Cisco Catalyst 2960-X User Manual

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 27
Data Sheet
Cisco Catalyst 2960-X Series Switches
Product Overview
Cisco® Catalyst® 2960-X Series Switches are fixed-configuration, stackable Gigabit Ethernet switches that provide enterprise-class access for campus and branch applications (Figure 1). Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS® Software features.
Figure 1. A Cisco Catalyst 2960-X Series Switch Family
Product Highlights
Cisco Catalyst 2960-X switches feature:
24 or 48 Gigabit Ethernet ports with line-rate forwarding performance
Gigabit Small Form-Factor Pluggable (SFP) or 10G SFP+ uplinks
FlexStack Plus for stacking of up to 8 switches with 80 Gbps of stack throughput (optional)
Power over Ethernet Plus (PoE+) support with up to 740W of PoE budget
24-port PoE fanless switch for deployment outside the wiring closet
Reduced power consumption and advanced energy management features
USB and Ethernet management interfaces for simplified operations
Application visibility and capacity planning with integrated Full (Flexiable) NetFlow and NetFlow-Lite
LAN Base or LAN Lite Cisco IOS software features
Enhanced limited lifetime warranty (E-LLW) offering next-business-day hardware replacement
Identify, classify and control of trusted internal network traffic through Domain Name System as an Authoritative Source (DNS-AS)
Cisco Catalyst 2960-XR models also offer:
Power resiliency with optional dual field-replaceable power supplies
IP Lite Cisco IOS software with dynamic routing and Layer 3 features
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 27
Model
10/100/1000 Ethernet Ports
Uplink Interfaces
Cisco IOS Software Image
Available PoE Power
FlexStack-Plus Capability
Cisco Catalyst 2960X-48FPD-L
48
2 SFP+
LAN Base
740W Y Cisco Catalyst 2960X-48LPD-L
48
2 SFP+
LAN Base
370W
Y
Cisco Catalyst 2960X-24PD-L
24
2 SFP+
LAN Base
370W
Y
Cisco Catalyst 2960X-48TD-L
48
2 SFP+
LAN Base
- Y Cisco Catalyst 2960X-24TD-L
24
2 SFP+
LAN Base
-
Y
Cisco Catalyst 2960X-48FPS-L
48
4 SFP
LAN Base
740W
Y
Cisco Catalyst 2960X-48LPS-L
48
4 SFP
LAN Base
370W
Y
Cisco Catalyst 2960X-24PS-L
24
4 SFP
LAN Base
370W
Y
Cisco Catalyst 2960X-24PSQ-L
24 (8PoE)
2 SFP, 2 10/100/1000BT
LAN Base
110W
-
Cisco Catalyst 2960X-48TS-L
48
4 SFP
LAN Base
-
Y
Cisco Catalyst 2960X-24TS-L
24
4 SFP
LAN Base
-
Y
Cisco Catalyst 2960X-48TS-LL
48
2 SFP
LAN Lite
- - Cisco Catalyst 2960X-24TS-LL
24
2 SFP
LAN Lite
-
-
Model
10/100/1000 Ethernet Ports
Uplink Interfaces
Cisco IOS Software Image
Available PoE Power
Power Supply
Cisco Catalyst 2960XR-48FPD-I
48
2 SFP+
IP Lite
740W
1025WAC
Cisco Catalyst 2960XR-48LPD-I
48
2 SFP+
IP Lite
370W
640WAC
Cisco Catalyst 2960XR-24PD-I
24
2 SFP+
IP Lite
370W
640WAC
Cisco Catalyst 2960XR-48TD-I
48
2 SFP+
IP Lite
-
250WAC
Cisco Catalyst 2960XR-24TD-I
24
2 SFP+
IP Lite
-
250WAC
Cisco Catalyst 2960XR-48FPS-I
48
4 SFP
IP Lite
740W
1025WAC
Cisco Catalyst 2960XR-48LPS-I
48
4 SFP
IP Lite
370W
640WAC
Cisco Catalyst 2960XR-24PS-I
24
4 SFP
IP Lite
370W
640WAC
Cisco Catalyst 2960XR-48TS-I
48
4 SFP
IP Lite
-
250WAC
Cisco Catalyst 2960XR-24TS-I
24
4 SFP
IP Lite
-
250WAC
Switch Models and Configurations
Catalyst 2960-X switches include a single fixed power supply and are available with either the Cisco IOS LAN Base or LAN Lite feature set. Catalyst 2960-XR switch models include a field-replaceable modular power supply and can accommodate a second power supply. Catalyst 2960-XR is available only with the Cisco IOS IP Lite feature set.
Table 1. Cisco Catalyst 2960-X Configurations
Table 2. Cisco Catalyst 2960-XR Configurations
Catalyst 2960-X Series Software Features
All Catalyst 2960-X Series Switches use a single Universal Cisco IOS Software Image for all SKUs. Depending on the switch model, the Cisco IOS image automatically configures the LAN Lite, LAN Base, or IP Lite feature set.
