Cisco Catalyst 9000 Series Technical Overview: Product Marketing March 2020

Cisco Catalyst 9000 Series
Technical Overview
Product Marketing
March 2020
• Catalyst 9000 Family
• Catalyst 9600 Series
Agenda • Catalyst 9200 Series

• High Availability
• Quality of Service
• Multicast
• Security
• Optics
© 2019-2020 Cisco and/or its affiliates. All rights reserved.
© 2019-2020 Cisco and/or its affiliates. All rights reserved. Cisco Informational
Cisco Catalyst 9000 Switching Portfolio
One Family from Access to Core – Common ASIC, OS & CPU
Catalyst
9600 Series
Catalyst
Catalyst 9500 Series
9400 Series Catalyst
Catalyst 9000
9300 Series
Catalyst
9200 Series
Switching
Platform
Catalyst Catalyst Catalyst Catalyst Catalyst Catalyst

2960-X/XR 3650/3850 4500-E Series 3850-XS/4500-X 6840-X/6880-X 6500-E/6807-XL
Access Switching Core Switching

Catalyst 9000
Building blocks
Catalyst 9000 Series – Common Building Blocks
Programmable x86 Open & Extensible Unified Access Data Plane

Multi-Core CPU IOS-XE® ASIC 2.0 & 3.0
Application Hosting Model-Driven APIs Programmable Pipeline
Secure Containers Modular Patching Flexible Tables
Multi-Core CPU (x86) – Built for App Hosting
IOT & Enterprise
Cisco Application Framework (CAF)
Docker Docker Docker Docker
IOS
Control
Plane
Custom
App
x86
IOS XE
IOS XE Kernel
Kernel
CPU
x86 CPU enables hosting NFV devices, Containers and 3rd-party Apps
© 2019-2020 Cisco and/or its affiliates. All rights reserved. Cisco Informational * Cisco Catalyst 9200 Series uses an embedded ARMv8 CPU
** Catalyst 9200 has an Embedded CPU (not x86 based)
Cisco IOS XE – A Modern Operating System
Cisco IOS
Cisco XEXE
IOS 16 &17.x
IOS Control Plane CAF / IOX Cisco IOS subsystems

Resiliency and High Availability
IOS Sub Docker CSR1Kv
IOS Sub
Systems
IOSd IOS
Systems
sub-systems
Docker Guest Shell
Common Infrastructure & HA

Cisco IOS XE database
Programmability and Open models
Management Interfaces
Cisco
Module Drivers
IOS XE
DB
IOX / Docker containers
Kernel Cisco and 3rd-party App hosting
Protected Memory
Open, Model Driven & Secure Operating System

Cisco UADP - Next Generation ASIC
Flexible Pipelines
Investment Protection
Adaptable Tables
Universal Deployment
Multi-Core Resources
Enhanced Scale and Buffering
Up to 20B Transistors
Flexible & Programmable ASIC – Adapts to New Technologies

Common Capabilities of UADP ASIC
Flex Parser & Multiple

Embedded Adaptable Hardware
Programmable Recirculation
Micro-Engines Tables
Pipeline Capability
UADP 2.0 – Next Gen ASIC for Access Switching
Used in Catalyst 9300, 9400 and 9500 Series
Investment protection
Flexible pipeline
UADP 2.0 & 2.0 XL
Universal deployments
Adaptable tables
Enhanced scale and buffering

Multicore resource share
1 2 3
384,000 flex Shared Up to 240G Up to 2X to 4X

counters Lookup bandwidth forwarding TCAM
7.46
billion transistors
CPU
Embedded CPUs Up to 32 MB Up to 64,000 x2

packet buffer NetFlow records 28nm technology
UADP 2.0+ Architecture
ASIC Block Diagram
Stack or ASIC Interface
SQS AQM
PBC – Packet Buffers Complex
Q
Q Q
IQS EQS
Ingress Forwarding Look up Egress Forwarding

Controller Tables Controller
(IFC) (EFC)
Rewrite engine
Ingress FIFO Egress FIFO
MACsec Encryption Recirculation MACsec

engine engine
Network Interfaces - Front Panel Ports

UADP 3.0 – Next Gen ASIC for Core Switching
Used in Catalyst 9500H and 9600 Series
UADP 3.0 Customizable 36 MB

ASIC templates Unified buffer
Double-Width 3X FIB
memory tables table scale
19.2 Up to 1.6 TB 1G, 10G,

billion transistors bandwidth 25G, 40G & 100G
16nm technology
UADP 3.0 - Architecture
ASIC Block Diagram
BACKPLANE 800 Gbps
SQS AQM
Unified PBC (shared buffer)
Q Q Q
IQS EQS
Flexible
Ingress Forwarding lookup Egress Forwarding
Controller tables Controller
(IFC) (EFC)
(shared
across
Core 1 cores*) Core 1
Rewrite engine
MACsec engine Encryption Recirculation MACsec engine

engine engine
Network interfaces – front panel ports – slices
UADP 2.0 Mini
Architectural simplicity with powerful innovations
Investment protection
Flexible pipeline
Enhanced scale and buffering

Multicore resource share Embedded
CPU
6-MB
100G 1G, 2.5G, 5G, 10G, 40G
packet buffer
bandwidth Supports different speeds
16,000 Flexible SDM templates

