Cisco Catalyst 3850 IP User Manual

Data Sheet

Cisco Catalyst 3850 Series Switches

The digital transformation: Converged wired and wireless access and aggregation

The promise of digital for your business is all about innovating more quickly while reducing risk, cost, and complexity. It will be your network that forms the foundation of your business’s transformation.

But supporting your digital organization will require your network to move beyond just connectivity to be a platform for insights, automation, and security.

This is the power of the Cisco® Digital Network Architecture (Cisco DNA™). Cisco DNA is a monumental shift on how to design and build networks. The Cisco Catalyst® 3850 Series, as part of

the Cisco DNA portfolio of next-generation enterprise-class stackable Ethernet and Multigigabit Ethernet access and aggregation layer switches, securely enables time-saving virtualization, greater automation, and valuable analytics data that directly address your evolving business needs, including less cost to install and operate.

The Cisco Catalyst 3850 Series provides capabilities that ideally suited to support the convergence of wired and wireless access. The new Cisco Unified Access Data™ Plane (UADP) Application-Specific Integrated Circuit (ASIC) powers the switch and enables uniform wired-wireless policy enforcement, application visibility, flexibility, and application optimization. This convergence is built on the resilience of the new and improved Cisco StackWise®480 technology.

The Cisco Catalyst 3850 Series Switches support full IEEE 802.3at Power over Ethernet Plus (PoE+), Cisco Universal Power Over Ethernet (Cisco UPOE®), modular and field-replaceable network modules, RJ-45 and fiberbased downlink interfaces, and redundant fans and power supplies.

Product overview

●

Integrated wireless controller capability with:

◦ Up to 40G of wireless capacity per switch (48-port RJ45 models) ◦ Support for up to 100 access points and 2000 wireless clients on each switching entity (switch or stack)

●

24 and 48 10/100/1000Mbps data PoE+ and Cisco UPOE models with Energy-Efficient Ethernet (EEE)

●

24 and 48 100Mbps/1/2.5/5/10 Gbps Cisco UPOE models with Energy-Efficient Ethernet (EEE)

●

12- and 24-port 1 Gigabit Ethernet SFP-based models

●

12- and 24-port 1/10 Gigabit Ethernet SFP+-based models

●

48-port 1/10 Gigabit Ethernet SFP+ model with 4 fixed 40 Gigabit Ethernet QSFP+ uplinks

●

Cisco StackWise-480 technology provides scalability and resiliency with 480 Gbps of stack throughput1

●

Cisco StackPower® technology provides power stacking among stack members for power redundancy1

StackWise and StackPower technologies are not supported on the 48-port SFP+ switch model.

2 3 4 5

●

Five optional uplink modules2 with 4 x Gigabit Ethernet, 2 x 10 Gigabit Ethernet, 4 x 10 Gigabit Ethernet3, 8 x 10 Gigabit Ethernet4, or 2 x 40 Gigabit Ethernet QSFP+4 ports

●

Dual redundant, modular power supplies and three modular fans providing redundancy

●

Full IEEE 802.3at (PoE+) with 30W power on all copper ports in 1 Rack Unit (RU) form factor

●

Cisco UPOE with 60W power per port in 1 Rack Unit (RU) form factor

●

IEEE 802.3bz (2.5/5 G/s BASE-T) to go beyond 1 Gb/s with existing Cat5e and Cat6

●

IEEE 802.1ba AV Bridging (AVB) built-in to provide better AV experience for including improved time synchronization and QoS

●

Software support for IPv4 and IPv6 routing, multicast routing, modular Quality of Service (QoS), Flexible NetFlow (FNF), and enhanced security features

●

Single universal Cisco IOS® Software image across all license levels, providing an easy upgrade path for software features

●

Cisco DNA services delivered through Cisco ONE™ Software, providing simplified, high-value solutions with license portability and flexibility

●

Support for AES-256 with the powerful MACSEC 256-bit for SFP+ and Multigigabit models and 128-bit encryption algorithm available on all models

●

Enhanced Limited Lifetime Warranty (E-LLW) with Next Business Day (NBD) advance hardware replacement and 90-day access to Cisco Technical Assistance Center (TAC) support

Switch models and configurations

All switches ship with one of the five power supplies (350WAC, 715WAC, 750WAC, 1100WAC, or 440WDC)5. Figures 1 through 4 show the Cisco Catalyst 3850 Series Switches.