LAN Lite models have reduced functionality and scalability for small deployments with basic requirements. Cisco Catalyst 2960-X Family of Switches are available with the LAN Base and LAN Lite feature sets and Catalyst 2960­XR Family of switches are available IP Lite feature sets.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 27
Note that each switch model is tied to a specific feature level; LAN Lite cannot be upgraded to LAN Base and LAN Base cannot be upgraded to IP Lite.
For more information about the features included in the LAN Lite, LAN Base and IP Lite feature sets, refer to Cisco Feature Navigator: http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp.
Cisco ONE Software
Cisco ONE Software for Access Switching is available for the Cisco Catalyst 2960-X and Cisco Catalyst 2960-XR
Series Switches. Cisco ONE Software is a new way for customers to purchase and use our infrastructure software. It offers a
simplified consumption model, centered on common customer scenarios in the data center, WANs, and LANs. Cisco ONE Software and services provide customers with four primary benefits:
Software suites that address typical customer use scenarios at an attractive price
Investment protection of their software purchase through software services-enabled license portability
Access to ongoing innovation and new technology with Cisco Software Support Service (SWSS)
Flexible licensing models to smoothly distribute customer's software spend over time
For ordering information for Cisco ONE Software for the Cisco Catalyst 2960-X and Cisco Catalyst 2960-XR Series Switches, go to http://www.cisco.com/c/en/us/products/software/one-access/switching-part-numbers.html.
Cisco Catalyst 2960-XR IP-Lite High-Performance Routing
The Cisco hardware routing architecture delivers extremely high-performance IP routing in the Cisco Catalyst 2960-XR IP-Lite Switches:
IP unicast routing protocols (Static, Routing Information Protocol Version 1 [RIPv1], RIPv2, RIPng, and EIGRP-Stub) are supported for network routing applications.
Advanced IP unicast routing protocols (OSPF for Routed Access) are supported for load balancing and constructing scalable LANs. IPv6 routing (OSPFv3) is supported in hardware for maximum performance.
EIGRPv3-Stub and PIMv6-Stub are supported as a part of the IPv6 routing suite.
Equal-cost routing facilitates Layer 3 load balancing and redundancy across the stack.
Policy-based routing (PBR) allows superior control by facilitating flow redirection regardless of the routing protocol configured (for both IPv4 and IPv6).
Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) provides dynamic load balancing and failover for routed links.
Protocol Independent Multicast (PIM) for IP multicast is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), PIM sparse-dense mode and Source Specific Multicast (SSM).
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 27
Network Security
The Cisco Catalyst 2960-X Series Switches provide a range of security features to limit access to the network and mitigate threats, including:
MAC-based VLAN assignment enables different users to authenticate on different VLANs. This feature enables each user to have a different data VLAN on the same interface.
Cisco TrustSec® uses SXP to simplify security and policy enforcement throughout the network. For more information about Cisco TrustSec security solutions, visit cisco.com/go/TrustSec.
Comprehensive 802.1X Features to control access to the network, including Flexible Authentication,
802.1x Monitor Mode, and RADIUS Change of Authorization.
IPv6 First-Hop Security enhances Layer-2 and Layer-3 network access from proliferating IPv6 devices especially BYOD devices. It protects against rogue router advertisements, address spoofing, fake DHCP replies and other risks introduced by IPv6 technology.
Device Sensor and Device Classifier enable seamless versatile device profiles including BYOD devices. They also enable Cisco Identity Services Engine (ISE) to provision identity based security policies. This feature is available on both the 2960-X and the 2960-XR product families.
Cisco Trust Anchor Technology enables easy distribution of a single universal image for all models of Catalyst 2960-X by verifying the authenticity of IOS images. This technology allows the switch to perform IOS integrity checks at boot-up by verifying the signature, verifying the Trusted Asset under Management and authenticating the license.
Cisco Threat Defense features including Port Security, Dynamic ARP Inspection, and IP Source Guard.
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi access like segment. This feature is available in IP-Lite feature set only.
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users
cannot snoop on other users’ traffic.
Unicast Reverse Path Forwarding (uRPF) feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source address into a network by discarding IP packets that lack a verifiable IP source address. This feature is available in IP-Lite feature set only.
Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate voice and data VLAN.
Access Control Lists (ACLs) for IPv6 and IPv4 for security and QoS ACEs.
VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs. Router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6
ACLs can be applied to filter IPv6 traffic.
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 27
Switched Port Analyzer (SPAN), with bidirectional data support, allows Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.
MAC Address Notification allows administrators to be notified of users added to or removed from the network.
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree Port Fast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.
IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
Redundancy and Resiliency
Cisco Catalyst 2960-X Series Switches offer a number of redundancy and resiliency features to prevent outages and help ensure that the network remains available:
Cross-stack EtherChannel provides the ability to configure Cisco EtherChannel technology across different members of the stack for high resiliency.
Flexlink provides link redundancy with convergence time less than 100 milliseconds.
IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offer the benefit of Layer 2 load balancing and distributed processing. Stacked units behave as a single spanning-tree node.
Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, fail safe routing topologies in 2960-XR IP-Lite SKUs.
Switch-port auto-recovery (Error Disable) automatically attempts to reactivate a link that is disabled because of a network error.
Power redundancy with an optional second power supply on 2960-XR models, or with an external RPS on 2960-X models.
Enhanced Quality of Service
The Cisco Catalyst 2960-X Series Switches offers intelligent traffic management that keeps everything flowing smoothly. Flexible mechanisms for marking, classification, and scheduling deliver superior performance for data, voice, and video traffic, all at wire speed. Primary QoS features include:
Up to eight egress queues per port and strict priority queuing so that the highest priority packets are serviced ahead of all other traffic.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 27
Resources
LAN Lite (Default)
LAN Base (Default)
Unicast MAC Addresses
16K
16K
IPv4 Unicast Direct Routes
320
2K
IPv4 Unicast Indirect Routes
32
1K
IPv6 Unicast Direct Routes
256
2K
IPv6 Unicast Indirect Routes
0
1K
IPv4 Multicast Routes and IGMP Groups
1K
1K
IPv6 Multicast Groups
1K
1K
IPv4 QoS ACEs
384
500
IPv6 QoS ACEs
256
500
IPv4 Security ACEs
256
625
IPv6 Security ACEs
256
625
Resources
Default (IP Lite)
VLAN (IP Lite)
IPv4 (IP Lite)
Unicast MAC Addresses
16K
32K
16K
IPv4 Unicast Direct Routes
4K
250
16K
IPv4 Unicast Indirect Routes
1.25K
250
8K
IPv6 Unicast Direct Routes
4K
250
0
IPv6 Unicast Indirect Routes
1.25K
250
0
IPv4 Multicast Routes and IGMP Groups
1K
1K
1K
Shaped Round Robin (SRR) scheduling and Weighted Tail Drop (WTD) congestion avoidance.
Flow-based rate limiting and up to 256 aggregate or individual policers per port.
802.1p class of service (CoS) and Differentiated Services Code Point (DSCP) classification, with marking and reclassification on a per-packet basis by source and destination IP address, MAC address, or Layer 4 TCP/UDP port number.
Cross-stack QoS to allow QoS to be configured across a stack of 2960-X series switches.
The Cisco committed information rate (CIR) function provides bandwidth in increments as low as 8 Kbps.
Rate limiting is provided based on source and destination IP address, source and destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
Cisco Catalyst 2960-X Series Switching Database Manager
Switching database manager (SDM) templates for LAN Base and IP Lite licenses allows the administrator to automatically optimize the ternary content-addressable memory (TCAM) allocation to the desired features based on deployment-specific requirements. MAC, routing, security, and QoS scalability numbers depend on the type of template used in the switch.
Please refer to the SDM template reference link for more information:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15­0_2_EX/system_manage/configuration_guide/b_sm_152ex_2960-x_cg/b_sm_152ex_2960­x_cg_chapter_0100.html.
Table 3. Cisco Catalyst 2960-X Family LAN Lite and LAN Base Scalability Numbers
Table 4. Cisco Catalyst 2960-XR Family IP Lite Scalability Numbers
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 27
Resources
Default (IP Lite)
VLAN (IP Lite)
IPv4 (IP Lite)
IPv6 Multicast Groups
1K
1K 0 IPv4 QoS ACEs
500
500
500
IPv6 QoS ACEs
250
500
0
IPv4 Security ACEs
1K
1K
875
IPv6 Security ACEs
500
500
0
IPv4 Policy Based Routing ACEs
500 0 375
2960-XR IP Lite
2960-X LAN Base
2960-S/SF LAN Base
2960-XR IP Lite
Yes - -
2960-X LAN Base
-
Yes
Yes
2960-S or 2960-SF LAN Base
-
Yes
Yes
Stack Members
Stack Bandwidth
Stack Limit
Cisco IOS Feature Set
2960-XR IP Lite
80G 8 IOS IP Lite
2960-XLAN Base
80G 8 IOS LAN Base
2960-X LAN Base mixed with 2960-S/SF LAN Base
40G 4 IOS LAN Base
Cisco FlexStack-Plus
Cisco FlexStack-Plus provides stacking of up to eight 2960-X switches with the optional FlexStack-Plus module (Figure 2).
