borderless for engineers

Cisco Borderless Networks and Security Solutions for Partner Engineers

Cisco Confidential 2

Course ObjectivesUpon completion of this course, you will be able to:

► Describe the competitive positioning of Cisco small and midsize business solutions

► Describe the Cisco Borderless Networks and Security solutions for small and midsize customers

► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Networks and Security solutions

► Identify the appropriate Borderless Networks and Security solution to match customer needs

► Articulate the value of Cisco Borderless Networks and Security solutions over the competition

► Describe technical considerations for Cisco Borderless Networks and Security solutions for small and midsize business customers

► Describe plan, design, and build considerations for Cisco Borderless Networks and Security solutions for small and midsize business customers


Course Outline

The learning objectives will be covered in the following modules:

► Cisco Borderless Network and Security Solutions Competitive Positioning for Partner Engineers

► Cisco Borderless Network Routing Solutions for Partner Engineers

► Cisco Borderless Network Switching Solutions for Partner Engineers

► Cisco Borderless Network Wireless Solutions for Partner Engineers

► Cisco Security Solutions for Partner Engineers

Cisco Confidential 4Cisco Confidential 4

Cisco Borderless Networks and Security Competitive Positioning for Partner Engineers


Module Objectives

► Describe the Cisco Borderless Network and Security solutions for small and midsize customers

► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network and Security solutions

► Articulate the value of Cisco Borderless Network and Security solutions over the competition

Upon completion of this module, you will be able to:


Outline

The learning objectives will be covered in the following sections:► Cisco Borderless Network and Security Solutions for Small and Midsize

Business Customers

► Benefits of Cisco Borderless Network and Security Solutions for Small and Midsize Business Customers

► Competing With Cisco Borderless Network and Security Solutions

Cisco Borderless Network and Security Solutions for Small and Midsize Business Customers


Changing Environment; Shifting Borders

IT Consumerization

Device Border

Mobile Worker

Location Border

Video / Cloud

IaaS,SaaS

Application Border

External-FacingApps

Internal Apps


Cisco Architectural Solutions

Borderless Networks

SecurityData Center

and Virtualization

Collaboration

Unique Approach to Customer Solutions


New Architectural Approach: Business + Technical

► Business Architecture

► Enhances customer relationships

► Supports new growth models

► Provides workforce flexibility

► Solves business challenges

► Technical Architecture

► Delivers flexibility to address shifting borders

► Enhances productivity

► Improves operational efficiency

► Provides high-quality experiences


Cisco architectures provide benefits customer care about

Cisco Architecture Benefits

Agility

Quickly adopt new solutions, deploy on-

premise, cloud or both

Control

Maximize security and availability

Independence

Maximize productivity by supporting Anyone. Anything, Anywhere,

Anytime

Value

Increase capabilities and operational

excellence while reducing costs


Cisco solutions will address these challenges

Cisco Architectures Solve Customer Challenges

Increase ROI

Greater reliability and productivity and lower TCO provide ROI to

customer

Provide Reliability

Core hardware and OS design supports

network functionality with high uptime

Boost Productivity

Broad features set enables diverse

workloads

Lower Service & Support Costs

Reduce total cost of ownership, maximize

contribution of IT

Benefits of Cisco Borderless Network and Security Solutions for Small and Midsize Business Customers


Borderless Network ArchitectureArchitecture for Agile Delivery of the Borderless Experience

BORDERLESSINFRASTRUCTURE

Application Networking/ Optimization

Switching SecurityRoutingWireless

BORDERLESSNETWORKSYSTEMS

BORDERLESSNETWORK SERVICES

BORDERLESSEND-POINT / USER SERVICES Security, Reliably, Seamlessly: AnyConnect

Mobility:Motion

AppPerformance: App Velocity

Energy Management: EnergyWise

Multimedia Optimization:

Medianet

Security:TrustSec

Next-GenWAN

Campus Core

UnifiedAccess

POLICY

MANAGEMENT

SMART PROFESSIONAL AND TECHNICAL SERVICES:Realize the Value of Borderless Networks Faster

APIs


Context-Aware, Prioritized, High-Quality Voice and Video

No Resource Reservation, Degraded Voice and Video

CEO Meeting

M&A Negotiation

Sports Event

GLOBAL BUSINESS,

WORLDWIDE OFFICES

Can My Network Deliver Real-Time Collaboration Experiences?

CEO Meeting

M&A Negotiation

Sports Event

MedianetTransform Voice and Video Experiences


Up to 2X Improved Response Time and 90% Reduced Bandwidth Cost

Compromisedand Costly Experience

Can My Network Optimize Performance of Applications Anytime, Anywhere?

SP C

SP D

SP D

SP A

SP B

SP C

SP D

SP D

SP C

SP D

SP D

SP A

SP B

SP A

SP B

App Velocity: Visibility, Optimization, AgilitySuperior Application Performance, Better User Experience

Shortest path selected

No applicationcontrolWasted

bandwidth

Real-time Fastest Path

Scalable App Visibility

Embedded WAN Optimization


“Lean” Application Hosting Provides Branch-to-Cloud Application Survivability and Infrastructure

Agility

Unreliable WAN Leads to Poor Experience with Cloud/Data Center

Hosted Applications

Can My Network Optimize Performance of Applications Anytime, Anywhere?

Cloud

WAN

Cloud

WAN

UCS-E

App Velocity: Network and Application AgilityEnables Business Continuity and Network Reliability


Managed Nightly Shutdown

$280,000

Annual Energy Costs

$770,000

EnergyWiseReducing Energy Costs

Am I Using My Network to Reduce My Energy Costs?

Countywide OfficeEnergy Management

No Energy Management

COUNTY OFFICES

10,000 PCsTotal Savings

$430,000

Additional Energy Policies

$150,000


FlexibleCentralized

DIVERSEUSERS, DEVICES,

DATA

Policy and TrustSec Centralized Management, Context-Aware Enforcement

Do I Have a Consistent Access Policy ArchitectureAcross My Network for All Users and Devices?

InflexibleHard to Manage

Wired

Wireless

VPN

Complex, Multidimensional Simple


Encrypted, Tamper-Proof Transactions

Clear Data and Video Streams in LAN

DD D D D D D D D

VV V V V V V V VDD D D D D D D D

VV V V V V V V VMALICIOUS GUEST USER

TrustSec TechnologyNext-Generation Security

Is My Network Ready for Current and Future Regulatory Requirements?


AnyConnect Secure MobilityNext-Generation Security

Can Mobile Devices Access My Network Securely, Reliably, and Seamlessly?

Secure Mobile ConnectivityUnmanaged Devices, Risk ofData Loss, and Lack of Access

AcceptableUse

Access Control

Data Loss Prevention

MOBILEEXECUTIVE


Critical Questions for your Customers to Consider

► Do I have a consistent Access Policy Architecture across my network for all users and devices?

► Can mobile devices access my network securely, reliably, and seamlessly?

► Can my network deliver real-time collaboration experiences?► Can my network deliver protection from the

premises to the Cloud?► Can my network optimize performance of

applications anytime, anywhere?► Am I using my network to reduce my energy costs?► Is my network ready for current and future

regulatory requirements?► What vendor can help me do all of the above?


Delivering the Borderless ExperienceServices to Accelerate the Transformation

Enablea Smart Network

Enablethe Architecture

EnableBusiness Solutions

Where Do I Start? Network Services

DeploymentEnergyWise Services

TrustSec Services

Application Velocity Services

Video Experience Service

How Do I Keep It Current?Network Life Cycle ServicesNetwork Optimization Service

Smart Net Total Care Services

Smart Care Service

SMARTnet

IT Cost Optimization Service

Where Am I Now?Architectural Assessments

IPv6 Services

Medianet Readiness Assessment

Professional and Technical Services from Cisco and Our Partners


Cisco Delivers the Platform for Your Business

Innovations

The Borderless Organization Needs a Borderless Network

Architecture

Cisco Is Uniquely Equipped to Deliver That Architecture with “Broad and Deep” Network

Innovation

Go Borderless


Where do I start?

2. Invest in the architectures, professional services, & market knowledge

3. Take advantage of our channel investments

1. Customer’s are in transition – Opportunity!

4. Generate Demand with Partner Marketing Resources

Competing With Cisco Borderless Network and Security Solutions


Cisco leads the marketplace in anticipating and leading transitions

The Cisco partner owns this relationship and must lead decision makers in business relevant discussions about their concerns

Cisco competitive portal has a wealth of information for tactical sales issues

Partner Competitive Concerns

How to Address:Concerns:

Market Transitions

Other Vendors

Decision Maker Concerns

http://cisco.com/go/competitive


Architectural Services

and Practices

Solutions &

Business Models

Systems

Products

Technology Integration

Cust

omer

Re

leva

nce

Moving the Decision Making Point


Decision Makers Overview

►Key groups that: ► Set goals and expectations

► Establish criteria for desirable solution characteristics

►Understand their concerns and responsibilities and address these in their proposals

►Three key groups:► Business Decision Maker (CxO)

► Technical Decision Maker

► Line of Business Manager


Business Decision Makers (CxO) • BDMs value:

Increased profitability

Higher sales growth

New market expansion

Increased customer satisfaction

Increased revenue generation

• BDMs like to save money, but understand the value of investing to save:

Understand their business first

Identify their cost centers

Determine how the solution saves money

Place a dollar figure on new capabilities the solution enables


Winning with BDMs

• How to Remove Objections

Change the goal:

The goal is not to buy a switch or a router

This is a point product approach

The goal is a solution that will:

Protect the ability to increase profit and productivity

Lower costs

• Show how Cisco solutions meet the new goal


Technical Decision Makers

• TDMs value:Simplicity and functionality

Security and availability

Adaptability

Meeting business expectations

TDMs like to increase reliability and reduce operational expense:

Understand what the business expects of them

Determine how to meet those expectations

Determine how the solution saves money

Show how the solution can quickly adapt to new demands


Winning with TDMs


Align their goals with the business decision makers:

The goal is not to buy a product that has feature “X”


The goal is a solution that will:

Provide a secure, available and agile platform that supports the business

Be manageable end to end, with visibility across all system components

Provide value through increased productivity and/or reduced total cost of ownership



Line of Business Managers As Decision Makers

• Line of Business Managers value:Solutions to their business problems

Fast execution from problem identification to implementation

Stability and availability once solution in place

Ability to address new requirements over time

Line of Business Managers need to meet immediate needs and adapt to new ones:

Understand their unique business need

Determine how to meet that need

Determine how the solution improves their operations

Show how the solution can quickly adapt to new demands


Winning with Line of Business Managers


Align our solution with their pressing business need

The goal is not to buy a product that solves just one need


The goal is a solution that will

Quickly solve the current problem

Be able to quickly adapt to new demands

Avoid restarting the need-solution cycle from scratch every time a new need is identified



Costs of Different Vendor Approaches

36


Benefits of Primary Vendor Approach


Degree of Integration

Leve

l of

Cust

omiza

tion

VerticalSegment

CustomerSpecific

Generic

TechnicalIntegration

CommercialIntegration

Single Product

Require an

Approach

Architectural

Source: McKinsey Marketing and Sales Practice White Paper. April 2003. Solution Selling: Is the Pain Worth the Gain?

Product Push

Solution Pull

From Single Products to Integrated Solutions


Competing Message In A Box► Competitive Portal on Cisco.com

► http://cisco.com/go/competitive

► Cisco Architectural Solutions on Partner Central

► http://www.cisco.com/assets/sol/xarch/asd/index.html

► Transformative Networking

► http://www.cisco.com/web/partners/sell/technology/borderless/transformative_networking.html

► Cisco Partner Community

► https://communities.cisco.com/community/partner

► Cisco Capital

► http://www.cisco.com/go/ciscocapital

► Cisco Midsize Solutions

► http://www.cisco.com/web/midsize/midsize_partners.html




http://www.cisco.com/assets/sol/xarch/asd/index.html

http://www.cisco.com/assets/sol/xarch/asd/index.html

http://www.cisco.com/web/partners/sell/technology/borderless/transformative_networking.html

http://www.cisco.com/web/partners/sell/technology/borderless/transformative_networking.html

https://communities.cisco.com/community/partner

https://communities.cisco.com/community/partner

http://www.cisco.com/go/ciscocapital

http://www.cisco.com/web/midsize/midsize_partners.html

http://www.cisco.com/web/midsize/midsize_partners.html

Module Summary


Summary

► Today’s market transitions—increasing video traffic, a wider range of access devices, and more and more mobile and remote workers are driving the need for a Borderless Organization

► A Borderless Network Architecture is an imperative if an organization wants to ensure seamless, secure, reliable communications between employees, partners, and customers

► Cisco is uniquely equipped to deliver the end-to-end architecture with its deep and broad technology heritage as well as technology and market leadership

► Partners need to understand the needs and concerns of key customer decision makers so that they can properly position Cisco Borderless Network Architecture solutions


Review: Borderless Network Services

Which of the following are Cisco Borderless Network Services? (choose two)

A) ASA

B) MediaNet

C) IOS

D) TrustSec


Review: Borderless Network Services

Which of the following are Cisco Borderless Network Services? (choose two)

B) MediaNet

D) TrustSec


Review: BDM Concerns

What are the concerns of a Business Decision Maker? (Choose two)

A) Security and availability

B) Avoid restarting the need-solution cycle

C) Increased profitability

D) New market expansion


Review: BDM Concerns

What are the concerns of a Business Decision Maker? (Choose two)

C) Increased profitability

D) New market expansion


Cisco Borderless Network Routing Solutions for Partner Engineers


Module Objectives

► Describe the Cisco Borderless Network Routing solutions for small and midsize customers

► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network Routing solutions

► Identify the appropriate Borderless Network Routing solution to match customer needs

► Articulate the value of Cisco Borderless Network Routing solutions over the competition

► Describe technical considerations for Cisco Borderless Network Routing solutions for small and midsize business customers

► Describe plan, design and build considerations for Cisco Borderless Network Routing solutions for small and midsize business customers



Module Outline

The learning objectives will be covered in the following modules:

► Cisco Borderless Network Routing Solutions for Small and Midsize Business Customers

► Benefits of Cisco Routing Solutions for Small and Midsize Business Customers

► Competing With Cisco Borderless Network Routing Solutions

► Technical Considerations for Cisco Borderless Network Routing Solutions

► Plan, Design, and Build Considerations for Cisco Borderless Network Routing Solutions

Cisco Borderless Network Routing Solutions for Small and Midsize Business Customers



Customer Challenges

Increase ROI


customer

Provide Reliability



Boost Productivity


workloads



contribution of IT


Cisco SMB Router Portfolio OverviewISR 800

Advanced network features

Solid Baseline Routing

VoiceData

RV Series SRP 500

Foundational and managed

Entry Level FeaturesLow TCO

Any Device HD Video

Affordable and easy to use

ISR 1900 ISR 2900, 3900

Competitive feature set at compelling

prices

Industry-leading modular routes

VDI

Innovative Services

Data Voice


Small Business Routers

► Provide simplicity and affordability for small business customers

► Offer competitive feature set

► Support easy deployment and management via GUI

RV0/RV320 SeriesRV100 Series RV200 Series SRP500 Series

Entry Level Security Performance, Wi-Fi and Security

Wired, Max VPN, Load Balancing

DSL Connectivity, Embedded Intelligence


Common Features

►Key Features:► Price - performance mix sets them

apart from competition

► Enhanced features: VLAN’s, ACL, QoS, IPv6

► Easy to use/simplified configuration

► Cisco quality, security and reliability

► Limited lifetime warranty

► Cisco Small Business Support Center staffed by professionals with CCNA certification

►Key Competitive Messages► Cisco RV Series routers offer

the best value/feature mix

► Priced lower than key competitors

► Customers can protect their investment with the Small Business Investment Protection trade-up program


Small Business Router Warranties

► Limited Lifetime Warranty on all RV routers:► Coverage for lifetime of RV router or 5 years after End of Sale announcement

Replacement in the event of failure

► 1 Year Limited Warranty on SRP500

► Features:► Return to Factory Replacement

► 1 year of technical support from Small Business Support Center

► Lifetime OS Software Updates


Evolves With Your BusinessIntelligent Services

Converged Services

Cisco ISR G2 Series Routers

Entry-Level

ISR 800 SeriesISR 1900 Series

ISR 3900 SeriesISR 2900 Series

Secure, Reliable, Concurrent Services

Modular Access, High-Performance

Embedded, Advanced Voice, Video

Pe

rfo

rma

nc

e,

Sc

ala

bil

ity,

Av

ail

ab

ilit

y

Business Agility & Value


Security U.C. Data

IP Base

Cisco IOS Universal Image

► Ease of Ordering► A single IOS Universal Image will ship

with all ISR G2 platforms

► Features are activated via licensing

► No need to install a new IOS

► Four IOS enforceable licenses enable full suite of functionality that were previously offered in eight images

► Operational Simplicity► Try and Buy (60- day evaluation)

► Test drive before purchasing

► Services on Demand ► IOS feature upgrades can be done by enabling

a new license key, reducing the need fortruck-rolls to remote offices


Service Modules 3-7x increase in service module

performance Existing NM support through adapter EPoE capable

Internal Services Module 3x increase in service

module performance Configurable power savings mode 802.11n Option 19xx

EHWIC 2x performance

increase HWIC/WIC/VWIC/

VIC support natively EPoE capable

Multi-core Network Processor Up to 5x performance

increase

Multi Gigabit Fabric Module to module

communications Packet prioritization

and shaping

NG DSP Modules Video ready DSP modules 4x increase in audio conferencing

and transcoding Configurable power savings modes

GbE Ports Plus GbE ports

(3 on 2911+) SFP slots on 2921

and above

USB Console over USB Convenience storage Security credentials

Services Performance Engine (3900) Upgradeable with newer

engines in the future

Cisco Integrated Services Routers G2Under the covers


Simplify OperationsOptimize

Ensure Business Continuity

Fully Secure

► Scalable VPN services with data protection

► PCI compliance solution

► Zone-based firewall

► Web security with malware detection

► Secure cloud services

► IP telephony with SIP trunking

► Video to any device

► Integrated video assessment, monitoring, and troubleshooting

► Wireless LAN and WAN services

► 3G/4G wireless WAN backup

► Virtualized server for local application hosting

► Services redundancy for voice, video, and data

► Embedded WAN optimization and app visibility

► Video conferencing: planned, ad hoc

► Router integrated rich-media optimization for VXI

► Branch-in-a-Box (service integration)

► On-demand service delivery with service virtualization

► Centralized management

► Energy efficiency with slot-based power controls

Enable New Capabilities

ISR G2 Meets Business Needs


ISR G2 Services Portfolio

Network and Security Services Compute Servicesand Applications

Collaboration Services

Network Services

Network and Physical Security

Unified Communications

Application Infrastructure

Industry Applications

Branch IT Infrastructure and

Management

High-performance Communication and

Collaboration

Secure, Protect, Compliance

Customized for Vertical Applications

Consolidate Branch Applications, High

Performance

► Wireless LAN Controller (WLC)

► Cisco Network Analysis (NAM)

► Cisco Wide Area Application Services (WAAS)

► Cisco Unity® Express module (voicemail, IVR)

► NICE Voice Recording (AXP)

► SingleWire Informacast (AXP)

► Video Surveillance

► Threat Defense

► ICW Healthcare Connector on AXP

► Tiani Medical Data Exchange on AXP

► Global Protocols Skipware (AXP)

► Cisco Application Extension Platform (AXP)

► Integrated Storage System

► Industry Standard Virtualization

► Windows Server


Service Modules and Interface Cards

EHWICEnhanced High Speed WAN Interface Card

ISMInternal Service

Module

SMServiceModule

PVDM3Packet Voice/Data Module

Interface Cards (WAN or LAN)

Internal Module for Running Services That Don’t Require Interface Ports, Dedicated CPU and Memory

Independent CPU and Memory for Hosting Services or High Density Interface Ports.

