cisco livelocal2014 unifiedaccess

Local Edition

Cisco Unified Access

Corey Turner, Systems Engineer

© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Local Edition

Agenda

•  Introduction

•  One Network – Cisco Switching Innovations

•  One Policy – Cisco ISE

•  One Management – Cisco Prime Infrastructure

•  Conclusion

2


12,000+ Apple Macs

20,581 Apple iPhones 3.9% Growth

73 Million Online Meetings a Year

6700+ Linux Desktops

87,000+ Microsoft Windows PCs

12,290 RIM BlackBerry Devices

-1.6% Growth

2185 Other Devices -3.8% Growth

5234 Android Devices

9.5% Growth

8144 Apple iPads

2104 Cisco Cius™ Tablets

Why Unified Access? Cisco on Cisco Client Mix


*Cisco VNI Study 2012

of “things” are unconnected

Traffic Growth

Transition to Cloud*

Mobility

of Traffic (Video over Mobile Devices)*

Intelligent

Device Growth

BYOD

Programmable

Mobile and Cloud

Simple

We Are Entering the Age of the Internet of EverythingThe Network Is the Platform to Connect the Previously Unconnected


Unified Access Uncompromised User Experience in a Simplified Environment

U n i f i e d A c c e s s

One Management

One Network

One Policy


Cisco Unified Access

Cisco Unified Access Portfolio Robust Converged Wired and Wireless Solution

1600

Small-Mid Enterprise

2700

Feature-Optimized Enterprise

3600

Mid-Large Enterprise

3700 W/ HDX

High-Density Enterprise

1530

Low Profile

1550

Larger Deployments

8500, 5760, 5508

Wireless Controllers

Backbone Switches

Catalyst 4500

Converged Access Switches

Catalyst 3650

Catalyst 3850

One Network Controllers & Access Switches

Access Points

Catalyst 6800 Catalyst 6500 Catalyst 2960-X

Access Switch

Identity Services Engine (ISE)

Prime Infrastructure

One Policy

One Management

MDM/MAM SIEM


Agenda

7

•  Introduction




•  Conclusion

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Cisco Switching Innovations: Innovative, Intelligent Services

Application Visibility & Control

Energy Management

Catalyst SmartOperations Advanced Security


Innovation: Cisco Application Visibility & Control

NetFlow Ecosystem

End-to-end Visibility

Flexible NetFlow

Medianet

Wireshark Integration

MSI/MSP+ CDP/LLDP

- Smart network and smart media services - Faster troubleshooting for cost savings - High quality user experience

Metadata Database

10.4.5.3 10.3.4.5 1200 2000 Telepresence

20.1.1.1 30.1.1.1 1500 1600 Surveillance

Packet Drops

Core

- Better planning with customized traffic monitoring - Extensive visibility, scalable from layer 2 to 7 - Enhanced anomaly and security detection

- Deep dive network traffic analysis - Accelerated problem resolution - Built-in IOS capability for OpEx savings

- Source - Destination - Timing - Application/user profiling


Innovation: Energy Management

EnergyWise Ecosystem Partners

Building Management

Systems

Energy Management Applications

MANAGEMENT APPLICATIONS

EnergyWise SDK devices Building Protocols

EnergyWise Management API

Network Management Applications

POE / POE+ / UPOE devices without SDK

IT Devices Building Devices

Cisco Catalyst Switching Network

POE / POE+ / UPOE Support Gateways

Management API

SDK

EnergyWise POE/POE+/UPOE EEE

- Open approach for both IT and building devices - Industry leading solution - Lower TCO


Auto Smartports Plug and Play

for Endpoint Devices

Smart Call Home Intelligent Network Issue

Resolution

Innovation: Cisco Catalyst SmartOperations

Smart Install Zero Touch Deployments

and Maintenance

New Switch Installed Software image: automatically downloaded Switch configuration: automatically applied

Endpoint Device Plugged In Port Configuration: Applied QoS Policy: Enforced Security Policy: Enforced

Anomaly Detected Proactive diagnostics: Finished Real-time alert: Created Web-based reports: Generated Responsible TAC team: Routed to Remediation: Completed

Director

Switches


Innovation: Advanced Security

Switch-level Security - Layer 2 security: Port security, Dynamic ARP inspection … - Layer 3 security: Dynamic ACLs, 802.1X … - Device Sensor … End-to-end Network Security - ISE Integration: consistent policy - TrustSec/Security Group Tag: context-aware security - MACsec: network-wide encryption