NetFlow records Programmable modules Flexibility
160G, 80G Up to 2x to 4x
stacking capacity forwarding + TCAM
Catalyst 9000
Quick Comparison
Catalyst 9000 – Quick Comparison
9200 9300 9400 9500 9600

PIN Access Access Access Core Core
Form Fixed Fixed Modular Fixed Modular
CPU 1.4G 4C ARM 1.8G 4C x86 2.4G 4C x86 2.4G 4C x86 2.0G 8C x86
ASIC UADP2 Mini UADP2 UADP2 XL UADP2 XL & 3 UADP3
8 Stack + SSO 8 Stack + SSO/NSF 2 Sup + SSO/NSF 2 Node + SSO/NSF 2 Sup + SSO/NSF
HA StackWise-160/80 StackWise-480/320 StackWise Virtual StackWise Virtual StackWise Virtual
1G max 48 + 4 48 + 8 96, 192, 384 + 8 48 + 8 192
mGIG max 12 48 + 4 48, 96, 192 -- 192

10G max +4 24 + 8 48, 96, 192 48 + 4 192
25G max +2 +2 +2 48 + 4 192
40G max +2 +2 +2 32 96
100G max -- -- -- 32 48
+ Uplink Ports
Catalyst 9000 – Access Comparison
* Default SDM Template 9200 9300 9400

Model 9200L 9200 9300L 9300 SUP1 SUP1XL
Stack/Slot Bandwidth 80G 160G 320G 480G 80G 240G
MAC Addresses * 16K 32K 32K 32K 64K 64K
IP Routes * 3K 4K 8K 8K 64K 64K
Flexible Netflow * 16K per ASIC 16K per ASIC 64K per ASIC 64K per ASIC 128K per ASIC 128K per ASIC
Power Over Ethernet 15,30W 15,30W 15,30,60W 15,30,60,90W 15,30,60,90W 15,30,60,90W
Perpetual & Fast POE Yes Yes Yes Yes Yes Yes
Precision Time Protocol Yes Yes Yes Yes -- --
App Hosting No No Yes Yes Yes Yes
MACsec Encryption 128-bit AES 128-bit AES 256-bit AES 256-bit AES 256-bit AES 256-bit AES
Software Defined Access Edge Edge Edge, Border, CP Edge, Border, CP Edge, Border, CP Edge, Border, CP
Catalyst 9000 – Core Comparison
* Default SDM Template 9500 9500(H) 9600

Model Default High Performance SUP1
Stack/Slot Bandwidth 240G 1.6T 1.6T
MAC Addresses * 64K 82K 32K
IP Routes * 64K 114K 212K
Flexible Netflow * 128K per ASIC 98K per ASIC 64K per ASIC
Custom SDM Templates -- Yes Yes
Graceful Insertion & Removal Yes Yes Yes
Precision Time Protocol Yes Yes --
App Hosting Yes Yes Yes
MACsec Encryption 256-bit AES 256-bit AES 256-bit AES
Software Defined Access Yes Yes Yes

Cisco Catalyst
9600 Series
Foundation of the Cloud-Scale Campus
Industry-leading Purpose-built
High L2 scale (ACLs)
programmable ASIC
Powered by
UADP 3.0
for Resiliency with
and Open
IOS-XE Scalability
Leads the industry

Designed for campus 25G Full MPLS, SDA
dual-rate optics BGP-EVPN
in comprehensive
integrated Security
25.6 Tbps Total Capacity

Flexible speeds: Grows with
10G/25G/40G/100G your business
Flexible NetFlow MACsec 256 at lowest TCO
Ready for Cisco Catalyst 6500 and 6800 migration
Quick Overview
Dual-serviceable 4 Line-Card slots

Fan tray
2 Supervisor slots
Built-in RFID (dedicated)
6.4 Tbps per slot

Blue Beacons from each
(system, fan tray, Supervisor slot
sup, cards)
Dimensions
4 Modular N+1 Power 8RU
Supplies 13.95 x 17.4 x 16.1
(H x W x D in inches)
Supervisor 1
9.6 Tbps capacity 2.4 Tbps per slot
8 core X86 CPU

3x UADP 3.0 ASIC
@2.0 Ghz
UADP UADP UADP
CPU
Mgmt ports:
16G DDR4 memory
copper and fiber
M.2 SATA SSD

Built-in RFID
(optional: up to 1 TB)
2x USB3
Blue Beacon
1x mini-B USB console
Line cards
C9600-LC-24C - 100G/40G (fiber)

• 24 ports
• QSFP28/QSFP+
• Supports 100G and 40G
C9600-LC-48YL - 25G/10G/1G (fiber)

• 48 ports
• SFP28/SFP+/SFP
• Supports 25G, 10G, and 1G
C9600-LC-48TX - mGig (copper)

• 48 ports
• Copper 10G (NBASE-T/10BASE-T)
IOS-XE 17.1.1 • Supports 10G,5G,2.5G,1G,100M and 10M
C9600-LC-48S- 1G (fiber)
• 48 ports
• SFP
• Supports 1G IOS-XE 17.2.1
C9600-LC-24C - 100G/40G Line-Card
• All 24 ports are capable of 100G (QSFP28) OR 40G (QSFP+)

