Cisco Catalyst 2960-S and 2960 Series Switches with
LAN Base Software
The Cisco® Catalyst® 2960-S and 2960 Series Switches are the leading Layer 2 edge, providing improved
ease of use, highly secure business operations, improved sustainability, and a borderless network
experience. The Cisco Catalyst 2960-S Series Switches include new Cisco FlexStack switch stacking
capability with 1 and 10 Gigabit connectivity, and Power over Ethernet Plus (PoE+) with the Cisco Catalyst
2960 Switches offering fast Ethernet access connectivity and PoE capabilities. The Cisco Catalyst 2960-S
and 2960 Series are fixed-configuration access switches designed for enterprise, midmarket, and branch
office networks to provide lower total cost of ownership. The Cisco Catalyst 2960-S is shown in Figure 1,
and the Cisco Catalyst 2960 Series Switches are shown in Figure 2.
What’s new for the Cisco Catalyst 2960-S Series Switches with LAN Base software:
●
10 and 1 Gigabit Ethernet uplink flexibility with Small Form-Factor Pluggable Plus (SFP+), providing business
continuity and fast transition to 10 Gigabit Ethernet
●
24 or 48 ports of Gigabit Ethernet desktop connectivity
●
Cisco FlexStack stacking module with 40 Gbps of throughput, allowing ease of operation with single
configuration and simplified switch upgrade
●
PoE+ with up to 30W per port that allows you to support the latest PoE+ capable devices
●
Power supply options, with 740W or 370W fixed power supplies for PoE+ switches are available
●
USB storage for file backup, distribution, and simplified operations
●
A wide range of software features to provide ease of operation, highly secure business operations,
sustainability, and a borderless network experience
●
Limited lifetime hardware warranty, including next-business-day replacement with 90-day service and support
The Cisco Catalyst 2960 Series Switches with LAN Base software offer the following:
●
Dual-purpose uplinks for Gigabit Ethernet uplink flexibility, allowing use of either a copper or fiber uplink; each
dual-purpose uplink port has one 10/100/1000 Ethernet port and one SFP-based Gigabit Ethernet port, with
one port active at a time
●
24 or 48 ports of Fast Ethernet desktop connectivity
●
PoE configurations with up to 15.4W per port
●
A wide range of software features to provide ease of operation, highly secure business operations,
sustainability, and a borderless networking experience
Table 1 shows the configuration information for the Cisco Catalyst 2960-S Series Switches with LAN Base software,
and Table 2 shows the configuration information for the Cisco Catalyst 2960 Series Switches with LAN Base
software.
Table 1. Configurations of Cisco Catalyst 2960-S Series Switches with LAN Base Software
Cisco Catalyst 2960-S Switch Model Description Uplinks Available PoE Power
10 Gigabit Uplinks with 10/100/1000 Ethernet Connectivity
All models available with optional Cisco FlexStack stacking module.
Cisco Catalyst 2960S-STACK is optional Stacking Module for all 2960-S LAN Base switches that includes a .5M stack cable.
No DC Power supplies are available.
2 Ten Gigabit Ethernet SFP+ or 2 One
Gigabit Ethernet SFP ports
2 Ten Gigabit Ethernet SFP+ or 2 One
Gigabit Ethernet SFP ports
2 Ten Gigabit Ethernet SFP+ or 2 One
Gigabit Ethernet SFP ports
2 Ten Gigabit Ethernet SFP+ or 2 One
Gigabit Ethernet SFP ports
2 Ten Gigabit Ethernet SFP+ or 2 One
Gigabit Ethernet SFP ports
Cisco FlexStack stacking with a hot-swappable module and Cisco IOS® Software provides true stacking, all switches
in a stack act as a single switch unit. The Cisco FlexStack provides a unified data plane, unified configuration, and
single IP address management for a group of switches. The advantages of true stacking are lower total cost of
ownership through simplified management and higher availability. Cisco FlexStack supports cross-stack features
including EtherChannel, SPAN and FlexLink technology. A stack module can be added to any Cisco Catalyst 2960-S
switch with LAN Base software to quickly upgrade the switch to make it stack capable, and the switch added to the
stack will upgrade to the correct Cisco IOS® Software version and transparently become a stack member. Figure 3
shows the FlexStack stacking module for the Cisco Catalyst 2960-S.