High Density Rich-Media Voice and Video DSP Modules


Services Ready Engine (SRE)

Internal Service Module (ISM)Compact and Internally-Pluggable Form Factor

Supported on all 1900, 2900, and 3900 ISRsSelected Services Available

Single Model—SRE 300 ISM

Service Module (SM)Versatile and High-Performance Form Factor

Supported on 2911, 2921, 2951 and all 3900 ISRsFull Range of Services Available

Two Models—SRE 700 / 710 SM and SRE 900 / 910 SM

No Additional Cabling, Ethernet Ports, Power Supplies, and Rack Space Required

Remote Energy Management With Schedulable On/Off Times

High-performance Hardware—up to 7x Of Previous Generation

Size-, Weight- and Power-efficient Form Factor With Low Carbon Footprint

Remote Configuration and Troubleshooting, On-board Hardware Diagnostics

All Resources Are Isolated, Dedicated, And Independent of the Host Router


EtherSwitch Service Modules (ESM)► 16, 24, and 48 ports of GE

or FE LAN

► Feature parity with Catalyst 3560-E and 2960

► Local Line-rate Layer 2/3 switching

► Supports Cisco EnergyWisefor green IT

► LAN traffic performance optimization between modules, with no impact on CPU/WAN performance

► Integrates the latest enterprise switch featuresinto the router

► Industry Leading Power Over Ethernet

► Industry leading security and authentication

► Auto Smartports for plug and play port configuration


ISR G2 Warranties

► Standard Hardware Warranty Terms:► Coverage for 90 days (ISR 2900, 3900)

► Coverage for 1 year (ISR 800, 1900)

► 10-day Advance Replacement

► No Technical Support

► No Software Updates

► Strongly recommended that customers purchase a support contract for ISR G2 products


Enhancing the Borderless Experience

ISR G2 Product Portfolio

ISR 800 Family

Small or Virtual Office

ISR 1900 Family

Secure Mobility

ISR 2900 Family

Secure Collaboration

… to provideActionable InsightISR 3900 Family

Scalable Rich Media Services


Cisco 800 Series

Fixed Configuration Platform

►Secure collaboration

►Unified wireless mobility

►High availability

►Simplified operations

►1 year limited warranty

860 880 890

WAN Ports 1 FE/ADSL 1 FE/xDSL 1 FE1 GE

WAN Backup No Yes Yes

LAN Ports 4 4 8

PoE Support — — 4 ports

Optional .11n 2.4 GHz 2.4 GHz 2.4 and 5 GHz

Security Basic Advanced Advanced

Positioning Statement Entry-level, highly secure

Full featured, highly secure

Voice with survivability


Cisco 1900 Series

Secure Mobility Platform► Desktop form factor► 25 Mbps WAN access

(with services)► Optional integrated

802.11n wireless► Double-wide HWIC slot► 1 year limited warranty

1941/W 1921

SM Slots 0 0

ISM Slots1 / or optional 802.11n

fixed wireless0

EHWIC Slots 2 2

WAN Ports 2 GE 2 GE

DSP Slots 0 0

Form Factor 2U 1U

Positioning Statement High performance, full featured

Flexible broadband connectivity


Cisco 2900 Series

Secure Collaboration Platform► 75Mbps WAN access

(with services)► Video-ready DSP support► Second Services Module slot► 90 day limited warranty

2951 2921 2911 2901

SM Slots 2 1 1 0

ISM Slots 1 1 1 1

EHWIC Slots 4 4 4 4

DSP Slots 3 3 2 2

WAN Ports 3 GE(1 SFP)

3 GE(1 SFP) 3 GE 2 GE

Form Factor 2RU 2RU 2RU 1RU

Positioning Statement

Maximum

power and

flexibility

Midrange power and flexibility

Small and

powerful


Cisco 3900 Series

Secure Mobility Platform► 150 Mbps WAN access

(with services)► Upgradeable services

performance engine (SPE)► Configurable dual Integrated

Redundant Power supplies► 90 day limited warranty

3945E 3945 3925E 3925

SM Slots 4 2 4 2

ISM Slots 0 1 0 1

EHWIC Slots 3 4 3 4

DSP Slots 3 4 3 4

WAN Ports 4 GE 3 GE 4 GE 3 GE

Form Factor 3RU 3RU 3RU 3RU

Positioning Statement

Highest density and performance

Density and performance


350 Phones

3945250

Phones

3925

150 Phones

2951100

Phones

292135 Phones

2901

50 Phones

2911

Cisco Unified Communications Manager Express

Extended Modular Connectivity (EVM, ISM,

SM, WIC/VIC)

Multiple Services

High Density ServicesModularity with Performance

Optimized for “All-in-one” Solution (NM-SM, NME,

EVM, ISM, WIC/VIC)

Low Density Services

Concurrent Services and Performance (UCME 8.6)

Benefits of Cisco Routing Solutions for Small and Midsize Business Customers


Borderless Networks Drive Growth and Change

Harness Video as the agent of change to realize closer customer contact, enhance customer experience and customer loyalty

Transform the workspace experience and increase productivity. Automate business processes to drive down costs

Accelerate growth by integrating innovations into the business process—bringing interactions faster to the customer


Operational Complexity► Higher cost of ownership

► Lower business efficiency

Infrastructure Bottlenecks

► Inconsistent Application Performance

► Decreased employee productivity

Service Inconsistency► Poor workspace

experience

► Limited business flexibility

Consequences of Not Having a Borderless Network


Operational Excellence►Operational Simplicity

► Greener technology

► Rapid ROI with Investment Protection

Video-Ready► Rich-media applications

► High performance

► Application optimization

Service Virtualization► Services “On-Demand”

► Customized Applications

► Cloud extension

Benefits of Cisco Borderless Networks

Business Innovation

Customer Experience Lowest TCO


Key Stakeholder Messages

► Stakeholders focus on different issues depending on their responsibilities at work

► Key stakeholders include technical, operational and executive decision makers

► Adjust your positioning statements to take into account the different emphasis of each stakeholder


Improve Capability Cisco innovations and technologies lead the market in new capabilities

Reduce Downtime

Cisco end-to-end integration and unified management tools keep complexity under control

Reduce Complexity and Simplify Management

Cisco reliability and TAC support minimize downtime

IT Manager Concerns

Cisco Benefit:Concerns:


Improve Sales Pipeline Cisco agility and flexibility support new business initiatives

Improve Operational Processes and Efficiency

Cisco integration with collaboration and social tools keep customers close

Improve Customer Service

Cisco performance and features speed up work while reducing costs

Operations / Business Manager Concerns



Generate New Revenue Streams

Cisco product breadth provides solutions for the widest range of needs

Increase Profit

Cisco positions the network for future growth and capabilities

Make Intelligent Investments

Cisco solutions provide reduced TCO and improved ROI

Finance/CEO/Owner Concerns



Network Investment Requirements

► Intelligent investment in the network is required to ensure network security and flexibility

► Migration to a highly resilient foundation is critical to current and future network needs

► Integration of advanced solutions for security, media transport, wireless LAN, storage and energy use


Consequences of Not Investing

► When companies fail to upgrade to a borderless network:

► Deploying new applications and services takes longer

► Security becomes more difficult to achieve

► Network availability degrades and downtime increases

► New applications and traffic types fail to perform properly


Success Story

► Opresa transforms sales and distribution operations and becomes more profitable with Cisco Borderless Network solution


Success Story

Business Challenges Manual sales reporting with

inadequate communications facilities between sales outlets and headquarters

• Inefficient supply chain processes and inability to take advantage of economies of scale with major suppliers or implement real time sales promotions

Cisco® Solution Company-wide adoption of

retail ERP system supported by secure Cisco Borderless Network foundation

GSM connections for remote locations

Business Results Maximized stock control

efficiencies with real time sales reporting and forecasting

Increased profitability from lower administrative overheads, better stock control, and ability to tap into new markets such as mobile top-ups

Catpulting Supply Chain into 21st CenturyOpresa

“We wanted a flexible architecture with room for future growth ”

—Arben Gagani, Chief IT Officer, Opresa

Competing With Cisco Borderless Network Routing Solutions


Compete by Understanding Buyers’ Needs


Key Messages for Each Buyer


Winning With Product Buyers

► View of Business► Discriminating small and midsize enterprises view business

connectivity as critical to improving efficiencies

► View of Technology► Depend on real-time access to mission-critical apps to mobilize

business; less client interaction on the network

► Win with Cisco by Emphasizing► Cisco offers products and services that help ensure simplified and

scalable business connectivity:

► The right features and expandability options

► Ready to use setup

► Operational out of the box

► 24-hour tech support

► Flexible and affordable financing


Winning With Solution Buyers

► View of Business► Discriminating small and midsize enterprises view workforce

productivity as critical to better serving more customers

► View of Technology► Growth is thrust upon them; they are pressured to better serve more

customers, increasing customer interaction on the network

► Win with Cisco by Emphasizing► Cisco helps create a workspace environment with flexible and

responsive solutions:

► End-to-end solutions and expandability options

► Flexible on-premises, hybrid, and cloud deployments

► Simplified design and installation

► Greater network visibility and control


Winning With Architectural Buyers

► View of Business► Create competitive advantage in today’s rapidly changing

marketplace through dynamic business models

► View of Technology► Network is the business – heavy customer and employee interaction;

they are pressured to offer differentiated products and services

► Win with Cisco by Emphasizing► Cisco offers an architecture that is a dynamic and scalable service

delivery platform that enables:

► Personalized and pervasive engagement

► Agile and efficient operations

► Open and protected IT environment

► Rapid and repeatable services provisioning


Compete by Understanding the Environment

Converting Asserting

Establishing Defending

Using Competitor

Considering Competitor

Cisco Neutral Cisco Friendly


Using Competitor, Considering Cisco

Convert Customers

► Customer has strong relationship with other vendor

► Goal: Demonstrate Cisco superior routing and switching solutions

► How: Competitor likely won on price - show how Cisco solutions save money by consolidating devices, integrating management and enabling borderless network capabilities

Converting


Using Competitor and Cisco

Assert Cisco Benefits

► Customer has mixed-vendor environment and strong relationships with both vendors

► Goal: Demonstrate the benefits of a single-vendor solution based on Cisco Borderless Networks

► How: Show how Cisco routing solutions integrate security at the core, support new services via MediaNet, reduce costs through EnergyWise and unify the network via the broad Cisco portfolio

Asserting


New or No Vendor Commitment

Establish Cisco Strength

► Customer has new location or old equipment in existing location and weak relationship with other vendor

► Goal: Introduce Cisco networking strengths, product breadth and support capabilities

► How: Show how Cisco routing and switching solutions solve IT challenges, help adopt new business tools, save on costs, and improve network performance

Establishing


Using Cisco, Considering Competitor

Refresh the Base

► Customer has existing Cisco relationship and equipment that is approaching retirement

► Goal: Refresh their network with up-to-date Cisco solutions

► How: Show how Cisco solutions provide long-term benefits, and how Cisco Services make the transition simple and smooth

Defending


Questions to Start Conversations

How do you use the network in your business?

How long will your next investment last?

Does your network allow you to easily add new services or business applications?

Does the network hinder your ability to implement new business priorities?

Is your network borderless, providing secure anywhere, anytime, any-device access? Can you network:

–– Provide protection from the premises to the cloud?–– Optimize performance of applications anytime, anywhere?–– Enable mobile users to securely and transparently connect from any location?–– Help your organization reduce energy costs?

Are you able to scale your resources to all your remote locations?


Routing Message In A Box► Cisco Routing on Cisco.com

► http://cisco.com/go/router

► Cisco Routing on Partner Central

► http://www.cisco.com/en/US/partner/products/hw/routers/partner.html

► Programs and Incentives

► http://www.cisco.com/go/vip

► http://www.cisco.com/go/oip

► Cisco Borderless Networks Partner Community

► https://communities.cisco.com/community/partner/borderlessnetworks

► Cisco Capital

► http://www.cisco.com/go/ciscocapital

► Cisco How to Create A Trade-in Quote

► http://www.cisco.com/web/partners/downloads/partner/WWChannels/sales_marketing_resources/ctmp/quick_quote.pptx

http://cisco.com/go/router



http://www.cisco.com/en/US/partner/products/hw/routers/partner.html

http://www.cisco.com/en/US/partner/products/hw/routers/partner.html

http://www.cisco.com/go/vip

http://www.cisco.com/go/oip

https://communities.cisco.com/community/partner/borderlessnetworks

http://www.cisco.com/go/ciscocapital

http://www.cisco.com/web/partners/downloads/partner/WWChannels/sales_marketing_resources/ctmp/quick_quote.pptx

http://www.cisco.com/web/partners/downloads/partner/WWChannels/sales_marketing_resources/ctmp/quick_quote.pptx

Technical Considerations for Cisco Borderless Network Routing Solutions


Cisco ISR G2


Central Site Router Selection ConsiderationsFactors to consider when choosing a router:

► Bandwidth and Throughput► How much traffic needs to be routed on the LAN?

► How much traffic needs to be routed on the WAN?

► Traffic Types and Needs► What kind of traffic is being routed?

► Are there any special needs?

► LAN/WAN Connectivity Options:► How are we connecting to the LAN/WAN?

► Is redundancy required?


Central Site Router Selection Considerations (Cont.)

Factors to consider when choosing a router:

► CPU Load► Do we need to run multiple simultaneous services?

► What services do we need to run?

► Routing protocol requirements► Do we need to static or dynamic routing?

► What protocols do we need to run?

► Security requirements► Will the router be providing security as well?

► What security services will be required?


Branch Site Router Selection ConsiderationsFactors to consider when choosing a router:

► Users and Applications► How many users / devices are at the branch location?

► What type of applications are they using?

► Voice and Video► Will IP phones be used at the branch?

► Where is call control located?

► Is there a PSTN gateway at the branch?

► Are there legacy devices to integrate?


Branch Site Router Selection Considerations (Cont.)Factors to consider when choosing a router:

► Security requirements► What security services are required?

► Is tight integration with central site security required?

► Compliance requirements► Are there compliance considerations at the branch?

► Is compliance monitoring required?

► Connectivity► Is WLAN a requirement at the branch?

► What LAN and WAN technologies are needed?


ISR 800 Series Capabilities


ISM-VPN Test PerformanceISR G2 IPsec IMIX Performance Comparison

Cisco 1941

Cisco 2901

Cisco 2911

Cisco 2921

Cisco 2951

Cisco 3925

Cisco 3945

Onboard VPN ISM

IPS

ec T

hro

ug

hp

ut

(Mb

ps)

60 60 65 80

150215

245

170 170 170215

395

715 715

2.8X 2.8X 2.6X2.7X

2.6X

3.3X 2.9X

1. Single stream of IPsec traffic with AES encryption is used for the throughput measurement

2. Performance numbers are captured @ NDR (No Drop Rate)

3. IMIX composition: 61% 90-byte, 24% 594-byte, 15% 1418-byte packets

Plan, Design, and Build Considerations for Cisco Borderless Network Routing Solutions


Plan, Design, Build for Partner Engineers

► There are three major responsibilities of the partner engineer during the customer engagement:

► Plan the feature requirements and assess product choice against features

► Design a solution based on understanding of required functions and best practices

► Build a solution by deploying, configuring and managing it

• Feature Requirements

• Product AssessmentPlan

• Determine Function

• DesignDesign

• Deploy• Configure• Manage

Build


Planning

► In the case of Cisco routers, one of our key planning steps is to determine the required version of IOS and the features it will support

► Use Cisco Software Advisor to assist in feature research


• Product Assessment

Plan


Licensing Overview Prior to IOS 15.0

► Prior to Cisco IOS Release 15.0, a software image was selected based on the required feature set of the customer

► There were eight software packages that satisfied requirements in different categories


Licensing Overview

► Since the introduction of Cisco IOS Software Release 15.0, the universal image contains all packages and features in one image

► Multiple technology package licenses can be installed and activated on the Cisco 1900, 2900 and 3900 series Integrated Services Router platforms

► Individual features can be enabled or disabled by license keys, including:

Technology Package License Features

IP Base Entry-level Cisco IOS functionality

Data MPLS, ATM, and multiprotocol support

Security Cisco IOS Firewall, IPS, IPSec, 3DES, and VPN

Unified Communications VoIP and IP Telephony


Technology License Packages

DataMPLS, BFD, RSVP,

L2VPN, L2TPv3, IP SLA etc.Devices 1900,2900,3900

SecurityCisco IOS Firewall,

SSL VPN, DMVPN, IPS,GET VPN, IP sec etc.

Devices 1900,2900,3900

IPBaseBGP, OSPF, EIGRP, ISIS, RIP, PBR, IGMP, Multicast

Default image for Access RoutersDevices: 1900, 2900, 3900

Unified CommunicationsCUBE, SRST, Voice Gateway,

CUCME, DSP, VXML etc.Devices 2900,3900

Cisco software activation process identified at http://www.cisco.com/go/sa.

Cisco IOS Software licensing and packaging details at http://www.cisco.com/go/g2licensing.


Standard vs No Payload Encryption

► Cisco Universal IOS supports two images for each router platform:

► Universalk9: Offers all the Cisco IOS features including strong payload cryptography features such as IPSec VPN, SSL VPN, and Secure Unified Communications

► Universalk9_npe: Does not support any strong crypto functionality such as payload cryptography or secure voice – designed for import into CIS countries

Platform Image Name

1905/1921/1941/1941W c1900-universalk9-mz, c1900-universalk9_npe-mz

2901/2911/2921 c2900-universalk9-mz, c2900-universalk9_npe-mz

2951 c2951-universalk9-mz, c2951-universalk9_npe-mz

3925/3945 c3900-universalk9-mz, c3900-universalk9_npe-mz


Licensing Overview From IOS 15.0


Cisco Feature Navigator Overview

http://tools.cisco.com/ITDIT/CFN/

http://tools.cisco.com/ITDIT/CFN/


Cisco Feature Navigator Example


Cisco Feature Navigator Example (Cont.)


