Cisco® Catalyst® 2975 Switch with LAN Base software is a fixed-configuration stackable intelligent Ethernet switch with Power over Ethernet (PoE) and Gigabit Ethernet connectivity, enabling enhanced LAN services for commercial branch office networks (see Figure 1). The Cisco Catalyst 2975 LAN Base Switch offers integrated security, including Network Admission Control (NAC), enhanced quality of service (QoS), and resiliency to deliver intelligent services for the network edge.
The Cisco Catalyst 2975 LAN Base Switch offers:
Figure 1. Cisco Catalyst 2975 LAN Base Switch
The Cisco Catalyst 2975 LAN Base software image is a rich suite of intelligent services, including enhanced QoS, rate limiting, ACLs, and IPv6 management. The Small Form-Factor Pluggable (SFP)-based Gigabit Ethernet ports accommodate a range of SFP transceivers, including the Cisco 1000BASE-SX, 1000BASE-LX, 1000BASE-BX, 1000BASE-ZX, 100BASE-FX, and coarse wavelength-division multiplexing (CWDM) SFP transceivers.
Unified Stack Management
The Cisco Catalyst 2975 Switch supports unified stack management to reduce the operational cost of managing a stack of up to nine access layer switches. The Cisco Catalyst 2975 Switch supports 32 Gbps stacking bandwidth with dedicated stacking ports and special stacking cables. A master switch and backup master switch are elected within a stack of Cisco Catalyst 2975 Switches. The master switch maintains a single configuration file for the stack and automatically provisions and updates the software image for new switches added to a stack, enabling plug-and-play hardware replacement. The Cisco Catalyst 2975 Switch stack supports a single IP address, which is maintained even when a new stack master is elected. Also a Cisco Catalyst 2975 Switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge-id, which simplifies spanning-tree convergence and troubleshooting.
Power over Ethernet
The Cisco Catalyst 2975 Switch provides PoE to allow easy connectivity to Ethernet-powered devices, including Cisco IP phones and wireless access points. Cisco Catalyst 2975 PoE models comply with Cisco prestandard PoE and IEEE 802.3af. PoE removes the need for wall power to each PoE-enabled device and eliminates the cost for additional electrical cable and circuits that would otherwise be necessary in IP phone and WLAN deployments. PoE switches also eliminate the need for power injectors and PoE midspans for powering IP devices. The Cisco Catalyst 2975 Switch has a 370W PoE power budget so can support 24 simultaneous full-powered PoE port at 15.4W.
At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while increasing the return on existing infrastructure investments. Today's workers are placing higher demands on networks, running multiple concurrent applications. For example, a worker joins a team conference call through an IP videoconference, sends a 10-MB spreadsheet to meeting participants, broadcasts the latest marketing video for the team to evaluate, and queries the customer relationship management (CRM) database for the latest real-time feedback. Meanwhile, a multigigabyte system backup starts in the background, and the latest virus updates are delivered to the client.
Redundant Power System
The Cisco Catalyst 2975 Switches support the new generation of the Cisco Redundant Power System (RPS) 2300, which increases availability in a converged data, voice, and video network by providing transparent power backup to two of six attached switches at the same time.
Intelligence in the Network
Networks of today are evolving to address four new developments at the network edge:
These new demands contend for resources with existing mission-critical applications. As a result, IT professionals must view the edge of the network as critical to effectively manage the delivery of information and applications.
As companies increasingly rely on networks as their strategic business infrastructure, it is more important than ever to help ensure their high availability, security, scalability, and control. By adding Cisco intelligent functions for LAN access, you can now deploy networkwide intelligent services that consistently address these requirements from the desktop to the core and through the WAN.
Cisco Catalyst Intelligent Ethernet switches help you realize the full benefits of adding intelligent services into your networks. Deploying capabilities that make the network infrastructure highly available to accommodate time-critical needs, scalable to accommodate growth, secure enough to protect confidential information, and capable of differentiating and controlling traffic flows is critical to further optimizing network operations.
The wide range of security features that the Cisco Catalyst 2975 LAN Base Switch offers helps you protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation.
The Cisco Identity-Based Networking Services (IBNS) solution provides authentication, access control, and security policy administration to secure network connectivity and resources. Cisco IBNS in the Cisco Catalyst 2975 LAN Base Switch prevents unauthorized access and helps ensure that users get only their designated privileges. It provides the ability to dynamically administer granular levels of network access. Using the 802.1x standard and the Cisco Secure Access Control Server (ACS), users can be assigned a VLAN upon authentication, regardless of where they connect to the network. This setup allows IT departments to enable strong security policies without compromising user mobility and with minimal administrative overhead.
To guard against denial-of-service (DoS) and other attacks, ACLs can be used to restrict access to sensitive portions of the network by denying packets based on source and destination MAC addresses, IP addresses, or TCP/User Datagram Protocol (UDP) ports. ACL lookups are done in hardware, so forwarding performance is not compromised when ACL-based security is implemented.
Port security can be used to limit access on an Ethernet port based on the MAC address of the device to which it is connected. It also can be used to limit the total number of devices plugged into a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the risks of rogue wireless access points or hubs.
With Dynamic Host Configuration Protocol (DHCP) snooping, DHCP spoofing can be thwarted by allowing only DHCP requests (but not responses) from untrusted user-facing ports. Additionally, the DHCP Interface Tracker (Option 82) feature helps enable granular control over IP address assignment by augmenting a host IP address request with the switch port ID.
The MAC Address Notification feature can be used to monitor the network and track users by sending an alert to a management station so that network administrators know when and where users entered the network. Secure Shell Protocol Version 2 (SSHv2) and Simple Network Management Protocol Version 3 (SNMPv3) encrypt administrative and network-management information, protecting the network from tampering or eavesdropping. TACACS+ or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering the configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the web-based management interface provide the ability to give different levels of configuration capabilities to different administrators.
