ccna switch 4500 series

8/14/2019 CCNA Switch 4500 Series

1/29


2/29

Contents

Overview1

Hardware2

Feature3

3

Design guide4

4

Cisco Catalyst 4500

2


3/29

1 Over View

Multitiered Networks: high-capability modular switch series can play multiple roles in the network such as access, distribution, and core.Secure unified communication: PoE, Inteligent

services, ScalabilityResiliency: Hardware resiliency, Softwareresiliency, Extensive securitySimplified operation

Deployment flexibility

Cisco Catalyst 4500

3


4/29

1 Over View

Investment protection: Backware andforward compatibility, Investmentenhancement, IPv4 & IPv6

Layer 3 Campus BackboneMinimize Spanning Tree and UseRouting Protocols

Server Farm Attached to CampusBackbone

Cisco Catalyst 4500

4


5/29

2 Hard Ware

Business Resiliency

Cisco Catalyst 4500

5


6/29

2 Hard WareCisco Catalyst 4500

6


7/29

Differences Between Catalyst 4500 Series Modular and Fixed-Configuration Switches

Cisco Catalyst 4500

7


8/29

2- Hard ware

Core SwitchesCisco Catalyst 4506 or 4507R Switch with Supervisor-IV

Distribution SwitchesCisco Catalyst 4503 Switch with Supervisor-IV

Access SwitchesCisco Catalyst 4503 Switch with Supervisor-II-Plus-TSCisco Catalyst 4506 with Supervisor-II-PlusCisco Catalyst 3750 and 3550 Series

Server Farm Access SwitchesCisco Catalyst 4948

Additional Network ElementsCisco ISR (for WAN connectivity and firewall function)Cisco IP PhonesCisco Wireless Access PointsCisco CallManager

Cisco Catalyst 4500

8


9/29

ScalabilityAllows network growth by adding new line cardsSupport from 64 Gbps to 136 Gbps switching

capacity and 96 to 384 Ethernet ports in a singleChassisSupport up to 32,000 to 55,000 Unicast MAC entriesand 16,000 Multicast MAC entries simultaneouslySupervisor cards are interchanged to enable further switching robustnessPoE: support for a broad range of PoE end device,incl 802.11n access point & up to 30W PoE per port.

Cisco Catalyst 4500

9

3 - Feature


10/29


11/29

High Feature CapacityScalability of these intelligent network services ismade possible with dedicated specialized resourcesknown as ternary content addressable memory

(TCAM). Ample TCAM resources (up to 192,000entries) enable high feature capacity, which provideswire-speed routing/switching performance withconcurrent provisioning of services such as QoS andsecurity. This helps ensure scalability for todaysnetwork requirements with ample room for futuregrowth.

Cisco Catalyst 4500

11

3 - Feature


12/29

ResiliencyHarware resiliency: All critical components, such assupervisors, power supplies, fans, are redundant.Software resiliency: Subsecond supervisor switchover (SSO) and Cisco In Service Software Upgrade (ISSU)occur without drop IP callsExtensive security feature: Network disruptions fromsecurity threats are minimized

Cisco Catalyst 4500

12

3 - Feature


13/29

3 - Feature

High AvailabilityIn Service Software Upgrade (ISSU)None-Stop Forwarding with Stateful Swithover (NFS/SSO)Control Plane Policing (CoPP)Hot Swappable Line cards

High Feature CapacitySecurity

Access Security (Port Security, ACL, IEEE 802.1x, DHCP Snooping,DAI, IP Source Guard) on Access SwitchesAccess Control Lists (PACL, VACL, RACL) on access and

core/distribution switchesManageability and Ease of use

Auto QoS

Cisco Catalyst 4500

13


14/29


15/29

NSF/SSO

Active/standby SUP are synchronizedat all timesRapid SUP switchover in case of failure (


16/29

Security

Cisco Catalyst 4500

16

Security feature Functional Description

Port Security Restrict input to an interface by limiting and identifying MAC addresses of the workstations that are allowed toaccess the port.

CL ACLs allow a user to specify Access lists to filter traffic on a per Port, VLAN or IP Routed interface basis.