Figure 3. Cisco Catalyst 2960-S Switches with Cisco FlexStack Modules and Stack Cabling
In addition to PoE 802.3af, the Cisco Catalyst 2960-S Series Switches support Power over Ethernet Plus (PoE+)
(IEEE 802.3at standard), which provides up to 30W of power per port. The Cisco Catalyst 2960-S and 2960 Series
Switches can provide a lower total cost of ownership for deployments that incorporate Cisco IP phones, Cisco
Aironet® wireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device. PoE removes the need for
wall power to each PoE-enabled device and eliminates the cost for additional electrical cabling and circuits that
would otherwise be necessary in IP phone and WLAN deployments. Table 3 shows the power supply combinations
required for different PoE needs.
Table 3. Switch PoE and PoE+ Power Capacity
Switch Model Maximum Number of PoE+
(IEEE 802.3at) Ports*
10 Gigabit Uplinks with 10/100/1000 Ethernet Connectivity
Cisco Catalyst 2960S-48FPD-L 24 ports up to 30W 48 ports up to 15.4W 740W
Cisco Catalyst 2960S-48LPD-L 12 ports up to 30W 24 ports up to 15.4W
Cisco Catalyst 2960S-24PD-L 12 ports up to 30W 24 ports up to 15.4W 370W
1 Gigabit Uplinks with 10/100/1000 Ethernet Connectivity
Cisco Catalyst 2960S-48FPS-L 24 ports up to 30W 48 ports up to 15.4W 740W
Cisco Catalyst 2960S-48LPS-L 12 ports up to 30W 24 ports up to 15.4W
Cisco Catalyst 2960S-24PS-L 12 ports up to 30W 24 ports up to 15.4W 370W
Cisco Catalyst 2960-48PST-L N/A 24 ports up to 15.4W
Cisco Catalyst 2960-24PC-L N/A 24 ports up to 15.4W 370W
Cisco Catalyst 2960-24LT-L N/A 8 ports up to 15.4W 123W
* Intelligent power management allows flexible power allocation across all ports.
Maximum Number of PoE
(IEEE 802.3af) Ports*
48 ports up to 7.7W
48 ports up to 7.7W
48 ports up to 7.7W
Available PoE Power
370W
370W
370W
Cisco Catalyst 2960-S and 2960 Series Switches Enable Cisco Borderless Network
Borderless Networks, a Cisco architecture, deliver the new workspace experience, connecting anyone, anywhere,
using any device, to any resource securely, reliably, and transparently. Cisco’s Borderless Networks architecture
addresses primary IT and business challenges to help create a truly borderless experience by bringing interactions
closer to the employee and customer.
Borderless experience is only possible with intelligent network elements designed and architected to meet the needs
of a global workspace. Cisco Network Access is a primary component of this architecture, enabling various
borderless network services such as mobility, security, sustainability, and ease of operations for increased
productivity and operational efficiency. When network access is intelligent, it knows the identity of the user, as well
as where the user is on the network. It knows what is connecting to the network, to automatically provision the
network for QoS and delivery. It becomes services-aware to optimize user experience. Only with intelligent access
network, your enterprise can go borderless securely and transparently. Your business can save energy, simplify
operations with better business efficiency, and have an optimized total cost of ownership.
