Cisco Systems 2960 User Manual

DATA SHEET

CISCO CATALYST 2960 SERIES SWITCHES

PRODUCT OVERVIEW

Cisco® Catalyst® 2960 Series Intelligent Ethernet Switches are a new family of fixed-configuration standalone devices that provide desktop Fast Ethernet and Gigabit Ethernet connectivity, enabling enhanced LAN services for entry-level enterprise, mid-market, and branch office networks. The Catalyst 2960 Series offers integrated security, including network admission control (NAC), advanced quality of service (QoS), and resiliency to deliver intelligent services for the network edge.

The Cisco Catalyst 2960 Series offers:

• Intelligent features at the network edge, such as sophisticated access control lists (ACLs) and enhanced security

• Dual-purpose uplinks for Gigabit Ethernet uplink flexibility, allowing use of either a copper or a fiber uplink—each dual-purpose uplink port has

one 10/100/1000 Ethernet port and one Small Form-Factor Pluggable (SFP)-based Gigabit Ethernet port, with one port active at a time

• Network control and bandwidth optimization using advanced QoS, granular rate limiting, ACLs, and multicast services

• Network security through a wide range of authentication methods, data encryption technologies, and network admission control based on users,

ports, and MAC addresses

• Easy network configuration, upgrades, and troubleshooting using Cisco Network Assistant software

• Auto-configuration for specialized applications using Smartports

CONFIGURATIONS

The Cisco Catalyst 2960 Series comprises the following switches (Figure 1):

• Cisco Catalyst 2960-24TT: 24 Ethernet 10/100 ports and 2 fixed Ethernet 10/100/1000 uplink ports; 1 rack unit (RU)

• Cisco Catalyst 2960-48TT: 48 Ethernet 10/100 ports and 2 fixed Ethernet 10/100/1000 uplink ports; 1 RU

• Cisco Catalyst 2960-24TC: 24 Ethernet 10/100 ports and 2 dual-purpose uplink ports; 1 RU

• Cisco Catalyst 2960-48TC: 48 Ethernet 10/100 ports and 2 dual-purpose uplink ports; 1 RU

• Cisco Catalyst 2960G-24TC: 24 Ethernet 10/100/1000 ports, 4 of which are dual-purpose; 1 RU

Figure 1. Cisco Catalyst 2960 Series Switches

Page 1 of 15

The Cisco Catalyst 2960 Series software image is a rich suite of intelligent services, including advanced QoS, rate limiting, and ACLs. The SFPbased Gigabit Ethernet ports accommodate a range of SFP transceivers, including the Cisco 1000BASE-SX, 1000BASE-LX, 1000BASE-BX, 1000BASE-ZX, 100BASE-FX, 100BASE-LX, 100BASE-BX, and coarse wavelength-division multiplexing (CWDM) SFP transceivers.

GIGABIT ETHERNET

At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while increasing the return on existing infrastructure investments. Today’s workers are placing higher demands on networks, running multiple concurrent applications. For example, a worker joins a team conference call through an IP videoconference, sends a 10-MB spreadsheet to meeting participants, broadcasts the latest marketing video for the team to evaluate, and queries the customer relationship management (CRM) database for the latest real-time feedback. Meanwhile, a multigigabyte system backup starts in the background and the latest virus updates are delivered to the client.

INTELLIGENCE IN THE NETWORK

Networks of today are evolving to address four new developments at the network edge:

• Increase in desktop computing power

• Introduction of bandwidth-intensive applications

• Expansion of highly sensitive data on the network

• Presence of multiple device types, such as IP phones, WLAN access points, and IP video cameras

These new demands contend for resources with existing mission-critical applications. As a result, IT professionals must view the edge of the network as critical to effectively manage the delivery of information and applications.

As companies increasingly rely on networks as their strategic business infrastructure, it is more important than ever to ensure their high availability, security, scalability, and control. By adding Cisco intelligent functions for LAN access, you can now deploy networkwide intelligent services that consistently address these requirements from the desktop to the core and through the WAN.

With Cisco Catalyst Intelligent Ethernet switches, Cisco Systems® helps companies realize the full benefits of adding intelligent services into their networks. Deploying capabilities that make the network infrastructure highly available to accommodate time-critical needs, scalable to accommodate growth, secure enough to protect confidential information, and capable of differentiating and controlling traffic flows is critical to further optimizing network operations.

ENHANCED SECURITY

The wide range of security features that the Cisco Catalyst 2960 Series offers helps businesses protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation.

The Cisco Identity Based Networking Services (IBNS) solution provides authentication, access control, and security policy administration to secure network connectivity and resources. Cisco IBNS in the Cisco Catalyst 2960 Series prevents unauthorized access and helps ensure that users get only their designated privileges. It provides the ability to dynamically administer granular levels of network access. Using the 802.1x standard and the Cisco Secure Access Control Server (ACS), users can be assigned a VLAN upon authentication, regardless of where they connect to the network. This setup allows IT departments to enable strong security policies without compromising user mobility, and with minimal administrative overhead.