IEEE 802.1x IEEE 802.1x is a client-server-based access control and authentication protocol that restricts unauthorized devicesfrom connecting to a LAN.

DHCP Snoopingand Option-82

DHCP snooping is a DHCP security feature that provides security by filtering un-trusted DHCP messages and bybuilding and maintaining a DHCP snooping binding table. An un-trusted message is a message that is receivedfrom outside the network or firewall and that can cause traffic attacks within the network. The Option-82 allows theaccess switches to add the origination port ID of the switch on the DHCP request to the DHCP server.

DAI Dynamic ARP inspection (DAI) uses the binding information that is built by DHCP snooping to enforce the

advertisement of bindings to prevent man-in-the-middle attacks. These attacks can occur when an attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entries in acommunication association. DAI adds an extra layer of security to ARP inspection by verifying that the ARPpackets MAC address and IP address match an existing DHCP snooping binding in the same VLAN.

IP Source Guard IP source guard provides per port IP traffic filtering of the assigned source IP addresses bybinding IP address to ports.

PVLAN Allows multiple VLANs with Layer 2 isolation to exist within a single subnet. Provides security by preventing accessto an entire network through a single server; also can save address space.

3 - Feature


17/29

Cost EffectivenessSupport various types of network connectivityUpgrade the Supervisor Engines while

reusing all the existing line cards instead of aforklift upgrade of the whole chassis.The Supervisor and Line cards are alsoshared across the various form factors of theCisco Catalyst 4500 Series Switches.

Cisco Catalyst 4500

17

3 - Feature


18/29

Server Farm Attached to Campus Backbone

A server farm consists of a logical group of networked servers that are usually housedin one location

The server farms require high availabilityThe Layer 2 design requires spanning tree

to avoid flooding loops

Root Guard, BackboneFast, UplinkFast,and LoopGuard needs should beconsidered for the network design andimplementation

Cisco Catalyst 4500

18


19/29

4.- Layer 3 Campus Backbone

The backbone layer is typically acollapsed core and distributionUse the Layer 3 protocols such as HSRP,

IGP, and load balancing.Limits the flooding domain, eliminatesspanning tree topologies

Cisco Catalyst 4500

19


20/29

4 Design Guide

The standard Cisco network architectureis a multitiered model:Access layer Distribution layer Core layer

Cisco Catalyst 4500

20


21/29

4-Design Guide: Minimize Spanning Tree and Use RoutingProtocols

Help avoid broadcast loops and floodingin the campus networkThe Layer 2 flooding domain and VLANs

are kept smaller for predictable andmanageable network performanceUse Per VLAN Spanning Tree [PVST] or

Multiple Spanning Tree [MST] to optimizenetwork link utilization

Cisco Catalyst 4500

21


22/29

4.2.3-Minimize Spanning Tree and Use Routing Protocols

Campus Backbone with Layer 3 Switching

Cisco Catalyst 4500

22


23/29

4 Design Guide: Midsize Market Campus NetworkDeployment Scenarios

There are four common deploymentscenarios based on the number of usersin the network:

Small OfficeUp to 108 usersSmall to Medium CampusUp to 250 usersSingle Building Medium CampusUp to 500

usersMedium CampusUp to 1,500 users

Cisco Catalyst 4500

23


24/29

4 Design Guide: Network Elements

Access, Distribution, and Core switchesCisco Catalyst 4503 Switch with Supervisor-II-Plus-

TS

Additional Access SwitchesCisco Catalyst Express 500 Series Switches (for 10-

20 additional Ethernet ports)

Additional Network Elements

Cisco ISR (for WAN connectivity, firewall and callprocessing function)Cisco wireless access pointsCisco IP phones

Cisco Catalyst 4500

24


25/29

4 Design Guide: Small Office (up to 108 Users)

Cisco Catalyst 4500

25


26/29

4 Design Guide: Small to Medium Campus (up to 250Users)

Cisco Catalyst 4500

26


27/29

4 Design Guide: Single Building Medium Campus (up to500 Users)

Cisco Catalyst 4500

27


28/29

4 Design Guide: Medium Campus (up to 1,500 Users)

Cisco Catalyst 4500

28


29/29

Thanks you very much!

Cisco Catalyst 4500

ccna switch 4500 series

Documents