《Catalyst 9000 交换机和思科 DNA 优势.pdf》由会员分享,可在线阅读,更多相关《Catalyst 9000 交换机和思科 DNA 优势.pdf(58页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveSiddharth KrishnaLeader,Technical MarketingBRKENS-1093Catalyst 9000 Switches and Cisco DNA Advantage 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the speaker af
2、ter the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.Al
3、l rights reserved.Cisco PublicBRKENS-1093 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENS-1093 Session AbstractWant to make the best use of your Catalyst 9000 DNA Advantage?Wondering what the DNA Advantage on C9K brings to you besides basic Automation,Assurance and
4、SDA?This session is all about going beyond the speeds and feeds of the C9K Switching and takes you on a tour of our Catalyst Full-Stack offerings-innovative solutions addressing important needs of access networks.It will cover market differentiating capabilities that enable Edge intelligence(App hos
5、ting use cases),IoT connectivity and security(Wired IoT Gateway,POE Analytics,Endpoint and Trust Analytics etc.),Application visibility and analytics(SD-AVC,ERSPAN etc.)as well as Service discovery and assurance in your networks(DNA Service for Bonjour,ThousandEyes etc).With C9K,you already have the
6、se deployed!Learn more to enable these and get the best of your Catalyst 9K Switching today!4BRKENS-1093 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat this session DOES&DOES NOT cover5BRKENS-1093C9K“DNA Advantage”OfferingsSolution overview and use casesSolution comp
7、onents and capabilitiesTechnical requirement&dependencies 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnterprise Switching Campus with Catalyst 9000IT/OT End PointsBonjour End PointsTime Sensitive ApplicationstvCampus HQInternetInternetWANWAN9300X9500XColoColoBranchBra
8、nchDNA CenterDNA CenterBRKENS-10936 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveI have covered the basics,what MORE and why?IT/OT End PointsBonjour End PointsTime Sensitive ApplicationstvCampus HQInternetInternetWANWAN9300X9500XColoColoBranchBranchDNA CenterDNA CenterB
9、RKENS-10937 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIT/OT End PointsBonjour End PointsTime Sensitive ApplicationstvCampus HQInternetInternetWANWAN9300X9500XColoColoBranchBranchDNA CenterDNA CenterCan I get even MORE Visibility?I have covered the basics,what MORE an
10、d why?BRKENS-10938 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIT/OT End PointsBonjour End PointsTime Sensitive ApplicationstvCampus HQInternetInternetWANWAN9300X9500XColoColoBranchBranchDNA CenterDNA CenterHow can I have End-to-End(.MORE)Security?I have covered the ba
11、sics,what MORE and why?BRKENS-10939 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIT/OT End PointsBonjour End PointsTime Sensitive ApplicationstvCampus HQInternetInternetWANWAN9300X9500XColoColoBranchBranchDNA CenterDNA CenterCan I make my edge MORE Intelligent?I have co
12、vered the basics,what MORE and why?BRKENS-109310 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIT/OT End PointsBonjour End PointsTime Sensitive ApplicationstvCampus HQInternetInternetWANWAN9300X9500XColoColoBranchBranchDNA CenterDNA CenterDo I have MORE Management Choice
13、s?BRKENS-109311I have covered the basics,what MORE and why?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive12BRKENS-1093Cisco DNA Advantage+Catalyst 9000 Switching deliversCONTROLCONTROLCONNECTCONNECTSECURESECUREANALYZEANALYZECATALYSTFULLSTACKVALUE 2023 Cisco and/or its af
14、filiates.All rights reserved.Cisco Public#CiscoLiveCisco DNA Advantage Foundational Elements13BRKENS-1093Cisco DNA CenterAssuranceAutomation SDAI KNOW THIS!SO WHY ARE WE TALKING ABOUT IT?As you might think of it 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive14BRKENS-1093
15、DNA Licensing DNA Center 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco DNA Offer DetailsAdvanced AutomationAdvanced AutomationSD-AccessApplication policy creationEncrypted Traffic AnalyticsCisco Wide Area BonjourApplication hostingTelemetry and VisibilityTelemetry
16、and VisibilityERSPAN,AVC(NBAR2),WiresharkAssurance and AnalyticsAssurance and AnalyticsCompliance and ReportsDevice 360 and Client 360Network Health InsightsAI Endpoint Analytics,Trust Analytics,ThousandEyes Network and Application SyntheticsCisco DNA Spaces See&ExtendElement ManagementElement Manag
