Cisco Catalyst 3560-E Series Switches
Cisco® Catalyst® 3560-E Series is (Figure 1) an enterprise-class line of standalone access and aggregation switches that facilitate the deployment of secure converged applications while maximizing investment protection for evolving network and application requirements. Combining 10/100/1000 and Power over Ethernet (PoE) configurations with 10 Gigabit Ethernet uplinks, the Cisco Catalyst 3560-E Series access switches enhance worker productivity by enabling applications such as IP telephony, wireless, and video. Cisco Catalyst 3560-E Series aggregation switches deliver secure nonstop unified network services and versatile connectivity in a one rack-unit (1-RU) form factor for space and power constrained environments, enabling businesses to reduce total cost of ownership while maximizing investment protection.
Cisco Catalyst 3560-E Series Primary Features
• Cisco TwinGig converter module for migrating uplinks from Gigabit Ethernet to 10 Gigabit Ethernet
• Cisco EnergyWise for greenhouse gas emissions and operational cost optimization by measuring, reporting, and reducing energy consumption across the entire corporate infrastructure, well beyond the scope of IT.
• PoE configurations with 15.4W of PoE on all 48 ports
• Enhanced PoE supporting up to 20W of PoE per port
• Industry first portfolio to scale beyond 15.4W per port delivering maximum solution simplicity for 802.11n access point deployments
• Access switch models have modular fan and power supply with externally available backup
• Dual redundant modular power supplies and fans for Cisco Catalyst 3560E-12D and Catalyst 3560E-12SD aggregation switches for nonstop operation
• Multicast routing, IPv6 routing, and access control list (ACL) in hardware
• Out-of-band Ethernet management port along with RS-232 console port
Figure 1. Cisco Catalyst 3560-E Series Access and Aggregation Switches
Table 1. Switch Configurations.
Cisco Catalyst 3560-E Series Fixed Configuration Aggregation Switches
Figure 2. Cisco Catalyst 3560E-12D and Cisco Catalyst 3560E-12SD Switch (Back)
Cisco Catalyst 3560-E Software
Cisco EnergyWise Technology
10 Gigabit Ethernet Uplinks and the Cisco TwinGig Small Form-Factor Pluggable Converter
Figure 3. Cisco TwinGig Adapter Converting 10 Gigabit Ethernet X2 Interface into Two Gigabit Ethernet SFP Interfaces
Modular Power Supplies
• C3K-PWR-1150WAC: 1150WAC power supply with 800W PoE
• C3K-PWR-750WAC: 750WAC power supply for 24-port switch with 420W PoE
• C3K-PWR-265WAC: 265WAC power supply for 48- or 24-port switch without PoE
• C3K-PWR-265WDC: 265WDC power supply for 48- or 24-port switch without PoE
• C3K-PWR-300WAC: Cisco Catalyst 3560E-12D and 3560E-12SD 300WAC power supply
• C3K-PWR-300WDC: Cisco Catalyst 3560E-12D and 3560E-12SD 300WDC power supply
Power over Ethernet
Redundant Power System
Primary Features and Benefits
Ease of Use: Deployment
• Dynamic Host Configuration Protocol (DHCP) autoconfiguration of multiple switches through a boot server eases switch deployment.
• Automatic QoS (AutoQoS) simplifies QoS configuration in voice-over-IP (VoIP) networks by issuing interface and global switch commands to detect Cisco IP phones, classify traffic, and help enable egress queue configuration.
• Autonegotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
• Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
• Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel®groups or Gigabit EtherChannel groups to link to another switch, router, or server.
• Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
• Automatic media-dependent interface crossover (MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed.
• Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic wiring or port faults to be detected and disabled on fiber-optic interfaces.
Availability and Scalability
• Flexlink provides link redundancy with convergence time less than 100ms without Spanning Tree Protocol. A pair of interfaces configured as primary and backup links can load balance traffic based on VLAN. IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offer the benefit of Layer 2 load balancing and distributed processing.
• Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
• Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, failsafe routing topologies.
• Switch-port Autorecovery (Errdisable) automatically attempts to reactivate a link that is disabled because of a network error.
High-Performance IP Routing
• Basic IP unicast routing protocols (Static, Routing Information Protocol Version 1 [RIPv1], and RIPv2, RIPng, EIGRP stub) are supported for small-network routing applications.
• Advanced IP unicast routing protocols (OSPF, EIGRP, and BGPv4) are supported for load balancing and constructing scalable LANs. IPv6 routing (OSPFv3 and EIGRPv6) is supported in hardware for maximum performance. The IP Services feature set is required.
• Equal-cost routing facilitates Layer 3 load balancing and redundancy.
• Policy-based routing (PBR) allows superior control by facilitating flow redirection regardless of the routing protocol configured. The IP Services feature set is required.
• HSRP provides dynamic load balancing and failover for routed links, up to 32 unique HSRP links supported per unit. The group number can be reused for each VLAN configured in the switch.
• Protocol Independent Multicast (PIM) for IP multicast routing is supported, including PIM sparse mode (PIM-SM), Source Specific Multicast (SSM), PIM dense mode (PIM-DM), PIM sparse-dense mode and Source Specific Multicast (SSM). The IP Services feature set is required.