Figure 1. Cisco Catalyst 3850 Series Switches

Optional uplink modules are not supported on the 48-port 10G SFP+ switch model. Compatible only with the 48-port RJ45 models and with the 12-port (or higher) 10 Gigabit capable models. Compatible only with Cisco Catalyst 3850 Multigigabit and 24-port SFP+ switch models. The 48-port 10G SFP+ switch model will only support dedicated power supplies with front-to-back and back-to-front

configurations.

Model

Total 10/100/1000 or SFP or SFP+ ports

Default AC power supply

Available PoE power

StackWise-480

StackPower

WS-C3850-24T

350WAC

Yes

WS-C3850-48T

WS-C3850-24P

24 PoE+

715WAC

435W

WS-C3850-48P

48 PoE+

WS-C3850-48F

48 PoE+

1100WAC

800W

WS-C3850-24U

24 UPOE

1100WAC

800W

WS-C3850-48U

48 UPOE

1100WAC

800W

WS-C3850-24XU

24 UPOE (100Mbps/1/2.5/5/10 Gbps)

1100WAC

580W

WS-C3850-12X48U

48 UPOE (with 12 100Mbps/1/2.5/5/10 Gbps Ports)

1100WAC

630W

WS-C3850-12S

12 SFP

350WAC

WS-C3850-24S

24 SFP

WS-C3850-12XS

12 1/10G SFP+

350WAC

WS-C3850-24XS

24 1/10G SFP+

715 WAC

WS-C3850-48XS

48 1/10G SFP+

750WAC (front to back)

Figure 2. Cisco Catalyst 3850 Series Switches with 12 and 24 1/10 Gigabit Ethernet SFP+ ports

Figure 3. Cisco Catalyst 3850 Series Switches with 12 and 24 1 Gigabit Ethernet SFP ports

Figure 4. Cisco Catalyst 3850 Series Switches with 10 Gigabit Ethernet 48 ports

Table 1 shows the Cisco Catalyst 3850 Series configurations.

Table 1. Cisco Catalyst 3850 Series configurations

Model

Network modules

WS-C3850-24T

C3850-NM-4-1G, C3850-NM-2-10G

WS-C3850-48T

C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G

WS-C3850-24P

C3850-NM-4-1G, C3850-NM-2-10G

WS-C3850-48P

C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G

Network modules

The Cisco Catalyst 3850 Series Switches support five optional network modules for uplink ports. The default switch configuration does not include the network module. At the time of switch purchase the customer has the flexibility to choose from the network modules described in Table 2.

Figure 5 shows the following network modules:

●

4 x Gigabit Ethernet with Small Form-Factor Pluggable (SFP) receptacles

●

2 x 10 Gigabit Ethernet with SFP+ or 4 x Gigabit Ethernet with SFP receptacles

●

4 x 10 Gigabit Ethernet with SFP+ receptacles (supported only on the 48-port Gigabit Ethernet models or on the 12-port or higher 10 Gigabit Ethernet models)

Figure 5. Network modules with four Gigabit Ethernet, two 10 Gigabit Ethernet SFP+, or four 10 Gigabit Ethernet SFP+

interfaces

Figure 6 shows the following network modules:

●

8 x 10 Gigabit Ethernet with Small Form-Factor Pluggable+ (SFP+) receptacles

●

2 x 40 Gigabit Ethernet with Quad Small Form-Factor Pluggable+ (QSFP+) receptacles

Figure 6. Network modules with two 40 Gigabit Ethernet QSFP+ or eight 10 Gigabit Ethernet SFP+ interfaces

The C3850-NM-4-10G module is supported only on the 48-port Gigabit Ethernet models or on the 12-port or higher 10 Gigabit Ethernet models. The C3850-NM-8x10G and C3850-NM-2x40G modules are supported on the 24-port and 48-port multigigabit switches and also on the 24-port 10G SFP+ switch model. The C3850-NM-4-1G and C3850-NM-2-10G modules are not supported on the 12-port and 24-port SFP+ models.

