Cisco Catalyst 3750 User Manual

0 (0)

Data Sheet

Cisco Catalyst 3750 v2 Series Switches

Product Overview

The Cisco® Catalyst® 3750 v2 Series Switches (Figure 1) are next-generation energy-efficient Layer 3 Fast Ethernet stackable switches. This new series of switches supports Cisco® EnergyWise technology, which enables companies to measure and manage power consumption of network infrastructure and network-attached devices, thereby reducing their energy costs and their carbon footprints. The Cisco Catalyst 3750 v2 Series consumes less power than its predecessors and is the ideal access layer for enterprise, retail, and branch-office environments, as it increases productivity and investment protection by enabling a unified network for data, voice, and video.

Figure 1. Cisco Catalyst 3750 v2 Switches (Front and Back)

Catalyst 3750 v2 Series Highlights

●Lower power consumption than its predecessors

●Backward compatible with Cisco Catalyst 3750 and 3750-E Series Switches

●EnergyWise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs

●Open Shortest path First (OSPF) routing with IP Base feature set

●Compatible with Cisco Redundant Power System (RPS) 2300

●Uniform depth of 11.9 inches on all units for better cable management

●IPv6 routing included in the IP Services feature set

Configurations

The Cisco Catalyst 3750 v2 Series consists of the switches listed in Table 1 (also refer to Figure 1).

Table 1.	Switch Configurations

Model		Description

3750V2-24TS		24	Ethernet 10/100 ports and	2	Small Form-Factor Pluggable (SFP) Gigabit Ethernet ports; 1 rack unit (RU)

3750V2-48TS		48	Ethernet 10/100 ports and	4	SFP Gigabit Ethernet ports; 1RU

3750V2-24PS		24	Ethernet 10/100 ports with Power over Ethernet (PoE) and 2 SFP Gigabit Ethernet ports; 1 RU

3750V2-48PS		48	Ethernet 10/100 ports with PoE and 4 SFP Gigabit Ethernet ports; 1RU

3750V2-24FS		24	Ethernet 100FX SFP ports and 2 SFP Gigabit Ethernet ports; 1 RU; Transceivers are optional and not
		included with the base switch

Page 1 of 20

Data Sheet

Cisco StackWise Technology for Stackable Resiliency

Cisco StackWise® technology is a stacking architecture optimized for Gigabit Ethernet. This technology is designed to respond to additions, deletions, and redeployment while maintaining constant performance. Cisco StackWise technology unites up to nine individual switches in a single logical unit, using special stack-interconnect cables and stacking software. The individual switches can be any combination of Cisco Catalyst 3750, 3750 v2, and 3750-E Series Switches. The stack behaves as a single switching unit that is managed by a master switch, chosen from one of the member switches. The master switch automatically creates and updates all the switching and optional routing tables. A working stack can accept new members or delete old ones without service interruption.

Cisco StackWise stacking creates a 32-Gbps switch interconnection. Stacking does not require user ports. Up to 9 units can be stacked together for a maximum of 468 10/100 ports. Additional port combinations can be created by stacking together the Cisco Catalyst 3750 v2, 3750, and 3750-E Series Switches.

Cisco Catalyst 3750 v2 Series Software

The Cisco Catalyst 3750 v2 Series can be purchased with the IP Base or IP Services license preinstalled. The IP Base license offers advanced quality of service (QoS), rate limiting, access control lists (ACLs), and basic static and Routing Information Protocol (RIP) and OSPF routing functions. The IP Services license provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP multicast routing as well as policybased routing (PBR). The Advanced IP Services license, which includes IPv6 routing and IPv6 ACL support, is now included in the IP Services license. Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license.

Configurable Cisco IOS Software

The Cisco Catalyst 3750 v2 Series can be preconfigured with a specific Cisco IOS Software release at the time of ordering. This option eliminates the need to reload a specific Cisco IOS Software release during deployment, thereby reducing deployment time and cost. The Cisco IOS Software release to be preloaded can be selected from a list of supported Cisco IOS Software releases, including the crypto version.

Cisco EnergyWise

The Cisco Catalyst 3750 v2 Series supports Cisco EnergyWise, which is a technology that enables monitoring, reporting, and management of energy consumption by end devices that are EnergyWise enabled. This technology enables companies to reduce their energy costs and carbon footprints. EnergyWise features enable you to:

●Discover all Cisco EnergyWise enabled devices on the network

●Monitor and report power consumption by these devices

●Implement business rules to control power to these end devices

More information about Cisco EnergyWise can be found at http://www.cisco.com/go/energywise.

Power over Ethernet

The Cisco Catalyst 3750 v2 Series can provide a lower total cost of ownership (TCO) for deployments that incorporate Cisco IP Phones, Cisco Aironet® wireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device. PoE eliminates the need for wall power outlets for each PoE-enabled device and significantly reduces the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments. The Cisco Catalyst 3750 v2 24-port PoE switch can support Class 3 PoE or 15.4 watts (W) of PoE power on all 24 ports. Taking advantage of Cisco Catalyst Intelligent Power Management, the Cisco Catalyst 3750 v2 48-port PoE configurations can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between. Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst

Page 2 of 20

Data Sheet

3750 v2 Series Switch is combined with the Cisco RPS 2300 for protection against internal power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages.

