Cisco Catalyst 3560 User Manual
Data Sheet
Cisco Catalyst 3560 v2 Series Switches
Product Overview
The Cisco® Catalyst® 3560 v2 Series (Figure 1) is the next-generation energy-efficient Layer 3 fast Ethernet
switches. This new series of switches supports Cisco EnergyWise technology, which enables companies to measure
and manage power consumption of network infrastructure and network-attached devices, thereby reducing their
energy costs and their carbon footprint. The Cisco Catalyst 3560 v2 Series consumes less power than its
predecessors and is the ideal access layer switch for enterprise, retail, and branch-office environments, as it
maximizes productivity and investment protection by enabling a unified network for data, voice, and video.
Figure 1. Cisco Catalyst 3560 v2 Switches
.
Cisco Catalyst 3560 v2 Series Highlights
●
Lower power consumption than its predecessors
●
Backward compatible - uses the same Cisco IOS® Software image as the 3560 series and has the same
feature set
●
Full EnergyWise support to monitor energy consumption of network infrastructure and implement energy
saving programs to reduce energy costs
●
Compatible with Cisco Redundant Power System (RPS) 2300
●
All units have a uniform depth of 11.9 inches for better cable management
●
Preconfigurable with the Cisco IOS Software release at the time of ordering
●
IPv6 routing included in the IP Services feature set
●
DC powered stand-alone model
© 2009-2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 20
Data Sheet
Configurations
The Cisco Catalyst 3560 v2 Series includes the switches described in Table 1.
Table 1. Switch Configurations
Model Description
3560V2-24TS 24 Ethernet 10/100 ports and 2 Small Form-Factor Pluggable (SFP)-based Gigabit Ethernet ports; 1 rack unit
3560V2-48TS 48 Ethernet 10/100 ports and 4 SFP-based Gigabit Ethernet ports; 1RU
3560V2-24PS 24 Ethernet 10/100 ports with PoE and 2 SFP-based Gigabit Ethernet ports; 1 RU
3560V2-48PS 48 Ethernet 10/100 ports with PoE and 4 SFP-based Gigabit Ethernet ports; 1RU
3560V2-24TS-SD 24 Ethernet 10/100 ports and 2 SFP-based Gigabit Ethernet ports; 1RU, DC power supply
Cisco Catalyst 3560 v2 Series Software
The Cisco Catalyst 3560 v2 Series can be purchased with the IP Base or IP Services licenses preinstalled. The IP
Base license offers advanced QoS, rate limiting, ACLs, and basic static and Routing Information Protocol (RIP)
routing functions. The IP Services license provides a richer set of enterprise-class features, including advanced
hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). The Advanced IP
Services license, which includes IPv6 routing and IPv6 ACL support, is now included in the IP Services license.
Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license.
(RU)
Configurable Cisco IOS Software
The Cisco Catalyst 3560 v2 Series can be preconfigured with a specific Cisco IOS Software release at the time of
ordering. This option eliminates the need to reload a specific Cisco IOS Software release during deployment, thereby
reducing deployment time and cost. The Cisco IOS Software release to be preloaded can be selected from a list of
supported Cisco IOS Software releases, including the crypto version.
Cisco EnergyWise
The Cisco Catalyst 3560 v2 series support Cisco EnergyWise, which is a technology that enables monitoring,
reporting, and management of energy consumption by end devices that are Cisco EnergyWise enabled. This
technology enables companies to reduce their energy cost and carbon footprint. These are some of the EnergyWise
features available:
●
Discover all Cisco EnergyWise enabled devices on the network.
●
Monitor and report power consumption by these devices.
●
Implement business rules to control power to these end devices.
More information about Cisco EnergyWise can be found at
http://www.cisco.com/go/energywise.
Power over Ethernet
The Cisco Catalyst 3560 v2 Series can provide a lower total cost of ownership (TCO) for deployments that
incorporate Cisco IP phones, Cisco Aironet® wireless LAN (WLAN) access points, or any IEEE 802.3af-compliant
end device. PoE eliminates the need for wall power outlets for each PoE-enabled device and significantly reduces
the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments. The
Cisco Catalyst 3560 v2 24-port PoE switch can support Class 3 PoE or 15.4W of PoE power on all 24 ports. Taking
advantage of Cisco Catalyst Intelligent Power Management, the Cisco Catalyst 3560 v2 48-port PoE configurations
can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between.
Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst 3560 v2
series switch is combined with the Cisco Redundant Power System 2300 (RPS 2300) for protection against internal
power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages.