17、ementPatch/SMU Lifecycle ManagementCisco DNA Advantage(Inclusive of Cisco DNA Essentials)3,5,7 Year TermsBasic AutomationBasic AutomationNetwork Plug and Play(PnP)provisioning applicationLAN AutomationCisco Local Area BonjourTelemetry and VisibilityTelemetry and VisibilityFull Flexible NetFlowElemen
18、t ManagementElement ManagementSoftware Image Management(SWIM)Cisco DNA Essentials3,5,7 Year TermsSecuritySecurityIPsec,WAN MACsecUmbrella ConnectorSecure Cloud Analytics SensorBasic AssuranceBasic AssuranceHealth Dashboards Network,Client,ApplicationBRKENS-109315Refer to Cisco Feature Navigator for
19、Platform Specific Support Information 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco DNA Offer DetailsAdvanced AutomationAdvanced AutomationSD-AccessApplication policy creationEncrypted Traffic AnalyticsEncrypted Traffic AnalyticsCisco Wide Area BonjourApplication h
20、ostingApplication hostingTelemetry and VisibilityTelemetry and VisibilityERSPAN,AVC(NBAR2),ERSPAN,AVC(NBAR2),WiresharkWiresharkAssurance and AnalyticsAssurance and AnalyticsCompliance and ReportsDevice 360 and Client 360Network Health InsightsAI Endpoint Analytics,Trust Analytics ThousandEyesThousan
21、dEyes Network and Network and Application Synthetics Application Synthetics Cisco DNA Spaces See&Extend Cisco DNA Spaces See&Extend Element ManagementElement ManagementPatch/SMU Lifecycle Patch/SMU Lifecycle ManagementManagementCisco DNA Advantage(Inclusive of Cisco DNA Essentials)3,5,7 Year TermsBa
22、sic AutomationBasic AutomationNetwork Plug and Play(PnP)provisioning applicationLAN AutomationCisco Local Area Bonjour Cisco Local Area Bonjour Telemetry and VisibilityTelemetry and VisibilityFull Flexible NetFlowFull Flexible NetFlowElement ManagementElement ManagementSoftware Image Software Image
23、Management(SWIM)Management(SWIM)Cisco DNA Essentials3,5,7 Year TermsSecuritySecurityIPsec,WAN MACsecIPsec,WAN MACsecUmbrella ConnectorUmbrella ConnectorSecure Cloud Analytics Secure Cloud Analytics SensorSensorBasic AssuranceBasic AssuranceHealth Dashboards Network,Client,ApplicationDo Not Mandate C
24、isco DNA CenterBRKENS-109316 Cisco DifferentiatorRefer to Cisco Feature Navigator for Platform Specific Support InformationAgenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroduction:C9K&DNA-AEdge Intelligence&ComputeAdvanced Network VisibilityEnd-to-end SecurityCloud for Ca
25、talystConclusionBRKENS-109317 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFixed/ModularFixed/ModularCoreCoreModular Modular Access/Distribution Access/Distribution Fixed Fixed access/Compactaccess/CompactCisco Catalyst 9000 Switching Portfolio2023CatalystCatalyst296029
26、60-X/XRX/XRCatalystCatalyst3650/38503650/3850Catalyst Catalyst 38503850-XSXSCatalystCatalyst2960CX/3560CX2960CX/3560CXCatalyst 9200/L Catalyst 9200/L SeriesSeriesCatalyst 9300LMCatalyst 9300LMCatalyst 9300/L SeriesCatalyst 9300/L SeriesCatalyst 4500Catalyst 4500-E SeriesE SeriesCatalyst 9400 SeriesC
27、atalyst 9400 SeriesCatalyst 9200CXCatalyst 9200CX(MGIG)AC+HVDC(MGIG)AC+HVDCCatalyst 9200CX Catalyst 9200CX Data/PoE+&HVDC Data/PoE+&HVDC ModelsModelsC9300XC9300X-48HXN48HXNC9300XC9300X-24HX24HXCatalyst 9400X Catalyst 9400X Sup 2/2XLSup 2/2XLC9400C9400-LCLC-12QC12QCC9400C9400-LCLC-24XY24XYCatalyst Ca
28、talyst 68406840-X/6880X/6880-X XCatalyst 6500Catalyst 6500-E/6807E/6807-XLXLCatalyst 9500 SeriesCatalyst 9500 SeriesCatalyst 9600 SeriesCatalyst 9600 SeriesC9500XC9500X-28C8D28C8DC9500XC9500X-60L4D60L4DC9600XC9600X-LCLC-32CD32CDC9600XC9600X-Sup 2Sup 2Q3Q3CY23CY23Catalyst 9000X SeriesCatalyst 9000X S
29、eriesCatalyst 9000 SeriesCatalyst 9000 SeriesShippingQ2Q2CY23CY23ShippingOrderableShippingC9300XC9300X-48HX/TX48HX/TXShippingC9400C9400-LCLC-48HX48HXC9400C9400-LCLC-48XS48XSQ3Q3CY23CY23C9600C9600-LCLC-40YL4CD40YL4CDCatalyst 4500Catalyst 4500-X XShippingBRKENS-109318Edge Intelligence with Application
30、 Hosting 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCatalyst 9000Application EcosystemApplication EcosystemCisco Signed Apps supported on Flash SSD not mandatoryMultiple App deployment(on same switch)supported for Cisco Signed Apps contingent resource availabilityCisc