To guard against denial-of-service and other attacks, ACLs can be used to restrict access to sensitive portions of the network by denying packets based on source and destination MAC addresses, IP addresses, or TCP/User Datagram Protocol (UDP) ports. ACL lookups are done in hardware, so forwarding performance is not compromised when implementing ACL-based security.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 2 of 16

Port security can be used to limit access on an Ethernet port based on the MAC address of the device to which it is connected. It also can be used to limit the total number of devices plugged into a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the risks of rogue wireless access points or hubs.

With Dynamic Host Configuration Protocol (DHCP) snooping, DHCP spoofing can be thwarted by allowing only DHCP requests (but not responses) from untrusted user-facing ports. Additionally, the DHCP Interface Tracker (Option 82) feature helps enable granular control over IP address assignment by augmenting a host IP address request with the switch port ID.

The MAC Address Notification feature can be used to monitor the network and track users by sending an alert to a management station so that network administrators know when and where users entered the network. Secure Shell Protocol Version 2 (SSHv2) and Simple Network Management Protocol Version 3 (SNMPv3) encrypt administrative and network-management information, protecting the network from tampering or eavesdropping. TACACS+ or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering the configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators.

AVAILABILITY AND SCALABILITY

The Cisco Catalyst 2960 Series is equipped with a large set of features that allow for network scalability and higher availability through multicast filtering as well as a complete suite of Spanning Tree Protocol enhancements aimed to maximize availability in a Layer 2 network.

Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), UplinkFast, and PortFast, help to maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design. UplinkFast, PortFast, and BackboneFast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time. Flexlink provides bidirectional, fast convergence in less than 100 milliseconds. The Loopguard and bridge protocol data unit (BPDU) guard enhancements provide Spanning Tree Protocol loop avoidance.

ADVANCED QOS

The Cisco Catalyst 2960 Series offers superior multilayer QoS features to help ensure that network traffic is classified and prioritized, and that congestion is avoided in the best possible manner. Configuration of QoS is greatly simplified through automatic QoS (Auto QoS), a feature that detects Cisco IP phones and automatically configures the switch for the appropriate classification and egress queuing. This optimizes traffic prioritization and network availability without the challenge of a complex configuration.

The Cisco Catalyst 2960 Series can classify, reclassify, police, mark, queue, and schedule incoming packets and can queue and schedule packets at egress. Packet classification allows the network elements to discriminate between various traffic flows and enforce policies based on Layer 2 and Layer 3 QoS fields.

To implement QoS, the Cisco Catalyst 2960 Series Switch first identifies traffic flows or packet groups, then classifies or reclassifies these groups using the differentiated services code point (DSCP) field or the 802.1p class of service (CoS) field. Classification and reclassification can be based on criteria as specific as the source or destination IP address, source or destination MAC address, or the Layer 4 TCP or UDP port. At the ingress, the Catalyst 2960 Series also polices to determine whether a packet is in or out of profile, marks to change the classification label, passes through or drops out of profile packets, and queues packets based on classification. Control-plane and data-plane ACLs are supported on all ports to help ensure proper treatment on a per-packet basis.

The Cisco Catalyst 2960 Series supports four egress queues per port, giving network administrators more control in assigning priorities for the various applications on the LAN. At egress, the switch performs congestion control and scheduling, the algorithm or process that determines the order in which queues are processed. The Catalyst 2960 Series Switch supports Shaped Round Robin (SRR) and strict priority queuing. The SRR algorithm helps ensure differential prioritization.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 3 of 16

These QoS features allow network administrators to prioritize mission-critical and bandwidth-intensive traffic, such as enterprise resource planning (ERP), voice (IP telephony traffic), and computer-aided design and manufacturing (CAD/CAM), over applications such as FTP or e-mail. For example, it would be undesirable to have a large file download destined to one port on a switch increase latency in voice traffic destined to another port on this switch. This condition is avoided by ensuring that voice traffic is properly classified and prioritized throughout the network. Other applications, such as Web browsing, can be handled on a lower-priority basis.

The Cisco Catalyst 2960 Series can perform rate limiting through its support of the Cisco committed information rate (CIR) function. Through CIR, bandwidth can be guaranteed in increments as small as 1 Mbps. Bandwidth can be allocated based on several criteria, including MAC source address, MAC destination address, IP source address, IP destination address, and TCP or UDP port number. Bandwidth allocation is essential when network environments require service-level agreements or when it is necessary to control the bandwidth given to certain users.

MANAGEMENT

The new Express Setup feature simplifies the initial configuration of a switch. Now you can set up the switch through a Web browser, eliminating the need for terminal-emulation programs and the command-line interface (CLI). Express Setup reduces the cost of deployment by helping less-skilled personnel quickly and easily set up switches.