Cisco Network Access for Borderless solution focuses on the following primary areas:
Cisco Catalyst switching solutions enable greener practices through measurable power efficiency, integrated
services, and continuous innovations such as Cisco EnergyWise, an enterprisewide solution that monitors and
conserves energy with customized policies. Together, Cisco EnergyWise technology and Cisco Catalyst switches
reduce greenhouse gas (GhG) emissions and increase energy cost savings and sustainable business behavior.
Sustainability features in the Cisco Catalyst 2960-S and 2960 Series Switches include the following features sets:
●
Cisco EnergyWise technology
●
Efficient switch operation
●
Intelligent power management
Cisco EnergyWise Technology
Cisco EnergyWise is an innovative architecture, added to fixed configuration switches, promoting companywide
sustainability by reducing energy consumption across an entire corporate infrastructure and affecting more than 50
percent of global greenhouse gas emissions created by worldwide building infrastructure, a much greater effect than
the 2 percent generated by the IT industry. Cisco EnergyWise enables companies to measure the power
consumption of network infrastructure and network-attached devices and manage power consumption with specific
policies, reducing power consumption to realize increased cost savings, potentially affecting any powered device.
EnergyWise encompasses a highly intelligent network-based approach to communicate messages that measure
and control energy between network devices and endpoints. The network discovers Cisco EnergyWise-manageable
devices, monitors their power consumption, and takes action based on business rules to reduce power consumption.
EnergyWise uses a unique domain-naming system to query and summarize information from large sets of devices,
making it simpler than traditional network management capabilities. Cisco EnergyWise’s management interfaces
allow facilities and network management applications to communicate with endpoints and each other using the
network as a unifying fabric. The management interface uses standard SNMP or TCP to integrate Cisco and thirdparty management systems.
Efficient Switch Operation
Cisco Catalyst 2960-S and 2960 Series Switches, designed and engineered by Cisco, provide optimum power
saving, low power operations for industry best-in-class power management, and power consumption capabilities.
The Cisco Catalyst 2960-S ports are capable of reduced power modes so that ports not in use can move into a lower
power utilization state.
Intelligent Power Over Ethernet Management
The Cisco Catalyst 2960-S PoE models support the latest PoE+ devices including Cisco IP phones and Cisco
Aironet WLAN access points providing up to 30W of power per port, as well as any IEEE 802.3af-compliant end
device.
●
Per Port Power Consumption command allows customers to specify maximum power setting on an
individual port
●
Per Port PoE Power Sensing measures actual power being drawn, enabling more intelligent control of
powered devices
●
Cisco Discovery Protocol Version 2 allows switches to negotiate a more granular power setting when
connecting to a Cisco powered device such as IP phones or access points than what is provided by
IEEE classification
●
The PoE MIB provides proactive visibility into power usage and allows customers to set different
power-level thresholds
The Cisco Catalyst 2960-S and 2960 Series Switches help reduce the operating costs through:
●
Cisco Catalyst Smart Operations
●
Easy to use deployment and control features
●
Advanced, intelligent network management tools
Cisco Catalyst Smart Operations
Cisco Catalyst Smart Operations is a comprehensive set of capabilities that simplify LAN deployment, configuration,
and troubleshooting. Cisco Catalyst Smart Operations enable zero touch installation and replacement of switches,
fast upgrade, as well as ease of troubleshooting with reduced operational cost.
Cisco Catalyst Smart Operations is a set of features that includes Smart Install, Auto Smartports, Smart
Configuration, and Smart Troubleshooting to enhance operational excellence:
●
Cisco Smart Install is a transparent plug-and-play technology to configure the Cisco IOS Software image
and switch configuration without user intervention. Smart Install utilizes dynamic IP address allocation and the
assistance of other switches to facilitate installation providing transparent network plug and play.
●
Cisco Auto Smartports provide automatic configuration as devices connect to the switch port, allowing auto
detection and plug and play of the device onto the network.
●
Cisco Smart Configuration provides a single point of management for a group of switches and in addition
adds the ability archive and backup configuration files to a file server or switch allowing seamless zero touch
switch replacement.