Permanent License Installation


Evaluation License Installation

Temporary licenses available at http://www.cisco.com/go/license


License Backup


Disabling an Active Permanent License


Uninstalling a Permanent License


Licensing Verification


Designing

► Correct design requires understanding router capabilities:

► Router Architecture► Router Role► Static and Dynamic Routing

► Design best practices:► Best Practices for Inter VLAN Routing► Hierarchical Design


• DesignDesign


Router Architecture

► Logical Diagram of Internal components of a Cisco router


Role of a Router

► Routers are required to reach hosts that are not in our local network

► Routers use a routing table to reach those networks


Static and Dynamic Routing

Static Routing

►Static routers are entered manually by the administrator

►Particularly useful in small networks

►A network topology change requires a manual update

►Routing behavior is simple and can be precisely controlled

►A network routing protocol is used to adjust automatically to changes

►Particularly useful in larger networks

►Routers learn and maintain routes in a routing table to reach all destinations

►More complex to manage, but also more scalable

Dynamic routing


Dynamic Routing Protocols

►EIGRP ► Cisco Proprietary

► Loop free classless routing

► Reduced overhead and bandwidth usage

► Easy to configure no area design requirements

►OSPF ► Developed By IETF

► Loop free classless routing

► More processor and memory intensive

► More complicated to configure but supports a wide range of special use cases


Inter-VLAN Routing

► A VLAN creates a logical subnet and broadcast domain

► Inter-VLAN routing facilitates communication between multiple VLAN

► Layer-3 switches and routers support inter-VLAN routing


Best Practices for Inter-VLAN Routing

Solutions that can provide inter-VLAN routing:

► Router with separate physical interface for each VLAN

► Router with a trunk link and separate logical interface for each VLAN

► Routing With a Layer-3 switch


Router with Separate Interface Per VLAN

► Simple and straightforward

► Does not scale well

► Requires one interface per

VLAN


Router with Trunk Link and Virtual Interfaces

► More complex, but also more scalable

► Requires interface that supports

trunking

► Create sub-interfaces

for each VLAN


Routing With a Layer-3 Switch

► Provides fast packet forwarding rates

► Minimal additional expense


Hierarchical Model for Design


Router Design Considerations

►Determine if core layer is needed

►Determine performance and capacity requirements

►Determine redundancy requirements

►Determine if WAN connectivity is to core or data center

►Determine what IP routing protocol to configure

►Number of users or ports

►Cabling

►Performance

►Connectivity speed for hosts

►Router – switch uplinks

►VLAN deployment

►Additional features such as QoS and IP multicast


IP Addressing Design Steps

► Define the IP addressing requirements

► Develop a hierarchical IP addressing plan► Determine private addresses inside organization

► Determine public addresses facing the Internet

► Determine NAT or PAT translation as needed

► Develop a plan for deploying DHCP and DNS

► Configure EIGRP or OSPF, based on organizational requirements


Build

► Building a solution requires knowledge of the appropriate configuration and administration tools:

► Cisco Configuration Professional

► CLI


Build


Configuring Cisco RoutersCCP Professional Express

CCP Professional

Console CLI


Cisco Configuration Professional

► Configure and monitor Cisco routers without using CLI

► GUI –based configuration tool for routers and switches

► Provides assistance for non-experts through easy-to-use smart wizards

► Assists you through comprehensive online and video help


Cisco Configuration ProfessionalCCP Professional CCP Professional Express

►One-click router lockdown and smart wizards

► Innovative voice and security auditing capabilities to check and recommend changes to router configurations

►Configure NAT, FW, IPS, VPN, QoS

►Troubleshooting of WAN and VPN connectivity issues

►Fewer settings, easier to use

►Basic configuration of router WAN and LAN interfaces

►Hostname,DNS, and DHCP configurations

►User Management for the router

►Dashboard, basic troubleshooting, and command line interface (CLI) tool


Cisco Command Line Interface

►The CLI is used to enter commands

►Commands will vary based on different devices and IOS

►Administrators can type or paste commands in the console

►Execution privileges can be controlled for security purposes

►Command modes have distinctive prompts


Device Configuration Sources


Saving Configuration Files in CLI

► Copy command is used to save configurations

► Same command is used on both Cisco switches and routers


Additional Resources► Design Zone:

► http://www.cisco.com/en/US/partner/netsol/ns741/networking_solutions_program_home.html

► Design for Borderless Networks► http://www.cisco.com/en/US/partner/netsol/ns1063/networking_solutions_program_home.

html

► Cisco CCNA Career Certification► http://cisco.com/go/ccna

http://www.cisco.com/en/US/partner/netsol/ns741/networking_solutions_program_home.html





http://cisco.com/go/ccna

http://cisco.com/go/ccna

Summary


Module Summary

► Small and midsize business customers are looking to their routing solution to provide increased ROI, reliability, productivity and lower service and support costs

► The Cisco Small and Midsize business router portfolio includes routers from the entry level RV family all the way up to the ISR G2 family

► Cisco routers help customers accelerate growth, transform the workspace experience and provide a lower TCO

► Cisco routers help all key stakeholders including IT departments, business managers and CxOs, to meet their business needs

► Router selection factors including: bandwidth and throughput, traffic type and needs, and LAN and WAN connectivity options

► With the introduction of Cisco IOS Software Release 15.0, the universal image contains all packages and features in one image


Review: Cisco Small Business Routers

Which Small Business Router provides wired-only connectivity, maximum VPN connectivity and WAN load balancing? (choose one)

A) RV0 Series

B) RV100 Series

C) RV200 Series

D) RV500 Series


Review: Cisco Small Business Routers

Which Small Business Router provides wired-only connectivity, maximum VPN connectivity and WAN load balancing? (choose one)

A) RV0 Series


Review: Service Module Support

What is the lowest end family of ISR G2 routers that provides a Service Module slot? (choose one)

A) 800 Series

B) 1900 Series

C) 2900 Series

D) 3900 Series


Review: Service Module Support

What is the lowest end family of ISR G2 routers that provides a Service Module slot? (choose one)

C) 2900 Series


Review: Service Ready Engine

Which of the following best describes the ISR G2 Service Ready Engine? (choose one)

A) It allows ISR G2 routers to connect to cloud services

B) It is a server running Unified Communications Manager

C) It is an installable server and software module

D) It is a performance enhancing engine for routing services


Review: Service Ready Engine

Which of the following best describes the ISR G2 Service Ready Engine? (choose one)

C) It is an installable server and software module


Cisco Borderless Network Switching Solutions for Partner Engineers


Module Objectives

► Describe the Cisco Borderless Network Switching solutions for small and midsize customers

► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network Switching solutions

► Identify the appropriate Borderless Network Switching solution to match customer needs

► Articulate the value of Cisco Borderless Network Switching solutions over the competition

► Describe technical considerations for Cisco Borderless Network Switching Solutions for small and midsize business customers

► Describe plan, design and build considerations for Cisco Borderless Network Switching Solutions for small and midsize business customers



Module Outline

► The learning objectives will be covered in the following sections:► Cisco Borderless Network Switching Solutions for Small and Midsize Business

Customers

► Benefits of Cisco Switching Solutions for Small and Midsize Business Customers

► Competing With Cisco Borderless Network Switching Solutions

► Technical Considerations for Cisco Borderless Network Switching Solutions

► Plan, Design, and Build Considerations for Cisco Borderless Network Switching Solutions

Cisco Borderless Network Switching Solutions for Small and Midsize Business Customers



Customer Challenges

Increase ROI


customer

Provide Reliability



Boost Productivity


workloads



contribution of IT


Cisco Small / Midsize Business Switch Portfolio

500 Series

Stackable with advanced network

features

Solid Baseline Switching

VoiceData

100 Series 200, 300 Series

Foundational, smart and managed

Entry Level FeaturesLow TCO

Any Device HD Video

Affordable and easy to use

Catalyst 2960Catalyst

3560-X, 3750-X

Competitive feature set at compelling

prices

Industry-leading fixed switching

VDI

Innovative Services

Data Voice


Small Business Switches

► Provide simplicity and affordability for small business customers


► Support easy deployment and management via GUI

100 Series 200 Series 300 Series 500 Series

Unmanaged Smart Managed


Smart vs Managed Switch Comparison

Smart Switch Managed Switch

General Approach Entry level, managed switches with basic features Advanced, managed switches with advanced features

Quality of Service Basic QoS, trusts user/device to set packet priority Advanced QoS, allows switch to set priority level for packets and prioritize users and applications

Layer-2 Features Basic port security, VLAN, link aggregation, spanning tree

Control all aspects of network security (ACLs, VLANs, STP), and allow/disallow traffic

Management Basic web management, some with SNMP Advanced web and CLI management with SNMP


Common Features of Small Business Switches

► Limited Lifetime Warranty

► Support provided by Small Business Support Center

► Good product selection including your choice of:► Port densities

► Fast and Gigabit Ethernet interfaces

► Fanless designs

► PoE support

► QoS and energy efficiency features

► Modular uplink options in models with dedicated uplink ports


Small Business Switch Warranties

► Limited Lifetime Warranty on all 100, 200, 300 and 500 switches:► Coverage for lifetime of switch

► Or 5 years after End of Sale announcement

► Replacement in the event of failure during normal use► 100 & 200: Return to Factory Replacement

► 300 & 500: Next Business Day Advance Replacement

► 1 year of technical support from Small Business Support Center

► Lifetime OS Software Updates

► Terms may vary by theatre and may change over time, always refer to cisco.com for the most up to date information


Tailored to Meet Business NeedsEvolves With

Your BusinessIntelligent ServicesConverged

Services

Catalyst Switches

Entry-LevelCatalyst 3K-X

IP Base

Catalyst 3K-XIP Services

SustainabilityBorderless Experience

Ease of Operations

Catalyst 2K-X LAN BaseCatalyst 2K-X

LAN Lite

Catalyst 3K-XLAN Base

Borderless Security

Bu

sin

es

s C

on

tin

uit

y

Business Agility and Investment


Enterprise / IP Services• Full Routing Protocols• Designed for distribution and core

IP Base • Layer 3 for access• Netflow for security and

capacity planning• Scalable identity-aware networking with

integrated switch sensor• Data confidentiality using MACsec• Video readiness with built-in traffic

simulator & MediaTrace• High Availability with ISSU, StackPower &

rolling stack upgrade

LAN Base• Layer 2+• PoE/PoE+• Flex Stack• Advanced QoS• Advanced Security

LAN Lite• Layer 2 • PoE• Basic QoS• Basic Security

Co

st

Features

Catalyst Switch IOS Versions► IOS version dramatically impacts feature set

► Critical to understand differences between versions

► Four major types of images


Unified Access Switch Features

Unified Policy Unified ServicesUnified Management

Single pane of glass management for wired and wireless networks

Single policy definition and deployment for all users, devices and applications

Consistent Borderless Services

Cisco Prime Network Control System

(NCS)

Cisco IdentityServices Engine (ISE)

TrustSec

Medianet

EnergyWise


Unified Management: Cisco Prime

Prime LAN Management System

► Provides a consistent web-based user experience that simplifies complete lifecycle management

► Simplify the deployment of Cisco differentiated switching features: EnergyWise, Auto Smartports, Smart Install, and TrustSec

► Utilize Cisco knowledge base and best practices to reduce errors and improve network availability

► Quickly isolate and fix client access issues with a single user interface and workflow for wired and wireless connectivity


Auto SmartPortPlug and Play

for End Devices

Smart Call Home Identify and

Resolve Network Issues

Unified Management: SmartOperations

Smart InstallZero Touch Deployments

and Maintenance

New Switch is Connected

Software image downloaded; Configuration automatically applied

New Switch is Connected

Port Configuration: AppliedQoS Policy:EnforcedSecurity Policy: Enforced

Anomaly Detected

Proactive diagnosticsAlert created in real-timeWeb-based reportsRouted to correct TAC teamRemediation initiated

Save Time and Money for Customers

Director

Switches


Unified Policy: Identity Services Engine

ISE is available via the Authorized Technology Provider program


Unified Services: Cisco TrustSec► Scalable, Policy-Based Platform:

► Integrated posture, profiling and guest services

► Flexible authentication methods

► Identifies and classifies devices

►Centralized Management:► Coordinated policy creation

► Consistent enforcement

► Data integrity and confidentiality

► Benefits:► Improved business productivity

► Security and compliance risk mitigation

► Improved IT operational efficiency


Unified Services: Cisco EnergyWise

Sustainability

► Provides company wide power visibility

► Any network connected device can be

made more energy efficient

► Proactively control rising operating costs

while reducing emissions

► Help enable intelligent policy control

► Uses open technology

► Meets regulatory mandates

Battery

Temperature

Phone

PC

WLAN

Lights


Unified Services: Cisco MediaNet

Borderless Experience

► Rich media and collaboration drive

business transformation

► Enables anytime anywhere collaboration

► Provides scalability for video growth—10

Gig and full PoE+

► Optimizes for real-time voice and video

applications

► Simplifies and accelerates deployment

► Based on the Cisco unified network vision

Branch Office Deployment

Live Encoded Video


Product Product Warranty Software Update Policy

Cisco Catalyst 2960 and 3560-E, 3750-E Series Switches

Cisco Limited Lifetime Hardware Warranty

Unlimited maintenance updates for LAN Base and LAN Lite IOS Images

Service Contract required for IOS Premium Images

Cisco Catalyst 2960-S, 2960SF and 2960-X Series Switches

Cisco Enhanced Limited Lifetime Hardware Warranty

Unlimited maintenance updates for LAN Base and LAN Lite Images


Cisco Catalyst 3560-X Series Switches Cisco Enhanced Limited Lifetime Hardware Warranty

Unlimited maintenance updates for Base IOS Images


Cisco Catalyst 3750-X Series Switches Cisco Enhanced Limited Lifetime Hardware Warranty

Unlimited maintenance updates for Base IOS Images


Warranty and Software Update Policy


Cisco Services Comparison

Service Element Limited Lifetime Warranty Enhanced Limited Lifetime Warranty

Duration of Coverage

As long as the original End User continues to own or use the Product, provided that: fan and power supply warranty is limited to five (5) years.

As long as the original End User continues to own or use the Product, provided that: fan and power supply warranty is limited to five (5) years.

Cisco Technical Assistance Center (TAC) Support Not included Business hours access for 90-days

Online Support / Web Access Unregistered access only Unregistered access only

Advance Hardware Replacement 10 business days Next business day

On-site Support No No


Cisco Catalyst Switches for Every Customer Need

Catalyst Switch Product Portfolio

Catalyst 2960 Family

Basic and Advanced Layer-2 Functionality


Multi-Layer Switching


Exceptional Stacking Capability

… to provideActionable Insight


Wired and Wireless Convergence


Catalyst 2K Campus Portfolio

FAST ETHERNET ENTRY LEVEL

GIGABIT ETHERNET SCALABLE

Entry Level Entry Level Stackable Stackable Enhanced Networking

Catalyst 2960

1G UplinksPoELLW

Catalyst 2960-SF

1G UplinksPoE/ PoE+FlexStackE-LLW

Catalyst 2960-S

1G/10G UplinksPoE/PoE+FlexStackE-LLW

Catalyst 2960-X / XR

1G/10G UplinksPoE/PoE+FlexStack+E-LLW


Catalyst 2960 Series

10/100 PortsFull PoE 2x1G uplinksLow power consumption

KEY FEATURESOPERATIONAL

SIMPLICITYLimited Lifetime Warranty2 Software Options: LAN

Base and LAN Lite modelsSmart Ports

Cisco quality at competitive price

EASE-OF-USE 20MPORTS

500K+UNITS

ENERGY EFFICIENCY

LOWERTCO


Catalyst 2960-SF Series

Same as 2960 with addition of:FlexStack up to 20 GBPoE+ support

KEY FEATURESOPERATIONAL

SIMPLICITYEnhanced Limited Lifetime

Warranty2 Software Options: LAN

Base and LAN Lite modelsSmart Ports

Adds key features to the Fast Ethernet portfolio

EXTENDING THE SUCCESS OF CATALYST 2960


Catalyst 2960-S Series

100/100/1000 PortsFlexStack up to 20GBPoE on all 48 portsPoE+ support10G uplinks available

KEY FEATURES OPERATIONAL SIMPLICITY

Enhanced Limited Lifetime Warranty

LAN Base required for FlexStack

Auto Smart Ports

Stacking capability with Gigabit to the desktop

10GB UPLINKS PROVIDE MAXIMUM THROUGHPUT


Catalyst 2960-X Series

FlexStack+ up to 80GBPoE on all 48 portsPoE+ support10G uplinks availableNetFlow Lite



Universal IOS Image

FlexStack+ adds stacking capability for up to 8 switches

NEXT GENERATION CATALYST SWITCH


Catalyst 2960-XR Series

Equal to 2960-X plus:High availability Layer 3 routingSupport for 2 power supplies



1 Software Option: IOS IP Lite

Auto Smart Ports

Dual field replaceable power supplies for maximum uptime

ENHANCED RELIABILITY


Cisco FlexStack

► Consists of a hardware and a software component:►FlexStack module and cable►FlexStack protocol implemented in LAN

Base / IP Lite

► Supports 40 Gbps of throughput

► Stacking of up to four switches

► Provides redundancy and single point of configuration


Cisco FlexStack Plus► Based on FlexStack technology

► Doubles throughput and number of stack members

► Offers 80 Gbps of throughput (vs 40 Gbps) and stacking of up to 8 switches

► Cross-compatible with FlexStack, permits mixing switch models

► Falls back to FlexStack capabilities of 40Gbps across 4 switches in mixed environments

2960-S

2960-X

2960-X

2960-SF Existing

New

New

Existing


Catalyst FlexStack Stack Modules► Purchase FlexStack modules for Catalyst 2960-S, SF, X and XR models

► Requires at least LAN Base level of IOS

► FlexStack Module:► Hot swappable with two wire-speed 10G ports

► Copper cables – not fiber - no SFP needed

► Up to four switches in a stack (2960-S, 2960-SF)

► FlexStack Plus Module:► Hot swappable with two wire-speed 10/20G ports

► Copper cables – not fiber - no SFP needed

► Up to eight switches in a stack (2960-X, 2960-XR)

► Provide ease of operation and management with a single configuration and simplified switch upgrade


Catalyst 3K Campus Portfolio

Stand-Alone Switch Portfolio Stackable Switch Portfolio

Fast Ethernet Gigabit Ethernet Fast Ethernet Gigabit Ethernet

Network And Service Modules

C3KX-NM-1G C3KX-NM-10G C3KX-NM-10GT C3KX-SM-10G

Catalyst 3560 v2

Data or PoEFixed 1G UplinksSingle PSLLW

Catalyst 3560-X

Data / PoE(+)Modular 1G/10G Dual PS E-LLW

Catalyst 3750 v2

Data or PoEStackWiseFixed 1G UplinksSingle PSLLW

Catalyst 3750-X

Data / PoE(+)StackWise PlusStackPowerModular 1G/10GDual PSE-LLW

Aggregation Switch

WS-C3750X-12S-SWS-C3750X-12S-E

WS-C3750X-24S-SWS-C3750X-24S-E

LAN BaseIP BaseIP Services

Service Module


Catalyst 3560 v2 Series Switches

► Universal POE on Catalyst 3K Series

► Full EnergyWise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs

► Compatible with Cisco Redundant Power System(RPS) 2300

► IPv6 routing included in the IP Services feature set

► DC powered stand-alone model


Catalyst 3560-X Series Switches

► Universal POE (30W per port) to power attached devices

► Full Energy Wise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs

► Four hot swappable network modules

► Two hot-swappable power supplies for redundancy

► Data confidentiality and integrity with

MACsec hardware-based linerate encryption

► Enables IP telephony, wireless and video


Catalyst 3750 v2 Series

► Automated Configuration & Management

► Cisco StackWise™ Technology

► Wire-Speed Switching and Routing

► Cisco EnergyWise technology

► Enterprise-Class Services

► Advanced security services

► Multilayer QoS


Catalyst 3750-X Series

► Enterprise-Class Services

► Cisco StackWise™ Technology

► Facilitates converged network deployment

► 10/100/1000 ports

► 4 optional uplinks

► Wire-Speed Switching and Routing

► Automated Configuration & Management

► Multilayer QoS supports rich media

► Cisco EnergyWise technology


Catalyst 3850 Series

I n tegra ted Wi red and Wi re less Access

Wireless CAPWAP Termination

Up to 50 APs per stack

480 Gbps Stacking Bandwidth

FRU Fans, Power Supplies

Stackpower

40 Gbps Uplink Bandwidth

Line Rate on All Ports

Granular QoS/Flexible NetFlow

Full POE+

Up to 2000 Clients per Stack


Increased network redundancy Consolidate UPS infra and eliminate battery backup

Energy Efficient Ethernet (IEEE 802.3az) “sleep mode” on idle links Average power saved per EEE link is 0.74 watts

60W of Power Uses standard RJ45 connectors and Category 5e or higher cabling

Save up to $128/port over five years* with Cisco EnergyWise Lowers CapEx and OpEx

Resilient EEE

Universal Efficient

New UPOE Switches

New hardware switchesSame power supplies as existing X-series switches

UPOE Budget24-ports 48-ports

Max. # of UPOE ports 24(full UPOE)

Up to 30

Required power supply config.