Table 2. Network module compatibility matrix

WS-C3850-48F

C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G

WS-C3850-24U

C3850-NM-4-1G, C3850-NM-2-10G

WS-C3850-48U

C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G

WS-C3850-24XU

C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G, C3850-NM-8-10G, C3850-NM-2-40G

WS-C3850-12X48U

C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G, C3850-NM-8-10G, C3850-NM-2-40G

WS-C3850-12S

C3850-NM-4-1G, C3850-NM-2-10G

WS-C3850-24S

C3850-NM-4-1G, C3850-NM-2-10G

WS-C3850-12XS

C3850-NM-4-10G

WS-C3850-24XS

C3850-NM-4-10G, C3850-NM-8-10G, C3850-NM-2-40G

WS-C3850-48XS

None

Interface options

Network module

10 Gigabit Ethernet SFP+ ports

Gigabit Ethernet SFP ports

4 x Gigabit Ethernet

4 x Gigabit Ethernet/2 x10 Gigabit Ethernet network modules

2 2 0

4 x Gigabit Ethernet/4 x10 Gigabit Ethernet network modules

4 0 0

3 1 1

An SFP+ receptacle supports both 10 Gigabit Ethernet and Gigabit Ethernet modules, allowing customers to use their investment in Gigabit Ethernet SFP modules and upgrade to 10 Gigabit Ethernet when business demands change without having to do a comprehensive upgrade of the access switch. In contrast, SFP receptacles can be used only as Gigabit Ethernet ports, as shown in the examples in Table 3.

Table 3. Network module configuration examples

Dual redundant modular power supplies

The Cisco Catalyst 3850 Series Switches support dual redundant power supplies.6 The switch ships with one power supply by default, and the second power supply can be purchased at the time of ordering the switch or at a later time. If only one power supply is installed, it should always be in power supply bay 1. The switch also ships with three field-replaceable fans. (See Figure 7.)

The 48-port 10G SFP+ switch model will only support dedicated power supplies with front-to-back and back-to-front

configurations.

Model

Default power supply

Available PoE power

24-port data switch

PWR-C1-350WAC

48-port data switch

24-port PoE switch

PWR-C1-715WAC

435W

48-port PoE switch

48-port full PoE switch

PWR-C1-1100WAC

800W

24-port UPOE switch

PWR-C1-1100WAC

800W

48-port UPOE switch

24-port Multigigabit UPOE switch

PWR-C1-1100WAC

580W

48-port Multigigabit UPOE switch

PWR-C1-1100WAC

630W

12-port SFP switch

PWR-C1-350WAC

24-port SFP switch

12-port SFP+ switch

PWR-C1-350WAC

24-port SFP+ switch

PWR-C1-715WAC

48-port SFP+ switch (WS-C3850-48XS-S and WS-C3850-48XS-E)

PWR-C3-750WAC-R

48-port SFP+ switch (WS-C3850-48XS-F-S and WS-C3850-48XS-F-E)

PWR-C3-750WAC-F

Model

Number of 440WDC power supplies

Total available PoE budget

24-port PoE switch

220W

660W

48-port PoE switch

185W

625W

24-port Multigigabit UPOE switch

360W

48-port Multigigabit UPOE switch

410W

Figure 7. Dual redundant power supplies

Table 5 shows the different power supplies available in these switches and available PoE power.