●
Cisco Smart Troubleshooting is an extensive array of debug diagnostic commands and system health
checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard Failure Logging (OBFL).
Easy-to-Use Deployment and Control Features
●
Automatic QoS (AutoQoS) simplifies QoS configuration in voice over IP (VoIP) networks by issuing interface
and global switch commands to detect Cisco IP phones, classify traffic, and help enable egress queue
configuration.
●
Stacking Master Configuration Management and Cisco FlexStack stacking helps ensure that all switches
are automatically upgraded when the master switch receives a new software version. Automatic software
version checking and updating help ensure that all stack members have the same software version.
●
Dynamic Host Configuration Protocol (DHCP) autoconfiguration of multiple switches through a boot server
eases switch deployment.
●
Auto-Negotiation on all ports automatically selects half- or full-duplex transmission mode to
optimize bandwidth.
●
Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
●
Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel® groups or Gigabit
EtherChannel groups to link to another switch, router, or server.
●
Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that
conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
●
Automatic Media-Dependent Interface Crossover (MDIX) automatically adjusts transmit and receive pairs
if an incorrect cable type (crossover or straight-through) is installed.
●
Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by
incorrect fiber-optic wiring or port faults to be detected and disabled on fiber-optic interfaces.
Switching Database Manager (SDM) templates for access, routing, and VLAN deployment allow the
administrator to easily maximize memory allocation to the desired features based on deployment-specific
requirements.
●
Local Proxy Address Resolution Protocol (ARP) works in conjunction with Private VLAN Edge to minimize
broadcasts and maximize available bandwidth.
●
Internet Group Management Protocol (IGMP) Snooping for IPv4 and IPv6 MLD v1 and v2 Snooping
provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the
requestors.
●
Multicast VLAN Registration (MVR) continuously sends multicast streams in a multicast VLAN while
isolating the streams from subscriber VLANs for bandwidth and security reasons.
●
Per-port Broadcast, Multicast, and Unicast Storm Control prevents faulty end stations from degrading
overall systems performance.
●
Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier
administration and troubleshooting.
●
Cisco VLAN Trunking Protocol (VTP) supports dynamic VLANs and dynamic trunk configuration across all
switches.
●
Remote Switch Port Analyzer (RSPAN) allows administrators to remotely monitor ports in a Layer 2 switch
network from any other switch in the same network.
●
For enhanced traffic management, monitoring, and analysis, the Embedded Remote Monitoring (RMON)
software agent supports four RMON groups (history, statistics, alarms, and events).
●
Layer 2 Traceroute eases troubleshooting by identifying the physical path that a packet takes from source to
destination.
●
Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading
from a centralized location.
●
Network Timing Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
Data Sheet
Advanced, Intelligent Network Management Tools
The Cisco Catalyst 2960-S and 2960 Series Switches offer both a superior CLI for detailed configuration and Cisco
Network Assistant software, a PC-based tool for quick configuration based on preset templates. In addition,
CiscoWorks LAN Management Solution (LMS) supports the Cisco Catalyst 2960-S and 2960 Series Switches for
networkwide management.
Cisco Network Assistant
A PC-based network management application designed for small and medium-sized business (SMB) networks with
up to 250 users, Cisco Network Assistant offers centralized network management and configuration capabilities.
Cisco Network Assistant uses Cisco Smartports technology to simplify both initial deployment and ongoing
maintenance. This application also features an intuitive GUI where users can easily apply common services across
Cisco switches, routers, and access points, such as:
For detailed information about Cisco Network Assistant, visit
http://www.cisco.com/go/cna.
