Коммутатор Cisco Catalyst C9500-24Q-E

Built for Security, IoT, and Cloud

The Cisco^® Catalyst^® 9500 Series switches are the next generation of enterprise-class core and aggregation layer switches, supporting full programmability and serviceability. Based on an x86 CPU, the Cisco Catalyst 9500 Series is Cisco’s lead purpose-built fixed core and aggregation enterprise switching platform, built for security, IoT, and cloud. The switches come with a 4-core x86, 2.4-GHz CPU, 16-GB DDR4 memory, and 16-GB internal storage.

The Cisco Catalyst 9500 Series is the industry’s first purpose-built 25, 40 and 100 Gigabit Ethernet line of switches targeted for the enterprise campus. These switches deliver unmatched table scale (MAC/route/ACL) and buffering for enterprise applications. The Cisco Catalyst 9500 Series includes nonblocking 40 and 100 Gigabit Ethernet Quad Small Form-Factor Pluggable (QSFP+, QSFP28) and 1, 10 and 25 Gigabit Ethernet Small Form-Factor Pluggable Plus (SFP/SFP+/SFP28) switches with granular port densities that fit diverse campus needs. The switches support advanced routing and infrastructure services (such as Multiprotocol Label Switching [MPLS] Layer 2 and Layer 3 VPNs, Multicast VPN [MVPN], and Network Address Translation [NAT]); Cisco Software-Defined Access capabilities (such as a host tracking database, cross-domain connectivity, and VPN Routing and Forwarding [VRF]-aware Locator/ID Separation Protocol [LISP]); and network system virtualization with Cisco StackWise^® virtual technology that are critical for their placement in the campus core. The Cisco Catalyst 9500 Series also supports foundational high-availability capabilities such as patching, Graceful Insertion and Removal (GIR), Cisco Nonstop Forwarding with Stateful Switchover (NSF/SSO), redundant platinum-rated power supplies, and fans.

The foundation of Software-Defined Access

Advanced persistent security threats. The exponential growth of Internet of Things (IoT) devices. Mobility everywhere. Cloud adoption. All of these require a network fabric that integrates advanced hardware and software innovations to automate, secure, and simplify customer networks. The goal of this network fabric is to enable customer revenue growth by accelerating the rollout of business services.

The Cisco Digital Network Architecture (Cisco DNA) with Software-Defined Access (SD-Access) is the network fabric that powers business. It is an open and extensible, software-driven architecture that accelerates and simplifies your enterprise network operations. The programmable architecture frees your IT staff from time-consuming, repetitive network configuration tasks so they can focus instead on innovation that positively transforms your business. SD-Access enables policy-based automation from edge to cloud with foundational capabilities. These include:

●      Simplified device deployment

●      Unified management of wired and wireless networks

●      Network virtualization and segmentation

●      Group-based policies

●      Context-based analytics

The Cisco Catalyst 9500 Series switches form the foundational building block for Software-Defined Access―Cisco’s leading enterprise architecture.

Product overview

Product highlights

●      Cisco Unified Access^™ Data Plane (UADP) Application-Specific Integrated Circuit (ASIC) ready for next-generation technologies with its programmable pipeline, microengine capabilities, and template-based, configurable allocation of Layer 2 and Layer 3 forwarding, Access Control Lists (ACLs), and Quality-of-Service (QoS) entries

●      Intel^® 2.4-GHz x86 CPU with up to 120 GB of USB 3.0 or up to 960 GB of SATA SSD storage for container-based application hosting

●      Up to 6.4-Tbps switching capacity with up to 2 Bpps of forwarding performance

●      Up to 32 nonblocking 100 Gigabit Ethernet QSFP28 ports

●      Up to 32 nonblocking 40 Gigabit Ethernet QSFP+ ports

●      Up to 48 nonblocking 25 Gigabit Ethernet SFP28 ports

●      Up to 48 nonblocking 10 Gigabit Ethernet SFP+ ports

●      Platinum-rated AC/DC power supplies

●      Up to 512,000 Flexible NetFlow (FNF) entries in hardware

●      Up to 36 MB of unified buffer per ASIC

●      Up to 212,000 routing entries (IPv4/IPv6) for high-end campus core and aggregation deployments