1100W and 715W

Two 1100W

StackPower

Mixed stack (PoE and UPOE) is supported

Universal POE on Catalyst 3K Series


Encryption & Netflow Service Module

C3KX-SM-10G

► Enabling Line Rate Services ► Line rate (40G) Flexible NetFlow for Application Performance solutions

► Line rate (40G) MACSec encryption

► Operational Simplicity► Investment protection and extensibility of 3K-X family

► SFP+ allows use as 1G or 10G

► High performance ► Custom Hardware for NetFlow monitoring

► No impact on packet forwarding performance & latency

► Flexibility► User-defined flow records reusable in different flow monitors for different applications

► Supports Flexible NetFlow version 9


Cisco StackWise Technology► Unites up to nine switches

► Stack-interconnects cables support up to 32Gbps throughput

► Optimized for Gigabit Ethernet

► Mix and match 3750 and 3750-E series

► Stack behaves as single switching unit

► Master switch automatically creates andupdates layer-2 and layer-3 forwarding tables

► New members can join or old ones leave without disruption

StackWiseCables


StackPower – Now in LAN Base

► StackPower available on all 3750-X LAN Base switches

► Aggregates and shares available input power capacity in a Stack

► Up to 4 switches can be part of StackPower

► Independent from Stackwise / Stackwise+

► Flexible arrangement of power supplies in a stack► Up to 8.8Kw power in a stack► Decouples a PS from its physical location

► Supports a “zero-footprint” RPS deployment


Catalyst Compact Switches

Can be powered via PoE(+) or UPOEPass through PoE for end devicesUplink & Downlink Data Encryption12 models to choose from


Zero-touch deploymentAuto Smart Ports


Ideal for retail check stands, classrooms, conference rooms, hotel suites, and more

8 & 12 PORTMODELS

QUIET(FANLESS)

EXTEND THE CISCO

NETWORK

FULL-SIZE CAPABILITIES

LOWERTCO


Catalyst Compact Switch Portfolio3560-C IP Base Portfolio 2960-C LAN Base Portfolio

Fast Ethernet Gigabit Ethernet

IP Base8 and 12 port FEData or PoE+2 x 1G UplinksE- LLW

3560-C Portfolio

IP Base8 port GE Data or PoE+2 x 1G UplinksE- LLW

Fast Ethernet Gigabit Ethernet

LAN Base8 and 12 port FEData or PoE2 x 1G UplinksE- LLW

2960-C Portfolio

LAN Base8 port GE Data Only2 x 1G UplinksE- LLW

PoE Pass Through Switch

WS-C3560CPD-8PT-S WS-C2906CPD-8PT-L

Benefits of Cisco Switching Solutions for Small and Midsize Business Customers


Network Downtime

Is Expensive

Struggling to Keep up

With Security

Operational Complexityand Costs

Traffic Volume

and Bandwidth Expanding

Network Access Layer Challenges


Configuration Simplicity

Cisco Network Assistant

Simplifies network management for up to 80 devices

Tackle day-to-day management tasks without using the CLI

View & troubleshoot your network even if managed by a service provider

Zero TCO graphical network management

Customer Challenges 100-500 Series, Catalyst 2K, 3K• Concurrent port configuration on multiple devices and

families (2k/3k/4k)

• CLI preview for every action

Simplify Deployments

• Configuration wizards and best practices• Drag & Drop IOS upgrade• PC or Mac based, no server to install

Monitor & Troubleshoot

• Front panel & topology views, bandwidth graphs• Event notifications with recommended action• Health monitoring

Network Optimization

• Deep dive L2/L3 with utilization tests, port & link tests, ACL reports & much more

• Config archive & scheduled software upgradeBenefitsSimplified Deployment & Management Reduces TCO

Zero TCO, PC or Mac based

Complete Coverage of 2K, 3K, and 4K Products



Cisco Prime LAN Management Solution

Simplifying configuration, compliance, monitoring, troubleshooting, and administration

Sustaining network operations with minimal IT staff

Reduces need to operate multiple management tools

Deploying and troubleshooting new network services

Customer Challenges Catalyst 2K, 3K

Improve Manageability

Automate Troubleshooting

• Error free deployment with Auto Smart Ports and Smart Install

• Error free deployment with user centric workflows and Smart Business Architecture templates

• User-oriented experience with intuitive workflow

• Automated lifecycle management

• Manage EnergyWise, Medianet , and TrustSec

• Use Device Center to quickly identify and remediate problems

• Automated, context-based self-help troubleshooting and TAC support with Cisco Smart Interactions

Improved Operational Efficiencies

Reduced Operating Expenses

Lowered Capital

Expenses

Benefits


Measure Power of Various Devices

Energy Management with EnergyWise

Benefits

Enterprise-wide energy management solution

Measuring and controling of the use of power by network devices as well as end devices

Reducing increasing energy costs

Measuring and quantifying energy use, proactively reducing TCO and maintaining compliance


Easy Deployment and Management

Investing in Technology’s Future

• Control power of PoE powered devices via Catalyst switch ports

• Manage 3rd party IT devices: phones, APs, PCs, printers

• Manage non-IT devices via partnerships: Building Mgmt Systems, meters, PDUs, HVAC, lighting

• Built into IOS, no endpoint installation, auto-configuration for attached end-points

• Easily managed with EnergyWise Orchestrator, CiscoWorks LMS plus a variety of partner applications

• Over 80 partners in EnergyWise CDN partner program

• Driving industry-wide standardization in energy management through IETF

Comprehensive Visibility Across IT Devices

Lower’s Opex Via Intelligent Policy Control

Driving IndustryWide Change


Simplify 802.1x Identity Deployments

Security with TrustSecCustomer Challenges Catalyst 2K, 3K

Protect Against Malicious Behavior

Prevent Eavesdropping With Link Layer Encryption Management and Policy

• Automatic collects device data and classifies devices

• Authorizes network demands using specific policies

• Flexible NetFlow for real-time traffic flow analysis

• Identify internal and external attacks as well as compromised end-points

• MACsec for line-rate HW encryption

• Hop-by-hop encryption on both downlinks and uplinks

Eliminate Data Snooping, Tampering and Attacks

Comply With Security Regulations

EffortlessSecurity Rollouts

Benefits

Simplifying identity deployments through integrated posture, profiling and guest services

Ensuring you know who’s on the network and providing the right level of access

Meeting compliance requirements (PCI, SOX, HIPPA)


Enhance Security and Services

Network Resiliency

Enable self healing, high-availability capabilities with StackWise and StackWise Plus

Provide network resiliency

Run securely without downtime

Increase employee productivity, revenue and profitability


Proactive Management

Automate Configuration

• Upgraded IOS versions and feature sets deliver security patches, bug fixes, enhancements, and new services

• Boosts uptime, reacts quickly to business needs

• Smart Call Home provides smart, detailed diagnostics and real-time alerts for proactive maintenance

• TAC provides 24x7, follow the sun support

• Auto SmartPorts and Easy Install simplify installation

• Embedded Event Manager automatically triggers actions in response to network events

Benefits

Improved Features and Services

Greater UptimeLowered

Total Cost of Ownership


Ensure Network Readiness

Video with Medianet

Benefits

Enabling efficient deployment and management of video traffic on the network

Keep up with video growth while delivering high quality of experience

Enabling easy deployment of video and troubleshooting of application vs network issues

Customer Challenges Catalyst 3K

• Built-in network calibration and assessment with Traffic Simulator and Mediatrace


• Auto-configuration • Plugging in a device triggers identification and and

self-configuration

Provide Optimal Experience

• Traffic identification and differentiated QoS • Prioritize Business Video traffic with Strict Priority

Queuing

Monitor and Troubleshoot

• Mediatrace for hop-by-hop analysis & Traffic Simulator for problem recreation

Scalable/High Quality Video

Simplified/RapidDeployments

Easily Integrate New Video Applications


Product to Position Reasons to Purchase

Target Customer ProfilesIT

Str

ate

gis

ts Brand, experience End-to-end solutions Reliability, services Future proof

Ba

rga

in B

uye

rs All-in price Low TCO, High ROI Included support Today’s needs

Latest, best features High performance

and ease of use Interest in systems

capabilities

Be

st o

f B

ree

d

Business agility and continuity Deliver new services Regulatory compliance Lower complexity and costs Energy management

More for less—Cisco value Converged networks at

affordable price Lowest TCO Simplify operations

Expanding volume and bandwidth requirements

Maximum business uptime Pervasive security Optimized operations

Catalyst 3750-X and 3560-X

Catalyst 2960-S/SF/X100, 200, 300, 500

Catalyst 3850, 3560-X, and 2960-XR


Addressing Best of Breed

Feature Benefit

Medianet , Video Anytime, anywhere, any device access to applications and resources Scalable and reliable video for communications with customers and

employees and business innovation beyond communications

EnergyWise Substantial cost savings - reduce energy consumption and GhG emissions

company-wide

TrustSec , Identity-Based Policy

Authentication, authorization and resources based on user Avoid fraud, downtime, damaged reputation or breach of customer privacy Comply with PCI, SOX and HIPPA regulations

Smart Operations Simplified deployment and provisioning of service

Borderless Network Architecture

Solution policy and management

Business agility and continuity Global expansion Deliver new services Regulatory compliance Lower operational complexity/costs Future-proof – innovations that enable

differentiation, adaptability

End-to-end solutions Reliability, services Future proof

(BN story)

IT S

tra

teg

ists

Product & Services to Position Reasons to Mitigate

Catalyst 3750-X & 3560-X

Fallback: 3750-X, 3560-X LAN Base Smart Care, SMARTnet, SP Base,

Focused Technical Support, Remote Management Service



Addressing Best of Breed

Feature Benefit

StackPower Resiliency, scalability, and efficiency

PoE+ Support for new devices (pan-tilt zoom surveillance cameras,

video signage) Future proofing

Medianet, Video,EnergyWise

Anytime, anywhere, any device access to applications and resources Technology innovation delivers better control, cost savings, future-proof


TrustSec, Identity-Based Policy

Authentication, authorization and resources based on user

Catalyst 3850 and 3560-X

Fallback: 2960-XR, 3850 and 3560-X LAN Base

SMARTnet , SP Base

Expanding volume and traffic bandwidth requirements

Business innovation Maximum business uptime Pervasive security

Latest, best Features High performance

and ease of use Interest in systems

capabilities

Be

st

of

Bre

ed



Addressing Bargain Buyers

Feature Benefit

Enhanced LLW Lower TCO Minimum downtime

LAN Base Feature Set Affordable entry point to Catalyst 3750-X and 3560-X platforms Entry point to Cisco-level brand

FlexStack Ease of management Resiliency and performance

PoE PoE on every port


Bar

gai

n B

uy

ers

Catalyst 2960-S

Fallback: 100, 200, 300, 500 Smart Foundation, SMARTnet, SPBase,

Small Business Support

More for less—Cisco value Converged networks at affordable

price Lowest TCO Simplify operations

All-in-one price Low TCO, High ROI Included support Today’s needs


Business Value and Customer Benefits

Security, Video, High Availability, and PoE capabilities as well as operational efficiencies to best address business challenges

Cisco innovations combine to deliver lower TCO

Innovations to Address BusinessChallenges

Lower TCO

ComprehensivePortfolio

Cisco’s comprehensive Unified Access portfolio provides the right solution for any network


Success Story

Business Challenges Save costs

Reduce energy costs

Improve operational efficiency

Address environmental initiative through “Go Green” program

Improve information sharing and communications

Cisco® Solution End-to-end Cisco network

with Cisco Catalyst® switches

Wireless in every school

Connected energy systems managed from anywhere

Cisco EnergyWise: next step

Business Results Energy consumption

reduced by 42.7% (US $5.3 million savings)

Cisco EnergyWise expected to bring US$85,000 energy savings

Network uptime increased from 67% to over 99.9%

Improved Services at Reduced Costs for Today and TomorrowCouncil Rock School District

“Our Energy conservation project has had an outstanding impact on our district, not just the school, but the community as well.”

—Matthew Fredricksen, Director of Information Technology, Council Rock School District

Competing With Cisco Borderless Network Switching Solutions


Focus on Solving Business Problems

Collaboration Operations MobilityEvolve with Changing Business Needs

Business Challenges

TechnologyEnablers

Access Solutions

Video

High Availability

Security

PoE Leadership

100 - 500, Catalyst 2K/3K


Questions to consider

Is Supporting Secure Business Communications A Priority?

Can You Implement A Scalable and Comprehensive Identity Solution?

Can Your Network Deliver Real-time Collaboration Experiences?

Are You Using Your Network to Reduce Your Energy Costs?

Do You Have an Always-on Resilient Network?

Is Your Network Ready for Current And Future Regulatory Requirements?

Can You Deploy Network Changes Based on Proven Design Guides ?

Encourage Customers To See The Big Picture To Appreciate Cisco Value


Quantifiable Savings

EnergyWise

• Reduce power utilization on all IT devices connected to the network

• Range is based on the customer deployment scenario (greater desktop usage generally lead to higher savings) and the customer’s discount rate applicable to the cash flows

$10–65

Platform Longevity Savings

• Extend refresh cycle from 3 to 5 years

• Driven by 3K / 4K capabilities in security, video, HA, and PoE leadership, and competitive advantages in IPv6 and QoS

$20-45

Additional Operational Savings

• Smart Operations: Smart Install and

Auto Smart Ports

• Ease of deployment for video and

security

• Advanced troubleshooting capabilities

• Advanced network and policy

management: LMS, ISE, Medianet.

$$May Vary

$/P

ort

5-ye

ar S

avin

gs

* Note: Platform longevity savings are based on 3K-X platform; EnergyWise savings assume full PoE and mix of deployment scenario’s. Details in notes


Smart Operations=Cost Savings

Auto Smart Ports

Plug and Play for End Devices

Smart Call Home

Quickly Identify and Resolve

Network Issues

New Switch is Connected:

Configuration automatically applied

New Device Attached to Switch:

QoS—EnforcedSecurity—Enforced

Anomaly Detected:Proactive diagnostics

Alert created in real-timeRouted to correct TAC team

Remediation

Port Configuration—Applied

Smart Install

Zero Touch Deployments

and Maintenance

Software image is downloaded

Partner BenefitsScenario


Smart Operations=Cost Savings

Auto Smart Ports

Plug and Play for End Devices

Smart Call Home

Quickly Identify and Resolve

Network Issues

Cost SavingsSignificant savings for large/remote networks: $15,000 (or 230 hours) / 100 switches*

New Switch is Connected:

Configuration automatically applied

New Device Attached to Switch:

QoS—EnforcedSecurity—Enforced

Anomaly Detected:Proactive diagnostics

Alert created in real-timeRouted to correct TAC team

Remediation

Port Configuration—Applied

Smart Install

Zero Touch Deployments

and Maintenance

Software image is downloaded

Partner BenefitsScenario

Smart Install

Lower your costs in product staging and installation

Auto Smart Ports

Provide better customer experience

Smart Call Home

Focus on strategic, higher value services


Cisco Switches Reduce Energy Costs

Total Energy Savings up to $80-per-port or more over 5 Years*

Power-Efficient Hardware on The 2K-S Platform

EnergyWise: Enterprise-Wide Energy Management Solution

$15-per-port Savings Over 5 Years $65-per-port Savings Over 5 Years

12010080604020

0Catalyst 2960-S Other Vendor

63W Less!


Positioning Cisco Solutions

• Architectural play—

unique Cisco end-to-

end value propositionSecurity

Video

High Availability

PoE Leadership

Investment Protection and Lower TCO

• Highlight Cisco

advantagesLower TCO

Full IPv6

Power Scalability

Business critical traffic

Strategic Sell1 Tactical Sell2

Overcome Competitive Obstacles


Strategic Sell

WHEN

HOW

• You can set the agenda• Customer is open to taking a broad view of how

the network can support business initiatives

• Architectural approach: leverage Borderless Network services

• Prepare for counter positioning of products from other vendors


Tactical Sell

WHEN

HOW

• Customer has just issued an RFP with short turn-around

• Customer has specific and narrow requirements

• Customer requirements have been shaped by your competitor

• Highlight Cisco’s strengths vs. competition effectively

• Recognize and counteract your competitor’s tactics

• Position the appropriate products


Switching Message In A Box

Technical Considerations for Cisco Borderless Network Switching Solutions


Cisco Switch Management Comparison

Out of the box connectivity or easy setup with CCA or built in device configuration

utility, TextView in some models

Catalyst 2960-X, 3560-X, 3750-X

Full manageability Full manageability500 has embedded

GUI or TextView

100, 200, 300, 500 Series

200, 300 are managed via

embedded GUI

100 is non-managed

Best in class granular control from Cisco IOS CLI, CCP and

CNA


Cisco Small Business Switch ComparisonManaged Stackable

Cisco® 500 Series Stackable switch

►Configured from CCA, TextView CLI, Built in device configuration utility

►Easy to configure with multiple options

►Stackable

►Manage entire stack as one

►500-X models include 10Gbps uplink SFP ports

►Enhanced QoS, security, and availability

►8- to 48-port 10/100 and 10- to 52-port 10/100/1000 models

►PoE options

►Simplified configuration and troubleshooting

►Designed for smallofficewide infrastructure

ManagedCisco® 300 Series Managed Switches

►Basic QoS, security,and availability

►Simple, basic web-managed interface

►24- to 48-port 10/100 and 18- to 50-port 10/100/1000 models

►PoE options

►Ideal for building basic network

Smart Cisco 200 Series Smart Switches

►5- to 24-port 10/100 and 10/100/1000 models

►Desktop and rack-mount

►Do-it-yourself small business

UnmanagedCisco 100 Series

Unmanaged Switches

►Ready-to-use simplicity,no device management

►Zero configuration, zero customization

►No security or VLANs

Pric

e, P

erfo

rman

ce


Small Business Switch Feature Comparison


Basic QoS Standards Based QoS,, 802.1x, IGMP

VLANs, Auto Voice VLAN, IPv6 Host, CDP, Bonjour Discovery

PoE Half Ports PoE All Ports

Guest VLAN, Trusted Device VLAN

Flow-based QoS and Security, L3 Priority

Static Routing

Dynamic Routing - RIP

Stacking

Advanced Security


Catalyst Switch Comparison

Evolves With Your Business

Catalyst 3K-XIP Base

Tailored to Meet Business Needs

Catalyst 3K-XIP Services

Essential FunctionIOS VersionPort Density

Converged Services

Catalyst 2K-X LAN Base

Entry-Level

Catalyst 2K-X LAN Lite

Intelligent Services

Catalyst 3K-XLAN Base

PoE Budget

Bu

sin

es

s C

on

tin

uit

y

Business Agility and Investment


Cisco Catalyst 2960-X Series


Cisco Catalyst 2960-XR Series


Cisco Catalyst 3560-X Series


Cisco Catalyst 3750-X Series Switch

Plan, Design, and Build Considerations for Cisco Borderless Network Switching Solutions










• DesignDesign


Build


Planning

► In the case of Catalyst switches, one of our key planning steps is to determine the required version of IOS and the features it will support

► Use Cisco Software Advisor to assist in feature research



Plan


Enterprise / IP Services• Full Routing Protocols• Designed for distribution and core

IP Base • Layer 3 for access• Netflow for security and

capacity planning• Scalable identity-aware networking with

integrated switch sensor• Data confidentiality using MACsec• Video readiness with built-in traffic

simulator & MediaTrace• High Availability with ISSU, StackPower &

rolling stack upgrade

LAN Base• Layer 2+• PoE/PoE+• Flex Stack• Advanced QoS• Advanced Security

LAN Lite• Layer 2 • PoE• Basic QoS• Basic Security

Co

st

Feature Breadth

Catalyst Switch IOS Versions


LAN Base vs IP Base vs IP ServicesFunctions LAN Base IP Base IP ServicesLayer 2+ Enterprise access Layer 2

Wide range of Layer 2 access features for enterprise deployments supports Cisco StackPower technology

Complete Access Layer 2

Supports all Cisco Catalyst 2000 and Cisco Catalyst 3000 Layer 2 features, including hot standby protocols

Layer 3 Static IP routing support

Support for SVI

Enterprise access Layer 3

RIP, static and stub PIM, and EIGRP stub OSPF for routed access

Complete access Layer 3

OSPF, EIGRP, BGP, IS-IS

VRF-lite, WCCP, and PBR

Mobility Supports Cisco Unified Wireless Networking mobility architecture

Supports Cisco Converged Access mobility architecture with CAPWAP termination at the access

Supports Cisco Converged Access mobility architecture with CAPWAP termination at the access

Manageability Basic manageability

Support for a wide range of MIBs, IPSLA Responder, and RSPAN

Enterprise access Layer 3, Flexible NetFlow for wired and wireless traffic

EEM, GOLD-Lite, and Smart Install Director

Complete access Layer 3 including Flexible NetFlow for wired and wireless traffic

Security Enterprise access security

DHCP Snooping, IPSG, DAI, PACLs, Cisco Identity 4.0, NAC and 802.1x features

Complete access security

Router and VLAN ACLs, private VLANs, complete identity and security; TrustSec SXP and IEEE 802.1AE capable in hardware

QoS Enterprise access QoS

Ingress policing, Trust Boundary, AutoQoS, and DSCP mapping

Complete access QoS

Support for all Cisco Catalyst 2000 and Cisco Catalyst 3000 QoS features, including per-VLAN policies