© 2009-2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 20
Data Sheet
Redundant Power System
The Cisco Catalyst 3560 v2 Series access switches support the new generation of Cisco RPS 2300, which increases
availability in a converged data, voice, and video network by providing transparent power backup to two of six
attached Cisco Catalyst 3560 v2 Series Switches at the same time. The Cisco Catalyst 3560 v2 Series switches are
capable of reverting back to their internal power supply without any service interruption. In addition, the RPS 2300
can be managed via a Cisco Catalyst 3560 v2 Series switch that is connected to the RPS 2300.
Cisco Catalyst 3560 SFP Interconnect Cable
The Cisco Catalyst 3560 SFP Interconnect Cable (see Figure 2) provides for a low-cost point-to-point Gigabit
Ethernet connection between Cisco Catalyst 3560 v2 switches. The 50cm cable is an alternative to using SFP
transceivers when interconnecting Cisco Catalyst 3560 v2 switches through their SFP ports over a short distance.
Figure 2. Cisco Catalyst 3560 SFP Interconnect Cable
Primary Features and Benefits
Ease of Use and Deployment
The Cisco Catalyst 3560 v2 series offers several ease of use features, which enable fast and easy configuration of
advanced Cisco Catalyst capabilities. These features include:
●
Cisco SmartPorts simplify the configuration of advanced Cisco Catalyst capabilities, encapsulating years of
Cisco networking expertise. Cisco SmartPort macros offer a set of verified, pretested, Cisco-recommended
switch port configurations or templates per connection type that are easy to apply, enabling users to
consistently and reliably configure essential security, IP Telephony, availability, QoS, and manageability
features with minimal effort and expertise.
●
Cisco AutoSmartPorts automatically execute SmartPort macros based on the end device type, such as IP
Phones, Desktop Computers, and WLAN Access Points.
●
Cisco Express Setup simplifies initial configuration with a Web browser, eliminating the need for more
complex terminal emulation programs and CLI knowledge.
●
IEEE 802.3af and Cisco prestandard PoE support comes with automatic discovery to detect a Cisco
prestandard or IEEE 802.3af endpoint and provide the necessary power without any user configuration.
●
DHCP autoconfiguration of multiple switches through a boot server eases switch deployment.
© 2009-2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 20
●
DHCP AutoInstall simplifies the deployment of a large number of switches by automatically downloading a
specified Cisco IOS Software image and a configuration file from a TFTP server. This feature can be used to
implement a “zero touch deployment”.
●
DHCP Port Based Allocation allows you to allocate the same IP address for a specified port. The feature
allows persistent allocation of IP addresses to specified network devices.
●
Embedded Event Manager (EEM) is a powerful and flexible tool for management and automation. This
feature can be used to monitor network events and program automatic actions based on these network
events. Policies can be defined via CLI or Tcl script and can be used in a variety of scenarios, such as
automatically backing up a configuration file at a specified time or triggering an alert when traffic congestion
crosses a specified threshold. EEM requires the IP Services license.
●
Configuration Replace and Rollback simplifies configuration management by allowing you to rollback
configuration changes. This feature allows you to replace a configuration file with a saved configuration file
without a switch reload, and up to 14 configuration files can be saved.
●
Automatic QoS (Auto QoS) simplifies QoS configuration in voice-over-IP (VoIP) networks by issuing interface
and global switch commands to detect Cisco IP phones, classify traffic, and enable egress queue
configuration.
●
Autosensing on each 10/100 port detects the speed of the attached device and automatically configures the
port for 10- or 100-Mbps operation, easing switch deployment in mixed 10- and 100-Mbps environments.
●
Autonegotiating on all ports automatically selects half- or full-duplex transmission mode to optimize
bandwidth.
●
Dynamic Trunking Protocol (DTP) helps enable dynamic trunk configuration across all switch ports.
●
Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel® groups or Gigabit
EtherChannel groups to link to another switch, router, or server.
●
Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that
conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
●
DHCP Server enables a convenient deployment option for the assignment of IP addresses in networks that
do not have a dedicated DHCP server.
●
DHCP Relay allows a DHCP relay agent to broadcast DHCP requests to the network DHCP server.
●
IEEE 802.3z-compliant 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-T, and coarse
wavelength-division multiplexing (CWDM) physical interface support through a field-replaceable SFP module
provides unprecedented flexibility in switch deployment.
●
Support for the Cisco Catalyst 3560 SFP Interconnect Cable facilitates a low-cost, point-to-point gigabit
connection between Cisco Catalyst 3560 v2 Series switches.