Redundant Power System

The Cisco Catalyst 3750 v2 Series access switches support the new generation of Cisco RPS 2300, which increases availability in a converged data, voice, and video network by providing transparent power backup to two of six attached Cisco Catalyst 3750 v2 Series Switches at the same time. The Cisco Catalyst 3750 v2 Series Switches are capable of reverting to their internal power supply without any service interruption. In addition, the Cisco RPS 2300 can be managed by a Cisco Catalyst 3750 v2 Series Switch that is connected to it.

Primary Features and Benefits

Ease of Use and Deployment

The Cisco Catalyst 3750 v2 Series offers several ease-of-use features, which enable fast and easy configuration of advanced Cisco Catalyst capabilities. These features include:

●Cisco SmartPorts simplify the configuration of advanced Cisco Catalyst capabilities, encapsulating years of Cisco networking expertise. Cisco SmartPort macros offer a set of verified, pretested, recommended switch port configurations or templates per connection type that are easy to apply, enabling users to consistently and reliably configure essential security, IP telephony, availability, QoS, and manageability features with little effort and expertise.

●Cisco Auto-SmartPorts automatically execute SmartPort macros based on the end-device type, such as IP phones, desktop computers, and WLAN access points.

●Cisco Express Setup simplifies initial configuration with a web browser, eliminating the need for more complex terminal emulation programs and command-line interface (CLI) knowledge.

●IEEE 802.3af and Cisco prestandard PoE support comes with automatic discovery to detect a Cisco prestandard or IEEE 802.3af endpoint and provide the necessary power without any user configuration.

●Dynamic Host Configuration Protocol (DHCP) autoconfiguration of multiple switches through a boot server eases switch deployment.

●DHCP AutoInstall simplifies the deployment of a large number of switches by automatically downloading a specified Cisco IOS Software image and a configuration file from a Trivial File Transfer Protocol (TFTP) server. This feature can be used to implement an automated, or zero-touch, deployment.

●DHCP Port-Based Allocation allows you to allocate the same IP address for a specified port. The feature allows persistent allocation of IP addresses to specified network devices.

●Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible tool for management and automation. This feature can be used to monitor network events and program automatic actions based on these network events. Policies can be defined through the CLI or through Tool Command Language (TCL) scripts and can be used in a variety of scenarios, such as automatic backup of a configuration file at a specified time or the triggering of an alert when traffic congestion crosses a specified threshold. Cisco IOS EEM requires the IP Services license.

●Configuration Replace and Rollback simplifies configuration management by allowing you to roll back configuration changes. This feature allows you to replace a configuration file with a saved configuration file without a switch reload; up to 14 configuration files can be saved.

●Automatic QoS (Auto-QoS) simplifies QoS configuration in voice-over-IP (VoIP) networks by sending interface and global switch commands to detect Cisco IP Phones, classify traffic, and enable egress queue configuration.

Page 3 of 20

Data Sheet

●Autosensing on each 10/100 port detects the speed of the attached device and automatically configures the port for 10or 100-Mbps operation, easing switch deployment in mixed 10and 100-Mbps environments.

●Autonegotiation on all ports automatically selects halfor full-duplex transmission mode to optimize bandwidth.

●Dynamic Trunking Protocol (DTP) helps enable dynamic trunk configuration across all switch ports.

●Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups or Gigabit EtherChannel groups to link to another switch, router, or server.

●Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.

●DHCP Server enables a convenient deployment option for the assignment of IP addresses in networks that do not have a dedicated DHCP server.

●DHCP Relay allows a DHCP relay agent to broadcast DHCP requests to the network DHCP server.

●IEEE 802.3z-compliant 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-T, and coarse wavelength-division multiplexing (CWDM) physical interface support through a field-replaceable SFP module provides exceptional flexibility in switch deployment.

●The default configuration stored in flash memory helps ensure that the switch can be quickly connected to the network and can pass traffic with little user intervention.

●Automatic medium-dependent interface crossover (Auto-MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight through) is installed on a 10/100 port.

●Time Domain Reflectometry (TDR) helps diagnose and resolve cabling problems on copper Ethernet ports.

Enhanced Security

With the wide range of security features, such as ACLs, authentication, port-level security, and identity-based network services (IBNS) with IEEE 802.1x and extensions that the Cisco Catalyst 3750 v2 Series offers, businesses can protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation. These security features include the following:

●IEEE 802.1x allows dynamic, port-based security, providing user authentication.

●IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.

●IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN regardless of the authorized or unauthorized state of the port.

●IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses, including those of the client.