Cisco Software Advisor

► Provides tools to:► Find software compatible with my hardware

► Find software with the features I need

► Compare the features in different software releases

► Research a software release

► Available at: http://tools.cisco.com/Support/Fusion/ FusionHome.do

http://tools.cisco.com/Support/Fusion/FusionHome.do

http://tools.cisco.com/Support/Fusion/FusionHome.do


Designing► Correct design requires understanding switch

capabilities:► Layer-2

► Layer-3

► Design best practices:► Spanning Tree

► HSRP

► VLAN

► VTP, CDP, LLDP

► QoS

► SPAN and RSPAN

► NetFlow

► PoE and PoE+

► 802.1x


• DesignDesign


Basics of Layer-2 Switching

► Primary function is to forward, filter and flood frames

► Builds its MAC address table by analyzing the source MAC address as frames come in the switch, the destination is then found in the MAC address table or the frame is flooded out all ports except the originating port if no entry is found in the table

► Broadcast and Multicast are flooded out all ports except the originating port


Basics of Layer-3 Switching

► Has the ability to make forwarding decisions based not only on Layer-2 information but also on Layer-3 and above

► Provide a very high speed, low latency method of transporting traffic from one VLAN to another


Redundancy in a Switched Network FIX


Spanning Tree Protocol Best Practices

► Spanning Tree is on by default on all Cisco Switches

► Leave Spanning Tree on and fine tune it

► Configure parameters: PortFast, Uplink Fast, Backbone Fast, and BPDU Guard

► Dramatically reduces waiting time before normal traffic is forwarded


Hot Standby Routing Protocol Best Practices

► HSRP is a high availability feature of Cisco ISRs and Catalyst switches

► Ensures packet forwarding in the event of the failure of a gateway

► Load balancing can be configured using multiple HSRP Groups


Problems With a Poorly Designed Network

► This topology represents an example of a poorly designed network, one where all devices are on the same subnet

► This network suffers from the following problems:► Unbounded failure domains

► Large broadcast domains

► Large amount of unknown MAC unicast traffic

► Security difficult to deploy and enforce

► Management and support challenges

► Better LAN segmentation will solve these problems


VLAN Best Practices

► Use VLANs to separate Voice, Data, Video and Management traffic so that each VLAN’s traffic is kept separated from another

► Do not use VLAN 1, remove all ports from VLAN 1

► Ports not in use should be deactivated

► When possible use a L3 switch to provide a high speed, low latency path between VLANs

► Communication paths between devices should have the least amount of latency possible


VLAN Trunking Protocol Best Practices

► Minimizes configuration inconsistencies such as:

► duplicate VLAN names

► incorrect VLAN-type

► security violations

► Make configuration changes centrally and automatically communicate changes to other switches

► All switches in the network must run the same version of VTP

► Introduce new switches into the network in transparent mode if unsure

► Protect the VTP domain with a VTP domain name and password

► Enable VTP pruning to reduce total amount of traffic

► Disable DTP on any port that should not be a trunk port


Neighbor Discovery with CDP and LLDPCDP:

► Cisco proprietary neighbor discovery protocol that allows Cisco devices to advertise and discover other Cisco devices on the network

► On by default on Cisco routers and switches and can be turned off if required

► Uses periodic updates to advertise presence

► CDP frames are not routed so neighbor discovery is limited to layer 2

LLDP:

► Standards-based neighbor discovery protocol that allows Cisco and non-Cisco devices to advertise information

► Can be enabled and disabled as needed

► Uses periodic updates for advertisements

► Provides accurate network mapping, inventory data, and network troubleshooting information


QoS Best Practices► The major types of traffic to consider are Voice, Video and Data

► Successful QoS deployment includes three key phases:

► Strategically defining the business objectives to be achieved via QoS

► Analyzing the service level requirements of traffic classes

► Designing and testing QoS policies

► Use the AutoQoS feature when possible to expedite the setup and deployment


SPAN and RSPAN Best Practices

► Switch Port Analyzer (SPAN) is used to monitor local switch network traffic as well as assist in troubleshooting issues on the local network

► Remote SPAN (RSPAN) is used to monitor source ports from remote switches, all monitored traffic is directed back to the same mirrored port for centralized collection and analysis

► A collection device must be connected to a mirrored port, have protocol analysis software, like Wireshark, and be enabled to receive all frames

► If SPAN is not enabled the protocol analyzer will only see traffic with a source or destination address of your local machine


NetFlow and NetFlow Service Module

► NetFlow service module offers enhanced security and Flexible NetFlow features on Catalyst 3750-X and 3560-X

► Traffic exported with NetFlow can be used for:

► Application performance monitoring

► Top talkers analysis

► Security anomaly detection

► Network planning and trend analysis

► Use NetFLow to monitor parameters like:

► Active Timeout

► Inactive Timeout

► Octet Flow Direction

► Missed Flow Sequence numbers


PoE and PoE+ Best PracticesPoE

► POE can be used to power endpoint devices such as a Cisco IP Phone with up to 15.4 Watts

► Plan for sufficient power availability before deployment

► Use the Cisco PoE Calculator to determine if the desired switch has a power budget to support the expected PoE demand

► PoE Calculator is here: tools.cisco.com/cpc/ (Requires login)

PoE+

► PoE+ can provide up to 34.2 Watts of power

► Useful for more demanding devices like :Wireless Access Point, full-featured video phones, pan-tilt-zoom security cameras or certain Catalyst switches


802.1x Authentication Best Practice

► 802.1x Port Based Authentication can prevent unauthorized devices (clients) from gaining access to the network


Build


► Embedded GUI

► TextView

► CLI

► Cisco Prime


Build


Cisco Small Business Switch Configuration Tools


Cisco IOS Command Line Interface (CLI)

► Administrators type or paste entries into the Command line interface (CLI)

► Each mode has a unique prompt

► Very granular by nature


Cisco Prime LAN Management Solution LMS


Additional Resources► Catalyst Switches: www.cisco.com/go/switching► Small Business Switches:

http://www.cisco.com/cisco/web/solutions/small_business/products/routers_switches/index.html-tab-Switches

► SAFE Design: http://www.cisco.com/go/safe ► CNA Download: www.cisco.com/go/cna► Branch Office Design:

ttp://www.cisco.com/web/about/ciscoitatwork/network_systems/branch_office_network_design.html

► Cisco on Cisco: http://www.cisco.com/go/ciscooncisco

http://www.cisco.com/go/switching

http://www.cisco.com/go/switching




http://www.cisco.com/go/safe


http://www.cisco.com/go/cna

http://www.cisco.com/go/cna

http://www.cisco.com/web/about/ciscoitatwork/network_systems/branch_office_network_design.html


http://www.cisco.com/go/ciscooncisco


Module Summary


Module Summary► The Catalyst series of switches provide a wide variety of port density, port speeds, form

factors and software feature sets

► Cisco Small Business switches are designed for cost-conscious customers who are looking to address their immediate and near future needs

► While basic hardware considerations like speeds and feeds play a role in switch selection, the true power of a switch is expressed in its operating system

► The primary function of a layer-2 switch is to forward, filter and flood frames

► Layer-3 switches combine the functionality of Layer-2, Layer-3 and Layer-4 into one single device

► TextView CLI provides a full CLI interface for configuring all product features

► The Cisco Command line interface provides the most detailed method for administrators to configure Cisco Catalyst Switches as well as many other Cisco products


Review: Small Business Switch Selection

What Cisco Small Business switches support flow-based QoS and security? (choose two)

A) 100 Series

B) 200 Series

C) 300 Series

D) 500 Series



What Cisco Small Business switches support flow-based QoS and security? (choose two)

C) 300 Series

D) 500 Series



What Cisco Stacking technology supports up to 8 switches in a stack with speeds of up to 80Gbps? (choose two)

A) Cisco EtherStack

B) Cisco FlexStack

C) Cisco StackWise+

D) Cisco PowerStack



What Cisco Stacking technology supports up to 8 switches in a stack with speeds of up to 80Gbps? (choose two)

C) Cisco StackWise+


Cisco Borderless Network Wireless Solutions for Partner Engineers


Module Objectives

► Describe the Cisco Borderless Network Wireless solutions for small and midsize customers

► Describe the business benefits for small and midsize customers of adopting Cisco Borderless Network Wireless solutions

► Identify the appropriate Borderless Network Wireless solution to match customer needs

► Articulate the value of Cisco Borderless Network Wireless solutions over the competition

► Describe technical considerations for Cisco Borderless Network Wireless solutions for small and midsize business customers

► Describe plan, design, and build considerations for Cisco Borderless Network Wireless solutions for small and midsize business customers



Outline

The learning objectives will be covered in the following sections:

► Cisco Borderless Network Wireless Solutions for Small and Midsize Business Customers

► Benefits of Cisco Wireless Solutions for Small and Midsize Business Customers

► Competing With Cisco Borderless Network Wireless Solutions

► Technical Considerations for Cisco Borderless Network Wireless Solutions

► Plan, Design, and Build Considerations for Cisco Borderless Network Wireless Solutions

Cisco Borderless Network Wireless Solutions for Small and Midsize Business Customers



Customer Challenges

Increase ROI


customer

Provide Reliability



Boost Productivity


workloads



contribution of IT


Cisco Small and Midsize Business Wireless Portfolio

Meraki MR

Cloud Managed Wireless

Centralized cloud management

Wireless LAN Controllers

WLC 2500, SRE

Centralized on-premise management

Prime Network Control

Enterprise wide visibility and control

Network Management

100, 300, 500

Entry Level

Small Business APs

700, 1600, 2600, 3600


Aironet APs


Cloud Managed Wireless

► Powerful and intuitive centralized management via the cloud► Seamlessly manages campus-wide WiFi deployments and distributed

multi-site networks► Zero-touch access point provisioning, network-wide visibility and control,

cloud-based RF optimization, seamless firmware updates► 24x7 demo at: https://account.meraki.com/login/new_simulated_network

High Density, Performance

MR 24

General Purpose

MR 16

0Small Branch &

Teleworker

MR 12

Rugged / Outdoor APs

MR 62, 66


Cisco Small Business Wireless Solutions

► Securely access network resources just as safely as with wired access

► Easy to use configuration tools

► Clustering support enables efficient management for larger deployment

100 Series

Single Band

300 Series

Selectable Band

500 Series

Single or Dual Radio


Cisco Aironet Wireless Solutions

► Support entry-level to advanced feature sets

► Support centralized or autonomous management

► Secure and reliable wireless connections

► Integrated or external antenna models

High Density, Performance

2600

General Purpose

1600

0Small Branch &

Teleworker

700

Rugged / Outdoor APs

3600


Cisco Aironet 700 Series Access Point

Key Features► Designed for value-minded customers looking to modernize

► Provides low TCO and investment protection

► Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz

► 2 receivers / 2 senders / 2 spatial streams (2x2:2 MIMO)

► Supports up to 100 connected clients per access point

► Six times more capacity than legacy 802.11a/b/g networks

► Integrated features include:

► Cisco BandSelect

► Cisco VideoStream

► Rogue Detection, and Wireless IPS


Cisco Aironet 1600i/e Series Access Point

Key Features► Offers small and midsized enterprises great performance,

functionality, and reliability at a competitive price► Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz ► 3 receivers / 3 senders / 3 spatial streams (3x3:2 MIMO)► Supports up to 128 connected clients per access point► Customers looking to move up in feature set from the 700► World-class integrated features using custom-designed silicon:

► Internal / external antenna models

► ClientLink 2.0

► CleanAir Express

► BandSelect

► Wireless VideoStream



Key Features►Offers greater performance at a competitive price

►Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz

►4 receivers / 3 senders / 3 spatial streams (3x4:3 MIMO)

►Supports up to 200 connected clients per access point

►Extended range for 450 Mbps per Band

►World-class integrated features using custom-designed silicon:► Internal / external antenna models

► ClientLink 2.0

► CleanAir Express

► BandSelect

► Wireless VideoStream



Key Features► Offers 30% faster performance with 3 spatial streams► Dual-band, dual-radio 802.11n operating at 2.4-GHz and 5-GHz

► 4 receivers / 4 senders / 3 spatial streams (4x4:3 MIMO)

► Supports up to 200 connected clients per access point

► Extended range for 450 Mbps per Band

► World-class integrated features using custom-designed silicon:► Wireless Security and Spectrum Intelligence

► 802.11ac

► Cisco Small 3G Cell modules

► Cisco CleanAir

► Plus all of the features of the Aironet 2600


Cisco Aironet Antennas and Accessories

Key Features► Cisco is committed to providing a complete wireless

solution

► Cisco has the widest range of antennas, cable, and accessories available from any wireless manufacturer

► Installers seeking customized options can choose from:► Directional and omnidirectional antennas, ► Low-loss cable, ► Mounting hardware► Other accessories,

► More details can be found at:► http://www.cisco.com/en/US/products/hw/wireless/ps469/i

ndex.html

http://www.cisco.com/en/US/products/hw/wireless/ps469/index.html

http://www.cisco.com/en/US/products/hw/wireless/ps469/index.html


Limited Lifetime Warranty on 802.11n APs

► All 802.11N APs are covered with a Limited Lifetime Warranty

► Includes 10-day Advance Replacement

► TAC support and Next Business Day replacement require a support contract

► Non-802.11n Access Points will continue to be covered by the standard 1 year warranty.


Autonomous AP Cloud Managed Centralized Converged Access

• Intended for static installations

• Common LAN & WLAN OS

• LAN & WLAN feature consistency

• No Controller on premises

• Optimized for distributed enterprise

• Premise-based Controller

• Controller at every location

• Optimized for campus deploymet

• Common LAN & WLAN OS

• Optimized for high performance

• Optimized for campus & branch

• Aironet Access Points

• Catalyst Switches

• MR Access Points

• MS Switches

• MX Security

• Dashboard


• Centralized Controllers

• Catalyst Switches


• Catalyst 3850 Switch

Dashboard

Intranet

Cisco Wireless LAN Deployment Options


Cisco Centralized Wireless LAN Controllers

► Provide simplicity and affordability for small and midsize business customers


► Leverages existing ISR installed-base

2500 Series

Stand-alone

SRE WLC

ISR-based


Wireless LAN Controller 2500

► WLC 2500 supports up to 75 access points and 1000 clients

► Built for 802.11n performance

► 4 GigE Ports – 2 Non-PoE and 2 PoE ports

► CAPWAP, DTLS encryption, and OfficeExtend solution

► Supports BandSelect, ClientLink, and VideoStream


WLC on Services Ready Engine (SRE)

► WLC on SRE supports between 5 and 50 APs.

► Available for the new ISR G2 routers (1900, 2900, and 3900).

► Comes on both the Internal Service Module and the Service Module.

► ISM-300 supports to 10 APs, SM-700 and SM-900 support up to 50 APs

► On-demand remote application provisioning

► Dedicated onboard processing, memory, and hard drive (SM only)

► Same licensing options as the WLC 2500

► Supports BandSelect, ClientLink, and VideoStream.

ISM-300 SM-700SM-900


Optionally add either a 5 or 25 AP add-on license

50 AP License

Support up to 50-75 APs 5, 15, 25 AP License

Flexible Licensing Options Provide Choice

Note: ISM-300 WLC on SRE will only support a total of 10 APs

WLC 2500 ISM 700/900


► Monitor one or more controllers, switches and associated access points

► Centralized discovery, configuration, performance monitoring, security, fault management, and accounting options

► Customizable best practices & validated design configuration

► Benefits:► Simplifies management

► Reduces time required to manage environment

► Lowers operational expenses

End-to-End Management with Cisco Prime

Benefits of Cisco Wireless Solutions for Small and Midsize Business Customers


Benefits of Cisco Wireless: Ubiquitous Mobility

Ubiquitous mobility experience• High performance of a wired network, the flexibility of a wireless network• 802.11n-based CUWN makes WLAN feasible for mission-critical apps• Integrated & seamless data, voice, and video traffic experience

Reduced reliance on IT resources• Simplified and intuitive WLAN management and troubleshooting• Integrated security with wireless threat detection & mitigation• Improved WLAN reliability

Rapid ROI from mobile applications• Simplified wireless guest access improves collaboration• Comprehensive communication and collaboration experience• Optimized asset and network visibility


Benefits of Cisco Wireless: Reduced Reliance on IT Resources



Rapid ROI from mobile applications• Simplified wireless guest access improves collaboration• Comprehensive communication and collaboration experience• Optimized asset and network visibility


Benefits of Cisco Wireless: Rapid ROI From Mobility



Rapid ROI from mobility• Simplified wireless guest access improves collaboration• Comprehensive communication and collaboration experience• Optimized asset and network visibility


WLC 2500 and WLC on SRE Features and Benefits

Features Benefits

Scalability Scale as you grow with support for up to 75 APsSupport up to 1000 clients, depending on model

Performance Improved throughput from 100 Mbps to 1Gbps for 802.11n wireless networks

Comprehensive End-to-End SecurityOffers CAPWAP-compliant Datagram Transport Layer Security (DTLS) encryption to help ensure full-line-rate encryption between access points and controllers across remote WAN/LAN links

OfficeExtend (WLC 2500 only) Extends the corporate network to remote locations with minimal setup creating secure wired tunnels to the Cisco Aironet 600, 1130, or 1140, 3500 APs

Services Ready Engine (WLC on SRE only) Provision the WLC applications on the module remotely at any time

Extended Aironet AP Support Supports the following Aironet APs: 1040, 1130, 1140, 1240, 1250, 1260, 1500, 1520, 1550, and 3500


Cisco Prime Features and BenefitsFeatures Benefits

Ease of UseSimple, intuitive user interface eliminates complexity. Designed from the ground-up with focus on workflow optimization.Modularized interface supports user-defined customization to display only the most relevant information.

ScalabilityComplete lifecycle management of hundreds of Cisco WLAN controllers and 15,000 Cisco Aironet lightweight APs from a centralized location. Additionally, manage up to 5000 autonomous Cisco Aironet APs.

Wired Management Comprehensive monitoring and troubleshooting support for Catalyst switches allows for visibility into critical performance metrics for interfaces, ports, users, and basic switch inventory on up to 5000 switches.

WLAN Lifecycle Management Extensive wireless LAN lifecycle management includes a full range of planning, deployment, monitoring, troubleshooting, remediation, and optimization capabilities.


Business Priorities Drive IT Needs

Business Growth

Efficiency & Cost Reduction

Workforce Productivity

Customer Experience

Business Priorities

How can my network scale?

How do I manage many devices?

How do I keep my data secure

How do I ensure a consistent experience?

Key IT Wireless Initiatives


Cisco Addresses Customer Needs

► Can my network scale to meet the growing number of devices and increased traffic?

► Can I ensure a consistent and reliable user experience however users connect to my network?

► Can I enforce policies to manage network access and keep my data secure?

► Can I manage many devices on my network?

► Cisco Access Point and WLC choices provide scalability and upgrade path

► Cisco CleanAir, ClientLink, BandSelect and Wireless VideoStream provide consistent, stable communications

► Cisco Prime provides consistent wired and wireless policy

► Cisco Prime provides company wide visibility

Competing With Cisco Borderless Network Wireless Solutions


One Network (Predictability) One Policy &

One Management

Chip level proactive and automatic electronic beamforming

ClientLink

CleanAir Chip level proactive and automatic interference mitigation

Automatic advanced RF shaping and management

Radio Resource

Management

Always-On context-aware VPN connectivityAnyConnect

Prime(Visibility)

Who? What? When? Where? How?

ISE(Control)Wired multicast efficiency for video over a

Wireless network VideoStream

Apple Bonjour discovery, advertisement, and policyBonjour Services

Identify, analyze, and optimize application traffic Application Control &

Visibility

Purpose-built WiFi chipset entailing Industry leading RF design

Award WinningDesign

Cisco Wireless Innovations


Audience Key Messages

IT Strategist• Cisco understands the new “mobility experience” users demand• Business agility via architectural approach – addresses network access needs• Pioneer and market leader in networking, with 70% of 802.11n WLAN market • The only strategic partner that can offer end-to-end network access solutions

Best of Breed

• Lower TCO: integration across wired & wireless, single support andservices structure, Cisco Validated Designs

• Reduced operational expense through simplified network configuration • Seamless collaboration with guest access • Solutions ensure security and compliance

Bargain Buyer

• Flexible and scalable deployment with buy-as-you-grow purchase models• Lower Operational Expense• Comprehensive, integrated product portfolio to meet specific business needs• Strong, global channel partner community • Capital financing available to ease adoption

IT Strategist Concerns




Best of Breed



Bargain Buyer


Best of Breed Concerns




Best of Breed



Bargain Buyer


Bargain Buyer Concerns


What network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)

Can your network support the increasing demands of new applications, like video and collaboration tools, on both the wireless and wired network?