• Hardware-ready with QSA (for 1G/10G)
• With Supervisor Engine 1
• 40G: 24 x 40G (line rate with 148 byte or higher)
• 100G: 12 x 100G (line rate with 187 byte or higher)
• Every 2 ports in a port-group. Odd number ports can be 100G, and next even number port is disabled
C9600-LC-48YL - 25G/10G/1G Line-Card
• All 48 ports support 25G/10G/1G (SFP28/SFP+/SFP)

• Line rate on all ports (at 187 bytes for 25G; any size for 10G/1G)
• Any port, Any supported speed
• Port reference is always ”TwentyFive<slot#>/0/<port#>”
• Port speed is auto-detected (based on the inserted transceiver)
* hardware capable of 10/100M
Cisco Catalyst 9600 Series IOS-XE 17.1.1
C9600-LC-48TX - mGig Line Card
For collapsed-core copper deployments and connectivity to servers

• All 48 ports can support 10G/5G/2.5G/1G/100M/10M
• Line rate on all ports (any frame size)
• Any port, Any supported speed
• No PoE support (Data Only)
• Port reference is always “TenGigabit<slot#>/0/<port#>”
• Port speed is auto-negotiate (default)
1G Line card - C9600-LC-48S
• All 48 ports support 1G

• Hardware capable of 10/100M*
• Line rate with 1G (any packet size with 1G)
• Port reference is always “Gig<slot#>/0/<port#>”
*Roadmap
Centralized Modular Architecture
• Centralized Architecture
Supervisor
UADP X86 CPU • Hitless Switchover & Upgrades
Data Plane Open Control Plane • Lower Latency (fewer ASIC)
Features Cisco Containers
Micro Engines IOS-XE SSO/NSF/ISSU • Forwarding, Queuing & Security
on the Supervisor (UADP)
• Unlock new performance &
features with new Supervisor
Passive Backplane (Up to 6.4T BW per slot) • X86 CPU + Storage
• Native Docker App Hosting
Line Card Line Card Line Card • Passive Backplane
PHY PHY PHY • Transparent Line Cards

• Increases MTBF (fewer ASIC)
• Compatible with new Sup
Supervisor 1 – Block Diagram
Switch backplane
1.6T 64x 64x 64x

SupIO
NIF NIF NIF (I2C)
PCIe Ethernet FPGA
UADP 3.0 UADP 3.0 UADP 3.0

#1 OBFL
#2 #3 8-core CPU (1 Gb)
1.6 Tbps
ASIC interconnect M.2 SATA

(optional)
SDRAM
USB console/
2x USB3 Console/Mgmt SFP+
C9600-LC-24C – Block Diagram
Switch backplane
4x NIF 4x NIF 4x NIF 4x NIF 4x NIF 4x NIF PCIE PCIE

Sup-A Sup-B Sup-A Sup-B Sup-A Sup-B Sup-A Sup-B
PHY-1 PHY-2 PHY-12 FPGA
OBFL
(1 Gb)
2x QSFP28 2x QSFP28 2x QSFP28
1-2 3-4 23-24
C9600-LC-48YL – Block Diagram
Switch backplane

OBFL
(1 Gb)
4x SFP28 4x SFP28 4x SFP28
1-4 5-8 45-48
C9600-LC-48TX – Block Diagram
Switch backplane

mGig mGig mGig

FPGA
PHY-1 PHY-2 PHY-12
OBFL
(1 Gb)
4x Copper 4x Copper 4x Copper
1-4 5-8 45-48
1G line card block diagram IOS-XE 17.2.1
Switch backplane

OBFL
(1 Gb)
4x SFP 4x SFP 4x SFP
1-4 5-8 45-48
Cisco Catalyst 9600 & 9500H Series
Switch Database Management (SDM) Templates
Core template User-Customizable Distribution template

Maximizes system resources allows customizable Balances system resources between
for Layer 3 unicast and ACL TCAM resources Layer 3 routes and Layer 2 MAC
multicast routes and security and Netflow
(default for UADP3) (default for UADP2 XL)
SD-Access template NAT template

Maximizes system resources
Maximizes system resources for NAT
for policy entries to support
configurations on the switch
fabric deployment Cisco® Catalyst®
9600 Series
Cisco Catalyst 9600 & 9500H Series
SDM Templates, Scale & Customization
IOSXE 17.1.1
Feature Distribution Core (default) SDA NAT
Routes (IPv4/IPv6) 114K/114K 212K/212K 212K/212K 212K/212K
Multicast routes (IPv4/IPv6) 16K/16K 32K/32K 32K/32K 32K/32K
MAC address table 82K 32K 32K 32K
IGMP/MLD snooping 2K 2K 2K 2K
Flexible NetFlow (Ingress) 49K/ASIC 32K/ASIC 32K/ASIC 32K/ASIC
Flexible NetFlow (Egress) 49K/ASIC 32K/ASIC 32K/ASIC 32K/ASIC
SGT label 32K 32K 32K 32K
Ingress 12K 8K 12K
Security ACL
Egress 15K 19K 8K
Ingress 8K 8K 4K
QOS ACL
Egress 8K 8K 4K
Ingress 1K 1K 1K
NetFlow ACL
Egress 1K 1K 1K
Ingress 0.5K 0.5K 0.5K
SPAN
Egress 0.5K 0.5K 0.5K
PBR/NAT 3K 2K 15.5K
CPP 1K 1K 1K
Tunnel termination and MACsec 3K 3K 2K
LISP 1K 2K 1K
Higher scale Customizable resources