31、o does not support third-party or open-source app function,unless specifically called outDNA CenterIOS CLIMoreDHCP ServerApplication Hosting on Catalyst 9000 Switches20DockerDockerCisco Application Framework(IoX)IOSIOSControlPlaneIOS XE KernelCustomAppBRKENS-1093YANGDevNet Eco System Exchange 2023 C
32、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive21BRKENS-1093CAMPUSBRANCHCLOUDhttps:/ enabled DDIaaS with NS1DNS and/orDNS and/or DHCP DHCP docker containers docker containers hosted in C9Khosted in C9KDistributed model with Distributed model with Centralized Cloud Centralized C
33、loud ManagementManagement.Deployment on Scale Deployment on Scale with Cisco DNACwith Cisco DNACSupported on C9300 Supported on C9300 and C9400and C9400DeploymentDeploymentDDI:DNS,DHCP,IPAM ADMIN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Spaces IoT Gateway for
34、C9K SwitchesDNA-spacesIoT Gateway for C9KBLE sensorsApplication PartnersPoE sensorsDensity TriggersDensity TriggersDevice/People CountingDevice/People CountingEnvironmental MonitoringEnvironmental MonitoringConference Room BookingConference Room BookingBRKENS-1093IoT IoT Gateway Gateway on C9Kon C9K
35、PoE PoE sensorssensorsFirehose APIDNA Spaces DNA Spaces ConnectorConnectorCiscoCiscoDNA DNA Spaces Spaces AppsAppsgRPCWhat happens on the switch?Internal ERSPAN From IoT VLANs to G/WInternal ERSPAN From IoT VLANs to G/WIoT G/W Hosted App InfoIoT G/W Hosted App InfoApp Resource Consumption InfoApp Re
36、source Consumption InfoAvailable on Catalyst 9000 UPOE series switches Available on Catalyst 9000 UPOE series switches Catalyst 9300/L and Catalyst 9400Cisco Spaces EXTEND is part of the DNA Advantage license22 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Cyber Vi
37、sion Sensor on C9KApplicationApplication-FlowFlowLightweightMetadataCyber Vision CenterCyber Vision CenterSensorSensorSensorSensorICSNetworkSensorNonNon-CiscoCiscoSwitchesSwitchesNetwork-Sensors eliminate the need for SPANThe application-flow is streamed through existing network enabling lowest TCOC
38、9300C9300IE3400IE3400BRKENS-109323Layer 2BridgeSensorerspan169.254.1.2/30169.254.1.1/30VLAN 2508VLAN 197172.26.197.51AppGigabitEthernet1/0/1switchport mode trunkIOXIOS-XEVLAN 197VLAN 2508Remote SPANsourceeth0eth1Management Network to Cyber Vision CenterIOT Devices,OT Devices,End Pointsswitchport acc
39、ess vlan 197Gi*/*/xGi*/*/yGi*/*/zCatalyst 9KCatalyst SwitchesCatalyst SwitchesC9300 Series SwitchesC9400 Series SwitchesIOS XE 17.2.1+ICS:Industrial Control SystemsOT/IoT Device Vulnerability and Risk Detection 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Assura
40、nce with ThousandEyes on C9K24BRKENS-1093Campus ConnectivityCampus ConnectivityApplication ExperienceApplication ExperienceModern WANModern WANThousandEyes Agent on C9KBranchCampusBranchPublic Cloud SaaSInternet(ISPs,CDNs,MPLS)Catalyst 9300Catalyst 9300Catalyst 9300LCatalyst 9300LCatalyst 9400Cataly
41、st 9400TTEndEnd-toto-end visibilityend visibility Each DNA-A License includes 22 TE Units Pool entitled test capacity to deploy anywhere within your networkDNA AdvantageDNA SubscriptionCatalyst 9300XCatalyst 9300XTest Included:Web HTTP Server,FTP Server;DNS-DNS Server,DNS Trace,DNSSEC;Network-Agent
42、to Agent,Agent to Server;Voice SIP Server,RTP Stream,Voice Call;BrowserBot Page load&Transaction(IOS-XE 17.6.1 required,SSD required)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCatalyst 9000 HW resources for App HostingResource typeCatalyst9300Catalyst9300-XCatalyst 94
43、00Catalyst 9400-XCatalyst 9500Catalyst9500-XCatalyst 9600Catalyst 9600-XNetworkingAppGig Port 1x1G2x10G1x1G2x10GMgmt Port*2x10GMgmt Port*Mgmt Port*(2x10G CPU ports)ResourcesMemory(RAM)2GB8GB8GB8GB8GB8GB8GB8GBCPU1 core2 core1 core1 core 1 core1 core1 core1 coreStorage240GB(USB3.0/SSD)240GB(USB3.0/SSD
44、)480-960GB(SATA)480-960GB(SATA)480-960GB(SATA)480-960GB(SATA)480-960GB(SATA)480-960GB(SATA)Catalyst 9300Catalyst 9300-X XUSB 3.0USB 3.0240GBBack panelCatalyst 9400Catalyst 9400-X XM2 SATAM2 SATA480/960GBPlug into removable SUPCatalyst 9500Catalyst 9500-X XM2 SATAM2 SATA480/960GBBack panelCatalyst 96
45、00Catalyst 9600-X XM2 SATAM2 SATA480/960GBPlug into removable SUP*Using loopback with any external ports25BRKENS-1093Advanced Network Visibilityand Control 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFoundation for Visibility in your Network27Flexible NetFlowNBAR data