What new devices are entering your workforce?

What are the mobility needs of your business?

What regulatory environment does your business face?

Questions to Ask the Customer


What network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)





Questions to Ask the Customer


Questions to Ask the CustomerWhat network access demands are you wrestling with today?(e.g. Business applications, video , IP telephony, or other applications)






Wireless Message In A Box

Cisco WebsitesWireless Productshttp://www.cisco.com/go/wirelessWireless Promotions www.cisco.com/go/partnermotion802.11n Competitive Performance Results http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/comp_test_results_wp_c11-558406.pdf

http://www.cisco.com/go/wireless



http://www.cisco.com/go/partnermotion

http://www.cisco.com/go/partnermotion

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/comp_test_results_wp_c11-558406.pdf



Technical Considerations for Cisco Borderless Network Wireless Solutions


Cisco Small and Midsize Business Wireless Portfolio

Meraki MR

Cloud Managed

Deployment

Centralized cloud management

700, 1600, 2600, 3600


Unified Wireless Deployment

WLC 2500, SRE

Centralized on-premise management

100, 300, 500

Entry Level

Small Business

Standalone Deployment

Prime Network Control

Centralized administration and

monitoring


Cisco Small Business Access Point Features Cisco Small Business 802.11n Access Points

100 Series 300 Series 500 Series

Product image

Wi-Fi standards b/g/n a/b/g/n a/b/g/n

RF band 2.4 GHz 2.4 or 5 GHzSelectable or dual

concurrent 2.4/5 GHz

MIMO support 2x2:2 2x3:2 3x3:3

Maximum active clients 16 32 64 per radio

Number of SSID supported 4 8 16

Ethernet port speed 10/100 10/100/1000 10/100/1000

Captive portal No Yes Yes

Maximum access points in cluster 4 8 16


Cisco Aironet Access Point FeaturesCisco Aironet 802.11n G2 Access Points

700 SeriesSmall Business

1600 SeriesEnterprise Class

2600 SeriesMission Critical

3600 SeriesBest in Class

Product image

Ideal for Small office Small or midsize

companySmall, midsize or large

companyMidsize or large

company

Application performance profile

value-minded customers looking to

modernize their networks

Enterprise class performance,

functionality, and reliability at a

competitive price

AnyDevice/BYOD-optimized

Client scalabilityRF interference

mitigation

High client densityHD Video

802.11ac migrationComprehensive security

Future-proof modularity

No No No 802.11ac or Cisco 3G Small Cell modules


Cisco Aironet Access Point Features (Cont.) Cisco Aironet 802.11n G2 Access Points


Crowded areas No No Yes Yes

Number of radios 2.4 and 5 GHz 2.4 and 5 GHz 2.4 and 5 GHz 2.4 and 5 GHz

Max data rate per radio 300 Mbps 300 Mbps 450 Mbps1.3 Gbps

(with 802.11ac module)

MIMO : spatial streams 2x2:2 3x3:2 3x4:3 4x4:3

Client count / ClientLink 100/na 128/32 per radio 200/128 per radio 200/128 per radio

ClientLink Hardware-based beam forming Yes Yes Yes

CleanAir No CleanAir Express CleanAir Express Yes

VideoStream Yes Yes Yes Yes

BandSelect Yes Yes Yes Yes

Rogue access point detection Yes Yes Yes Yes


Cisco Wireless Security and Spectrum Intelligence Module

► Allows the AP to concurrently serve clients and scan all channels

► Offloads CleanAir Monitoring & WIDS/WIPS Security capabilities to the Monitor Module

► Independent integrated antennas 0x4(0 Tx antennas x 4 Rx Antennas)

► No configuration requiredModule automatically scans all channels on 2.4 and 5 GHz bands

► Module powered from APAP-Power requirement remains unchanged

This module eliminates the need for an extra cable pull and additional infrastructure costs, if full WIPS scanning or CleanAir Spectrum Analyses is required


Cisco 802.11ac Wave Module

► 5 GHz, IEEE 802.11ac► 3 receivers / 3 senders / 3 spatial streams (3x3:3 MIMO)► 1.3 Gbps throughput► Together with Host-AP the module supports b/g/n on 2.4

GHz and a/ac/n on 5 GHz► Supports “Explicit Beam forming” as per the 802.11ac

standard► Module powered from AP

► AP-Power requires ~20W► Enhanced PoE► IEEE 802.3at► Power-Injector► Local Power-Supply

This field-upgradable IEEE 802.11ac module add-on to the AP3600 allows today investment protection for this emerging Wireless-Standard


Cisco 2500 Series Wireless LAN Controller Features

►Entry-level wireless LAN controller for 802.11n environments

►Supports up to 75 access points

►Provides 2 PoE ports for directly connected APs, connects to external switch for larger deployments

►Supports key Cisco technologies:► CleanAir► VideoStream► Application Visibility and Control► Wireless Intrusion Prevention System

►Supports Apple Bonjour Service Advertisement


Cisco Wireless LAN Controller on SRE Features

► Hardware upgrade to existing ISR G2 that provides WLC services similar to WLC 2504

► Three models:► ISM-SRE-300 – supports 10 access points► SM-SRE-700 – supports 50 access points► SM-SRE-900 – supports 50 access points

► Supports key Cisco technologies:► CleanAir► VideoStream► Application Visibility and Control► Wireless Intrusion Prevention System


Cisco Virtual Wireless LAN Controller► Cisco Wireless LAN Controller delivered as a

virtual machine that runs in a hypervisor-controlled server environment

► Features:► Ability to control up to 200 branch locations

► Configure and manage up to 200 access points and 3000 clients

► Secure guest access

► Rogue detection, PCI compliance, in-branch Wi-Fi

► Consolidates virtualized infrastructure and complements a virtualized Cisco Prime Infrastructure managed environment

Plan, Design, and Build Considerations for Cisco Borderless Network Wireless Solutions










• DesignDesign


Build


Planning

► In the case of Wireless, one of our key planning steps is to determine the correct access point and wireless LAN controller

► We will assume a controller-based solution

► Solutions without controllers can bypass the selection of Wireless LAN Controllers and centralized management



Plan


Ser

vice

s an

d F

un

ctio

nal

ity

Upgrade Path

Size of the Deployment

Autonomous

Ideal for small and medium business requiring reliable, secure coverage for data in branch, enterprises

Customers purchase autonomous access points with the ability to convert to controller-based in the future

UNIFIED

Standalone

Ideal for a partner-led, small carpeted office that needs business-class connectivity integrated with Small Business Products

Ideal for all businesses requiring industry leading advanced functionality, robustness, mobility services and scale

Customers upgrade from autonomous deployments or purchase a new controller-based solution for maximum functionality

Controller-based

Cisco Wireless Deployment Paths


Pervasive Wireless Coverage

CentralizedControl

Centralized Visibility

Virtual Wireless LAN Controller

2504 Wireless LAN Controller

AP700, AP1600 & AP2600

Aironet Access Point

Cisco Prime

Infrastructure

PrimeInfrastructure

Choosing Wireless Solutions


When to Choose Cisco Aironet 700► Entry-level access point designed for small to midsize

networks

► Good choice for customers who want entry level devices but also want to preserve future options

► Benefits of Deployment:► Pervasive wireless coverage with low-cost wireless entry point

► Up to 6X network performance increase with 802.11n from lower-bandwidth 802.11a/b/g

► Maximum uptime with reliable design

► Upgrade to controller-based operation for enhanced functionality and simplified management


When to Choose Cisco Aironet 1600► Mid-level access point designed for small to midsize networks

► Good choice for customers who want more sophisticated features and greater client density than Aironet 700 series

► Benefits of Deployment

► Pervasive wireless coverage with low-cost wireless entry point

► Up to 6X network performance increase with 802.11n from lower-bandwidth 802.11a/b/g

► Maximum uptime with reliable design


► Enhancements over Aironet 700:

► External antenna model available for challenging RF environments

► Supports ClientLink and CleanAir Express

► Supports more clients (128 vs 100)


When to Choose Cisco Aironet 2600 ► Mid to High-level access point designed for small to midsize networks

► Good choice for customers requiring a significant upgrade in bandwidth and client density above the Aironet 1600 series

► Benefits of Deployment:

► Pervasive wireless coverage with low-cost wireless entry point

► Provides 30-60% more upstream performance than competitive products

► Optimized throughput with spectrum intelligence RF interference mitigation


► Enhancements over Aironet 1600:

► Provides greater bandwidth (450 Mbps vs 300Mbps)

► Supports more clients (200 vs 128)


When to Choose 2500 Series WLC► Entry-level wireless controller designed for small to midsize wireless networks

► Traditional appliance-based hardware device


► Affordable, centralized control of 5 to 75 access points and 1000 clients

► Optimized performance coverage with 802.11n

► Automatic access point configuration control

► Simplified operation of wireless networks

► Payment Card Industry (PCI) support enables certification for retail deployments

► Support for advanced mobility technologies:

► FlexConnect

► ClientLink

► VideoStream

► CleanAir


When to Choose Cisco Virtual Wireless Controller

1 vCPU, 2GB RAM, 8 GB HDD

► Entry to Mid –level controller designed for small to midsize wireless network

► Deployed as a virtual machine on a VMware hypervisor controlled server

► Benefits of Deployment

► Automatic access point configuration control

► Simplified operation of wireless networks

► Payment Card Industry (PCI) support enables certification for retail deployments

► Support for advanced mobility technologies: FlexConnect, ClientLink, VideoStream, and CleanAir

► Enhancements over 2500 Series Wireless Controller:

► Affordable, centralized control for up to 200 access points and 3000 clients

► Optimized performance coverage with 802.11n and 802.11ac


4 vCPU, 8 GB RAM, 200 GB HDD

When to Chose Prime Infrastructure► Mid-level management software with enterprise-level functionality

► Wired and wireless network management with application performance monitoring


► Improved operational efficiencies:

► Reduced network errors

► Speed troubleshooting

► Improve the delivery of network services

► Reduced operating expenses:

► Speed deployments

► Minimize IT staffing

► Easy-to-use tools, workflows, and automated best practices that simplify network management

► Lower capital expenditures:

► Converged management and cross-integration with existing operations


Designing

► Correct design requires understanding switch capabilities:

► Wireless Concepts► Deployment Mode► Wireless Topologies

► Design best practices:► Questions to Ask► General Office Layout► Best Practices


• DesignDesign


Wireless Concepts: Standards► Wireless is evolving to meet needs

for high performance connectivity

Mobile Data►Email►Web browsing

802.11b11Mbps

802.11n600Mbps

High Speed Wireless►Ubiquitous mobile

computing

802.11ag54Mbps

Business Ready►Voice, Video, Data

802.11ac1.3Gbps

5th Gen Wireless►High speed Voice,

Video, Data


Wireless Concepts: LAN vs WLAN

►WLANs use radio waves as the physical layer

►WLANs transmit data over the air instead of over the wires

►Current transmission techniques approximate behavior of a hub

►Future transmission techniques will approximate behavior of a switch

►WLANS must meet country specific RF regulations


Wireless Concepts: Challenges and Solutions

►Wireless networks have problems that are not encountered in wired networks:► Signal strength issues

► Signal security

► Interference and noise

►Cisco technologies address these problems:► ClientLink

► Rogue Detection

► CleanAir


• Autonomous WLAN solution

Autonomous access points

• Controller - based WLAN solution

Lightweight access points

WLAN controller

Cisco WLAN Deployment Mode


Autonomous Deployment

► Autonomous APs are configured individually via Cisco IOS command line or graphical user interface

► Each access point is managed individually

► Most suitable for smaller deployments

► Cisco clustering provides centralized configuration and scalability to 4, 8 or 16 devices

► Both Cisco Small Business Access Points and Cisco Aironet Access Points can be considered


Controller – Based Deployment

► Lightweight APs are managed centrally via the Lightweight Access Point Protocol (LWAPP)

► A WLAN controller system creates and enforces policies across many different lightweight APs

► Suitable for larger environments or ones desiring centralized control and advanced features

► Cisco Aironet Access Points support autonomous deployment

► Customers purchasing Cisco Aironet Access Points for autonomous deployments can protect their investment when upgrading to controller – based deployments


Wireless LAN Topology

► Properly designed wireless LAN can provide access to end users from anywhere in a campus environment

► Users can roam seamlessly from one location to another without losing connection

► Design considerations for deployment include:► SSID

► Service Area

► Roaming

► VLAN support

► Voice Support


Wireless Topology: Service Set Identifier

►Service Set Identifier (SSID) is used to logically separate WLANs

►A single access point can advertise multiple SSIDs

►Multiple access points can advertise the same SSIDs

►SSIDs are case sensitive, a maximum of 32 characters, and no spaces allowed

►The SSID must match on client and access point

►Guest networks provide access to clients and separate their traffic from corporate network

►Clients can automatically connect to network SSIDs or manually configure settings


Wireless Topology: Service Sets and Modes

► Ad hoc mode► Independent Basic Service Set (IBSS)

► Mobile clients connect directly without an intermediate access point

► Infrastructure mode► Basic Service Set (BSS)

► Mobile clients use a single access point for connecting to each other or to wired network resources

► Extended Services Set (ESS)► Two or more Basic Service Sets are connected by a common

distribution system


Wireless Topology: Basic Service Set► Basic Service Set is a single access point

together with associated stations

► The area of wireless coverage provided by this setup is called the Basic Service Area

► Access point is attached to Ethernet switch and also communicates to all wireless clients

► All client communications goes through the access point

► Ethernet switch is attached to network backbone and allows communications to common network resources

Channel 1


Wireless Topology: Extended Service Set► Two or more

interconnected BSS that share the same SSID

► Extends coverage and throughput for the SSID via the Extended Service Area

► 10% – 15% overlap of cells is recommended for data

► Bordering cells should be on non-overlapping RF channels

Channel 1 Channel 610

%

to1

5%


Wireless Topology: Roaming

► Roaming without interruption requires the same SSID on all access points

Roaming


Wireless Topology: Why Clients Roam

► Client searches for another access point and sends reauthentication request

► Reasons for roaming:► Maximum data retry count

exceeded

► Too many beacons missed

► Data rate shifted


Wireless Topology: VLAN Support

• An SSID can be associated with a VLAN

• Client devices connecting to that SSID will then be on the associated VLAN

• VLANs propagate across access points and can be used in ESS environments

• Supports roaming


Wireless Topology: Voice Architecture

► Converged networks combine data, voice, and video applications

► Because clients in wireless networks are mobile, capacity planning is not enough

► Goal is to minimize end-to-end delay and jitter for voice and video applications

► Cisco provides QoS for optimum performance:

► VideoStream

► CoS and DSCP tagging

► Wireless MultiMedia and QoS profiles


Antenna Types

►Directional:► Send transmissions to target areas

►Omni-directional:► Broadcast transmissions that are

not aimed at a specific target area


Build


► Controller Management Interface


Build


Configuring Wireless LAN Controllers: Interface Review


Configuring WLC Controller Interfaces► The first step when deploying a controller-based solution is to configure

the appropriate interfaces on the Wireless LAN Controller

► Interfaces are the virtual communication pathways

► Ports are the physical connectors

► WLC Interfaces include:► AP Management Interface

► Virtual Interface

► Service Port Interface

► Dynamic Interface(s)

► Definition and configuration guidance follows


WLC Controller AP Management Interface


WLC Controller Virtual Interface


WLC Controller Service-Port Interface


WLC Controller Dynamic Interfaces


Additional Resources

► http://www.cisco.com/en/US/netsol/ns741/networking_solutions_program_home.html

► http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns820/landing_ent_mob_design.htm

► http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml

► http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html

http://www.cisco.com/en/US/netsol/ns741/networking_solutions_program_home.html



http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns820/landing_ent_mob_design.htm




http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml



http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html

http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html

Module Summary


Module Summary

► Customers can choose wireless solution deployments from cloud managed, to standalone deployment, to unified wireless deployments

► Unified Wireless deployments separate the control and management of access points into a separate wireless LAN controller enabling centralized management and configuration

► The Cisco 700 series access point is a good fit for small business deployments, while the 1600 and 2600 series are suitable for larger customers

► The Cisco 2500 Series Wireless Controller is an entry-level wireless LAN controller designed for small to midsize networks

► Properly designed wireless LANs can provide access to end users from anywhere in a campus environment


Review: AP Selection Guidance

What Cisco Small Business Access Point supports dual radios and dual bands? (choose one)

A) 100 Series

B) 300 Series

C) 500 Series

D) 700 Series


Review: AP Selection Guidance

What Cisco Small Business Access Point supports dual radios and dual bands? (choose one)

C) 500 Series


Review: Wireless Deployment

What wireless deployment mode uses lightweight access points? (choose one)

A) Ad-Hoc Deployment

B) Autonomous Deployment

C) Controller-based Deployment

D) BSS Deployment


Review: Wireless Deployment

What wireless deployment mode uses lightweight access points? (choose one)

C) Controller-based Deployment


Cisco Security Solutions for Partner Engineers


Module Objectives

► Describe the Cisco Security solutions for small and midsize business customers

► Describe the business benefits for small and midsize business customers of adopting Cisco Security solutions

► Identify the appropriate Cisco Security solution to match customer needs

► Articulate the value of Cisco Security solutions over the competition

► Describe technical considerations for Cisco Security solutions for small and midsize business customers

► Describe plan, design and build considerations for Cisco Security solutions for small and midsize business customers



Module Outline

The learning objectives will be covered in the following sections:

► Cisco Security Solutions for Small and Midsize Business Customers

► Benefits of Cisco Security Solutions for Small and Midsize Business Customers

► Competing With Cisco Security Solutions

► Technical Considerations for Cisco Security Solutions

► Plan, Design, and Build Considerations for Cisco Security Solutions

Cisco Security Solutions for Small and Midsize Business Customers


Cisco solutions will address these challenges with secure network solutions

Customer Challenges

Increase ROI


customer

Provide Reliability



Boost Productivity


workloads



contribution of IT


Cisco SMB Security Portfolio Overview

Appliance-based

ISR G2

Integrated with routing

Web and Email Security

Web and content control

Email security and data loss prevention

Client software, secure VPN

Cloud, On-Premise and HybridFirewall / VPN / IPS / Content End Device

Cisco has security software and appliances that scale up through the enterprise.This module will focus on the portions of the portfolio that serve Small and Midsize Business customers

ASA 5500/5500-X AnyConnect


Cisco ISR G2 Security Solutions

► Universal IOS provides baseline security that can be upgraded to include advanced security features

► Increase performance through hardware upgrades like Intrusion Prevention Services Network Module

► Extend security capabilities without purchasing additional hardware

Software License

Easy Activation

IPS Network Module

High Performance

Web Security Connected

Expandable Services


Cisco ISR G2 IOS-based Security

► Built-in router security

► Additional protection without deploying new hardware

► Boost security where you need it most

► Save time and money

► Software services available for:► Firewall

► Intrusion Prevention Service

► IPSec and SSL VPN

► Content Security

Software Licenses for

Security Services


Cisco ISR G2 IPS Network Module Upgrade

► Powerful IPS for branch offices and small businesses

► Identifies, classifies and stops malicious traffic

► Stops worms, spyware, adware, network viruses and application abuse

► Helps ensure business continuity and minimize intrusions

► Customers can easily upgrade their ISR G2 with the IPS Network Module

Hardware Upgrades for

Maximum Performance


Cisco ISR G2 Web Security Connected

► Combines best in class web security with best in class network security

► Integrates with Cisco ASA firewalls, ISR G2 and AnyConnect mobility client

► Protect users regardless of location

► No performance impact on local Cisco security devices

► Application control, management and reporting fully integrated into cloud-based service

Cloud-based Security for Maximum

Flexibility and Coverage


Cisco ASA 5500/5500-X Security Solutions

► Provides firewall and application control services plus:► Web security

► Intrusion Prevention Services

► Remote access

► Botnet protection

5505

Entry Level

5515-X 5525-X

Midsize Office

5512-X

Small Office


ASA 5500-X Series Common Features

Meet growing network security performance demands:► 4x more firewall throughput► Increased IPS, VPN throughput

More Powerful Performance

Maximize investment—customers can add-on new security services without purchasing additional hardware:► IPS► VPN

Next-Gen Services Ready ► AnyConnect

► Botnet Protection

Run multiple security services on enterprise-class hardware without sacrificing performance: ► Multi-core Multi-threaded CPUs► 4X memory

Accelerated Integrated Services

► Hardware dedicated to accelerating IPS► Hardware dedicated to accelerating VPN


Cisco ASA 5500-X Context Security (CX)

Context Aware:► Comprehensive control over

applications, users, and devices► URL filtering and web reputation

protection► Application visibility, including peer-to-

peer and social networking, and per-user control and reporting

Subscriptions:► Web Security Essentials (WSE)► Application Visibility and Control (AVC)► AVC + WSE Bundle

Robust Stateful Inspection and Broadest Context-Aware Controls

Co

nte

xt-

Aw

are

Po

licy

En

gin

e

Plu

gg

ab

le C

on

text

Sto

res

Context-Aware Data Plane

Virtual Packet Rings

nScan Array

TLS & SSL

HTTP MS-RPC

FTP

Scanner ‘N’


Business Problem Addressed By ASA CX

Enforcing HR acceptable use policyBlock certain web site categories for everyone: Adult, Gambling, Hate Speech, Illegal Activities and others as needed

Creating a safe learning environmentDeny students but allow faculty access to the following web site categories: Entertainment, Arts, Online Trading

Maintaining employee productivityDeny employees access to the following web site categories: Sports and Recreation, Travel, Photo Search and Images

Controlling bandwidth-hungry sitesDeny users access to the following web site categories: File Transfer Services, Freeware and Shareware, Illegal Downloads, Internet Telephony

Controlling users circumventing policy Block proxies that allow you to surf the internet anonymously

CX: Web Security EssentialsUse Case: URL Filtering


Business Problem Addressed By ASA CX

Zero-day malware getting through traditional defenses

Malware gets constantly tweaked so that desktop/network AV does not detect it. New malware is released in the wild for <24 hours. Web Reputation is always able to block it even if the payload had changed.