Reversible Fan Tray
• N+1 (8+1) Fan Redundancy

• Flexible service – fan tray can
be replaced from the frontside
or from the back
• Efficient - variable speed per fan
depends on load, temperature,
and altitude (=>lower noise)
• Airflow is Side-to-Side*
* optional side-to-back air baffle
Fan tray is fully hot-swappable within 120 seconds (2 minutes)
Power supplies
• Chassis has 4 slots for power supply

• Individual on/off switch for each power supply
• Supports a mix of AC (@220V) and DC
power supplies
• Supports both 110V and 220V input

A • 2 KW output with 220V (1050W with 110V)
• Platinum rate power supply
C • Redundant mode: Combined and N+1
• Supports input range of -40V to -72V

D • 2 KW output
• Platinum rate power supply
C • Redundant mode: Combined and N+1
Power Supply redundancy
Normal operation Power supply failure AC + DC power supplies
• AC: No mixing of 110V input and 220V input

Requirement
• Mixed DC and AC: AC input needs to be 220V
• Equal load sharing • Equal load sharing among remaining • Equal load sharing
Operation
and all active power supplies
• Combined mode: Use all available • Combined mode: Line card can shut • Combined mode: Line card can shut
power supplies for system budgeting down if there isn’t down if there isn’t
Power enough power enough power
• N+1 mode: Use N power supplies
budgeting for system budgeting • N+1 mode: Always enough power • N+1 mode: Always enough power
with single power supply outage with single power supply outage
Cisco Catalyst
9500 Series
Purpose-Built Medium & High-End Fixed Core
Catalyst 9500
UADP 2.0 UADP 3.0 Premium Fixed Core
UADP 2.0 XL & 3.0

• Industry’s first 40G enterprise switch • Industry’s first 100G enterprise switch x86 CPU and Containers
• Optimized 10G switch for midsize backbone • Optimized 25G switch for future backbone Cisco IOS® XE Software
StackWise® Virtual
SD-Access
C9500-24Y4C
C9500-16X MACsec-256 on all ports
C9500-40X C9500-48Y4C
Customizable Templates
C9500-24Q C9500-32QC
Extending Fixed Core beyond
C9500-12Q C9500-32C Catalyst 6800-X and 4500-X
13x throughput (3.2 Tbps)

6x performance (1 Bpps)
4x memory and flash
2x CPU cores (x86)
8x 40G port density
Modular Storage for 25G & 100G for Campus
Modular Fans Modular Uplinks
Power Supplies application hosting
New generation of purpose-built fixed midrange core/aggregation switches
Cisco Catalyst UADP 2.0 XL

9500-16X
Cisco Catalyst
9500-40X
Cisco Catalyst
9500-24Q
Cisco Catalyst
9500-12Q
Industry’s first 40G enterprise switch
High-level overview
2.4-GHz quad-core x86 CPU
Built-in RFID UADP 2.0 XL ASIC Every port 40G,10G,* Cisco StackWise
USB 2.0 flash drive 16 GB of DDR4 DRAM
(passive) 240G bandwidth and 1G* capable Virtual
32 MB per ASIC packet buffer
C9500-24Q
24x 40G
C9500-12Q
12x 40G
C9500-40X
40x 1/10G
C9500-16X
16x 1/10G
* With QSFP to SFP or SFP+ (QSA) adapter

Network modules
C9500-NM-2Q C9500-NM-8X
Cisco Catalyst 9500 Series Cisco Catalyst 9500 Series
network module 2-port 40G network module 8-port
with QSFP+ 1G/10G with
SFP and SFP+

Support for Online Insertion and Removal (OIR)
Uplink modules supported on C9500-40X and C9500-16X
Uplink modules supported on C9500-40X and C9500-16X
Support for Online Insertion and Removal (OIR)
Redundant power supplies and fans
Redundant 1+1 120-GB Redundant N+1

950W AC/DC power supplies USB 3.0 storage fans
Power supply highlights Fan highlights

• Hot-swappable • Variable-speed high-efficiency fans
• AC, DC, and mixed power supplies supported • Detect ambient temperature and adjust fan speeds
• Maximum output 12V/950W at 220V/110V AC input • Individual fans are OIR capable up to 120 seconds
• More than 90% power efficiency at 50% to 100% of load • Front-to-back airflow
• Redundant load sharing (1+1) mode only • Can still operate with individual fan tray failure
New generation of purpose-built fixed high-end core/aggregation switches
Cisco Catalyst UADP 3.0