Cisco Network Assistant is a PC-based network-management application optimized for LANs with up to 250 users. Cisco Network Assistant offers centralized management of Cisco switches, routers, and WLAN access points. It supports a wide range of Cisco Catalyst intelligent switches from Cisco Catalyst 2960 through Cisco Catalyst 4506. Through a user-friendly GUI, users can configure and manage a wide array of switch functions and start the device manager of Cisco routers and Cisco wireless access points. A few mouse clicks enable the Cisco recommended security, availability, and QoS features without the need to consult a detailed design guide. The Security wizard automatically restricts unauthorized access to servers with sensitive data. Smartports and wizards save time for network administrators, reduce human errors, and help ensure that the configuration of the switch is optimized for these applications. Available at no cost, Cisco Network Assistant can be downloaded from the Cisco Website.

In addition to Cisco Network Assistant, Cisco Catalyst 2960 Series switches provide for extensive management using SNMP network-management platforms such as CiscoWorks for Switched Internetworks. Managed with CiscoWorks, Cisco Catalyst switches can be configured and managed to deliver end-to-end device, VLAN, traffic, and policy management. Additionally, the CiscoWorks Resource Manager Essentials, a Web-based management tool, helps enable automated inventory collection, software deployment, easy tracking of network changes, views into device availability, and quick isolation of error conditions.

Table 1 gives the features and benefits of the Cisco Catalyst 2960 Series. Table 2 gives the hardware specifications, and Table 3 gives the power specifications. Table 4 lists the management and standards support, and Table 5 provides the safety and compliance information.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 4 of 16

Table 1. Features and Benefits of Cisco Catalyst 2960 Series

Feature Benefit

Ease of Use and Deployment

AVAILABILITY AND SCALABILITY

Superior Redundancy for Fault Backup

• Express Setup simplifies initial configuration with a Web browser, eliminating the need for more complex

terminal emulation programs and CLI knowledge.

• DHCP autoconfiguration of multiple switches through a boot server eases switch deployment.

• Automatic QoS (Auto QoS) simplifies QoS configuration in voice-over-IP (VoIP) networks by issuing interface

and global switch commands to detect Cisco IP phones, classify traffic, and enable egress queue configuration.

• Autosensing on each 10/100 port detects the speed of the attached device and automatically configures the

port for 10- or 100-Mbps operation, easing switch deployment in mixed 10- and 100-Mbps environments.

• Autonegotiating on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.

• Dynamic Trunking Protocol (DTP) helps enable dynamic trunk configuration across all switch ports.

• Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel® groups or Gigabit

EtherChannel groups to link to another switch, router, or server.

• Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform

to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.

• DHCP Server enables a convenient deployment option for the assignment of IP addresses in networks that do

not have without a dedicated DHCP server.

• DHCP Relay allows a DHCP relay agent to broadcast DHCP requests to the network DHCP server.

• 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-BX, 100BASE-FX, 100BASE-LX, 100BASE-BX,

and coarse wavelength-division multiplexing (CWDM) physical interface support through a field-replaceable SFP module provides unprecedented flexibility in switch deployment.

• The default configuration stored in flash memory ensures that the switch can be quickly connected to the

network and can pass traffic with minimal user intervention.

• Automatic medium-dependent interface crossover (Auto-MDIX) automatically adjusts transmit and receive pairs

if an incorrect cable type (crossover or straight-through) is installed on a copper port.

• Time-domain reflectometer (TDR) to diagnose and resolve cabling problems on copper ports.

• Cisco UplinkFast and BackboneFast technologies help ensure quick failover recovery, enhancing

overall network stability and reliability.

• IEEE 802.1w Rapid Spanning Tree Protocol provides rapid spanning-tree convergence independent of

spanning-tree timers and the benefit of distributed processing.

• Per-VLAN Rapid Spanning Tree Plus (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN

spanning-tree basis, without requiring the implementation of spanning-tree instances.

• Command-switch redundancy enabled in Cisco Network Assistant software allows designation of a backup

command switch that takes over if the primary command switch fails.

• Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links to be detected

and disabled to avoid problems such as spanning-tree loops.

• Switch port autorecovery (errdisable) automatically attempts to re-enable a link that is disabled because of

a network error.

• Cisco Redundant Power System 675 (RPS 675) support provides superior internal power-source redundancy

for up to six Cisco networking devices, resulting in improved fault tolerance and network uptime.

• Bandwidth aggregation up to 8 Gbps through Cisco Gigabit EtherChannel technology and up to 800 Mbps

through Cisco Fast EtherChannel technology enhances fault tolerance and offers higher-speed aggregated bandwidth between switches and to routers and individual servers.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 5 of 16

+ 11 hidden pages