Cisco Catalyst 9300 User Manual

Data Sheet

Cisco Catalyst 9300

Series Switches

Built for Security, IoT, Mobility, and Cloud

Contents

Product Overview: Features 4

Platform Details 5

Platform Benefits 10

Software Requirements 16

Licensing 16

Specifications 19

Warranty 28

Cisco Services 29

Ordering Information 30

Cisco Capital 34

Document History 35

The Cisco® Catalyst® 9300 Series Switches are Cisco’s lead stackable enterprise switching platform built for

security, IoT, mobility, and cloud. They are the next generation of the industry’s most widely deployed

switching platform. The Catalyst 9300 Series switches form the foundational building block for SoftwareDefined Access (SD-Access), Cisco’s lead enterprise architecture. At 480 Gbps, they are the industry’s highest-density stacking bandwidth solution with the most flexible uplink architecture. The Catalyst 9300 Series is the first optimized platform for high-density 802.11ac Wave2. It sets new maximums for network scale. These switches are also ready for the future, with an x86 CPU architecture and more memory, enabling them to host containers and run third-party applications and scripts natively within the switch.

The Catalyst 9300 Series is designed for Cisco StackWise® technology, providing flexible deployment with support for nonstop forwarding with Stateful Switchover (NSF/SSO), for the most resilient architecture in a stackable (sub-50-ms) solution. The highly resilient and efficient power architecture features Cisco StackPower®, which delivers high-density Cisco Universal Power Over Ethernet (Cisco UPOE®) and Power over Ethernet Plus (PoE+) ports. The switches are based on the Cisco Unified Access™ Data Plane 2.0 (UADP)

2.0 architecture which not only protects your investment but also allows a larger scale and higher throughput. A modern operating system, Cisco IOS XE with programmability offers advanced security capabilities and Internet of Things (IoT) convergence.

The foundation of Software-Defined Access

Advanced persistent security threats. The exponential growth of Internet of Things (IoT) devices. Mobility everywhere. Cloud adoption. All of these require a network fabric that integrates advanced hardware and software innovations to automate, secure, and simplify customer networks. The goal of this network fabric is to enable customer revenue growth by accelerating the rollout of business services.

The Cisco Digital Network Architecture (Cisco DNA™) with SD-Access is the network fabric that powers business. It is an open and extensible, software-driven architecture that accelerates and simplifies your enterprise network operations. The programmable architecture frees your IT staff from time-consuming, repetitive network configuration tasks so they can focus instead on innovation that positively transforms your business. SD-Access enables policy-based automation from edge to cloud with foundational capabilities. These include:

●

Simplified device deployment

●

Unified management of wired and wireless networks

●

Network virtualization and segmentation

●

Group-based policies

●

Context-based analytics

Cisco ONE Software

Cisco ONE™ Software offers a valuable and flexible way to buy software for the access, WAN, and data center domains. At each stage in the product lifecycle, Cisco ONE Software helps make buying, managing, and upgrading your network and infrastructure software easier. Cisco ONE Software provides:

●

Flexible licensing models to smoothly distribute customers’ software spending over time

●

Investment protection for software purchases through software services–enabled license portability

●

Access to updates, upgrades, and new technology from Cisco through Cisco® Software Support Services (SWSS)

●

Lower cost of entry with the new Cisco ONE Subscription for Switching model

Cisco ONE for Access lets you manage your entire switching structure as a single, converged component. With one management system and one policy for wired and wireless networks, it offers an efficient way to provide more secure access.