Table 4. Power supply models

In addition to the power supplies listed in Table 5, a 440WDC power supply is available as a configuration option and also as a spare (that is, it can be ordered separately) on all switch models. The DC power supply also delivers PoE capabilities for maximum flexibility (refer to Table 6 for available PoE budget with DC power supplies). Customers can mix and match the AC and DC power supplies in the two available power supply slots. Any of these power supplies can be installed in any of the switches.

Table 5. Available PoE with DC power supply

24-port PoE switch

48-port PoE switch

PoE on all ports (15.4W per port)

One PWR-C1-715WAC

One PWR-C1-1100WAC or two PWR-C1-715WAC

PoE+ on all ports (30W per port)

One PWR-C1-1100WAC or two PWR-C1-715WAC

Two PWR-C1-1100WAC or one PWR-C1-1100WAC and one PWR-C1-715WAC

24-port UPOE switch

48-port UPOE switch

24-port Multigigabit UPOE switch

48-port multigigabit UPOE switch

UPOE (60W per port) on all (24 port switch) or max. 30 ports (48 port switch)

One PWR-C1-1100WAC and one PWR-C1-715WAC

Two PWR-C1-1100WAC

Power over Ethernet Plus (PoE+)

In addition to PoE (IEEE 802.3af), the Cisco Catalyst 3850 Series Switches support PoE+ (IEEE 802.3at standard), which provides up to 30W of power per port. The Cisco Catalyst 3850 Series Switches can provide a lower Total Cost of Ownership (TCO) for deployments that incorporate Cisco IP phones, Cisco Aironet® wireless LAN (WLAN) access points, or any IEEE 802.3at-compliant end device. PoE removes the need for wall power to each PoEenabled device and eliminates the cost for additional electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments. Table 7 shows the power supply combinations required for different PoE needs.

Table 6. Power supply requirements for PoE and PoE+

Cisco Universal Power over Ethernet (Cisco UPOE)

Cisco UPOE (Table 8) is a breakthrough technology, offering the following services and benefits.

●

60W per port to enable a variety of end devices such as Samsung VDI client, BT IP turret systems in trading floors, Cisco Catalyst compact switches in retail/hospitality environments, personal Cisco TelePresence® systems, and physical access control devices

●

High availability for power and guaranteed uninterrupted services, a requirement for critical applications (e911)

●

Lowering OpEx by providing network resiliency at lower cost by consolidating backup power into the wiring closet

●

Faster deployment of new campus access networking infrastructures by eliminating the need for a power outlet for every endpoint

Table 7. Power supply requirements for Cisco UPOE

Cisco Catalyst Multigigabit Ethernet technology

Cisco Multigigabit Ethernet is a unique Cisco innovation to the new Cisco Catalyst Ethernet access switches. With the enormous growth of 802.11ac and new wireless applications, wireless devices are promoting the demand for more network bandwidth. This creates a need for a technology that supports speeds higher than 1 Gbps on all cabling infrastructure. Cisco Multigigabit technology allows you to achieve bandwidth speeds from 1 Gbps through 10 Gbps over traditional Cat 5e cabling or above. In addition, the Multigigabit ports on select Cisco Catalyst switches support UPOE, which is increasingly important for next-generation workspaces and Internet of Things (IoT) ecosystems.

Cisco Multigigabit technology offers significant benefits for a diverse range of speeds, cable types, and PoE power. The benefits can be grouped into three different areas:

●

Multiple speeds: Cisco Multigigabit technology supports autonegotiation of multiple speeds on switch ports. The supported speeds are 100 Mbps, 1 Gbps, 2.5 Gbps, and 5 Gbps on Cat 5e cable and up to 10 Gbps over Cat 6a cabling.

●

Cable type: The technology supports a wide range of cable types, including Cat 5e, Cat 6, and Cat 6a or above.

●

PoE power: The technology supports PoE, PoE+, and UPOE for all the supported speeds and cable types.

For more information, visit https://www.cisco.com/c/en/us/solutions/enterprise-networks/catalyst-multigigabit-

switching/index.html.