●      IPv6 support in hardware, providing wire-rate forwarding for IPv6 networks

●      IEEE 802.1ba AV Bridging (AVB) built in to provide a better AV experience through improved time synchronization and QoS

●      Precision Time Protocol (PTP; IEEE 1588v2) provides accurate clock synchronization with sub-microsecond accuracy, making it suitable for distribution and synchronization of time and frequency over the network

●      Dual-stack support for IPv4/IPv6 and dynamic hardware forwarding table allocations, for ease of IPv4-to-IPv6 migration

●      Support for both static and dynamic NAT and Port Address Translation (PAT)

●      Scalable routing (IPv4, IPv6, and multicast) tables and Layer 2 tables

●      Cisco IOS^® XE Software, a modern operating system for the enterprise with support for model-driven programmability, on-box Python scripting, streaming telemetry, container-based application hosting, and patching for critical bug fixes. The OS also has built-in defenses to protect against runtime attacks

●      Cisco StackWise^® Virtual technology, a network system virtualization technology that increases operational efficiency and boosts nonstop communications and scaled system bandwidth

●      Highest wireless scale for Wi-Fi 6 and 802.11ac Wave 2 access points supported on a single switch

●      SD-Access: With the Cisco Catalyst 9500 Series, you can be part of the future of networking with features that include:

◦    Policy-based automation from edge to cloud

◦    Segmentation and micro-segmentation made easy, with predictable performance and scalability

◦    Automation and network assurance through the Cisco DNA Center Appliance

◦    Faster launch of new business services and significantly improved issue resolution time

◦    SD-Access Embedded Wireless: The Cisco Catalyst 9800 embedded wireless controller software package can be installed on Cisco Catalyst 9500 Series Switches to enable wireless controller functionality for distributed branches and small campuses. Once installed, the embedded wireless controller running on a Cisco Catalyst 9500 Series Switch can support up to 200 APs and 4000 clients. A maximum of two wireless controllers can be enabled per site on two different Cisco Catalyst 9500 Series Switches, which will increase the scale up to 400 APs and 8000 wireless clients per site.

◦    The Cisco Catalyst 9800 embedded wireless controller software package will enable wireless functionality only for SD-Access deployments, with two supported topologies:

◦    It can be enabled on Cisco Catalyst 9500 Series Switches functioning as a co-located border and control plane.

◦    It can be enabled on Cisco Catalyst 9500 Series Switches functioning as fabric in a box.

●      Cisco Plug and Play (PnP) enabled: A simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or updates to an existing network

●      Advanced security:

◦    Encrypted Traffic Analytics (ETA): You benefit from the power of machine learning to identify and take actions toward threats or anomalies in your network, including malware detection in encrypted traffic and distributed anomaly detection. Additionally, ETA is able to detect vulnerable implementations in encrypted traffic

◦    Support for AES-256 with the powerful MACsec 256-bit encryption algorithm available on all models

◦    Trustworthy solutions: Secure Unique Device Identification (SUDI) support for Plug and Play, enabling tamper-proof device identity capability, which secures zero-touch provisioning by allowing your device to show a certificate to the server to be able to get onto your network

Platform details

Switch models and configurations

Table 1 shows the Cisco Catalyst 9500 Series configurations

Table 1.        Cisco Catalyst 9500 Series configurations and port density

All numbers in the above table are for the standalone switch, except where indicated in parentheses () for StackWise Virtual: ^**with uplink module.

Network modules

The Cisco Catalyst 9500 Series Switches support optional network modules for uplink ports on some of the configurations.

The default switch configuration does not include the network module. When you purchase the switch, you can choose from the network modules described in Tables 2 and 3.

Table 2.        Network module numbers and descriptions

Table 3.        Network module matrix

Accessories

The Cisco Catalyst 9500 Series Switches support optional accessories.

The default switch configuration does not include the accessories – these need to be selected during configuration.