CiscoWorks LAN Management Solution
CiscoWorks LAN Management Solution (LMS) is a comprehensive network lifecycle management solution. It
provides an extensive library of easy-to-use features to automate the initial and day-to-day management of your
Cisco network infrastructure. CiscoWorks LMS uniquely uses Cisco hardware and software platform knowledge and
operational experience into a powerful set of workflow-driven configuration, monitoring, troubleshooting, reporting,
and administrative tools. Including:
●
Support for new Cisco hardware platforms the day they ship
●
Support for new technologies and services from initial deployment to day-to-day administration and
management, such as EnergyWise, Identity, Cisco Auto Smartports, Cisco Smart Install, and much more
●
Configuration management tools built from Cisco experience and Cisco Validated Design recommendations
●
Monitoring and troubleshooting capabilities that incorporates Cisco hardware best practices and
diagnostics features
●
Automation in managing hardware inventories, security vulnerabilities (PSIRTS), and platform end-of-life and
support cycles
For detailed information about CiscoWorks LMS, go to
The Cisco Catalyst 2960-S and 2960 Series Switches provide superior Layer 2 threat defense capabilities for
mitigating man-in-the-middle attacks (such as MAC, IP, and ARP spoofing). TrustSec, a primary element of
Borderless Security Architecture, helps enterprise customers secure their networks, data and resources with policybased access control, identity and role-aware networking, pervasive integrity, and confidentiality. The borderless
security is enabled by the following feature sets in the Cisco Catalyst 2960-S and 2960 Series Switches:
●
Threat defense
●
Cisco TrustSec
●
Other advanced security features
Threat Defense
Cisco Integrated Security Features is an industry-leading solution available on Cisco Catalyst Switches that
proactively protects your critical network infrastructure. Delivering powerful, easy-to-use tools to effectively prevent
the most common and potentially damaging Layer 2 security threats, Cisco Integrated Security Features provides
robust security throughout the network. Cisco Integrated Security Features include Port Security, DHCP Snooping,
Dynamic ARP Inspection, and IP Source guard.
●
Port Security secures the access to an access or trunk port based on MAC address. It limits the number of
learned MAC addresses to deny MAC address flooding.
●
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses.
This feature is used by other primary security features to prevent a number of other attacks such as ARP
poisoning.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the
insecure nature of the ARP protocol.
IP Source Guard prevents a malicious user from spoofing or taking over another user’s IP address by
creating a binding table between the client’s IP and MAC address, port, and VLAN.
Cisco TrustSec
TrustSec secures access to the network, enforces security policies, and delivers standard based security solutions
such as 802.1X enabling secure collaboration and policy compliance. TrustSec capabilities reflect Cisco thought
leadership, innovations, and commitment to customer success. These new capabilities include:
●
Flexible Authentication that supports multiple authentication mechanisms including 802.1X, MAC
Authentication Bypass and web authentication using a single, consistent configuration
●
Open Mode that creates a user friendly environment for 802.1X operations
●
Integration of Device Profiling Technology and Guest Access handling with Cisco switching to
significantly improve security while reducing deployment and operational challenges
●
RADIUS Change of Authorization and Downloadable Calls for comprehensive policy management
capabilities
●
802.1X Supplicant with Network Edge Access Transport (NEAT) enables extended secure access where
compact switches in the conference rooms have the same level of security as switches inside the locked
wiring closet
Other Advanced Security Features
Other Advanced Security features include but are not limited to:
●
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users
cannot snoop on other users’ traffic.
●
Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while
placing them on appropriate voice and data VLAN.
●
Port-Based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
●
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software
image because of U.S. export restrictions.
●
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection
System (IDS) to take action when an intruder is detected.
●
TACACS+ and RADIUS Authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration.
●
MAC Address Notification allows administrators to be notified of users added to or removed from the
network.
●
Multilevel Security on Console Access prevents unauthorized users from altering the switch configuration.
●
Bridge Protocol Data Unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when
BPDUs are received to avoid accidental topology loops.
●
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from
becoming Spanning Tree Protocol root nodes.
●
IGMP Filtering provides multicast authentication by filtering out nonsubscribers and limits the number of
concurrent multicast streams available per port.