SD-Access architecture

What if you could give time back to IT? And provide network access in minutes for any user or device to any application – without compromise?

Cisco Software-Defined Access (SD-Access) is the industry’s first intent-based networking solution for the enterprise, built on the principles of Cisco’s Digital Network Architecture (Cisco DNA™). SD-Access provides automated, end-to-end segmentation to separate user, device, and application traffic without the need to redesign the network. SD-Access automates user access policy so organizations can make sure the right policies are established for any user or device with any application across the network. This is accomplished with a single network fabric across LAN and WLAN, which creates a consistent user experience anywhere without compromising on security.

Organizations have many challenges today in managing the network to drive business outcomes. These limitations are due to manual configuration and fragmented tool offerings. SD-Access provides:

●

A transformational management solution that reduces operational expenses and enhances business agility

●

Consistent management of wired and wireless network provisioning and policy

●

Automated network segmentation and group-based policy

●

Contextual insights for fast issue resolution and capacity planning

●

Open and programmable interfaces for integration with third-party solutions

For an overview of key use cases that SD-Access addresses, refer to the SD-Access Solution Overview.

Feature

Cisco DNA Essentials

Cisco DNA Advantage

Day 0 network bring-up automation

Cisco Network Plug-and-Play application, network settings, device credentials

✓

Element management

Discovery, inventory, topology, software image, licensing, and configuration management

✓

Element management

Patching

✗

✓

Network monitoring

Product Security Incident Response Team (PSIRT) compliance, end-of-life/end-ofsale reporting, telemetry quotient, client 360, device 360, top talkers/ NetFlow/streaming telemetry collection and correlation

✓

Static QoS configuration and monitoring

EasyQoS application

✓

Policy-based automation

SD-Access, group-based policy for access, app prioritization, monitoring, and path selection; SD-Access with integrated wireless

✗

✓

Network assurance and analytics

Insights gained from analytics and machine learning for the network, clients and applications that cover onboarding, connectivity, and performance

✗

✓

Product ID

Description

12-port

C3850-DNA-E-12

C3850 DNA Essentials, 12-port term licenses

C3850-DNA-E-12-3Y

C3850 DNA Essentials, 12-port, 3-year term license

C3850-DNA-E-12-5Y

C3850 DNA Essentials, 12-port, 5-year term license

C3850-DNA-E-12-7Y

C3850 DNA Essentials, 12-port, 7-year term license

C3850-DNA-A-12

C3850 DNA Advantage, 12-port term licenses

C3850-DNA-A-12-3Y

C3850 DNA Advantage, 12-port, 3-year term license

C3850-DNA-A-12-5Y

C3850 DNA Advantage, 12-port, 5-year term license

C3850-DNA-A-12-7Y

C3850 DNA Advantage, 12-port, 7-year term license

SD-Access licensing

To be able to benefit from the SD-Access architecture, you must purchase an add-on licensing package. Such licensing package includes the Cisco DNA Essentials and Cisco DNA Advantage options. Add-on licenses have to be purchased for a 3-, 5-, or 7-year term (and hence are also known as term-based licenses). Product SKUs for these packages are given in Table 10 below.

Ordering and managing licenses with smart accounts: Creating smart accounts by using the Cisco Smart Software Manager (SSM) enables you to order devices and licensing packages and also to manage your software licenses from a centralized website. You can set up Cisco SSM to receive daily email alerts and to be notified of expiring add-on licenses that you want to renew. When the license term expires, you can either renew the add-on license to continue using it or deactivate the add-on license and then reload the switch to continue operating with the base license capabilities.

Note: You are not required to deploy Cisco DNA Center just to use one of the license packages.

Table 9 shows the features included in the Essentials and Advantage packages.

Table 8. Essentials and Advantage package features

Table 10 shows the product IDs for these licenses.