46、exportingCollectorCollectorHardware based Deep Packet InspectionBRKENS-1093 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAI Endpoint Analytics-Profiling using NBARIncoming endpoint Incoming endpoint traffictrafficSimple classificationComplex classification at the Cisco
47、DNAC/EACisco DNACCisco DNACEndpoint visibility,Profiling and rule managementCisco Catalyst 9000 Cisco Catalyst 9000 Series SwitchSeries Switch(powered by NBAR)(powered by NBAR)Endpoint type:CT scannerCT scannerOperating system:MS Windows 7MS Windows 7Manufacturer:Globex Corp.Globex Corp.Model:Ultima
48、UltimaMultifactor classificationMultifactor classificationEAEAGranular Profiling using Deep Packet InspectionML Crowdsourcing offers Admin profile label suggestionsProvide Multi-Factor Classification(MFC)to endpointsAdditional context from ISECisco ISECisco ISESGT 10SGT 10SGT 11SGT 11SGT 12SGT 1228B
49、RKENS-1093AI Network Analytics 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEncrypted/Clear communicationsTrust Analytics-Ongoing Validation of“Trust”5Trust ScorePosture StatusAI Spoof DetectionVulnerability lookup Threat Metrics Endpoint TelemetryMLContinuously monitor
50、 Risk/Trustworthiness and restrict accessNetwork InfrastructureEAEAChange of AuthorizationBRKENS-109329Passive Posture AssessmentPassive Posture AssessmentWeak Credential,Port Scan(security sensor)Weak Credential,Port Scan(security sensor)Endpoint Spoofing Detection(Probe,MAC)Endpoint Spoofing Detec
51、tion(Probe,MAC)Detect Anomalous Transactions(TALOS)Detect Anomalous Transactions(TALOS)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive30BRKENS-1093MS Office365Learn App Signatures from External SourcesControllerController-based Application Recognition based Application Re
52、cognition(CBAR)(CBAR)on switch uses NBAR to recognize and send data to Cisco DNA CenterSD-AVC Application Visibility&Control in Cisco DNA-CenterNetwork wide application visibility and control Centrally manage(Controller Based)protocol packs and device enablement at network levelAllow business-critic
53、al applications to provide a consistent level of performance regardless of network congestion1500+well known applicationsUnclassified traffic can be checked with external sources for better recognitionCentralized Centralized ControlControlAutomated Automated App PolicyApp PolicyDeep Deep Recognition
54、RecognitionApplication RecognitionApplication PolicyTranslates business-intent to platform specificconfigurations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEndpointsEndpointsEmbedded SensorCisco Catalyst 9200 and 9300 Series SwitchesSecure Cloud Analytics Sensor on C
55、9KAdd Advanced Cloud Security to your network Easy Registration Simplified FNF configuration No additional devices/VMs-Inbuilt FNF Collector Consumes less WAN Bandwidth ZIP Compressed FNF records Secure communication HTTPS encrypted FNF trafficSecure Cloud Secure Cloud AnalyticsAnalyticsPredictiveTh
56、reat Analytics Hybrid EnvironmentVisibilityDetectionInvestigation and ResponseCisco ISECisco ISECoABRKENS-109331Service-PeerService-PeerLocal Area BonjourLocal Area BonjourWide Area BonjourUnicast Bonjour Service Routing Unicast Bonjour ServiceUnicast Bonjour ServiceWide Area Bonjour ApplicationCont
57、rollerCisco DNA CenterAgentAgentDistributionDistributionLAN AccessWLC AccessHierarchical2-Tier Service RoutingStructured Role and FunctionmDNS Flood-Free NetworksSecurePolicy-Based Service ManagementIT controlled deterministic servicesProtected network flood boundariesLocationDeep granular location-
58、based serviceLocation-aware Wide Area BonjourFlexible design any Enterprise NetworkPerformanceImproved system performanceIncrease network bandwidthFlexible design any Enterprise NetworkBattery LifeMay assist improve battery-lifeOn-demand Query response modeIncrease Wireless network bandwidthDesk Ser
59、iesDesk SeriesRoom SeriesRoom SeriesBoard SeriesBoard SeriesDesk SeriesDesk SeriesRoom SeriesRoom SeriesBoard SeriesBoard SeriesScreen ShareFile SharePrint ShareRemote DesktopSecure FTPiTunesAirPlayChromecastSmart LightSmart FanSmart HVACAudioC9000 Offers Most Comprehensive Wide Area mDNS SolutionEn
60、d-to-EndSecurity 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Umbrella Native ConnectorAvailable on Catalyst 9200&9300 series switchesGuestGuestEmployeesEmployeesBranch OfficeDNSDNSDNSDNSCatalyst 9000Native connector on Catalyst 9000 forwards DNS queries toUmbrell
61、a CloudRequires Cisco Umbrella licenseIOS-XE 16.12+16.12+IOS-XE 17.1+17.1+Direct internet access for trusted cloud appsUntrusted internet traffic tunneled through HQDNS queries for trusted cloud apps protected by Cisco UmbrellaSaaS AppsLarge Video DisplaysNetwork Powered Light arrays60/90 Watt 60/90
62、 Watt devicesdevicesPTZ UHD CamerasUSB-C donglesWiFi6 APEnd-to-End Encryption in Enterprise Campus with IPsec 60/90 Watt devices60/90 Watt devicesDISTRIBUTIONDISTRIBUTIONACCESSACCESSWiFi6 APFiber to the Desktop(FTTX)Fiber to the Desktop(FTTX)Servers and Desktops10/25/40/100G10/25/40/100GCORECOREEDGE
63、EDGELarge Video DisplaysNetwork Powered Light arrays60/90 Watt 60/90 Watt devicesdevicesPTZ UHD CamerasUSB-C donglesWiFi6 AP60/90 Watt devices60/90 Watt devicesDISTRIBUTIONDISTRIBUTIONACCESSACCESSWiFi6 APFiber to the Desktop(FTTX)Fiber to the Desktop(FTTX)Servers and Desktops10/25/40/100G10/25/40/10
64、0GCORE/EDGECORE/EDGEC9400X with SUP2/2XLC9400X with SUP2/2XLBranchBranchColoColoLarge Size Large Size CampusCampusMidMid-Size Size CampusCampusBranchBranchEDGEEDGEEDGEEDGEEDGEEDGEC9300XC9300XC9500XC9500X-60L4D60L4D100G100G IPsec bandwidth100G100G IPsec bandwidth400G400G IPsec bandwidthC9400X with SU
65、P2/2XLC9400X with SUP2/2XLC9300XC9300XSite to CloudSite to CloudSite to SiteSite to Site 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDay N Tunnel MonitoringDay 0 On-boardingDay 1 SIG Tunnel ProvisioningSIG Tunnel Traffic RedirectionCatalyst 9000 IPSec Automation&Monito
66、ringBRKENS-109336 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIPsec App:IPsec delivered via App-HostingCisco IOS XE 17.10With Cisco DNA Advantage IPsec VPN Application hosted on Cat9kRuns in Docker containerInteractive Web UI for IPsec configHW&SW IPsec-C9300XSW IPsec-
67、C9300/9300LWill be available on Cisco DEVNETCatalyst 9300X/9300/9300LCatalyst 9300X/9300/9300LBranch/DC/HQIPsec IKEv2Authentication using PSK or x509VRF AwareNATNAT-TYANG model with REST APIAWS,GCP,AzureCisco Umbrella,ZscalerC8K,ISR/ASR,JuniperSecurityProtocol SupportAutomationInteroperabilityApp Re
68、sources App Resources Memory(RAM)Memory(RAM):409 MB:409 MBDisk(SSD)Disk(SSD):10 MB:10 MB CPUCPU:1480 units:1480 unitsCPUCPU-percentpercent:20%of 1 core:20%of 1 corePerformancePerformance200Mbps Traffic Encryption200Mbps Traffic EncryptionBRKENS-109337 2023 Cisco and/or its affiliates.All rights rese
69、rved.Cisco Public#CiscoLive38BRKENS-1093Bringing Cisco EN and Security solutions together for improved OperationsASAc Firewall hosted on C9K SwitchesUse CaseStateful inspection of OT traffic at the EdgeNo need of Physical FirewallNo need to change network architectureNetwork bandwidth PreservationAu
70、tomation to scale operationsCDOCDOCisco Defense OrchestratorCisco Cisco DNADNA-CenterCenterApp LifecycleManagementSecurity PolicyManagementCisco Secure Firewall ASAcStateful Inspection FirewallL3 Firewall(Routed Mode only)Support for SGTPerformance100M-300M(IMIX)ASAcThroughputApp ResourcesMemory(RAM
71、):2 GBDisk(SSD):40 MB CPU:1 CoreCatalyst 9300X/9300/9300LOT endpointIT endpoint App Deployment App Lifecycle Management Networking to App Deploy&Manage sec policies Config and Audit logging Meets needs of Compliance&Sec auditsContractorHistorianSensorHMIEngineerManufacturing LineCarpeted OfficeManuf
72、acturing DMZPartnerAccessPLCManufacturing FloorUSE CASEIOS XE 17.12.1ASA-9.20 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWAN MACsec Secure WAN Connectivity across Layer 2L2 MPLS/VPLS/L2 MPLS/VPLS/EoMPLS/EoMPLS/QinQQinQ Service Service Provider/3Provider/3rdrdParty Col
73、o Party Colo ProviderProviderMACsec EncryptedMACsec EncryptedHSEC Key required for WAN MACsecL2 MPLSService ProviderCampus ACampus CCampus BColo ProviderMPLS InterconnectMPLS InterconnectCampus InterconnectCampus InterconnectCloud InterconnectCloud InterconnectPacket to Packet to STEAL?STEAL?Support
74、ed with Catalyst 9500X&9600X SwitchesIEEE 802.1AE standards-based Layer 2 encryptionOptimize MACsec+WAN features“Line-rate”encryptionBRKENS-1093Software PatchingSMU is a package that can be installed on a system to provide a fix or a security resolution to a released image.Software Maintenance Upgra