●IEEE 802.1x with an ACL assignment allows specific identity-based security policies regardless of where the user is connected.

●IEEE 802.1x with guest VLAN allows guests without IEEE 802.1x clients to have limited network access on the guest VLAN.

●IEEE 802.1x supplicant on the switches can be used to authenticate switches on the network, thereby preventing unauthorized network devices from being used to expand the network.

●IEEE 802.1x readiness check eases IEEE 802.1x deployment in an enterprise. This feature determines whether the client has an IEEE 802.1x supplicant by initiating an IEEE 802.1x ping.

●Open IEEE 802.1x allows network communication to take place before IEEE 802.1x authentication. This feature is useful for preexecution environments (PXEs) and other applications in which network connectivity is required prior to IEEE 802.1x authentication. An ACL is used to allow traffic prior to authentication.

Page 4 of 20

Data Sheet

●Flexible authentication (FlexAuth) can be used to determine the order of authentication methods on the network. For example, if the order is set to IEEE 802.1x, MAC authentication bypass (MAB), and WebAuth, the network will first try to authenticate through IEEE 802.1x, then MAB, and then WebAuth.

●Multi-authentication (MultiAuth) enables up to eight users to authenticate through the same switch port. This feature includes support for multiple authentication methods, such as IEEE 802.1x, MAB, and WebAuth, and per-user ACLs.

●Web authentication for non-IEEE 802.1x clients allows non-IEEE 802.1x clients to use an SSL-based browser for authentication.

●Local web authentication allows non-IEEE 802.1x users to authenticate through a login webpage. The user enters the authentication information, such as a user ID and password, and is authenticated through an authentication, authorization, and accounting (AAA) server.

●The local web authentication banner allows users to customize the authentication webpage.

●Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate voice and data VLANs.

●MAB for voice allows third-party IP phones without an IEEE 802.1x supplicant to be authenticated using the MAC address.

●Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged within VLANs.

●Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces for controland data-plane traffic.

●Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual switch ports.

●Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.

●Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not already learned how to forward.

●Secure Shell Version 2 (SSHv2), Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.

●The Private VLAN Edge feature provides security and isolation between switch ports, helping ensure that users cannot snoop on other users' traffic.

●Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.

●Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure Intrusion Detection System (IDS) to take action when an intruder is detected.

●TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized users from altering the configuration.

●MAC address notification allows administrators to be notified of users added to or removed from the network.

●Dynamic Address Resolution Protocol (ARP) Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the insecure nature of ARP.

●DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC addresses. This feature can be used to prevent attacks that attempt to harm the DHCP binding database, and to rate limit the amount of DHCP traffic that enters a switch port.

Page 5 of 20

Data Sheet

●IP source guard prevents a malicious user from spoofing or taking over another user's IP address by creating a binding table between the client's IP and MAC addresses, port, and VLAN.

●DHCP Interface Tracker (Option 82) augments a host IP address request with the switch port ID.

●Port security secures the access to an access or trunk port based on the MAC address.

●After a specific time period, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.

●The Trusted Boundary feature provides the capability to trust the QoS priority settings if an IP phone is present and to disable the trust settings if the IP phone is removed, thereby preventing a malicious user from overriding prioritization policies in the network.

●Multilevel security on console access prevents unauthorized users from altering the switch configuration.

●The user-selectable address-learning mode simplifies configuration and enhances security.

●Bridge protocol data unit (BPDU) guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.

●Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.

●Internet Group Management Protocol (IGMP) filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.

●Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server (VMPS) client functions to provide flexibility in assigning ports to VLANs. Dynamic VLAN helps enable fast assignment of IP addresses.

●Cisco Network Assistant software security wizards ease the deployment of security features for restricting user access to a server as well as to a portion of or the entire network.

●Two thousand access control entries are supported.

Availability and Scalability

The Cisco Catalyst 3750 v2 Series is equipped with a robust set of features that allow network scalability and higher availability through IP routing as well as a complete suite of Spanning Tree Protocol enhancements that help increase availability in a Layer 2 network.

Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), Uplink Fast, and PortFast, increase network uptime. PVST+ allows Layer 2 load sharing on redundant links to efficiently use the additional capacity inherent in a redundant design. Uplink Fast, PortFast, and BackboneFast all greatly reduce the standard 30to 60-second Spanning Tree Protocol convergence time. Loop guard and BPDU guard provide Spanning Tree Protocol loop avoidance. Superior redundancy features include the following:

●Cisco Uplink Fast and BackboneFast technologies help ensure quick failover recovery, enhancing overall network stability and reliability.

●IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) provides rapid spanning-tree convergence independent of spanning-tree timers and the benefit of distributed processing.

●PVRST+ allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring implementation of spanning-tree instances.

●Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, fail-safe routing topologies.

●FlexLink enables fast failover for redundant links in a Layer 2 network. FlexLink offers a faster convergence than Spanning Tree Protocol and eliminates the need for Spanning Tree Protocol.

Page 6 of 20

+ 14 hidden pages