Table 9. Essentials and Advantage package product IDs

Product ID

Description

24-port

C3850-DNA-E-24

C3850 DNA Essentials, 24-port term licenses

C3850-DNA-E-24-3Y

C3850 DNA Essentials, 24-port, 3-year term license

C3850-DNA-E-24-5Y

C3850 DNA Essentials, 24-port, 5-year term license

C3850-DNA-E-24-7Y

C3850 DNA Essentials, 24-port, 7-year term license

C3850-DNA-A-24

C3850 DNA Advantage, 24-port term licenses

C3850-DNA-A-24-3Y

C3850 DNA Advantage, 24-port, 3-year term license

C3850-DNA-A-24-5Y

C3850 DNA Advantage, 24-port, 5-year term license

C3850-DNA-A-24-7Y

C3850 DNA Advantage, 24-port, 7-year term license

48-port

C3850-DNA-E-48

C3850 DNA Essentials, 48-port term licenses

C3850-DNA-E-48-3Y

C3850 DNA Essentials, 48-port, 3-year term license

C3850-DNA-E-48-5Y

C3850 DNA Essentials, 48-port, 5-year term license

C3850-DNA-E-48-7Y

C3850 DNA Essentials, 48-port, 7-year term license

C3850-DNA-A-48

C3850 DNA Advantage, 48-port term licenses

C3850-DNA-A-48-3Y

C3850 DNA Advantage, 48-port, 3-year term license

C3850-DNA-A-48-5Y

C3850 DNA Advantage, 48-port, 5-year term license

C3850-DNA-A-48-7Y

C3850 DNA Advantage, 48-port, 7-year term license

Spares

C3850-DNA-E-12=

C3850 DNA Essentials, 12-port term licenses spare

C3850-DNA-A-12=

C3850 DNA Advantage, 12-port term licenses spare

C3850-DNA-E-24=

C3850 DNA Essentials, 24-port term licenses spare

C3850-DNA-A-24=

C3850 DNA Advantage, 24-port term licenses spare

C3850-DNA-E-48=

C3850 DNA Essentials, 48-port term licenses spare

C3850-DNA-A-48=

C3850 DNA Advantage, 48-port term licenses spare

Benefits

Converged wired plus wireless access

The Cisco Catalyst 3850 is the first stackable access switching platform that enables wired plus wireless services on a single Cisco IOS XE Software-based platform. With this, Cisco has pioneered a host of rich capabilities such as high availability based on Stateful Switchover (SSO) on stacking, granular QoS, security, and Flexible NetFlow (FNF) across wired and wireless in a seamless fashion. Also, the wired plus wireless features are bundled into a single Cisco IOS Software image, which reduces the number of software images that users have to qualify/certify before enabling them in their network. The single console port for Command-Line Interface (CLI) management reduces the number of touch points to manage for wired plus wireless services, thereby reducing network complexity, simplifying network operations, and lowering the TCO to manage the infrastructure.

Converged wired plus wireless not only improves wireless bandwidth across the network but also the scale of wireless deployment. Each 48-port Cisco Catalyst 3850 provides 40 Gbps of wireless throughput (20 Gbps on the 24-port/12-port models). This wireless capacity increases with the number of members in the stack. This makes sure that the network can scale with current wireless bandwidth requirements, as dictated by IEEE 802.11n-based access points and with future wireless standards such as IEEE 802.11ac. Additionally, the Cisco Catalyst 3850 distributes the wireless controller functions to achieve better scalability. Each Cisco Catalyst 3850 switch/stack can operate as the wireless controller in two modes (Figure 8):

●

Mobility Agent (MA): This is the default mode in which a Cisco Catalyst 3850 switch ships. In this mode the switch is capable of terminating the CAPWAP tunnels from the access points and providing wireless connectivity to wireless clients. Maintaining wireless client databases and configuring and enforcing security and QoS policies for wireless clients and access points can be enforced in this mode. No additional license on top of IP Base is required to operate in the mobility agent mode.