9500-24Y4C
Cisco Catalyst
9500-48Y4C
Cisco Catalyst
9500-32QC
Cisco Catalyst
9500-32C
Industry’s first 25G/100G enterprise switch
Cisco Catalyst 9500 25G/100G
High-level overview
2.4-GHz quad-core x86 CPU Next-generation
Built-in RFID 16 GB of DDR4 DRAM Every port 100G, 40G, 10G,* Cisco StackWise
USB 3.0 flash drive UADP 3.0 ASIC
(passive) 16 GB flash and 1G* capable Virtual
1.6-Tb bandwidth
36 MB per ASIC unified packet buffer
C9500 – 32C
32x 40G/100G
C9500-32QC
16x 100G or
32x 40G
C9500-24Y4C
24x 1G/10G/25G +
4x 40G/100G
C9500-48Y4C
48x 1G/10G/25G +
4x 40G/100G
* With QSFP to SFP or SFP+ (QSA) adapter

Cisco Catalyst 9500 - C9500-32C
Redundant 1+1 1600W 5 standalone fans – 240-, 480-, or 960-GB

AC/DC power supplies N+1 redundancy SATA SSD storage

• Hot-swappable • 5 variable-speed high-efficiency fans at rear of chassis
• AC, DC, and mixed power supplies supported • Detect ambient temperature and adjust fan speeds
• Maximum output is 1600W at 220V and 1000W at 110V • Fans are hot-swappable
• More than 90% power efficiency at 50% to 100% of load • Front-to-back airflow
• Redundant load sharing (1+1) mode only • Can still operate with one fan unit failure
Cisco Catalyst 9500 - C9500-32QC,24Y4C,48Y4C
Redundant 1+1
Redundant 1+1 240-, 480-, or 960-GB
650W AC and 930W DC
fan tray SATA SSD storage
power supplies

• Hot-swappable • Dual variable-speed high-efficiency fan trays
• AC, DC, and mixed power supplies supported • Thermal sensor to detect ambient temperature and adjust fan
• Maximum output 12V/650W at 220V/110V AC Input speeds
• Fan trays are hot-swappable
• More than 90% power efficiency at 50% to 100% of load
• Front-to-back airflow
• Redundant load sharing (1+1) mode only
• Can still operate with individual fan tray failure
Power supply redundancy
Redundant mode (default) Redundant mode (failure) AC – DC power supplies
50% 50% 50% 50%

 100%
PSU1 PSU2 PSU1 PSU2 PSU1 PSU2
• Load sharing and redundancy are • In case of power supply or power feed failure, • Mix of AC and DC power
enabled automatically active power supply operates at 100% capacity supplies supported
• Each power supply provides ~50%
of capacity
• This is the recommended and only mode
9500-32C Block diagram
X86 2.4-GHz
400 Gbps 400 Gbps 400 Gbps 400 Gbps quad-core CPU
FPGA
ASIC 0 Packet buffer (36 MB) ASIC 1 Packet buffer (36 MB)
DRAM – 16 GB
Flash
Forwarding controller Forwarding controller Forwarding controller Forwarding controller 16 GB
Reassembly Rewrite Reassembly Rewrite Reassembly Rewrite Reassembly Rewrite USB 2.0
crypto crypto crypto crypto
Ingress Egress Ingress Egress Ingress Egress Ingress Egress USB 3.0
FIFO FIFO FIFO FIFO FIFO FIFO FIFO FIFO
Core 1 Core 0 Core 1 Core 0 Mgmt Console
Network interface Network interface
PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY PHY
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI SFI
0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7 0-3 4-7
QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28 QSFP28
Cage 1 Cage 2 Cage 3 Cage 4 Cage 5 Cage 6 Cage 7 Cage 8 Cage 9 Cage 10 Cage 11 Cage 12 Cage 13 Cage 14 Cage 15 Cage 16
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
9500-48Y4C Block diagram
X86 2.4-GHz
Packet buffer (36 MB)
quad-core CPU
Forwarding controller Forwarding controller FPGA

DRAM – 16 GB
Reassembly Rewrite Reassembly Rewrite Flash
crypto crypto 16 GB
Ingress FIFO Egress FIFO Ingress FIFO Egress FIFO

USB 2.0
Core 1 Core 0
USB 3.0
Network interface
Mgmt Console
10G/25Gx8 10G/25Gx8 20G/25Gx8 20G/25Gx8
PHY PHY PHY PHY PHY PHY PHY PHY

0 1 2 3 4 5 6 7
SFI 0-7 SFI 0-3 SFI 4-7 SFI 0-7 SFI 0-7 SFI 0-3 SFI 4-7 SFI 0-7 SFI 0-7 SFI 0-7
SFP28 Cage 1 SFP28 Cage 2 QSFP28 Cage 1 QSFP28 Cage 2
SFP 1-12 SFP 13-24 SFP 25-35 SFP 36-48 49 50 51 52
Switch Database Management (SDM) template
Core template User-customizable Distribution template

Maximizes system resources template Maximizes system resources for MAC
for unicast and multicast Allows customizable* and security
routing and security (Default: C9500 switches)
ACL TCAM resources
(Default: C9500 100G/25G)
SD-Access template NAT template

Maximizes system resources Maximizes the Network Address
for security to support fabric Translation (NAT) configurations on
deployment the switch
Cisco Catalyst
9500 Series
* Cisco Catalyst 9500 High Performance switch security ACL TCAM only
Cisco Catalyst 9500 Series Comparison
Catalyst 9500 Catalyst 9500
Capabilities (per ASIC)
Series (UADP 2.0) 100G/25G (UADP 3.0)
Switching and forwarding capacity 240 Gbps (360 Mpps) 1.6 Tbps (1 Bpps)
ASIC interconnect bandwidth 2x 360 Gbps 2x 800 Gbps
Buffer capability 16 MB per core (32 MB) 36 MB across cores
SDM template Fixed templates Customizable templates
NetFlow capabilities Dedicated NetFlow table Shared NetFlow table
v4 FIB scale Total 228,000* Total 412,000*
v4 and v6 scale v6 reduced by half v4 and v6 same scale
Storage 120 GB USB 3.0 1 TB M2 SATA SSD
StackWise Virtual Supported Supported
Spanning-tree instances – RPVST+ 128 1000
Virtual Routing and Forwarding (VRF) – v4 256 1000
* Maximum ASIC capability
Cisco Catalyst
9400 Series
480G BW
Redundancy per slot
is now
table stakes
IEEE 802.3BT
90W PoE
compliant
4-slot 7-slot 10-slot
Supervisor Access line cards Core line cards Power supply

Sup-1: Access optimized 48x mGig UPOE+ 24x 10G SFP+ 3200W AC
Sup-1XL: Core optimized 24x mGig + 24x UPOE 48x 1G SFP 2100W AC
Sup-1XL-Y: Core optimized 48x UPOE+ 24x 1G SFP 3200W DC
48x UPOE
48x PoE+
48x data
Chassis Options
4-slot 7-slot 10-slot

Supervisor 2 (redundant)
Line cards 2 5 8
96x 10/100/1000 240x 10/100/1000 384x 10/100/1000
Ports 48x mGig; 56x SFP, SFP+ 120x mGig; 128x SFP, SFP+ 192x mGig; 200x SFP, SFP+
2x QSFP+ 2x QSFP+ 2x QSFP+
Dimensions W:17.5 in.; D:16.25 in.; H: 6RU W:17.5 in.; D:16.25 in.; H: 10RU W: 17.5 in.; D:16.25 in.; H: 13RU
BW per LC slot 480G 480G 480G
BW between Sup slots 720G
High-density 10G ports, 100G uplinks
Power supply 4 PS (N+1 and N+N) 8 PS (N+1 and N+N) 8 PS (N+1 and N+N)
PoE per slot 4800W
Ready for future higher-power PoE devices
Cooling Side to side (front to back for PS)
Cisco Catalyst 9400 Series – Sup-1
Overview
720G line cards, uplinks Line card slot bandwidth:

4-slot: 80G (>150 bytes)
UADP 2.0 XL ASICs

M.2 SATA SSD (optional;
up to 1 TB)
16G DRAM and 16G flash
USB 2.0/3.0
Uplinks:
MACsec-256 8x 10G, 2x 40G
MACsec is not supported on 1G speed on uplinks
Cisco Catalyst 9400 Series – Sup-1XL
Overview

UADP 2.0 XL ASICs
Templates: Distribution,
Core, SD Border
up to 1 TB)
USB 2.0/3.0
MACsec-256 Uplinks:
8x 10G, 2x 40G
Optimized for core deployment
MACsec is not supported on 1G speed on uplinks
Cisco Catalyst 9400 Series – Sup-1XL-Y
Overview

10-slot: 80G (> 150 bytes)
UADP 2.0 XL ASICs
Templates: Distribution,
Core, SD Border
up to 1 TB)
USB 2.0/3.0
MACsec-256 Uplinks:
2x 25G, 8x 10G, 2x 40G
Optimized for core deployment
*MACsec is not supported on 25G ports of Sup-1XL-Y
Copper Line Cards
RJ-45 (data)
48x 10/100/1000
Cisco TrustSec® and MACsec (256)
48x 10/100/1000 data
RJ-45 (Cisco UPOE)

48x 10/100/1000
PoE and PoE+ or PoE, PoE+, and UPOE
TrustSec and MACsec (256)
48x 10/100/1000 PoE and PoE+ 48x 10/100/1000 PoE, PoE+, UPOE
RJ-45 (Cisco UPOE+)

48x 10/100/1000
PoE, PoE+ UPOE, and UPOE+
48x 10/100/1000 PoE, PoE+, UPOE, UPOE+
Copper Multi-Gigabit Line-Cards
RJ-45 (Multi-Gigabit)
24x 10/100/1000 + 24x 100, 1G, 2.5G, 5G, 10G
PoE, PoE+, and Cisco UPOE
Cisco TrustSec and MACsec (256)
24x 1G + 24x Multi-Gigabit UPOE
RJ-45 (Multi-Gigabit)
48x 100, 1G, 2.5G, 5G
PoE, PoE+, UPOE and UPOE+
Cisco TrustSec and MACsec (256)
48x Multi-Gigabit UPOE+
Fiber Line-Cards
SFP (1G)
48x 100/1000
24x SFP 48x SFP
Fiber (1G/10G)
24x 1G, 10G
24x SFP, SFP+
Centralized Modular Architecture
Centralized architecture
Supervisor
Forwarding Open Control Plane

Features Cisco IOS Containers
Embedded controllers XE HA communication
Passive backplane
Up to 480G bandwidth per slot
Line card Line card Line card