75、deSoftware Maintenance UpgradeSelf-sufficient and reliant bug fix solution for PSIRT,CFD&IFDEMR Releases with371 SMU files availableHot PatchingReduces time and scope of testingDNAC Version:Guardian 2.3.3License Level:DNA Advantage Hot Patching-does not require explicit reload after installation to
76、get activated.(not traffic-affecting)Cold Patching-requires a system reload after installation to get activated.(traffic-affecting).The 9200 family supports only this.Bundle SMU-One single SMU file containing and applying multiple SMU fixes on the backend.Independent SMU-One single SMU file tailored
77、 to address a specific bug or vulnerability.Patching can also be performed using Cisco DNACCloud for Catalyst 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive43BRKENS-1093Cloud for Catalyst 9000With With Cisco DNA AdvantageCisco DNA Advantage on Catalyst 9000on Catalyst 90
78、00Client Traffic VisibilityApplication Information(AVC/NBAR)MCloud Monitoring9x C9300 switches can migrate to Meraki management modeFULL MERAKI MGMT EXPERIENCECloud ManagementEquivalent to Meraki Advance LicenseWith With Cisco DNA Advantage Cisco DNA Advantage on Catalyst 9000on Catalyst 9000C9KC9KD
79、NA Licensing DNA Licensing RequiredRequired Routing table is larger than 1000 entries SGT/Adaptive Policy Client Traffic,AVC&ETASummary 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive45BRKENS-1093Catalyst 9000 with Cisco DNA AdvantageSCA Agent(native)Cisco Secure Cisco Se
80、cure Cloud Cloud AnalyticsAnalyticsBehavioral analytics,Anomaly detection,Talos integrationSIGCisco Umbrella Cisco Umbrella SIGSIGFirewall,Secure Web Gateway,DNS Security,CASBDNSCisco Umbrella Cisco Umbrella DNSDNSDNS Security,content filtering,malware preventionIOTGWEmployee Health/Safety Productiv
81、itySmart BuildingCisco DNA Cisco DNA SpacesSpacesIPsec Appor nativeIPsecUmbrella Connector(native)ObservabilityNetwork/App syntheticsCisco Defense Cisco Defense OrchestratorOrchestratorDeploy/Manage sec policiesConfig and Audit loggingMeet Compliance&Sec auditsASA FirewallVPVPN NCredential&port scan
82、 vulnerabilitiesCybervisionsensorCisco Cisco CybervisionCybervisionIndustrial SecurityVisibility and Detection3 3rdrdparty hosted Appsparty hosted AppsLightweight computeLightweight computeDDIDDIDeceptionDeceptionCyber SecCyber SecCyber Cyber defensedefenseNetwork Network performanceperformanceAI Tr
83、ust AnalyticsAI Trust AnalyticsCatalyst 9000DashboardDNACDownload AppSetup Networking(CLI/API)Lifecycle MgmtDNAC VMOn-prem DCCloud hosted DC(in AWS)Cisco Cloud-hosted DCEnables Cisco Catalyst Full Stack Value 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive46BRKENS-1093htt
84、ps:/ DNA Software for Switching Matrix 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCatalyst 9K Switching Sessions CL23,USSession TitleSession TitleSession IDSession IDSession TypeSession TypeCatalyst 9000 Switching Family ArchitectureTECARC-2446Sun,9:00am 1:00pmDesigni
85、ng High availability for your Wired and Wireless Access NetworksTECENS-2001Sun,9:00am 1:00pmCatalyst 9000 Family Software Innovations and SolutionsTECENS-2618Sun,2:00pm 6:00pm123-Enterprise Campus Wired Design FundamentalsBRKENS-1501Mon,8:00am 9:00amCatalyst 9000 Switches and Cisco DNA AdvantageBRKE
86、NS-1093Mon,9:30am 10:30amCatalyst 9000 Switching QoS Deep DiveBRKENS-2096Mon,1:00pm 2:30pmEnabling Cloud Services at the Edge with App Hosting on Catalyst 9000BRKENS-1090Mon,2:30pm 3:30pmCatalyst Powered Smart Buildings-Beyond PoE ConnectivityBRKENS-2091Mon,3:00pm 4:30pmBGP EVPN in Enterprise Campus
87、 using Catalyst 9000 SwitchesBRKENS-2092Tue,1:00pm-2:30pmThe Catalyst 9000 Switch Family Core and DistroBRKARC-2099Tue,4:00pm 5:00pmDesigning Highly Available Networks using Catalyst 9000 SwitchesBRKENS-2095Tue,4:00pm 5:00pmThe Catalyst 9000 Switch Family AccessBRKARC-2098Wed,1:00pm 2:30pmCatalyst 9
88、000 SiliconOne and IOSXE Architecture&InnovationsBRKARC-2092Wed,2:30pm 3:30pmBuilding Time Sensitive Networks with Catalyst 9000 Switching PlatformsBRKENS-2098Wed,4:00pm 5:00pmThe Industrys only Flood-Free mDNS Experience in the Enterprise Campus,Powered by Catalyst 9000BRKENS-2097Thu,8:00am-9:00amI