Social engineering attacksYou get a URL link in Facebook chat, saying “Check out this cool video!”. You click the link. Web Reputation blocks that specific transaction, while allowing general access to Facebook.

Infected machines sending data outASA’s Botnet Traffic Filter detects and blocks all attempts to contact command-and-control centers / Botnet masters.

CX: Web Security EssentialsUse Case: Web Reputation Filtering


Business Problem Addressed By ASA CX Example Apps

Bandwidth misuse View and control usage of Peer-to-Peer applications

Sensitive company data uploaded to the cloud

Control usage of file sharing applications

Employee productivityBlock non-productivity-related applications, while still allowing general access to social networking

Malware writers taking control of machines through remote control apps

Block remote control applications, while allowing WebEx

Malware masquerading as a well-known app

Identify and control applications that operate on well-known open ports

CX: Application Visibility and ControlUse Case: User and Application Visibility


ASA Software Benefits

► ASA 9.1 Software:► On-box Management software version

is ASDM 7.1.3

► Offers integrated IPS, VPN and Unified Communications capabilities

► Delivers high availability for high resiliency applications

► Provides context awareness with Cisco TrustSec security group tags and Identify Based Firewall

► Facilitates dynamic routing and site-to-site VPN on a per-context basis


Cisco ASA 5505

Security Services Card

AIP SSC-5

Serial Console

2 USB 2.0

ports

8 Ports of10/100 Ethernet

Power Supply

2 PoE Ports

• FW Throughput: 150 Mbps• IPS Throughput: 150 Mbps with AIP SSC-5• VPN Throughput: 100 Mbps• Memory: 512 MB RAM• Does NOT support Context Security

Service Capabilities

• For small businesses• Base license does not support following (must upgrade to Security Plus license)

• Active/Standby Failover• Dual ISP• DMZ Support

• If customer wants IPS, they must purchase the AIP SSC-5 hardware upgrade

When to Position


Cisco ASA 5512-X

Expansion I/O Card

6 GE Cu,6 GE Fiber

Serial Console

2 USB 2.0 ports

Integrated I/O6 GE Cu

Fan

Power Supply

Dedicated GE Management Port • FW Throughput: 1 Gbps

• IPS Throughput: 250 Mbps• VPN Throughput: 200 Mbps• Memory: 4 GB RAM• Supports Context Security


• For small to midsize businesses• Base model does not support following (separate

license is required)• High Availability• VPN clustering• Security Contexts

• If customer wants to turn on services like IPS, web security simultaneously with performance, upsell the ASA 5515-X

When to Position


Cisco ASA 5515-X

Expansion I/O Card

6 GE Cu,6 GE Fiber

Serial Console

2 USB 2.0 ports

Integrated I/O6 GE Cu

Fan

Power Supply

Dedicated GE Management Port • FW Throughput: 1.2 Gbps

• IPS Throughput: 400 Mbps• VPN Throughput: 250 Mbps• Memory: 8GB RAM• Supports Context Security


• For small to mid-sized businesses• If customer requires either of following upsell

from 5512-X • High Availability• Security Contexts• VPN Clustering• Next-gen services running at the

same time

When to Position


Migration from ASA 5500 to ASA 5500-XASA 5510 Through ASA 5550 ASA 5512-X Through ASA

5555-X

Firewall Throughput 300 Mbps–1.2 Gbps 1 Gbps–4 Gbps (4X)

IPS Throughput 150 Mbps–650 Mbps 250 Mbps–1.3 Gbps

Expansion Slot UseIPS, Content Security, or

I/O ExpansionOnly for I/O Expansion

IPS Requires extra hardware moduleNo hardware module required

(runs as a service on ASA)

Content Security Requires extra hardware module No hardware module required

Redundant Power Supply

No Yes (5545-X, 5555-X)


Cisco Email Security Overview

► High availability email protection against rapidly changing threats: ► Fights spam, viruses, and blended threats for organizations of all sizes

► Enforce compliance and protects reputation and brand assets

► Reduces downtime and simplifies administration of corporate mail systems

► Deployed by more than 40 percent of the world's largest enterprises

C170 C000v Hosted Hybrid

Appliance Virtual Cloud

Cloud Hybrid Cloud


► Ready to plug-in and install in the right size for your environment

► For organizations that require sensitive data to remain physically on-premise

► Protection against risk of performance degradation

► Dedicated, easy-to-manage, and suitable for the small and midsize business customer

Appliance Deployment with C170


► Leverage existing investments

► Quicker deployments

► Improved capacity planning

► Enhanced business continuity

► Deployment flexibility

Model Disk Memory Cores

C000v 200GB 4GB 1

ESX | ESXi Hypervisor

Cisco UCSConsolidation | Automation | Virtualization

Other Hardware

Virtual Deployment with C000v


Cisco Email Security Services

Providing industry-leading email security in the cloud:

99.999% Uptime

99+% Spam catch rate

<1 in 1M false positives

100% known virus catch rate

Key Service Attributes Dedicated Infrastructure

Co-managed access

Capacity assurance

Email SaaS

Redundant Data Centers

1

Inbound Hygiene:Removes spam and viruses

Customer

Outbound Control: Apply DLP and

encryption policies

Pass Clean Email 2

3

Cisco Cloud Email Security


Cisco Email Security Services

Combining email security inbound in the cloud with outbound control in the customer’s network:

Scan and control content before it exits the network

Encryption happens before the message hits the customer’s network border

Key Service Attributes Single pane of glass reporting

Greater control for customers who need or desire it

Email SaaS

Redundant Data Centers

1

Inbound Hygiene:Removes spam and viruses

Customer

Pass Clean Email 2

Cisco Hybrid Cloud Email Security

3


Cisco Web Security Overview

► Provides web URL filtering, reputation filtering and user control:► Proactive security, application visibility, and control for all users

► Extend real-time protection and policy enforcement to remote employees

► Use deployment flexibility to meet your business and network needs

► Integrate with existing Cisco investments for reduced complexity

ASA/S170 WSAV Hosted Connectors

Appliance Virtual Cloud

Cloud Hybrid Cloud


ASA Web Security Essentials

URL Filtering Granular Categories and Dynamic Classification Updated by SIO

Application Visibility and Control*1000+ Applications,

150,000+ Microapplications

Reputation-Based Malware Protection Only Vendor to Examine IP, Domain, URL, and Sender Reputations

Policy Management Flexible Control of Use, Applications, Social Media, etc.

Actionable ReportingOn-Box, Off-Box, or Hosted in the Cloud

(Varies by Deployment Choice)

Security Intelligence Operations (SIO) Updates100 TB of Daily Threat Telemetry

Updated Every 3 to 5 Minutes

*The Cisco® ASA 5500-X with WSE requires a separate license for AVC.

DLPIntegrated with Existing DLP Solutions or via Content

Filtering Rules

Layer 4 Traffic Monitoring Available on Appliance or Virtual Appliance


Advanced Web Security

Web Security EssentialsURL Filtering, Application Visibility and Control,

Reputation-Based Malware Protection, Data Loss Prevention, Layer 4 Traffic Monitoring, Reporting, SIO

Real-Time Malware Scanning Layered, Multiple Engines

Plus


Cisco Web Security ApplianceSimplified Deployment and Management

Firewall

Users

Web Proxy

Multiple Malware Engines

URL Filtering

AVC

Web Reputation

SIO Updates

Layer 4 Traffic Monitoring

SIEM/DLP/SOCKS/FTP

Policy Management

Reporting

Cisco Web

Security Appliance

InternetInternet

Firewall

Internet

Users

Consistent policy, security, and reporting for all users

Single-box solution for faster deployments, reduced complexity

Uses Cisco AnyConnect™ for remote and mobility

Integrates easily into your existing Cisco® infrastructure

Web Proxy

1 Malware Engine

URL Filtering

Policy Management

Reporting

Traditional Appliances


Cisco Web Security Virtual ApplianceSimplified Deployment Without Additional Hardware

End Users

Same capabilities as Web Security Appliance, plus:

Self-service provisioning

Instant provisioning

Included with software bundle

User-based term licenses with unlimited VM instances

Mix-and-match deployment

Cisco Web Security Virtual Appliance

Internet

Firewall

UCS +

► Simplification Eliminates capacity planning, logistical, and budgetary headaches

► Faster DeploymentsInstant provisioning eliminates long lead times

► Rapid ResponseInstant provisioning means instant response to spikes

► Better Security Provide security to locations that were formerly difficult or too expensive to protect


Cisco Cloud Web SecuritySimplified and Scalable Cloud-Based Deployments

Direct to CloudCisco ASA

Cisco ISR-G2Cisco® WSA

Cisco AnyConnect™

Cloud Web Security

Branch to enterprise URL filtering

Application Visibility and Control

Multiple malware engines

SIEM/DLP/SOCKS/FTP

SIO updates

Policy management

Reporting

Multiple connector options

Eliminates desktop agentReduces vendorsEliminates backhaul

Reuses appliances


Cloud Web Security ConnectorsRapid Deployment Without Adding New Hardware or Complexity

ASA►Run integrated web security and intrusion prevention system (IPS) on the same equipment

►Eliminate software-based web filtering from other vendors

►Integrate with Cisco AnyConnect® to protect remote/roaming users

ISR G2►Eliminate backhaul from branch offices

►Cost-effective solution for public Wi-Fi initiatives

►Provide web security to small offices

WSA

►First step toward hybrid solution

►Cisco® Cloud Web Security for enforcement and reporting

►WSA for security information and event management

►DLP integration, advanced proxy


VPN Connectivity Challenges

Dramatically increasing complexityTrying to keep up► Massive increase in devices, browsers, applications, data, and mobility

► Current remote-access products are too complicated for the end user

Requirements compromises Productivity or security► Demand for anytime and anywhere access to any data by anyone on

any device

► Security enforcement or easing workforce enablement

Limited options Client or clientless, TLS or DTLS, IPsec or SSL, etc.► Limited protocol support leads to fragmented implementation options

► Constant influx of new technologies and standards


Cisco AnyConnect Secure Mobility Client

• Acceptable use policies

• Always-on protection

WSA

ASA

On-Premises

Cisco AnyConnect® Client

Redirect to Premises or Cloud

Cloud

Mobile User

Cisco® CloudWeb

Security

• Malware threat protection

• CWS: User choice of towers when traveling

• Application usage controls


Secure VPN ConnectivityInternationalized► IPv6 support

► UI translated into major languages

► International sales and support

Simplified connectivity► Optimal gateway selection

► Automatic hotspot negotiation

► Enterprise connection enforcement

Next-generation unified security► User and device identity

► EASmartcard SSO

► Posture validation and remediation

► Integrated web security

Flexible deployment► Scalability and high availability

► Low TCO and increased productivity

Branch Office Mobile User Home Office

Secure, Consistent Access

Wired Wi-Fi

Cellular and Wi-Fi

Partner HQ

Site to Site

Cisco® ASA

Corporate HQ

Cisco ASA


Cisco AnyConnect LicensesTo Meet a Range of Customer Needs

Flex License

Good for Short Periods of High Demand (Emergencies, Events, etc.)

Mobile License

at Low Cost Mobile License

at Low Cost

Advanced Endpoint

Assessment License

Shared License

Premium Licenses Shared by Multiple Cisco® ASA Devices

Essentials LicenseAt Low Cost

Basic Remote Access

Connectivity

Or

Premium License

Posture Assessment and Clientless

Benefits of Cisco Security Solutions for Small and Midsize Business Customers


Cisco’s Global Security Footprint

► Protecting Over 150 million endpoints globally

► Over 250 certifications, 1,000s publications,25 books authored, and >100 security patents

► Number one in network security appliancesFirewall

Email security

NAC

VPN

Network IPS

Router security

► Technology innovation: Global Correlation, Botnet Traffic Filters, Virus Outbreak Filters, Reputation Filters, Alert Services


Cisco Security Intelligence OperationsThree Defense Pillars

SensorBase

Comprehensive Threat Intelligence

Threat Operations Center

Researchers and Automated Analysis

Real-Time Updates and Best Practices

Dynamic Updates


Benefits of Threat IntelligenceThreat Intelligence: Benefits:

►Over 1.6M global devices

►1,000 servers process 500G/day

►Historical library of 40,000 threats

►35% of global email traffic seen per day

►360 degree dynamic threat visibility

►Understanding of vulnerabilities and exploit technologies

►Visibility into highest threat vehicles

►Latest attack trends and techniques


Benefits of Researchers and AnalystsResearchers and Analysts: Benefits:

►600+ Engineers, technicians, and researchers

►80+ PhDs, CCIEs, CISSPs, MCSEs

►Pen testing, botnet infiltration, malware reverse engineering

►Human-aided rule creation and QC

►95% of Internet languages covered

►Network security best practices and mitigation techniques

►Insight into threat trends and future outlook

►Quality assurance, reduced false positives

►Around-the-clock global coverage


Benefits of Dynamic UpdatesSIO Updates: Benefits:

►Automated updates delivered to Cisco security devices every 3–5 minutes

►8M+ Rules per day

►Reputation updates for real-time protection

►Reduces exposure window

►Minimizes security management overhead


IPS Reputation Filtering Powered by Global Correlation

Leading-Edge SecurityCisco IPS with Global Correlation

Coverage: Twice the effectiveness of signature-only IPS

Accuracy: Reputation analysis decreases false positives

Timeliness: 100x faster than traditional signature-only methods


Cisco Email Security Value

Best performance Lowest TCO Future focus

• Fastest to block new, email-sent viruses

• Best-in-class at stopping or encrypting sensitive outbound email

• Unrivaled threat identification infrastructure leveraging Cisco’s global presence

• First to protect email proactively with sender-based filtering

• Least false positive email classifications

• No ongoing administration

• Low network impact

• Built-in compliance capabilities

• Easiest to install and manage

• World’s leading email security support

• Fewest appliances required

• Demonstrates financial commitment to email security investment and innovation

• Most flexible email security:

on-premise, in the cloud, hybrid and virtual

• Smarter and better anticipation of threats

• Best ability to scale threat analysis as global data explodes


StabilitySecurity as part of the networkCisco® architecture and developmentWorld-class support and services

Cisco Web Security Value

Single user interface simplifies managementChoice of protection to meet security needsSimpler integrated architecture is easier to deploy and maintainCisco integration reduces complexity and multivendor overhead

Simplicity

SecurityMultiple layers of malware defense are built in, not added onBroadest threat telemetry network with SIOEnforces web security policies to enable your businessProtects any user on any device in any location


Cisco AnyConnect Value

User Centric and BYOD Enabled► Supports user devices with client or clientless access► Optimal transparent user experience with always-on connectivity► SCEP proxy and pre-deployment device identification

Extensive Support► Broad support for desktop and mobile client OSs and clientless browsers► Broad support for protocols and authentication methods► Broad support for security gateways (Cisco® ASA, ASR, and ISR)

Security Focused► Broad authentication options (IEEE 802.1X, certificate, LDAP, etc.)► Posture and vault capabilities to secure client devices► Web security integration with Cisco WSA or Cloud Web Security

Enterprise Proven► Reliable, proven, scalable, load balanced, and highly available► Strong International presence and support 24 hours a day► Single appliance: client and clientless remote access, site-to-site VPN, and

firewall

1

2

3

4

Competing With Cisco Security Solutions


Sell Cisco Remote Access to New Clients

Customer Situation Customer needs a remote-access solution

Customer Business Problem Customer wants to enable remote access for employees, contractors, and partners on their devices (PCs, tablets, and smartphones)

Solution Install Cisco® ASA with Cisco AnyConnect®

Products

• Cisco ASA 5500-X• Cisco AnyConnect Essentials or Premium license• Cisco AnyConnect Mobile license• Cisco SMARTnet® support

Customer Benefit Customer gains the most widely deployed remote-access solution with the broadest support for platforms and protocols


Cisco ASA Upgrade Opportunity

Customer Situation Customer has installed prior-generation Cisco® ASA

Customer Business Problem Customer wants to upgrade to the latest Cisco ASA appliance

Solution Cisco ASA 5500-X platform

Products

• Cisco ASA 5500-X• Cisco AnyConnect® Essentials or Premium license• Cisco AnyConnect Mobile license• Cisco SMARTnet® support

Customer BenefitCustomer gains new hardware features (including performance improvements) and capabilities on latest Cisco ASA 5500-X platform appliances with Release 9.x software


When to Sell ASA and Web Security

When to Sell Customer Situation

VPN Security Gateway

Cisco ASA Adaptive Security Appliance

Customer needs to support more users, add failover capability to a single Cisco ASA to replace a competitive VPN security gateway, or replace a Cisco VPN 3000 security gateway.

Web Security (Provides always-on security functions for laptops and mobile devices)

Cisco Cloud Web Security

Customer has Cisco AnyConnect and wants to add cloud-based web security for its users.

Cisco Web Security Appliance (WSA)

Customer has Cisco AnyConnect and wants to add appliance-based web security for its users.


Deployment Option Strengths► SIEM/DLP integration► Larger HQ► Advanced proxy/bandwidth controls

WSA

► Same capabilities as WSA► Virtual/cloud/capacity planning initiatives► Remote offices without IT staff

vWSA

► Many branch offices or roaming users► Cloud initiatives► Backhaul issues

CWS

► Reusing investments► Backhaul or private network issues► Public Wi-Fi initiatives

ISR G2 Connector

► Cost considerations► Next-generation firewall► Network bandwidth controls

ASA 5500-X Series

► Reusing investments► Integrated web security and IPS► Many remote users

ASA Connector


When to Sell AnyConnect

When to Sell Customer Situation

Cisco AnyConnect® Licenses (on Cisco® ASA)

Essentials Customer wants only simple VPN remote access. License is applied to Cisco ASA.