• Web Control Caching Protocol (WCCPv2) enables Wide Area Acceleration Services (WAAS), resulting in improved application response time and conservation of WAN bandwidth.
• Fallback bridging forwards non-IP traffic between two or more VLANs. The IP Services feature set is required.
Superior Quality of Service
• 802.1p class of service (CoS) and differentiated services code point (DSCP) field classification is provided, using marking and reclassification on a per-packet basis by source and destination IP address, MAC address, or Layer 4 TCP/UDP port number.
• Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet basis.
• Eight egress queues per port help enable differentiated management of different traffic types across the switch. Four queues are user configurable and four are reserved for system use.
• Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by intelligently servicing the ingress queues and egress queues.
• Weighted Tail Drop (WTD) provides congestion avoidance at the ingress and egress queues before a disruption occurs.
• Strict priority queuing helps ensure that the highest-priority packets are serviced ahead of all other traffic.
• The Cisco committed information rate (CIR) function provides bandwidth in increments as low as 8 Kbps.
• Rate limiting is provided based on source and destination IP address, source and destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
• Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit Ethernet port.
• DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out invalid addresses. This feature is used by other primary security features to prevent a number of other attacks such as ARP poisoning.
• Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol.
• IP source guard prevents a malicious user from spoofing or taking over another user’s IP address by creating a binding table between the client’s IP and MAC address, port, and VLAN.
• Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
• Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic.
• Unicast RPF feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
• IEEE 802.1x allows dynamic, port-based security, providing user authentication.
• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
• IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port.
• IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses, including that of the client.
• IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where the user is connected.
• IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network access on the guest VLAN.
• Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser for authentication.
• Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate voice and data VLANs.
• MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get authenticated using their MAC address.
• Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
• Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
• Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
• Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco intrusion detection system (IDS) to take action when an intruder is detected.
• TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.
• MAC Address Notification allows administrators to be notified of users added to or removed from the network.
• Port Security secures the access to an access or trunk port based on MAC address.
• Multilevel security on console access prevents unauthorized users from altering the switch configuration.
• Bridge protocol data unit (BPDU) guard shuts down Spanning Tree PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
• Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.
• IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
• Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
Intelligent Power over Ethernet (PoE) Management
• Cisco Discovery Protocol version 2 allows the Cisco Catalyst 3560-E Series Switch to negotiate a more granular power setting when connecting to a Cisco powered device, such as IP phones or access points, than what is provided by IEEE classification.
• Per Port power consumption command allows customer to specify maximum power setting on an individual port.
• Per Port PoE Power Sensing measures actual power being drawn, enabling more intelligent control of powered devices.
• The PoE MIB provides proactive visibility into power usage and allows customers to set different power level thresholds
• Link Layer Discovery Protocol (LLDP and LLDP-MED) adds support for IEEE 802.1AB link layer discovery protocol for interoperability in multivendor networks. Switches exchange speed, duplex, and power settings with end devices such as IP phones.
Management and Control Features
• Cisco IOS Software CLI support provides common user interface and command set with all Cisco routers and Cisco Catalyst desktop switches.
• Generic On-Line Diagnostics (GOLD) checks the health of hardware components and verifies proper operation of the system data and control plane at run time and boot time.
• Virtual Route Forwarding (VRF)-Lite enables a service provider to support two or more VPNs with overlapping IP addresses.
• Switching Database Manager Templates for access, routing, and VLAN deployment allow the administrator to easily maximize memory allocation to the desired features based on deployment-specific requirements.
• With Cisco IOS Software IP SLAs, users can verify service guarantees, increase network reliability by validating network performance, proactively identify network issues, and increase return on investment (ROI) by easing the deployment of new IP services.
• Local Proxy Address Resolution Protocol (ARP) works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.
• VLAN1 minimization allows VLAN1 to be disabled on any individual VLAN trunk.
• Internet Group Management Protocol (IGMP) Snooping for IPv4 and IPv6 MLD v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requestors.
• Multicast VLAN Registration (MVR) continuously sends multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons.
• Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall systems performance.
• Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
• Cisco VLAN Trunking Protocol (VTP) supports dynamic VLANs and dynamic trunk configuration across all switches.
• Remote Switch Port Analyzer (RSPAN) allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
• For enhanced traffic management, monitoring, and analysis, the Embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
• Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
• Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
• Network Timing Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
• Multifunction LEDs per port for port status; half-duplex and full-duplex mode; and 10BASE-T, 100BASE-TX, and 1000BASE-T indication as well as switch-level status LEDs for system, redundant-power supply, and bandwidth utilization provide a comprehensive and convenient visual management system.
• Jumbo frames (9216 bytes) are available on the 10/100/1000 configurations for advanced data and video applications requiring very large frames.
Network Management Tools
Cisco Network Assistant
• Configuration management
• Troubleshooting advice
• Inventory reports
• Event notification
• Network security settings
• Password synchronization
• Drag-and-drop Cisco IOS Software upgrades
• Secure wireless
CiscoWorks LAN Management Solution (LMS)
• Network discovery, topology views, end-station tracking, and VLAN management
• Real-time network fault analysis with easy-to-deploy device-specific best-practice templates
• Hardware and software inventory management, centralized configuration tools, and Syslog monitoring
• Network response time and availability monitoring and tracking
• Real-time device, link, and port traffic management, analysis, and reporting