Cisco WS-C3650-24TS-S Datasheet download pdf (Page 6)

Distributed Intelligent Services

Flexible NetFlow (FNF)

Full visibility into the wired plus wireless traffic is achieved because of the access point Control and Provisioning of

Wireless Access Points (CAPWAP) tunnel termination on the switch. This helps identify users and user traffic

flows in order to identify potential attackers and take corrective action at the access layer before the attack

penetrates further into the network. This is achieved using FNF, which monitors every single flow entering and

exiting the switch stack for wired and wireless users. It also helps identify the top wired/wireless talkers and

enforce appropriate bandwidth provisioning policies.

QoS

The 3650 switch has advanced wired plus wireless QoS capabilities. It uses the Cisco modular QoS command line

interface (MQC). The switch manages wireless bandwidth using unprecedented hierarchical bandwidth

management starting at the per-access-point level and drilling further down to per-radio, per-service set

identification (SSID), and per-user levels. This helps manage and prioritize available bandwidth between various

radios and various SSIDs (enterprise, guest, and so on) within each radio on a percentage basis. The switch is

also capable of automatically allocating equal bandwidth among the connected users within a given SSID. This

makes sure that all users within a given SSID get a fair share of the available bandwidth while being connected to

the network. The UADP ASIC enables the hierarchical bandwidth management and fair sharing of bandwidth,

thereby providing hardware-based QoS for optimized performance at line-rate traffic.

In addition to these capabilities, the switch is able to do class of service (CoS) or differentiated services code point

(DSCP) based queuing, policing, shaping, and marking of wired plus wireless traffic. This enables users to create

common policies that can be used across wired plus wireless traffic. The 3650 also supports downloadable policy

names from the Cisco Identity Services Engine (ISE) when a user successfully authenticates to the network using

the ISE.

Security

The Cisco Catalyst 3650 provides a rich set of security features for wired plus wireless users. Features such as

IEEE 802.1x, Dynamic Host Configuration Protocol (DHCP) snooping, IP Source Guard and control plane

protection, wireless intrusion prevention systems (WIPSs), and so on enable protection against unauthorized

users and attackers. With a variety of wired plus wireless users connecting to the network, the switch supports

session-aware networking, in which each device connected to the network is identified as one session, and unique

access control lists (ACLs) and/or QoS policies can be defined and applied using the ISE for each of these

sessions, providing better control on the devices connecting to the network.

Resiliency

Cisco StackWise-160 Technology

The Catalyst 3650 supports an optional stacking module that is based on the Cisco StackWise-160 technology.

Cisco StackWise-160 technology is built on the highly successful industry-leading StackWise

technology, which

is a premium stacking architecture. StackWise-160 has a stack bandwidth of 160 Gbps. StackWise-160 uses

Cisco IOS Software SSO for providing resiliency within the stack. The stack behaves as a single switching unit

that is managed by an “active” switch elected by the member switches. The active switch automatically elects a

standby switch within the stack. The active switch creates and updates all the switching/routing/wireless

information and constantly synchronizes that information with the standby switch. If the active switch fails, the

standby switch assumes the role of the active switch and continues to the keep the stack operational. Access

1 2 3 4 5 6 7 ... 27

No comments

Cisco WS-C3650-24TS-S Datasheet Page 6