Product Overview: Features

Product Highlights

●

Highest wireless scale with Wave 2 access points supported on a single switch with select models

●

UADP 2.0 Application-Specific Integrated Circuit (ASIC) with programmable pipeline and microengine capabilities, along with template-based, configurable allocation of Layer 2 and Layer 3 forwarding, Access Control Lists (ACLs), and Quality of Service (QoS) entries

●

x86 CPU complex with 8-GB memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot to host containers

●

USB 2.0 slot to load system images and set configurations

●

Up to 480 Gbps of local stackable switching bandwidth

●

Flexible and dense uplink offerings with 1G, Multigigabit, 10G, 25G, and 40G

●

Flexible downlink options with 1G and Multigigabit links

●

Leading PoE capabilities with up to 384 ports of PoE per stack, 60W Cisco UPOE, and PoE+

●

Intelligent Power Management with Cisco StackPower technology, providing power stacking among members for power redundancy

●

Line-rate, hardware-based Flexible NetFlow (FNF), delivering flow collection of up to 64,000 flows

●

IPv6 support in hardware, providing wire-rate forwarding for IPv6 networks

●

Dual-stack support for IPv4/IPv6 and dynamic hardware forwarding table allocations, for ease of IPv4to-IPv6 migration

●

IEEE 802.1ba AV Bridging (AVB) built in to provide a better audio and video experience through improved time synchronization and QoS

●

Precision Time Protocol (PTP; IEEE 1588v2) provides accurate clock synchronization with submicrosecond accuracy making it suitable for distribution and synchronization of time and frequency over network

●

Cisco IOS XE, a modern operating system for the enterprise with support for model-driven programmability including NETCONF, RESTCONF, YANG, on-box Python scripting, streaming telemetry, container-based application hosting, and patching for critical bug fixes. The OS also has built-in defenses to protect against runtime attacks

●

SD-Access: The Cisco Catalyst 9300 Series Switches form the foundational building block for SD-

Access, Cisco’s lead enterprise architecture:

◦ Policy-based automation from edge to cloud ◦ Simplified segmentation and micro-segmentation, with predictable performance and scalability ◦ Automation through the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) ◦ Policy handled through the Cisco Identity Services Engine (ISE) ◦ Network assurance provided through the Network Data Platform ◦ Faster launch of new business services and significantly improved issue resolution time

●

Plug and Play (PnP) enabled: A simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or updates to an existing network

●

Advanced security ◦ Encrypted Traffic Analytics (ETA): You benefit from the power of machine learning to identify and take

actions toward threats or anomalies in your network, including malware detection in encrypted traffic (without decryption) and distributed anomaly detection

◦ Support for AES-256 with the powerful MACsec 256-bit encryption algorithm available on all models ◦ Trustworthy systems: Hardware anchored Secure Boot and Secure Unique Device Identification (SUDI)

support for Plug and Play, to verify the identity of the hardware and software

Platform Details

Switch Models and Configurations

The Cisco Catalyst 9300 Series is made up of seven different switch models. Any of the models can be used together in a stack of up to eight units (Figure 1).

Model

Total 10/100/1000 or Multigigabit copper ports

Default AC power supply

Available PoE power

Cisco StackWise480

Cisco StackPower

C9300-24T

24

350W AC

Yes

C9300-48T

48

350W AC

Yes

C9300-24P

24 POE+

715W AC

445W

Yes

C9300-48P

48 POE+

715W AC

437W

Yes

C9300-24U

24 Cisco UPOE

1100W AC

830W

Yes

C9300-48U

48 Cisco UPOE

1100W AC

822W

Yes

C9300-24UX

24 Multigigabit Cisco UPOE (100M, 1G, 2.5G, 5G, or 10 Gbps)

1100W AC

560W

Yes

C9300-48UXM

36x 100 Mbps,1G,

2.5G + 12x Multigigabit (100M, 1G, 2.5G, 5G, or 10 Gbps)

1100W AC

490W

Yes

Figure 1.

Cisco Catalyst 9300 Series Switches

Table 1 lists port scale and power details for the Cisco Catalyst 9300 Series models.

Table 1. Cisco Catalyst 9300 Series Switch configurations

Network Modules

The Cisco Catalyst 9300 Series Switches support optional network modules for uplink ports (Figure 2). The default switch configuration does not include the network module. When you purchase the switch, you can choose from the network modules described in Table 2.

Network module

Description

C9300-NM-4G

9300 Series 4x 1G Network Module

C9300-NM-4M

9300 Series 4 x Multigigabit Network Module

C9300-NM-8X

9300 Series 8x 10G Network Module

C9300-NM-2Q

9300 Series 2x 40G Network Module

C9300-NM-2Y

9300 Series 2x 25G Network Module

Figure 2.

Cisco Catalyst 9300 Series network modules

Table 2. Network module numbers and descriptions

Please note: Existing 3850 network modules are also supported in the Cisco Catalyst 9300 Series platforms.

For additional details, please read our FAQs:

https://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-9300-series-switches/nb-09-cat-9kfaq-cte-en.pdf.

Power Supplies

The Cisco Catalyst 9300 Series Switches support dual redundant power supplies. The switches ship with one power supply by default, and the second power supply can be purchased when the switch is ordered or at a later time. If only one power supply is installed, it should always be in power supply bay #1. The switches also ship with three field-replaceable fans.

Model

Default power supply

Available PoE power

With 350W Secondary PS

With 715W Secondary PS

With 1100W Secondary PS

24-port data switch

PWR-C1-350WAC

–

48-port data switch

PWR-C1-350WAC

24-port PoE+ switch

PWR-C1-715WAC

445W

720W*

48-port PoE+ switch

PWR-C1-715WAC

437W

787W

1152W

1440W*

24-port Cisco UPOE switch

PWR-C1-1100WAC

830W

1180W

1440W*

48-port Cisco UPOE switch

PWR-C1-1100WAC

822W

1172W

1537W

1800W**

24-port Multigigabit Cisco UPOE switch

PWR-C1-1100WAC

560W

910W

1275W

1440W*

48-port 2.5G (12 Multigigabit – 1/2.5/5/10G)

PWR-C1-1100WAC

490W

840W

1205W

1590W

Description

Performance

Switching capacity

208 Gbps on 24-port Gigabit Ethernet model 256 Gbps on 48-port Gigabit Ethernet model 640 Gbps on 24-port Multigigabit Ethernet model 580 Gbps on 48-port 2.5G (12 Multigigabit) Ethernet model

All models are wire-speed nonblocking performance

Stacking bandwidth

480 Gbps

Total number of MAC addresses

32,000

Figure 3.

Cisco Catalyst 9300 Series dual redundant power supplies

Table 3 lists the different power supplies available in these switches and available PoE power.

Table 3. Power supply models

*

Limited by port number and port rating (e.g. 24 PoE+ 30W ports = 720W)

**

Limited by design

25G and 40G in the Cisco Catalyst 9300 Series enable greater architectural flexibility and infrastructure investment protection by allowing a nondisruptive migration from 10G to 25G and beyond.

Performance and Scalability

Performance and scalability metrics for the Cisco Catalyst 9300 Series are provided in Table 4.

Table 4. Performance specifications

Description

Performance

Total number of IPv4 routes (ARP plus learned routes)

32,000 (24,000 direct routes and 8000 indirect routes)

IPv4 routing entries

32,000

IPv6 routing entries

16,000

Multicast routing scale

8000

QoS scale entries

5120

ACL scale entries

5120

Packet buffer per SKU

16 MB buffer for 24- or 48-port Gigabit Ethernet models

32 MB buffer for 24-port Multigigabit

FNF entries

64,000 flow on 24- and 48-port Gigabit Ethernet models

128,000 flows on 24-port Multigigabit

DRAM

8 GB

Flash

16 GB

VLAN IDs

4000

Total Switched Virtual Interfaces (SVIs)

2000

Jumbo frames

9198 bytes

Total routed ports per 9300 Series stack

208

Wireless

Wireless bandwidth per switch

Up to 96 Gbps on 48-port Gigabit Ethernet model

Up to 48 Gbps on 24-port Gigabit Ethernet model

Forwarding rate of switch models (with 2x 40 Gigabit Ethernet uplinks for 24-port models and 48‑port models)

Model

Forwarding rate

C9300-24T

154.76 Mpps

C9300-24P

154.76 Mpps

C9300-24U

154.76 Mpps

C9300-48T

190.48 Mpps

C9300-48P

190.48 Mpps

C9300-48U

190.48 Mpps

C9300-24UX

476.19 Mpps

C9300-48UXM

431.54 Mpps

Description

Performance

Forwarding rate for both IPv4 and IPv6 at 64bytes

SD-Access Architecture

What if you could give time back to IT? Provide network access in minutes for any user or device to any application – without compromise? SD-Access is the industry’s first policy-based automation from network edge to cloud. Your foundation for your digital network, Cisco Software-Defined Access (SD-Access). Built on the principles of the Cisco Digital Network Architecture (Cisco DNA™), SD-Access provides end-to-end segmentation to keep user, device and application traffic separate without a redesign of the network. It automates user access policy so organizations can make sure the right policies are set for any user or device with any application across the network. This is accomplished with a single network fabric across LAN and WLAN which creates a consistent user experience anywhere without compromising on security.

There are many challenges today in managing the network to drive business outcomes. These limitations are due to manual configuration and fragmented tool offerings. SD-Access provides:

●

A transformational management solution that reduces operational expenses and enhances business agility

●

Consistent management of wired and wireless network provisioning and policy

●

Automated network segmentation and group-based policy

●

Contextual insights for fast issue resolution and capacity planning

●

Open and programmable interfaces for integration with third-party solutions

For an overview of key use-cases SD-Access addresses, refer to SD-Access Solution Overview.

Platform Benefits

Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring

through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various automation mechanisms are outlined below.

●

Automated device provisioning is the ability to automate the process of upgrading software images and installing configuration files on Cisco Catalyst switches when they are being deployed in the network for the first time. Cisco provides both turnkey solutions such as Plug and Play and off-theshelf tools such as Zero-Touch Provisioning (ZTP) and Preboot Execution Environment (PXE) that enable an effortless and automated deployment.

●

API-driven configuration is available with modern network switches such as the Cisco Catalyst 9300 Series. It supports a wide range of automation features and provides robust open APIs over NETCONF and RESTCONF using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources.

●

Granular visibility enables model-driven telemetry to stream data from a switch to a destination. The data to be streamed is identified through subscription to a data set in a YANG model. The subscribed data set is streamed to the destination at specified intervals. Additionally, Cisco IOS XE enables the push model. It provides near-real-time monitoring of the network, leading to quick detection and rectification of failures.

●

Seamless software upgrades and patching supports OS resilience. Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support lets you add patches without having to wait for the next maintenance release.

Security

●

Encrypted Traffic Analytics (ETA) is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is becoming encrypted, the visibility this feature affords for threat detection is critical for keeping your network secure at different layers.

●

AES-256 MACsec encryption is the IEEE 802.1AE standard for authenticating and encrypting packets between switches. The Cisco Catalyst 9300 Series switches support 256-bit and 128-bit Advanced Encryption Standard (AES), providing the most secure link encryption.

●

Trustworthy systems built with Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. With The Catalyst 9300 Series, these technologies enable hardware and software authenticity assurance for supply chain trust and strong mitigation against man-in-themiddle attacks that compromise software and firmware. Trust Anchor capabilities include:

◦ Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other

software are authentic and unmodified. As the system boots, the system’s software signatures are

checked for integrity.

◦ Secure Boot: Cisco Secure Boot technology anchors the boot sequence chain of trust to immutable

hardware, mitigating threats against a system’s foundational state and the software that is to be loaded,

regardless of a user’s privilege level. It provides layered protection against the persistence of illicitly

modified firmware.

◦ Cisco Trust Anchor module: A tamper-resistant, strong cryptographic, single-chip solution provides

hardware authenticity assurance to uniquely identify the product so that its origin can be confirmed to Cisco. This provides assurance that the product is genuine.

Resiliency and High Availability

●

StackWise-480: The Cisco Catalyst 9300 Series supports the industry’s highest back-panel stacking bandwidth solution (480 Gbps) with StackWise-480. Up to 8 Switches can be configured in a Stackwise-480 with the special connector at the back of the switch using dedicated stack cables.

Cisco Catalyst 9300 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Power Supplies

Performance and Scalability