●

Mobility Controller (MC): In this mode, the Cisco Catalyst 3850 switch can perform all the mobility agent tasks in addition to mobility coordination, Radio Resource Management (RRM), and Cisco CleanAir® coordination within a mobility subdomain. The mobility controller mode can be enabled on the switch CLI. IP Base license level is required when the Cisco Catalyst 3850 switch is acting as the mobility controller. A centrally located Cisco 5508 Wireless LAN Controller (WLC 5508), Cisco Wireless Services Module 2 (WiSM2) (when running AireOS Version 7.3), and Wireless LAN Controller 5760 can also perform this role for larger deployments.

●

With mobility agents located in the wiring closets providing 40 Gbps of wireless per 48-port Gigabit Ethernet RJ45 switch (n x 40 Gbps for a stack of n switches) and mobility controllers managing some of the central wireless functions, the converged access-based wireless deployment provides best-in-class scalability for wireless and significantly improved wireless throughput.

Figure 8. Mobility Controller (MC) and Mobility Agent (MA)

For more information about Converged Wired plus Wireless Access, refer to the Q&A document here:

https://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-3850-series-switches/cisco-catalyst-3850series-switches-faq.pdf.

Distributed intelligent services

Flexible NetFlow (FNF)

Full visibility into the wired plus wireless traffic is achieved because of the access point Control and Provisioning of Wireless Access Points (CAPWAP) tunnel termination on the switch. This helps identify users and user traffic flows in order to identify potential attackers and take corrective action at the access layer before the attack penetrates further into the network. This is achieved using FNF, which monitors every single flow entering and exiting the switch stack for wired and wireless users. It also helps identify the top wired/wireless talkers and enforce appropriate bandwidth provisioning policies.

QoS

The Cisco Catalyst 3850 switch has advanced wired plus wireless QoS capabilities. It uses the Cisco modular QoS command line interface (MQC). The switch manages wireless bandwidth using unprecedented hierarchical bandwidth management starting at the per-access-point level and drilling further down to per-radio, per-service set identification (SSID), and per-user levels. This helps manage and prioritize available bandwidth between various radios and various SSIDs (enterprise, guest, and so on) within each radio on a percentage basis. The switch is also capable of automatically allocating equal bandwidth among the connected users within a given SSID. This makes sure that all users within a given SSID get a fair share of the available bandwidth while being connected to the network. The UADP ASIC enables the hierarchical bandwidth management and fair sharing of bandwidth, thereby providing hardware-based QoS for optimized performance at line-rate traffic.

In addition to these capabilities, the switch is able to do Class of Service (CoS) or Differentiated Services Code Point (DSCP) based queuing, policing, shaping, and marking of wired plus wireless traffic. This enables users to create common policies that can be used across wired plus wireless traffic. The Cisco Catalyst 3850 also supports downloadable policy names from the Cisco Identity Services Engine (ISE) when a user successfully authenticates to the network using the ISE.

Security

The Cisco Catalyst 3850 provides a rich set of security features for wired plus wireless users. Features such as IEEE 802.1x, port security, Dynamic Host Configuration Protocol (DHCP) Snooping and Guard, Dynamic ARP Inspection, RA Guard, IP Source Guard, Control Plane Protection (CoPP), Wireless Intrusion Prevention Systems (WIPSs), and so on enable protection against unauthorized users and attackers. With a variety of wired plus wireless users connecting to the network, the switch supports session-aware networking, in which each device connected to the network is identified as one session, and unique Access Control Lists (ACLs) and/or QoS policies can be defined and applied using the ISE for each of these sessions, providing better control on the devices connecting to the network.

AES-256 MACsec encryption is the IEEE 802.1AE standard for authenticating and encrypting packets between switches and endpoints. The Cisco Catalyst 3850 Series switches support 256-bit (SFP+ and Multigigabit models only) and 128-bit Advanced Encryption Standard (AES) on all ports at all speeds, providing the most secure link encryption.

+ 26 hidden pages