The FlexStack-Plus module is hot swappable and can be added to any Cisco Catalyst 2960-X or Catalyst 2960-XR with a FlexStack-Plus slot. Switches connected to a stack will automatically upgrade to the stack’s Cisco IOS Software version and transparently join the stack without additional intervention.
Cisco FlexStack-Plus and Cisco IOS Software offer true stacking, with all switches in a stack acting as a single switch unit. FlexStack-Plus provides a unified data plane, unified configuration, and single IP address for switch management. The advantages of true stacking include lower total cost of ownership and higher availability through simplified management as well as cross-stack features including EtherChannel, SPAN, and FlexLink.
To provide investment protection, FlexStack-Plus is backwards-compatible with FlexStack. Cisco Catalyst 2960-X LAN Base switches equipped with a FlexStack-Plus module can be stacked with Catalyst 2960-S and 2960-SF LAN Base switches equipped with a FlexStack module (see Table 5).
Table 5. FlexStack and FlexStack Plus Supported Combinations
Table 6. FlexStack-Plus Scalability and Performance
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 27
Models
Default Power Supply
Available PoE Power
WS-C2960XR-24TS-I WS-C2960XR-48TS-I WS-C2960XR-24TD-I WS-C2960XR-48TD-I
PWR-C2-250WAC
-
WS-C2960XR-24PD-I WS-C2960XR-48LPD-I WS-C2960XR-24PS-I WS-C2960XR-48LPS-I
PWR-C2-640WAC
370W
WS-C2960XR-48FPD-I WS-C2960XR-48FPS-I
PWR-C2-1025WAC
740W
Figure 2. Cisco FlexStack-Plus Switch Stack
Power Supply
The Catalyst 2960-X switches comes with one fixed power-supply and options for an external redundant power supply source (RPS2300).
The Catalyst 2960-XR switches support dual redundant power supplies. The Catalyst 2960-XR ships with one power supply by default. The second power supply can be purchased at the time of ordering the switch or as a spare. These power supplies have in-built fans to provide cooling.
Figure 3. 2960-XR Family Power Supply
The following table shows the different power supplies available in these switches and the available PoE power.
Table 7. 2960-XR Default Power Supply Configurations
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 27
Switch Model
Maximum Number of PoE+ (IEEE 802.3at) Ports*
Maximum Number of PoE (IEEE 802.3af) Ports*
Available PoE Power (Single PS Source)
Cisco Catalyst 2960X-48FPD-L
24 ports up to 30W
48 ports up to 15.4W
740W
Cisco Catalyst 2960X-48LPD-L
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960X-24PD-L
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960X-48FPS-L
24 ports up to 30W
48 ports up to 15.4W
740W
Cisco Catalyst 2960X-48LPS-L
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960X-24PS-L
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960X-24PSQ-L
3 ports up to 30W
7 ports up to 15.4W
110W
Cisco Catalyst 2960XR-48FPD-I
24 ports up to 30W
48 ports up to 15.4W
740W
Cisco Catalyst 2960XR-48LPD-I
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960XR-24PD-I
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960XR-48FPS-I
24 ports up to 30W
48 ports up to 15.4W
740W
Cisco Catalyst 2960XR-48LPS-I
12 ports up to 30W
24 ports up to 15.4W
370W
Cisco Catalyst 2960XR-24PS-I
12 ports up to 30W
24 ports up to 15.4W
370W
Primary Power Supply
Secondary Power Supply
Available Power for PoE+
Switch Power Redundancy
Available PoE Power When One PS fails
PWR-C2-250WAC
- - No
-
PWR-C2-250WAC
PWR-C2-250WAC
-
Yes
-
PWR-C2-640WAC
-
370W
No - PWR-C2-640WAC
PWR-C2-640WAC
370W
Yes
370W
PWR-C2-1025WAC
-
740W
No
-
PWR-C2-1025WAC
PWR-C2-1025WAC
740W
Yes
740W
Intelligent Power over Ethernet Plus
Cisco Catalyst 2960-Xseries switches support both IEEE 802.3af Power over Ethernet (PoE) and IEEE 802.3at PoE+ (up to 30W per port) to deliver lower total cost of ownership for deployments that incorporate Cisco IP phones, Cisco Aironet® wireless access points, or other standards-compliant PoE/PoE+ end devices. PoE removes the need to supply wall power to PoE-enabled devices and eliminates the cost of adding electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments.
The Catalyst 2960-X series PoE power allocation is dynamic and power mapping scale up to a maximum of 740W PoE+ power.
The 2960-XR switch configurations offer the additional benefit of dual redundant power supplies. If both power supplies are used, then the 2960-XR shares the load between the two power supplies for nonstop power.
Table 8. 2960-X PoE and PoE+ Power Capacity
*
Intelligent power management allows flexible power allocation across all ports.
Table 9. 2960-XR Available PoE and Switch Power Capabilities with Different Combinations of Power Supplies
Loading...
+ 18 hidden pages