STUB STUB STUB
ASIC ASIC ASIC
Sup-1, Sup-1XL and Sup-1XL-Y block diagram
Switch backplane
24x 24x 16x
240G 40G
SLI SLI SLI
8x
SupIO
SLI PCIe Ethernet
UADP 2.0 XL UADP 2.0 XL UADP 2.0 XL (I2C)
#1 #2 #3
720 Gbps
Quad-core CPU
(control traffic, containers
for apps)
ASIC # 4-slot 7-slot 10-slot
UADP #1 Slot 1 Slots 2 and 7 Slots 1, 9,
and 10
M.2 SATA
UADP #2 Slot 4 Slots 1 and 5 Slots 2, 3 SDRAM
(optional)
and 4
UADP #3 Slots 2 and 3 Slot 6 and Slots 7, 8,

and uplink uplinks and uplinks
4x 10G/ 4x 10G/ Console/
USB
SLI – switch link interface 40G 40G mgmt
Catalyst 9300 Flexible Tables - UADP 2.0 XL
Forwarding resources Feature resources
• MAC: 64,000 • Security ACL: 18,000

• Host route: 48,000 to 112,000 • QoS ACL: 18,000
• Service ACL: 18,000
• IGMP groups: 16,000
• PBR/NAT
• LPM route: 64,000 • NetFlow ACL
• Multicast route: 16,000 • SPAN
• MACsec
• SGT: 16,000
• CoPP
• Tunnel
• LISP
NetFlow NetFlow entries: 128,000 per ASIC
Cisco Catalyst 9400 Series - Power supplies
• Modular design: 4 PS for 4-slot chassis; 8 PS for 7- and 10-slot chassis
• Shared: Power for both data and inline power
• Slot priority: Lower-number slot with higher power priority (configurable in future software)
• Platinum-rated PS: 90%+ efficiency
• Output:
• 3200W AC PS with 240V input (1570W with 120V input. 16A input)
• 2100W AC PS with 240V input (940W with 120V input. 10.4A input)
• 3200W DC PS input voltage (-40 to -72 VDC)
Cisco Catalyst 9400 Series - Fan tray
• Redundant: N+1 Fans
• Flexible service:
Fan tray can be replaced from the
front or the back
• Efficient:
Variable speed per fan depends on
the load, temperature, and altitudes
(=> lower noise)
• Airflow: Side-to-Side airflow
Catalyst
9300 Series
Flexible High-End Fixed Access
Catalyst 9300
Modular Uplinks Fixed Uplinks Premium Fixed Access
(C9300 SKUs) (C9300L SKUs) UADP 2.0
x86 CPU
Copper Ports MGig + Fixed Uplinks
Cisco IOS XE
StackWise 480/320
StackPower*
48 ports 48 ports UPOE 24 ports 48/24 ports 48/24 ports SD-Access
UPOE 5G 12 MultiGigabit + 36 2.5G UPOE MultiGigabit UPOE Data
Application Hosting
1/10G + Fixed Uplinks Encrypted Traffic Analytics
MACsec-256 encryption
Trustworthy Solutions
48/24 ports 48/24 ports 48/24 ports 48/24 ports 48/24 ports IEEE1588 and AVB
UPOE/UPOE+ 1G PoE+ 1G Data 1G PoE+ Data NBAR2 App Visibility
Full Flexible NetFlow
Fiber Ports Stackwise-320 Kit
Perpetual and Fast PoE
IEEE 802.3bt Type 3
48/24 ports SFP 1G Model-Driven
Programmability & Telemetry
Hot Patching and GIR
* Modular SKUs Only
Uplink Modules Modular Fans AC & DC Power Supplies
Platinum
rated
8x 10G 2x 40G 4x Multigigabit 4x 1G 2x 25G 315W AC 715W AC/DC 1100W AC 1900W AC
Front view
Built-in RFID 1.8-GHz quad-core x86 CPU

Blue beacon USB 2.0 flash drive 8 GB of DDR4 DRAM UADP 2.0 ASIC
(passive)
16 GB flash
Unmatched PoE/
USB console Flexible fixed
Multigigabit capable Cisco UPOE®
Mini-USB Type B or modular uplinks
resiliency – Perpetual/Fast
Back view
External storage
USB 3.0 removable storage Stack cables Redundant fans Redundant power
(120-GB SSD)
Optional power supplies

Cisco StackWise®-480/320 Cisco StackPower*
(AC+DC)
© 2019-2020 Cisco and/or its affiliates. All rights reserved. Cisco Informational * Supported only on Cisco Catalyst 9300 Series modular uplink models (C9300 SKUs).
Catalyst 9300 Increased Scale Platform
Fixed Access optimized for Media Distribution and IP Storage
Catalyst 9300 Leadership
UADP 2.0 XL
2x Cisco IOS® XE Software
Buffers C9300-48UB: 48 Port 1G switch with UPOE
x86 CPU and containers
More Cisco SD-Access
Packet Buffers Encrypted Traffic Analytics (ETA)
AES-256/MACsec-256
2-4x C9300-24UXB: 24 Port Multigigabit switch with UPOE Trustworthy systems
Scale
Cisco StackWise-480
IEEE1588 and AVB*
Increased NBAR2
Network Scale
C9300-24UB: 24 Port 1G switch with UPOE Perpetual/Fast PoE
Model-driven programmability
New Patching/GIR
Modular Higher-efficiency AC
Modular uplinks Platinum Streaming telemetry
fans and DC power supplies rated
StackWise-480
8x 10G 2x 40G 4x Multigigabit 4x 1G 2x 25G 315W AC 715W AC/DC 1100W AC 1900W AC Stackpower
111
Catalyst 9300 Series 1G SFP Fiber
Expanding FTTD and 1G Fiber aggregation designs
C9300-48S: 48-port 1G SFP Switch • 24 and 48 port SFP SKUs