89、nfrastructure as Code and the Cisco Catalyst 9000 Virtual SwitchBRKDEV-2467Thu,8:00am 9:00amService Assurance with ThousandEyes on Catalyst 9000BRKENS-1095Thu,11:00am 12:00pm 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill o
90、ut a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!48BRKENS-1093These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challeng
91、e for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Deman
92、d Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive51Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge i
93、n the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123451 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENS-1093#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat Does It Ta
94、ke To Get What Does It Take To Get Zero Trust Security Right?Zero Trust Security Right?Establish TrustEnforce Trust-Based AccessContinuously Verify TrustRespond to Change in Trust53Session ID53BRKENS-1093Endpoint Endpoint VisibilityVisibilitySegmentationSegmentationTrustTrustAssessmentAssessmentThre
95、at Threat ContainmentContainment100G L3 EncryptionHardware based IPsec on Catalyst 9000XAcross Access and CoreC9300X-48HXC9300X-48HXNC9300X-24HXC9300X-48TXC9300X-12YC9300X-24YCatalyst 9300X100G L3 EncryptionCatalyst 9400XCatalyst 9400 SUP-2/SUP-2XLIOSIOS-XE 17.10.1XE 17.10.1HSEC key required for IPs
96、ecIOSIOS-XE 17.6.2XE 17.6.2400G L3 EncryptionCatalyst 9500XC9500X-60L4D IOSIOS-XE 17.12.1XE 17.12.1Static virtual tunnel interfaceIPv4/IPv6*OSPF/BGPPolicy Based Routing*Multicast RoutingEncryptionEncryptionAuthenticationAuthenticationAES-128-CBCHMAC/SHA1AES-128/256-GCMGMACTunnel modeEncapsulation ES
97、PIKEv2L2 Extension over IPsec*NAT Traversal*L3 Segmentation over IPsec*Roadmap for C9500X128 tunnels256 SAs+128rekey SAVRF awareECMP&EtherChannel support on roadmap for 9500XECMP&EtherChannel support on roadmap for 9500X 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecu
98、re deployment with Catalyst 9300XPublic Sector use caseFabric over IPsec to extend L2/L3 policies across WAN10/100G IPSEC Interconnect between sitesIPsec for Site-Site Connectivity over WANBenefitA cost effective,secure,scalable and highly available deployment Standardized design to allow scale up/d
99、own Reference ArchitectureIPsec 100GbIPsec 100GbIPsec 100GbIPsec 100GbData Center500+Customers5000+Switches10+Region/VerticalsIPsec 100GbBRKENS-109355 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSwitch ASwitch BSPAN Source PortSPAN Destination PortSource and destinatio
100、n ports are on different physical switches in different networks without a common L2 domain.Traffic traversing across the WAN network requiring encapsulation.GRE tunnels leveraged to support traffic replication in hardware.Both ERSPAN source and ERSPAN destination are supported.DNA-Advantage license
101、 required.*Roadmap for 9400X-Sup2,9500X and 9600X-Sup2.Encapsulated Remote SPAN(ERSPAN)*56BRKENS-1093 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnd-PointsLayer 2VLAN 10VLAN 10VLAN 10VLAN 10Wired mDNSEnd-PointsIP|MPLS|VXLANVLAN 10CAPWAPmDNS APEnd-PointsVLAN 10CAPWAPVL
102、AN 10VLAN 10IP|MPLS|VXLANFlex mDNS GWEnd-PointsVLAN 10CAPWAPVLAN 10VLAN 10IP|MPLS|VXLANEWC AP mDNS GWIP|VXLANL2 FloodL2 FloodEnd-PointsSD-AccessLimited scalePerformance Impacting Extended fault domainFlood-n-Learn mechanicsChallengesService-On-Stick ModesFlood Domain Extended Networks 2023 Cisco and
103、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveservice-list mdns-sdSERVICE-VLAN-APP-POLICY permit 1match message-type announcementmatch service-type _airplay._tcp.local!service-list mdns-sdSERVICE-VLAN-APP-POLICY permit 2match message-type announcementmatch service-type _raop._tcp.loca
104、l!service-list mdns-sdSERVICE-VLAN-APP-POLICY permit 3match message-type announcementmatch service-type _ipps._tcp.local!service-list mdns-sdSERVICE-VLAN-APP-POLICY permit 4match message-type announcementmatch service-type _ipp._tcp.local!service-list mdns-sdDNAC-CONTROLLER-SDG-POLICY permit 1!servi
105、ce-list mdns-sdSERVICES-VLAN-ACTIVE-QUERY queryservice-type _airplay._tcp.localservice-type _raop._tcp.localservice-type _ipps._tcp.localservice-type _ipp._tcp.localservice-type _sleep-proxy._udp.localservice-type _universal._sub._ipps._tcp.localservice-type _universal._sub._ipp._tcp.local!service-r