PremiumCustomer needs clientless VPN browser-based access, desktop or mobile posture, or Suite B cryptography, in addition to VPN remote access. License is applied to Cisco ASA.

MobileCustomer wants to enable VPN remote access for mobile devices. License is in addition to the Essentials or Premium license. Both licenses require application to Cisco ASA .

Advanced Endpoint Assessment

Customer needs remediation capabilities. This license is an add-on to the Premium license.

Shared Customer needs Premium licenses across multiple Cisco ASA devices to support many users.

FlexCustomer needs capability to temporarily burst on a day-to-day basis to the maximum number of users supported by Cisco ASA.


Technology-savvy mobile workers need access on all their mobile devices anytime and anywhere they are in the world.

Many mobile workers have a mix of corporate and personally owned devices that they use interchangeably to do their jobs.

This means that sometimes they need safe clientless access from kiosks, loaner laptops,or a home PC that does not have a client.

Wherever they are, mobile workers need safe access to their corporate applications and data from any device and through any browser from any network worldwide.

Business Challenge: Mobile Workers

Situation


Business Challenge: Mobile Workers

► Can we provide VPN client and clientless access through asingle Cisco® ASA device?

► How can we support users on many different OSs witha single solution?

► Do we have to choose between IPsec and SSL for client connections?

► How can we support the growing adoption and use of IPv6?

► How can we authenticate our users with certificates orother methods?

► How can we provide our users with transparentpersistent connectivity?

► How can the VPN session be suspended when the useris in the office?

► How can we simplify the enrollment of BYOD devices?

► How can users have the best connection while traveling?

► How can we help ensure that users are using only a single network connection at a given time?

Questions


Business Challenge:Contractors and Partners

Situation

Companies regularly outsource functions to partners or hire contractors for specific needs.This process has become commonplace for organizations of all types and sizes.

These individuals and organizations need connectivity. Often they work remotely and are not in a company’s physical building, and they often require connectivity through either a site-to-site VPN or a remote-access solution connecting them to one or more users.


Business Challenge:Contractors and Partners

Questions

► How can we easily provide secure connectivity to new contractors and partners?

► How can we limit corporate resource access levels for contractors and partners?

► How can we provide corporate resource access to a group of contractors or partners without downloading any software on their laptop or mobile devices?


Business Challenge: Risk-Averse Organizations

Situation

Some organizations have a low tolerance for risk due to regulations, information policies, or the financial impact of a security breach.

These organizations go beyond standard best security practices to protect their networks, data, devices, and users from potential threats.

They may be interested in protecting particular departments, users, or devices to a greater degree.

Typical organizations that are risk averse include government organizations and contractors, financial firms, and companies that cannot accept a security breach.


Business Challenge:Risk-Averse Organizations

► How can we help ensure that devices connecting to the network have the latest antivirus updates and VPN client?

► How can we help ensure that users connect only to corporate Wi-Fi networks?

► How can we protect our user devices from web-based threats?

► Can we use policies to enforce authentication and access rules?

► Can we apply a higher security policy to a group of users or devices?

► How do we deploy the best encryption available?

► How can we provide secure connectivity from each desktop on the LAN?

► Can we authenticate users using different methods?

► How do we help ensure that users are using a certificate for authentication?

► Is Cisco AnyConnect™ or the Cisco® ASA FIPS compliant or certified?

Questions


Security Message In A Box

• http://www.cisco.com/go/anyconnect

• http://twitter.com/anyconnect

• http://www.facebook.com/anyconnect

• http://twitter.com/ciscosecurity

• http://www.facebook.com/ciscosecurity

• http://blogs.cisco.com/category/security

• http://blogs.cisco.com/category/borderless

• http://www.youtube.com/user/Cisco

http://www.cisco.com/go/anyconnect

http://twitter.com/%23!/anyconnect

http://twitter.com/%23!/anyconnect

http://www.facebook.com/anyconnect

http://twitter.com/

http://twitter.com/

http://www.facebook.com/ciscosecurity

http://blogs.cisco.com/category/security

http://blogs.cisco.com/category/borderless

http://www.youtube.com/user/Cisco

Technical Considerations for Cisco Security Solutions


Cisco Small and Midsize Business Security Portfolio

ISR G2ASA 5500/5500-

X

Appliance-based

Broad Services Solution Portfolio

Integrated with routing

CiscoWeb Security

Appliance-based, content control

Specific Services Solution Portfolio

CiscoEmail Security

Appliance-based, data loss prevention

AnyConnect

Client software, secure VPN

End Device Solution


Cisco ASA 5500 Series PortfolioComprehensive Solutions from SOHO to the Data Center

Per

form

ance

and

Sca

labi

lity

CampusBranch Office Internet Edge

ASA 5585-X SSP-20(10 Gbps, 125K cps)



ASA 5585-X SSP-10(4 Gbps, 50K cps)ASA 5555-X

(4 Gbps,50K cps)

ASA 5545-X (3 Gbps,30K cps)

ASA 5525-X (2 Gbps,20K cps)

ASA 5512-X (1 Gbps, 10K cps)

ASA 5515-X (1.2 Gbps,15K cps)

ASA 5510 ASA 5510 +

ASA 5520

ASA 5540

ASA 5550

SOHO

ASA 5505

Enterprise


Cisco ASA 5500-X ImprovementsSignificant improvements include:

► Multi-Gigabit performance:

► Meets growing throughput requirements

► Accelerated integrated services:

► Avoids hardware upgrades as business needs change

► Next-generation services enabled platform:

► Supports multiple services on one platform, providing investment protection

ASA 5512-X1 Gbps Firewall Throughput

ASA 5525-X2 Gbps Firewall Throughput

ASA 5515-X1.2 Gbps Firewall Throughput


4X Firewall Throughput

1 Gbps Firewall250 Mbps FW+IPS200 Mbps VPN

ASA 5512-X

1.2 Gbps Firewall 400 Mbps FW+IPS 250 Mbps VPN

ASA 5515-X

2 Gbps Firewall600 Mbps FW+IPS300 Mbps VPNASA 5525-X

ASA 5510

300 Mbps Firewall300 Mbps FW+IPS170 Mbps VPN

ASA 5510+


ASA 5520


Cisco ASA 5500-X: Multi-Gigabit Performance


Cisco ASA 5500-X: Accelerated Integrated Services

► Enterprise-class hardware architecture designed to support multiple services

► Multi-core Multi-threaded CPUs

► 4X memory

► Dedicated IPS hardware accelerator

► Dedicated VPN hardware accelerator

► Services Supported

► IPS (does not require additional hardware module)

► Botnet Protection

► Real-time threat information for protection provide protection against complex threat

► VPN & AnyConnect

► Enables BYOD with security besides providing always-on remote access


Cisco ASA 5500-X: Next-Generation Services

► New Services can be turned on without requiring additional hardware

► Enterprise class hardware design supports superior performance with multiple services

► Superior investment protection

FeatureASA

5500-X

User-Identity based firewall policies ✔

Application-Visibility and Control ✔

URL Filtering ✔

Integrated IPS ✔


ASA 5512-X ASA 5515-X ASA 5525-X

Firewall Throughput (Max) 1 Gbps 1.2 Gbps 2 Gbps

Firewall Throughput (EMIX) 500 Mbps 600 Mbps 1 Gbps

IPS Throughput (Media Rich) 250 Mbps 400 Mbps 600 Mbps

VPN Throughput 200 Mbps 250 Mbps 300 Mbps

Packets per second (64 byte) 450,000 500,000 800,000

Connections (Max) 100,000 250,000 500,000

Connections per Second 10,000 15,000 20,000

Security Contexts (Incl/Max) 0/0 2/5 2/20

VLANs 50 100 200

High Availability & VPN Clustering No A/S A/A A/S A/A

Maximum Site-to-Site and IPSec IKEv1 Client VPN User Sessions 250 250 750

Maximum AnyConnect or Clientless VPN User Sessions 250 250 750

Bundles SSL VPN User Sessions 2 2 2

Premium AnyConnect VPN Peer License Levels 10,25,50,100,250 10,25,50,100,250 10,25,50,100,250,500,750

Jumbo-Frame Support Yes Yes Yes

OS 64-bit 64-bit 64-bit

Cisco ASA 5500-X Performance Positioning


Cisco ASA 5500-X Hardware Specs ASA 5512-X ASA 5515-X ASA 5525-X

Form-Factor 1 RU 19-in rack mountable

1 RU 19-in rack mountable

1 RU 19-in rack mountable

Rack-Mounting Options Brackets included(Slide rails optional)

Brackets included(Slide rails optional)

Brackets included(Slide rails optional)

Dimensions (HxWxD) 1.67 x 16.7 x 15.6 In (4.24 x 42.9 x 39.5 cm)

1.67 x 16.7 x 15.6 In (4.24 x 42.9 x 39.5 cm)

1.67 x 16.7 x 15.6 In (4.24 x 42.9 x 39.5 cm)

Weight 13.39 lb(6.07 kg)

13.39 lb(6.07 kg)

14.92 lb(6.77 kg)

CPU Multi-core enterprise-class

Multi-core enterprise-class

Multi-core enterprise-class

RAM 4 GB 8 GB 8 GB

Flash 4 GB 8 GB 8 GB

Integrated Network Ports (GE) 6 6 8

Maximum Network Ports (GE) 12 12 14

Dedicated OOB Mgmt. Port (GE) Yes Yes Yes

Interface Card Options 6 GE Copper or6 GE SFP SX,LH,LX

6 GE Copper or6 GE SFP SX,LH,LX

6 GE Copper or6 GE SFP SX,LH,LX

Interface Card Slots 1 1 1

USB 2.0 Ports 2 2 2

Console Port Yes, RJ-45 Yes, RJ-45 Yes, RJ-45

Redundant power No No No

Dedicated IPS Hardware Accelerator No No Yes

Power Supply AC, 400W AC, 400W AC, 400W


Cisco ASA 5500-X Front-View

ASA 5515-X

ASA 5525-X

ASA 5545-X

ASA 5555-X

ASA 5512-X

1 RU Appliances

Hard Drive Slots(Used with Context Security Upgrade)


Cisco ASA 5500-X Back-View 6 GE ports 8 GE ports

ASA 5512-X

ASA 5515-X

ASA 5525-X

ASA 5545-X

ASA 5555-X

1 Expansion Slot6-port GE or 6-port SFP

Redundant Power Supplies

Plan, Design, and Build Considerations for Cisco Borderless Network Switching Solutions










• DesignDesign


Build


Planning

► In the case of ASA security, one of our key planning steps is to determine the license requirements and deployment mode



Plan


Cisco ASA 5500-X Security Services

► Next Generation security services incorporated into ASA software:► Base License:

► Stateful Firewall

► VPN (choose between DES or 3DES/AES version)

► Optional Licenses:► Application Visibility and Control

► Web Security Essentials

► Intrusion Prevention Services (sold as combo at time of purchase)

► Cloud Web Security

► Botnet Traffic Filter

► SSL VPN


Context and Threat AwarenessNext-Generation Context-Aware Firewall and Proven Cisco Technology

Classic Cisco ASA Firewall

DistributedAppliance Integrated Virtual

Cisco® ASA CX

► End-to-end network intelligence

► Comprehensive access control

► Deep application control

► Exceptional remote access

► Best-in-class web security

Context Aware

► Near-real-time threat protection

► Comprehensive reputation analysis

► Analysis of email, IPS, and web vectors

► Largest global footprint

► Most frequently updated feeds

Threat Aware


Cisco IPS► Uses both traditional signature-based and reputation-based methods

to prevent threats

► Determines reputation of an IP address through complex algorithms based on 75 TB of data received per day shared by:

► 1.6 million deployed security devices

► 35% of worldwide email traffic

► 150 million deployed endpoints

► 13 billion web requests

► Helps catch zero-day threats and advanced persistent threats

► Helps meet regulatory compliance (PCI, HIPPA, Sarbanes-Oxley, etc.)

► Provides superior threat mitigation with passive OS fingerprinting and reputation

► Offers deployment flexibility by using user identity-based security policies


Cisco IPS Threat Defense

Multilayer Attack Defense

Patented Cisco® Traffic Cleansing Technology

Cisco Vulnerability-Based Signatures

Detects all major protocol evasion techniques, provides anomaly

detection

Protects against 25,000 exploits and countless more

► IP packet fragmentation► TCP stream segmentation► RPC fragmentation► URL obfuscation► HTML evasion ► FTP evasion

Network OS ApplicationsRPC MSFT DatabasesUDP Linux Web serversHTTP Mac P2PSMB Cisco SkypeIPV6 H.223/5MPLS ApacheGRE P2PIPV4 in IPV6 SharePointIPV4 in IPV4

Signature

Twice a Week

Updates


Cisco ASA Botnet Traffic Filter

• Scans all traffic, all ports, and all protocols

• Monitors command and control traffic from internal bots to external hosts

• Detects infected clients by tracking rogue phone-home traffic

Cisco® ASA Botnet Traffic Filter feature

• Provides guidance now for blocking botnet communication

• Dynamic discovery provides real-time identification of malware communication flexibility by using user identity-based security policies

Powerful antimalware data promotes accuracy

Cisco ASA

Antimalware


ASA CX Integration with AnyConnect

► ASA CX delivers end-to-end network visibility for superior security control, including:

► Robust authentication: Active authentication via Active Directory, LDAP, Kerberos or NT LAN Manager

► Device information: Cisco AnyConnect provides information on the specific types of user devices attempting to gain access to the network, as well as whether the device is located locally or remotely

► Reputation-based threat defense: Threat intelligence feeds from Cisco SIO using the global footprint of Cisco security deployments ► Leveraging more than 2 million devices

► Analyzing approximately one-third of the world's Internet traffic


Designing

► Correct design requires understanding security services as well as design best practices:

► Guidelines for Designing Security Policy


• DesignDesign


Guidelines for Designing Security Policy

Implementing and Maintaining a Comprehensive IT Risk Mitigation Strategy:

► What assets are you trying to protect?► Security Architecture Review

► What are the relevant threats?► Security Posture Assessment

► How comfortable are you with your ability to detect and respond to these threats?

► Gap Assessment and Remediation Consulting

► Security Product Design and Implementation Services


Cisco Security Architecture Review

Activities► Analyze network security solution goals,

objectives, and requirements

► Evaluate the existing security infrastructure identifying architecture, design, and implementation gaps

► Provide a detailed configuration analysis of critical security components

► Identify vulnerabilities and deviations from best practices and policy

► Recommend improvements to the security topology, components, functions, and features

Security Architecture Review Report

1. What assets are you trying to protect?


Cisco Security Posture Assessment

Activities► Discovery to identify systems and services visible to the

Internet

► Penetration testing to confirm the presence of vulnerabilities

► Detailed analysis to identify critical vulnerabilities

► Comparison with recommended industry best practices and policies

► Development of a prioritized list of discovered risks with recommended actions

2. What are the relevant threats?

Security Posture Assessment Report


3. How comfortable are you with your ability to detect and respond to these threats?

Cisco Security Design Support

Activities► Analyze security solution design goals, objectives, and

requirements

► Review the customer’s design including specifications for scalability, redundancy, and performance

► Review hardware and software requirements including network security management tools

► Assist in the development of a common set of design principles, policies, and practices

► Provide recommendations for ongoing management and maintenance

Detailed Security Design Report


3. How comfortable are you with your ability to detect and respond to these threats?

Cisco Security Performance Tuning

Activities► Perform security device discovery

► Analyse customer’s baseline configuration templates including tuning requirements

► Compare configuration and policy implementation to industry best practices and your organization’s security policy

► Review findings and provide recommendations for improved policy configuration and tuning

Security Recommendations Report


Build


► Cisco Adaptive Security Device Manager

► Cisco Security Manager


Build


Cisco Adaptive Security Device Manager

► Ideal for small or simple deployments

► Configure, monitor and troubleshoot ASA devices

► Easy to use setup wizards make installation and initial management easy

► Real-time log viewer and monitoring dashboards for at-a-glance status

► Troubleshooting features and powerful debugging tools such as packet trace and packet capture


Cisco ASDM: Packet Tracer

Benefits

► Enables rapid troubleshooting

► Enables policy tuning and refining

► Simplifies fault isolation in complex policy environments

► First Pro-active Debugging Tool

PACKET TRACING

Enables the injection of arbitrary packets through the system to audit policy configuration and enforcement


Cisco ASDM: Syslog Viewer► Structured real time syslog viewer

► Provides optional coloring of events based on severity

► Offers real-time interpretation of log messages, with plain English explanations and recommended actions for each log message


Cisco Security Manager 4.4

Centralized Policy AdministrationCentrally provision policies for firewalls, VPNs, and IPS

Very scalable

Policy inheritance feature enables consistent policies across enterprise

Powerful device grouping options

Configure policies for ASA, Cisco® PIX® FW, FW SM and Cisco IOS® Software

Single rule table for all platforms

Intelligent analysis of policies

Sophisticated rule table editing

Compresses the number of access rules required

Firewall Administration

Superior Usability

Jumpstart help: an extensive

animated learning tool

Flexible management views:

•Policy-based

•Device-based

•Map-based

•VPN Manager

•IPS Manager

•Deployment Manager

VPN Administration

VPN Wizard setup site-to-site, hub-spoke, and full-mesh VPNs

Configure remote-access VPN, DMVPN, and Easy VPN devices

IPS Administration

Automatic updates to the IPS sensors

Support for outbreak prevention services


Cisco Security Manager: Policy Based Management► Create and reuse security rules and

objects

► Monitor security threats throughout the deployment

► Minimize errors and maximize efficiency

► Implement security settings on-demand or on a scheduled basis

► Roll back to previous configurations

► Import and export security configurations

► Role-based access control and deployment workflows ensure security and consistency


Cisco Security Manager: Event Manager► Support for syslog

► Real-time and historical event viewing

► Cross-linkages to firewall access rules and IPS signatures

► Prebundled set of views for firewall, IPS, and VPN

► Customizable views

► Intuitive GUI controls

► Tools such as ping, traceroute, and packet tracer


Additional Resources► Security

► www.cisco.com/go/security► SAFE Design

► http://www.cisco.com/go/safe ► Branch Office Design

► http://www.cisco.com/web/about/ciscoitatwork/network_systems/branch_office_network_design.html

► Cisco on Cisco

► http://www.cisco.com/go/ciscooncisco

http://www.cisco.com/go/security

http://www.cisco.com/go/security








Module Summary


Summary► Cisco partners should consider the ISR G2 series and ASA 5500-X

series products as their primary solution for customer security solutions across a broad spectrum of needs

► The enterprise class hardware design of the ASA 5500-X series supports superior performance with multiple services and provides superior investment protection

► The Cisco ASA CX capability provides next generation context-aware firewall capability on the proven ASA firewall platform

► The Cisco ASA Botnet Traffic Filter detects infected clients by tracking rogue phone-home traffic and stops that traffic to protect the network


Review: ASA 5500-X Improvements

Which of the following is a new feature of the ASA 5500-X series? (choose one)

A) Hardware-based Upgrades

B) Context Security

C) Gigabit Ethernet

D) Firewall, VPN and IPS Services


Review: ASA 5500-X Improvements

Which of the following is a new feature of the ASA 5500-X series? (choose one)

B) Context Security


Review: Security Management

Which of the following is the embedded management tool for ASA 5500series devices? (choose one)

A) Cisco Prime

B) Cisco Security Manager

C) ASDM

D) CCP


Review: Security Management

Which of the following is the embedded management tool for ASA 5500series devices? (choose one)

C) ASDM

Course Summary


Course Summary

► Cisco Borderless Networks and Security solutions include: routing, switching, wireless, and security solutions

► Cisco Borderless Network and Security solutions provide the best choice for customers because they support an overall vision of how the network needs to work together to address business needs

► Cisco Borderless Network and Security solutions solve problems for customers struggling with operational complexity and costs, security challenges, network downtime and expanding bandwidth needs

► Understanding the technical and design considerations of Cisco Borderless Networks and Security solutions is essential to mapping these solutions to customer needs

borderless for engineers

Documents

security solutions portfolio

cisco partners

midsize customers

business benefits

technical considerations

match customer needs

following modules

powerpoint templates