●
The default configuration stored in Flash memory helps ensure that the switch can be quickly connected to
the network and can pass traffic with minimal user intervention.
●
Automatic medium-dependent interface crossover (Auto-MDIX) automatically adjusts transmit and receive
pairs if an incorrect cable type (crossover or straight-through) is installed on a 10/100 port.
●
Time Domain Reflectometry (TDR) to diagnose and resolve cabling problems on copper Ethernet ports.
Data Sheet
Enhanced Security
With the wide range of security features, such as ACLs, authentication, port-level security, and identity based
network services (IBNS) with 802.1x and extensions, that the Cisco Catalyst 3560 v2 Series offers, businesses can
protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted
operation. These security features include:
© 2009-2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 20
●
IEEE 802.1x allows dynamic, port-based security, providing user authentication.
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of
where the user is connected.
●
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or
unauthorized state of the port.
●
IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC
addresses, including those of the client.
●
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where
the user is connected.
●
IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the
guest VLAN.
●
IEEE 802.1x Supplicant on the switches can be used to authenticate switches onto the network, thereby
preventing unauthorized network devices from being used to expand the network.
●
IEEE 802.1x Readiness Check eases 802.1x deployment in an enterprise. This feature determines if the
client has an 802.1x supplicant by initiating an 802.1x ping.
●
Open 802.1x allows network communication to take place before an 802.1x authentication. This feature is
useful for PXE environments and other applications where network connectivity is required prior to 802.1x
authentication. An ACL is used to allow traffic prior to authentication.
●
Flexible Authentication or FlexAuth can be used to determine the order of authentication methods on the
network. For example, if the order is set to 802.1x, MAB, and WebAuth, the network will first try to
authenticate via 802.1x, then via MAB, and then via WebAuth.
●
Multi Authentication or MultiAuth enables up to 8 users to authenticate via the same switch port. This feature
includes support for multiple authentication methods, such as 802.1x, MAB, and WebAuth, and per-user
ACLs.
●
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser for
authentication.
●
Local Web Authentication is a key feature that allows non 802.1x users to authenticate via a login web page.
The user enters the authentication info, such as user id and password, and gets authenticated via a AAA
server.
●
Local Web Authentication Banner allows users to customize the authentication web page.
●
Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same switch port while
placing them on appropriate Voice and Data VLAN.
●
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get
authenticated using their MAC address.
●
Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged within
VLANs.
●
Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces
for control- and data-plane traffic.
●
Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual switch
ports.
●
Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.
●
Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not
already learned how to forward.
Data Sheet
© 2009-2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 20
●
SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during Telnet and
SNMP sessions. SSHv2, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic
software image because of U.S. export restrictions.
●
Private VLAN Edge provides security and isolation between switch ports, helping ensure that users cannot
snoop on other users' traffic.
●
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a
broadcast segment into a nonbroadcast multi-access-like segment.
●
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure Intrusion
Detection System (IDS) to take action when an intruder is detected.
●
TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized
users from altering the configuration.
●
MAC address notification allows administrators to be notified of users added to or removed from the network.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the
insecure nature of the ARP protocol.
●
DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC addresses. This can
be used to prevent attacks that attempt to poison the DHCP binding database, and to rate limit the amount of
DHCP traffic that enters a switch port.
●
IP source guard prevents a malicious user from spoofing or taking over another user's IP address by creating
a binding table between the client's IP and MAC address, port, and VLAN.
●
DHCP Interface Tracker (Option 82) augments a host IP address request with the switch port ID.
●
Port security secures the access to an access or trunk port based on MAC address.
●
After a specific timeframe, the aging feature removes the MAC address from the switch to allow another
device to connect to the same port.
●
Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and to disable
the trust setting if the IP phone is removed, thereby preventing a malicious user from overriding prioritization
policies in the network.
●
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
●
The user-selectable address-learning mode simplifies configuration and enhances security.
●
BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs are received to
avoid accidental topology loops.
●
Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator's control from
becoming Spanning Tree Protocol root nodes.
●
IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of
concurrent multicast streams available per port.
●
Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server (VMPS)
client functions to provide flexibility in assigning ports to VLANs. Dynamic VLAN helps enable the fast
assignment of IP addresses.
●
Cisco Network Assistant software security wizards ease the deployment of security features for restricting
user access to a server as well as to a portion of or the entire network.
●
Two thousand access control entries (ACEs) are supported.
Data Sheet
© 2009-2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 20
Loading...