Table 4.        Accessories and descriptions

Table 5.        Accessory matrix

Figure 11 shows the 240-GB SSD storage.

Figure 11.     

240-GB SSD storage

Power supplies and fan tray

The Cisco Catalyst 9500 Series Switches support dual 1+1 redundant power supplies. The switches ship with one power supply by default. The second power supply can be purchased at the time the switch is ordered or at a later time. If only one power supply is installed, it should always be in power supply bay #1.

The switches also ship with up to five field-replaceable variable-speed fans. These have front-to-back airflow and can operate with up to one individual fan failure. The fan trays support fan-tray Online Insertion and Removal (OIR) and can support a maximum fan speed of up to 24,000 rpm.

Table 6 shows the maximum fans and fan trays for each configuration.

Table 6.        Fan and fan tray matrix

Tables 7 and 8 provides more details on the Cisco Catalyst 9500 Series power supplies

Table 7.      Power supply specifications

Table 8.        BTU Details for 9500 Power Supplies

Table 9 shows the power supplies supported in the Cisco Catalyst 9500 Series Switches

Table 9.        Power supply matrix

Switch performance

Table 10 shows performance specifications for the Cisco Catalyst 9500 Series Switches

Table 10.     Performance specifications

^*Varies based on selected flexible ASIC template.

^** Line rate for 187byte packet size and above.

By host routes, it means any /32 routes, including those are learned indirectly (such as over OSPF or other routing protocols).

This does not mean that it can install 80,000 directly connected clients (/32) for attached VLANs/SVIs. In other words, directly connected routes in engineering term means, any /32 prefix (that includes clients attached to switch's own VLAN/SVI and those /32 prefixes learned over any routing protocols as well).

An indirectly connected route is a route with a prefix other than /32.

Important note

UADP 2.0 based C9500-12Q, C9500-24Q, C9500-40X, and C9500-16X support 32,000 adjacency in hardware. So essentially, they can support up to ~32,000 directly attached clients (including all adjacency) in their own VLAN/SVI.

UADP 3.0 based C9500-32C, 32QC, 24Y4C, and 48Y4C support 80,000 adjacency for SVI, with SDM template of distribution and 90,000 direct routes for all supported templates when a Layer 3 routed port is used.

Flexible ASIC templates

Flexible ASIC templates enable universal deployments by leveraging the UADP’s ability to create resources to optimize table sizes for different places in the network. Based on how the switch is used in the network, an appropriate flexible ASIC template may be selected to configure the switch for specific features.

The following flexible ASIC templates are supported on the Cisco Catalyst 9500 Series.

●      Distribution: Maximizes system resources for MAC and security

●      Core: Maximizes system resources for unicast and multicast routing

●      SDA: Maximizes system resources to support fabric deployment

●      NAT: Maximizes system resources for Layer 3 and NAT to support collapsed core WAN deployments

Table 11 describes the ASIC templates

Table 11.     ASIC template descriptions

^*ACL allocation is configurable between ingress, egress, IPv4, non IPv4

Cisco SD-Access architecture

Enterprises are in search of ways to transform their operations to add digital capabilities that enhance service delivery and asset management. Cisco SD-Access provides this transformational shift in building and managing networks. It provides faster, easier, and improved business efficiency with investment protection for enhanced business outcomes. By decoupling network functions from hardware, SD-Access helps ensure policy compliance, allows you to launch new business services faster, and improves issue resolution times significantly. At the same time, it is open and extensible and can significantly reduce your operational expenses.

Cisco SD-Access enables policy-based automation from edge to cloud with foundational capabilities. These include simplified device deployment, unified management of wired and wireless networks, network virtualization and segmentation, group-based policies, and context-based analytics. With these fundamental features in place, key use cases can now be orchestrated. These use cases include user mobility, secure segmentation, user onboarding and policies, IoT integration, guest access, context-based troubleshooting, and data center and cloud integration.

Cisco StackWise Virtual

StackWise Virtual is an advanced stacking technology that supports both core and distribution deployments through multiple topologies. It provides higher scale for system virtualization at the network layer. The Cisco Catalyst 9500 Series with Network Advantage License supports StackWise Virtual with a 2-node topology.

StackWise Virtual in the distribution layer of the network interacts with the access and core layer switches as if it were a single logical switch. An access/core switch connects to both switches of the StackWise Virtual switch using one logical port channel called a Multichassis EtherChannel (MEC). The MEC enables the StackWise Virtual switches to provide redundancy and load balancing on the port channel.

This capability enables a loop-free Layer 2 network topology, since the StackWise Virtual switches are treated as one logical switch for both access and core switches. The StackWise Virtual switch also simplifies the Layer 3 network topology by presenting itself as one logical switch, thus reducing the number of routing peers in the network.

Platform benefits

Cisco IOS XE

The Cisco Catalyst 9500 Series opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various mechanisms that bring about network automation are outlined below, based on a device lifecycle.

●      Automated device provisioning: This is the ability to automate the process of upgrading software images and installing configuration files on Cisco Catalyst switches when they are being deployed in the network for the first time. Cisco provides both turnkey solutions such as Plug and Play and off-the-shelf tools such as Zero-Touch Provisioning (ZTP) and Preboot Execution Environment (PXE) that enable an effortless and automated deployment.

●      API-driven configuration: Modern network switches such the Cisco Catalyst 9500 Series support a wide range of automation features and provide robust open APIs over Network Configuration Protocol (NETCONF) and RESTCONF using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources.

●      Granular visibility: Model-driven telemetry provides a mechanism to stream data from a switch to a destination. The data to be streamed is driven through subscription to a data set in a YANG model. The subscribed data set is streamed out to the destination at configured intervals. Additionally, Cisco IOS XE enables the push model, which provides near-real-time monitoring of the network, leading to quick detection and rectification of failures.

●      Seamless software upgrades and patching: To enhance OS resilience, Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support allows customers to add patches without having to wait for the next maintenance release.

Security

●      Encrypted Traffic Analytics (ETA)^*: ETA is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is becoming encrypted, the visibility this feature provides related to threat detection is critical for keeping your network secure at different layers.

●      Advanced Encryption Standard (AES)-256 MACsec encryption: AES is the IEEE 802.1AE standard for authenticating and encrypting packets between switches and endpoints. The Cisco Catalyst 9500 Series Switches support 256-bit and 128-bit AES on all ports at all speeds, providing the most secure link encryption (switch to switch).

●      Trustworthy solutions: Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. In the Cisco Catalyst 9500 Series, these trustworthy solutions enable hardware and software authenticity assurance for supply chain trust and strong mitigation against man-in-the-middle attacks on software and firmware.

●      Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software are authentic and unmodified. As the system boots, the system's software signatures are checked for integrity.

●      Object group ACLs (ipv4 and ipv6): Object groups for ACLs allow the classification of users, devices, or protocols into groups and apply those groups to ACLs to create access control policies for those groups. This feature allows the use of object groups instead of individual IP addresses, protocols, and ports, which are used in conventional ACLs.

●      Secure Boot: Cisco Secure Boot technology anchors the boot sequence chain of trust to immutable hardware, mitigating threats against a system's foundational state and the software that is to be loaded, regardless of a user's privilege level. It provides layered protection against the persistence of illicitly modified firmware.

●      Cisco Trust Anchor module: A tamper-resistant, strong cryptographic, single-chip solution provides hardware authenticity assurance to uniquely identify the product so that its origin can be confirmed to Cisco, providing assurance that the product is genuine.

Resiliency and high availability

●      Cisco StackWise Virtual: StackWise Virtual is an advanced stacking technology that supports both core and distribution deployments. It provides higher scale for system virtualization at the network layer. The Cisco Catalyst 9500 Series with Network Advantage License supports StackWise Virtual with a 2-node topology.

●    Software Maintenance Upgrades (SMUs): The SMU is a package that can be installed on a system to provide a patch fix or security resolution to a released image. SMUs allow you to address the network issue quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates the SMU compatibility and does not allow you to install noncompatible SMUs. All SMUs are integrated into the subsequent Cisco IOS XE Software maintenance releases.

●      Graceful Insertion and Removal (GIR): GIR isolates a switch from the network in order to perform debugging or an upgrade operation. By using the switch maintenance mode, GIR can systematically eject a Cisco Catalyst 9500 Series Switch from the network with zero or minimal disruption to the network service. When a switch is in maintenance mode, it is isolated from the active forwarding paths in the network. Maintenance tasks, such as real-time debugging, hardware replacement, or software upgrade/downgrade, can be performed without affecting the production traffic. When maintenance tasks are completed, the GIR function places the switch back into the network without impact.

●      Flexlink+: Flexlink+ allows the setting up of active and backup interfaces or port channels, which can provide Layer 2 failover redundancy without the use of Spanning Tree Protocol (STP). Flexlink+ is currently supported on the C9500-12Q, C9500-24Q, C9500-40X, and C9500-16X models.

●      MKA High Availability: MKA sessions are now SSO-aware. In the event of failure of the active switch, the standby switch takes over the existing MKA sessions in a minimally disruptive switchover. 

Flexible NetFlow

●      Flexible NetFlow (FNF): Cisco IOS^® Software FNF is the next generation in flow visibility technology, allowing optimization of the network infrastructure, reducing operation costs, and improving capacity planning and security incident detection with increased flexibility and scalability. The Cisco Catalyst 9500 Series is capable of up to 512,000 flow entries.

Application visibility and control

●      Next-Generation Network Based Application Recognition (NBAR2): NBAR2 enables advanced application classification techniques, accuracy with up to 1400 predefined and well-known application signatures and up to 150 encrypted applications on the Cisco Catalyst 9000 Series. Some of the most popular applications included are Skype, Office 365, Microsoft Lync, Cisco WebEx^®, and Facebook. Many others are already predefined and easy to configure. NBAR2 provides the network administrator with an important tool to identify, control, and monitor end-user application usage while helping ensure a quality user experience and securing the network from malicious attacks. It uses FNF to report application performance and activities within the network to any supported NetFlow collector, such as Cisco Prime^®, Cisco Stealthwatch^®, or any compliant third-party tool. NBAR2 is currently supported on the C9500-12Q, C9500-24Q, C9500-40X, and C9500-16X models.

Audio video bridging

●      Audio Video Bridging (AVB): With Cisco IOS XE Software Release 16.8, selected models of the Cisco Catalyst 9500 Series now support the IEEE 802.1 AVB standard. This standard enables highly reliable delivery of low-latency, time-synchronized AV streaming services through Layer 2 Ethernet networks. The standard also makes it easier to integrate new services and for AV equipment from different vendors to interoperate. Whether the AV endpoint connections are analog or are inflexible digital one to one, the network transport enables many-to-many transparent plug-and-play connections for multiple AV endpoints. AVB is currently supported on the C9500-12Q, C9500-24Q, C9500-40X, and C9500-16X models.

Benefits

●      Improves quality of experience by lowering jitter and latency for time-synchronized delivery of high-quality AV.

●      Provides scalability of applications across networked deployments, including expansive and complex AV infrastructure.

●      Lowers Total Cost of Ownership (TCO) with reduced cabling (lowers CapEx) and no license fees (lowers OpEx).

^* AVB is supported on the C9500-12Q, C9500-24Q, C9500-40X, and C9500-16X models. For more details about AVB, refer to  https://www.cisco.com/go/avb.

Superior QoS

QoS technologies are a set of tools and techniques for managing network resources and are considered the key enabling technologies for the transparent convergence of voice, video, and data networks. QoS on the Cisco Catalyst 9500 Series consists of classification and marking, policing and markdown, scheduling, shaping, and queuing functions. A modular QoS command-line framework provides consistent platform-independent and flexible configuration behavior. The 9500 Series also supports 2-level hierarchical or nested policies.

Subinterfaces

Layer 3 interfaces forward IPv4 and IPv6 packets to another device using static or dynamic routing protocols. You can use Layer 3 interfaces for IP routing and inter-VLAN routing of Layer 2 traffic. Subinterfaces can also be created on Layer 3 port channels.