Identity Services Engine (ISE)

What

Where

How Who

IDENTITY

When

Context-aware decisions

Resource Switch Switch User

IP source guard

uRPF

Device Sensor Dynamic ARP Inspection

Port Security

802.1X, web/MAC authentication

RADIUS/TACACS+ IP source guard

IPv6 First-Hop Security

Private VLANs

Switched Port Analyzer

Bridge Protocol Data Unit Guard

Secure Shell, Kerberos

SNMPv3

ISE Integration Security Group Tag

MACsec


Catalyst 2960-X/XR Series Access Switches Next Generation Catalyst 2960 Access Switches

Doubling Everything At Same Price

Application Visibility and Control

Layer 3 Routing

Investment Protection

Most Deployed Switch In the World

Greenest Switch Ever

Stack units, Bandwidth and more

Now with NetFlow Lite

RIP, OSPF, EIGRP Stack with Existing 2960-S/SF

Up to 80% Savings


Cisco Catalyst 3850 Series Switch

Best-in-class fixed, stackable switch - High performance 24/48 port GE switch with 480 G stacking - Granular, hierarchical bandwidth management

Converged wired + wireless - Single platform with built-in wireless controller - Up to 40 G wireless throughput - Support for 802.11ac

Distributed intelligent services - Flexible NetFlow on all ports - TrustSec and MediaNet - Resiliency (Stateful Switch Over) - SmartOperations

Foundation for Cisco Open Network Environment -  Unified Access Data Plane (UADP) ASIC -  OnePk for wired and wireless service

The Intelligent Platform for a Connected World


Cisco Unified Access for Catalyst 4500E

Catalyst 4500E Supervisor 8E Wired and Wireless Convergence for Chassis Switches

INVESTMENT PROTECTION Existing Chassis and Line Cards

INNOVATION UADP ASIC

SIMPLICITY UNIFIED ACCESS

One Network, One Policy One Management


Reinventing the Backbone with Catalyst 6800 Built on Catalyst 6500 DNA

Catalyst 6500 DNA Most Deployed Campus Backbone Switch

800,000+ Chassis & Counting 120+ Million Ports & Counting

20x Deployment Than the Nearest Competitor

Built for NextGen Services Built for Simplicity and Programmability

Built for NG Scale, Performance & Services Built for Unified Access

Built to Preserve Catalyst 6500 DNA

Best of Both Worlds | Full Investment Protection Cisco Catalyst 6800

Catalyst 6807-XL Catalyst 6880-X

Catalyst 6880ia


Agenda

•  Introduction




•  Conclusion

17


Prime Infrastructure

Cisco WLC

3rd Party MDM Appliance

MDM Manager

Wired Network Devices

Cisco Catalyst Switches

Office Wired Access

Office Wireless Access

ISE

Remote Access

ASA Firewall

PrSM / ASDM

Cisco Identity Services Engine and Cisco Prime: Enabling Network Policy & Configuration Management


Putting the End User in Control Simplified On-Boarding for BYOD

•  Reduced Burden on IT Staff –  Device On-Boarding –  Self Registration –  Supplicant Provisioning –  Certificate Provisioning

•  Self Service Model –  myDevice Portal for registration –  Guest Sponsorship Portal

•  Device Black Listing –  User initiated control their devices, black-listing, re-instate

device, etc) •  Support for:

–  iOS –  MAC OSX –  Android –  Windows


Guest Policy

Context Awareness: Guest Management

Guests

Web Authen,ca,on

Wireless or Wired Access

Internet-‐Only Access

Provision: Guest Accounts via Sponsor Portal

No+fy: Guests of Account Details by Print, Email, or SMS

Manage: Sponsor Privileges,

Guest Accounts and Policies, Guest Portal

Report: On All Aspects of Guest Accounts

Internet

ISE Guest Service for Managing Guests


Personal iPad Policy

[restricted access]

Access Point Printer Policy

[place on VLAN X]

Context Awareness: Device Profiling

DEPLOYMENT SCENARIO WITH CISCO IOS SENSOR COLLECTION Switch Collects Device Related Data and Sends Report to ISE

CLASSIFICATION ISE Classifies Device, Collects Flow Information and Provides Device Usage Report

AUTHORIZATION ISE Executes Policy Based on User and Device

Efficient Device Classification Leveraging Infrastructure

CDP LLDP DHCP MAC

Printer Personal iPad ISE

CDP LLDP DHCP MAC

DEVICE CLASSIFICATION Profiling for both wired and wireless devices

POLICY

Access Point

The Solution

Automated Device Classification Using Cisco Infrastructure


Cisco Identity Services Engine

•  Identity Services Engine for Advanced Policy Management

IDENTITY PROFILING

VLAN 10 VLAN 20

Wireless LAN Controller

DHCP RADIUS

SNMP NETFLOW

HTTP

DNS

ISE

Unified Access Management

Access Point

802.1x EAP User

Authentication

HQ

2:38pm

Profiling to identify device

Full or partial access granted

Personal asset

Company asset

Posture of the device

Policy Decision

4

5

6 Enforce policy in the network

Corporate Resources

Internet Only

1

2

3


Agenda

•  Introduction




•  Conclusion

23


Cisco Prime Infrastructure Integrated Wired and Wireless Lifecycle and Assurance Management •  Provides complete wired and wireless lifecycle

management –  Discovery, inventory, configuration, monitoring,

troubleshooting

•  Delivers end-to-end network visibility for application and end-user assurance –  Uses Cisco® device instrumentation to reveal the

performance of the underlying delivery infrastructure

•  Uses granular flow and packet-based analytics from the Cisco Prime™ NAM –  Permits deep visibility for rapid resolution of

application and network issues

Single pane of glass for wired and wireless management Lower TCO with intuitive user experience and workflows Speeds troubleshooting, improves network availability


Realizing One Management

• Regulatory and best practice policies • Automated audit and reporting • Centralized remediation

Cisco Prime Infrastructure User

Productivity

Regulatory and Operational Compliance

Operational Productivity

User, Site & App Experience • App performance visibility • User & site-level visibility • Proactive monitoring • Real-time troubleshooting • Prime 360 Views

Automated Best Practices • Wired/wireless, Branch/WAN •  Integrated lifecycle • Cisco best practices built-in • PnP automated deployment • Day 1 Device Support


Best Practices Ensure Corporate and Regulatory Compliance

•  Enables IT organizations assess their network and devices for out-of-policy configurations, security and risk vulnerabilities

•  Robust out-of-the-box compliance rules engine for customizable compliance auditing based on Cisco and industry best practice rules Ø Analysis against EOL and PSIRT notifications

•  Optional - regulatory compliance reporting against specific industry initiatives such as PCI DSS


Troubleshoot Wired and Wireless Access Using Cisco Prime Infrastructure for Converged Client Devices

1.  Search on user name

2.  Identify wired and wireless devices associated with the user

3.  Display associated and disassociated devices

4.  Use automated client troubleshooting workflow to resolve the issue

5.  Issue resolved

USE CASE: User calls in to help center because she cannot get access to financial data on the network. IT determines if she is authorized to access this area.

Troubleshoot user and access issues based on identity Speed resolution with intuitive guided workflows

Cisco Prime™ Infrastructure

Step-by-Step Recommendations


Isolate Rich Media Issues at a Branch Improved Troubleshooting and Visibility

1.  End user experience dashboard identifies source of the issue server/network/endpoint

2.  Determine if other users at the same branch are also experiencing degradation

3.  Navigate from end user to branch device to determine the interface serving RTP applications

4.  Analyze interface dashboard to determine application mix patterns

5.  Isolate the issue to wrong classification done by class-based QoS policies on the interface

USE CASE: End user calls about issues with rich media sessions.

Reduce expertise needed by normalizing and correlating performance data

Quickly identify the source of the problem


Speed Problem Resolution Using Cisco Smart Interactions

1. Fault notification on core switch

2. Operator engages support community

3. Validates issue and opens service request with contextual information about the problem

USE CASE: Help desk operator sees a problem with a gateway router and uses Cisco® smart interactions to help quickly isolate and solve the problem

Seamless access to Cisco support communities Significantly reduces time required to resolve problems


Agenda

•  Introduction




•  Conclusion

30


Cisco Unified Access Solutions

•  Cisco recognized as industry leader

•  Catalyst Innovations bring significant value to IT teams

•  ISE and Prime Infrastructure bring unprecedented visibility and control to campus networks

•  Gartner Magic Quadrant for Wired and Wireless Access LAN for 2 consecutive years

31


Register for CiscoLive! – San Francisco

32

CiscoLive! – San Francisco May 18 – 22, 2014 www.ciscolive.com/us

Local Edition

cisco livelocal2014 unifiedaccess

Technology

cisco andor

network cisco

cisco confidential

policy cisco ise

cisco vni study

cisco cius tablets

cisco client mix

mobile devices