106、outing mdns-sdingress-client query-suppression enableservice-export mdns-sdcontroller DNAC-CLUSTER-1controller-address 10.10.10.1controller-port 9991controller-service-policy DNAC-CONTROLLER-SDG-POLICY OUTcontroller-source-interface Loopback0!interface Vlan101service-routing mdns-sdservice-policy-qu
107、ery SERVICES-VLAN-ACTIVE-QUERY 90service-policy SERVICE-VLAN-APP-POLICY IN!interface Vlan102service-routing mdns-sdservice-policy-query SERVICES-VLAN-ACTIVE-QUERY 90service-policy SERVICE-VLAN-APP-POLICY IN!interface Vlan103service-routing mdns-sdservice-policy-query SERVICES-VLAN-ACTIVE-QUERY 90ser
108、vice-policy SERVICE-VLAN-APP-POLICY IN!interface Vlan104service-routing mdns-sdservice-policy-query SERVICES-VLAN-ACTIVE-QUERY 90service-policy SERVICE-VLAN-APP-POLICY IN!interface Vlan105service-routing mdns-sdservice-policy-query SERVICES-VLAN-ACTIVE-QUERY 90service-policy SERVICE-VLAN-APP-POLICY
109、IN!IOS-XEmdnssnooping enablemdnspolicy service-group create default-mdns-policy Default Access Policy created by WLCmdnspolicy service-group user-role add default-mdns-policy Anymdnspolicy service-group user-name add default-mdns-policy Anymdnsprofile create default-mdns-profile mdnsservice create A
110、irTunes _raop._tcp.local.origin All LSS disable query enablemdnsservice create Airplay _airplay._tcp.local.origin All LSS disable query enablemdnsservice create Airprinttest.local.origin All LSS disable query enablemdnsservice create HP_Photosmart_Printer_1 _universal._sub._ipp._tcp.local.origin All
111、 LSS disable query enablemdnsservice create HP_Photosmart_Printer_2 _cups._sub._ipp._tcp.local.origin All LSS disable query enablemdnsservice create HankinPrinter Canone47d6d.local.origin All LSS disable query enablemdnsservice create HomeSharing _home-sharing._tcp.local.origin All LSS disable query
112、 enablemdnsservice create Printer-HTTP _http._tcp,_printer origin All LSS disable query enablemdnsservice create Printer-IPP _ipp._tcp.local.origin All LSS disable query enablemdnsservice create Printer-IPPS _ipps._tcp.local.origin All LSS disable query enablemdnsservice create Printer-LPD _printer.
113、_tcp.local.origin All LSS disable query enablemdnsservice create Printer-SOCKET _pdl-datastream._tcp.local.origin All LSS disable query enablemdnsservice priority-mac add 40:30:04:b4:28:38 Airplay ap-group Baltimore,MDmdnsservice priority-mac add 40:9f:38:94:44:45 Airplay ap-group Baltimore,MDmdnsse
114、rvice priority-mac add 00:6b:f1:cd:6a:f5 HankinPrinterap-group Baltimore,MDmdnsservice priority-mac add 00:6b:f1:cd:6a:f5 Printer-IPP mdnsservice priority-mac add 40:9f:38:94:44:45 Printer-IPP mdnsprofile service add default-mdns-profile AirTunes mdnsprofile service add default-mdns-profile Airplay
115、mdnsprofile service add default-mdns-profile Airprinttest mdnsprofile service add default-mdns-profile HP_Photosmart_Printer_1 mdnsprofile service add default-mdns-profile HP_Photosmart_Printer_2 mdnsprofile service add default-mdns-profile HankinPrinter mdnsprofile service add default-mdns-profile
116、HomeSharing mdnsprofile service add default-mdns-profile Printer-HTTP mdnsprofile service add default-mdns-profile Printer-IPP mdnsprofile service add default-mdns-profile Printer-IPPS mdnsprofile service add default-mdns-profile Printer-LPD mdnsprofile service add default-mdns-profile Printer-SOCKE
117、T mdnsquery interval 10interface mdns-profile blackhole default-mdns-profileinterface mdns-profile bluenet-mobile default-mdns-profilewlanmdnsdisable 1 wlanmdnsenable 2 wlanmdnsdisable 20 wlanmdnsdisable 21 wlanmdnsdisable 22 wlanmdnsdisable 23 AireOSWiredWirelessL2 AccessGatewayL2 AccessGatewayserv
118、ice-export mdns-sd controller DNACcontroller-address controller-source-interface!service-export mdns-sd controller DNACcontroller-address controller-source-interface!Service-RoutingService-RoutingIP|VXLAN|MPLS!mdns-sd gateway mode service-peer sdg-agent !vlan configuration mdns-sd gateway!mdns-sd ga
119、teway mode service-peer sdg-agent !wlan id mdns-sd-interface gateway!mdns-sd gateway!vlan configuration mdns-sd gateway!mdns-sd gateway!vlan configuration mdns-sd gateway!Mobile PrintingChromeCastApple TVWebex AirPlayFile Share Multifunction PrintSecure ShellCompact.Consistent.Smart.Simplified to scaleNearly zero-conf IT solutionSmart default new services One OS.One ExperienceUnified mDNSSolution