MPLS is supported on Layer 3 subinterfaces.

BGP EVPN with VXLAN

Virtual Extensible LAN (VXLAN) Border Gateway Protocol (BGP) Ethernet VPN (EVPN)

VXLAN is a network overlay that allows layer 2 segments to be stretched across an IP core. All the benefits of layer 3 topologies are thereby available with VXLAN. The overlay protocol is VXLAN and BGP uses EVPN as the address family for communicating end host MAC and IP addresses.

Service discovery

●      Multicast DNS (mDNS) gateway: This service discovery gateway capability facilitates the sharing of services advertised using the Apple mDNS (Bonjour) protocol (such as printers, Apple TVs and file services across the network). Additionally, the administrator can create policies defining which services can be seen and accessed by the users in the network. This capability facilitates a Bring-Your-Own-Device (BYOD) rollout.

Smart operation

●      Bluetooth ready: The Cisco Catalyst 9500 Series has hardware support to connect a Bluetooth dongle to your switch, enabling you to use this wireless interface as a management port. This port functions as an IP management interface and can be used for configuration and troubleshooting using the WebUI or the Command-Line Interface (CLI), and to transfer images and configurations.

●      WebUI: WebUI is an embedded GUI-based device-management tool that provides the ability to provision the device, to simplify device deployment and manageability and to enhance the user experience. WebUI comes with the default image. There is no need to enable anything or install any license on the device. You can use WebUI to build a day-1 configuration and from then on monitor and troubleshoot the device without having to know how to use the CLI.

●      RFID tags: The Cisco Catalyst 9500 Series switches have an embedded RFID tag that facilitates easy asset and inventory management using commercial RFID readers.

●      Blue beacon: The Cisco Catalyst 9500 Series Switches support a blue beacon LED for easy identification of the switch being accessed.

High-performance IP routing

●      IP routing protocols provide the fundamental infrastructure for the delivery of advanced IP services across the Cisco Catalyst 9500 Series. Whether based on Internet Engineering Task Force (IETF) standards or Cisco innovations, these protocols enable Cisco to offer the broadest portfolio of IP routing technologies. All share industry-leading scalability, availability, manageability, fast convergence, and high-performance capabilities.

●      IP unicast routing protocols (including static; Routing Information Protocol version 1 [RIPv1], version 2 [RIPv2], and next generation [RIPng]; and Open Shortest Path First [OSPF] routed access) are supported for small network routing applications with the Network Essentials stack.

●      Advanced IP unicast routing protocols (such as OSPF, Enhanced Interior Gateway Routing Protocol [EIGRP], Border Gateway Protocol Version 4 [BGPv4], and Intermediate System-to-Intermediate System Version 4 [IS-ISv4]) are supported for load balancing and for constructing scalable LANs. IPv6 routing (using OSPFv3 and EIGRPv6) is supported in hardware for maximum performance.

●      Protocol-Independent Multicast (PIM) for IP multicast routing is supported, including PIM Sparse Mode (PIM SM), bidirectional PIM, and Source-Specific Multicast (SSM).

●      IPv6 addressing is supported on interfaces with appropriate show commands for monitoring and troubleshooting.

●      Seamless MPLS integrates multiple networks into a single MPLS domain. This removes the need for service-specific configurations in network transport nodes.

Software requirements

●      The Cisco Catalyst 9500 Series Switches run on Cisco IOS XE Software version 16.5.1a or later. This software release includes all the features listed earlier in the Platform Benefits section. Table 12 lists the minimum software requirements for the switch models.

Table 12.     Minimum software requirements

Licensing

Packaging

The Cisco Catalyst 9000 family introduced new packaging that includes vastly simplified base network packages (Network Essentials and Network Advantage) and term-based software packages (Cisco DNA Premier, Cisco DNA Advantage and Cisco DNA Essentials). The Cisco DNA packages, in addition to on-box capabilities, also unlock additional functionality in Cisco DNA Center, enabling controller-based software-defined automation in your network.

Table 13.     Network Essentials and Advantage package features