Intelligent PoE Management
The Cisco Catalyst 2975 PoE switch supports Cisco IP phones and Cisco wireless LAN access points, as well as any IEEE 802.3af-compliant end device.
- Cisco Discovery Protocol version 2 allows the Cisco Catalyst 2975 Switch to negotiate a more granular power setting when connecting to a Cisco powered device, such as IP phones or access points, than what is provided by IEEE classification.
- The PoE MIB provides proactive visibility into power usage and allows you to set different power level thresholds.
- Link Layer Discovery Protocol (LLDP and LLDP-MED) adds support for IEEE 802.1AB link layer discovery protocol for interoperability in multivendor networks. Switches exchange speed, duplex, and power settings with end devices such as IP phones.
Availability and Scalability
The Cisco Catalyst 2975 LAN Base Switch is equipped with a large set of features that allow for network scalability and higher availability through multicast filtering as well as a complete suite of Spanning Tree Protocol enhancements aimed to maximize availability in a Layer 2 network.
Voice-aware 802.1x port security disables the offending data VLAN when a violation is detected without affecting Voice VLAN on the same switch port. Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), UplinkFast, and PortFast help maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design. UplinkFast, PortFast, and BackboneFast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time. FlexLinks provide bidirectional, fast convergence in less than 100 milliseconds. The Loopguard and bridge protocol data unit (BPDU) guard enhancements provide Spanning Tree Protocol loop avoidance.
The Cisco Catalyst 2975 LAN Base Switch offers superior multilayer QoS features to help ensure that network traffic is classified and prioritized and that congestion is avoided in the best possible manner. Configuration of QoS is greatly simplified through automatic QoS (Auto QoS), a feature that detects Cisco IP phones and automatically configures the switch for the appropriate classification and egress queuing. This optimizes traffic prioritization and network availability without the challenge of a complex configuration.
The Cisco Catalyst 2975 LAN Base Switch can classify, reclassify, police, mark, queue, and schedule incoming packets and can queue and schedule packets at egress. Packet classification allows the network elements to discriminate between various traffic flows and enforce policies based on Layer 2 and Layer 3 QoS fields.
To implement QoS, the Cisco Catalyst 2975 LAN Base Switch first identifies traffic flows or packet groups, then classifies or reclassifies these groups using the differentiated services code point (DSCP) field or the 802.1p class of service (CoS) field. Classification and reclassification can be based on criteria as specific as the source or destination IP address, source or destination MAC address, or the Layer 4 TCP or UDP port. At the ingress, the Cisco Catalyst 2975 LAN Base Switch also polices to determine whether a packet is in or out of profile, marks to change the classification label, passes through or drops out of profile packets, and queues packets based on classification. Control-plane and data-plane ACLs are supported on all ports to help ensure proper treatment on a per-packet basis.
The Cisco Catalyst 2975 LAN Base Switch supports four egress queues per port, giving network administrators more control in assigning priorities for the various applications on the LAN. At egress, the switch performs congestion control and scheduling, the algorithm or process that determines the order in which queues are processed. The Cisco Catalyst 2975 LAN Base Switch supports Shaped Round Robin (SRR) and strict priority queuing. The SRR algorithm helps ensure differential prioritization.
These QoS features allow network administrators to prioritize mission-critical and bandwidth-intensive traffic, such as enterprise resource planning (ERP), voice (IP telephony traffic), and computer-aided design and manufacturing (CAD/CAM), over applications such as FTP or email. For example, it would be undesirable to have a large file download destined to one port on a switch increase latency in voice traffic destined to another port on this switch. This condition is avoided by making sure that voice traffic is properly classified and prioritized throughout the network. Other applications, such as web browsing, can be handled on a lower-priority basis.
The Cisco Catalyst 2975 LAN Base Switch can perform rate limiting through its support of the Cisco committed information rate (CIR) function. Through CIR, bandwidth can be guaranteed in increments as small as 1 Mbps. Bandwidth can be allocated based on several criteria, including MAC source address, MAC destination address, IP source address, IP destination address, and TCP or UDP port number. Bandwidth allocation is essential when network environments require service-level agreements or when it is necessary to control the bandwidth given to certain users.
The new Express Setup feature simplifies the initial configuration of a switch. Now you can set up the switch through a web browser, eliminating the need for terminal-emulation programs and the command-line interface (CLI). Express Setup reduces the cost of deployment by helping less-skilled personnel quickly and easily set up switches.
Cisco Network Assistant is a PC-based network-management application optimized for LANs with up to 250 users. Cisco Network Assistant offers centralized management of Cisco switches, routers, and WLAN access points. It supports a wide range of Cisco Catalyst intelligent switches from Cisco Catalyst Express 500 through Cisco Catalyst 4506. Through a user-friendly GUI, users can configure and manage a wide array of switch functions and start the device manager of Cisco routers and Cisco wireless access points. A few mouse clicks enable the Cisco recommended security, availability, and QoS features without the need to consult a detailed design guide. The Security wizard automatically restricts unauthorized access to servers with sensitive data. Smartports, and wizards save time for network administrators, reduce human errors, and help ensure that the configuration of the switch is optimized for these applications. Available at no cost, Cisco Network Assistant can be downloaded from the Cisco website.
In addition to Cisco Network Assistant, Cisco Catalyst 2975 LAN Base Switch provides extensive management using SNMP network-management platforms such as the CiscoWorks LAN Management Solution (LMS). CiscoWorks LMS is a suite of powerful management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. It integrates these capabilities into a world-class solution for improving the accuracy and efficiency of your operations staff, while increasing the overall availability of your network. CiscoWorks LMS supports over 400 different device types, providing: