 srr - queue bandwidth shape 10 0 0 0 queue - set 2 mls qos trust device cisco - phone mls qos trust cos auto qos voip cisco - phone ! C2960 - X( config - if)#auto qos voip cisco - phone Cisco Catalyst 2960 - X AutoQoS VoIP Model Example Options: auto qos voip cisco - phone auto qos voip cisco - softphone auto qos voip trust auto qos video cts auto qos video ip - camera auto qos video media - player

77. C2960 - X( config ) # int gig1 /0 / 2 C2960 - X( config - if)#auto qos voip cisco - phone C2960 - X( config - if)#do sh run int gig1/0/2 interface GigabitEthernet1/0/ 2 srr - queue bandwidth share 1 30 35 5 priority - queue out mls qos trust device cisco - phone mls qos trust cos auto qos voip cisco - phone service - policy input AUTOQOS - SRND4 - CISCOPHONE - POLICY end Trust, Classification & Marking Trust Status Service - Policy Policer / R eMarker QoS Label • Markings trusted by default – ‘ no mls qos ’ • ‘ mls qos ’ enabled – all markings are set to BE • Trust Config - Trust COS/DSCP - Conditional Trust - Mark without trust C2960 - X( config ) #no mls qos C2960 - X( config ) # C2960 - X( config ) # mls qos C2960 - X( config ) # interface GigabitEthernet1/0/11 C 2960 - X( config )# mls qos trust dscp C2960 - X( config ) # mls qos C2960 - X( config ) # interface GigabitEthernet1/0/11 C 2960 - X( config )# mls qos trust dscp C2960 - X( config )# mls qos trust device cisco - phone C2960 - X( config ) # mls qos C2960 - X( config ) # interface GigabitEthernet1/0/11 C 2960 - X( config )# mls qos cos 5 C 2960 - X( config )# mls qos cos override C2960 - X( config )#access - list 101 permit tcp any eq www any C2960 - X( config )# class - map match - all http C2960 - X( config - cmap ) #match access - group 101 C2960 - X( config - cmap )#policy - map web - server C2960 - X( config - pmap ) #class http C2960 - X( config - pmap - c) #police 500000 8000 exceed - act drop C2960 - X( config - pmap - c)# int gig1/0/ 11 C2960 - X( config - if)#service - policy input web - server

Views

  • 280 Total Views
  • 265 Website Views
  • 15 Embeded Views

Actions

  • 0 Social Shares
  • 0 Likes
  • 0 Dislikes
  • 0 Comments

Share count

  • 0 Facebook
  • 0 Twitter
  • 0 LinkedIn
  • 0 Google+

Embeds 3

  • 2 181.61.199.32
  • 1 181.61.198.241
  • 1 it-sbox.com