• Transition Catalyst 3850 1G SFP
to Catalyst 9300 1G SFP
• Wire-speed, non-blocking
performance
• Seamlessly integrates
with Cisco Catalyst 9300
C9300-24S: 24-port 1G SFP Switch Series copper
• Supports same optics
• Common stacking – StackWise-
480
• Common power stacking –
StackPower
• Common uplink modules
• Common power supplies,
Modular Higher-efficiency AC Platinum fans, cables
Modular uplinks rated
fans and DC power supplies
Fiber to the desktop
1G fiber aggregation

Collapsed access
112
Cisco Catalyst 9300 – IEEE 802.3bt Compliance
Introducing 90W UPOE+ Models to power latest intelligent devices
C9300-48H: 48-port 1G UPOE+ Switch • 24 and 48 port UPOE+ SKUs

• Supports 90W on all ports,
Backward compatible will
previous POE standards
• Wire-speed, non-blocking
performance
• Seamlessly integrates
C9300-24H: 24-port 1G UPOE+ Switch with Cisco Catalyst 9300
Series copper
• Supports same optics
• Common stacking – StackWise-
480
• Common power stacking –
StackPower
• Common uplink modules
Modular Higher-efficiency AC Platinum
Modular uplinks rated
• Common power supplies,
fans and DC power supplies fans, cables
StackWise-480

StackPower
113
Cisco Catalyst 9300
MultiGigabit Switches
24x 100M/1G/2.5G/5G/10G ports
36x 2.5G ports 12x MultiGigabit ports
4x 1G/2.5G/5G/10G
copper uplink module
48x 5G ports
Highest 2.5G, 5G and MultiGigabit density in the Industry
Uplink options
Cisco Catalyst 9300 Series Cisco Catalyst 9300L Series

modular uplink models fixed uplink models
4x 1G Fixed uplinks
C9300L-24/48P-4G, C9300L-24/48T-4G
4x Multigigabit 4x 1G 8x 10G 2x 1G, 2x 40G

copper SFP SFP, SFP+ 10G, 25G QSFP
SFP, SFP+ 4x 10G Fixed uplinks
C9300-NM-4M C9300-NM-4G C9300-NM-8X C9300-NM-2Y C9300-NM-2Q C9300L-24/48P-4X, C9300L-24/48T-4X
Modular uplink options on all C9300 SKUs Fixed uplink options on C9300L SKUs
C9300-48T/P/U SKUs - Block diagram
StackWise-480
X86 1.8-GHz
Packet buffer (8 MB) Packet buffer (8 MB)
quad-core CPU
Forwarding controller Forwarding controller FPGA

DRAM – 8 GB
Reassembly Rewrite Reassembly Rewrite Flash
crypto crypto 16 GB
Ingress FIFO Egress FIFO Ingress FIFO Egress FIFO

USB 2.0
Core 1 Core 0
USB 3.0
Network interface
Mgmt Console
10G x 4, 40G x 1
1G x 8
10G x 4, 40G x 1
1G x 8
40G 40G
PHY PHY PHY PHY PHY PHY
PHY PHY
0 1 2 3 4 5
0 1
TX 0-7 TX 0-7
Cage 1 Cage 2 Cage 1 Cage 2
1-12 13-24 25-35 36-48 1-4 1-4
Catalyst 9300 Flexible Tables - UADP 2.0
• MAC: 32,000 • Security ACL: 5000

• Host route: 24,000 • QoS ACL: 5000
• Service ACL: 4000
• IGMP groups: 8000
• PBR
• LPM route: 8000 • NetFlow ACL
• Multicast route: 8000 • SPAN
• MACsec
• Scalable group tags (SGT): 8000
• CoPP
• Tunnel
• LISP
Cisco Catalyst 9300 Series Switches
Platinum-rated power supply options
Platinum rated (90% efficiency)
New
350W AC-P 715W AC-P 1100W AC-P 1900W AC-P 715W WDC
Supported on all Cisco Catalyst 9300 Series Switches
StackPower
“Zero-footprint” Redundant Power System (RPS) deployment
• Provides RPS functionality with zero

RPS footprint
• Pay-as-you-grow architecture – Similar to the
data stack
• 1+N redundancy with inline power
• Up to 4 switches in a StackPower ring
• Multiple StackPower possible within one data
stack
• Up to 9 switches in a star topology with Cisco®
Expandable Power System (XPS)
StackPower is supported only on C9300 SKUs.
Cisco Catalyst
9200 Series
Cisco Catalyst 9200 Series Switches
Bluetooth In-built memory

Built-in dongle support* 4 GB or 2 GB memory Unmatched Full PoE+
RFID (USB 2.0) 4 GB flash Resiliency – Perpetual/Fast PoE+
Flexible fast and light ASIC Densest downlink offering Modular and
UADP 2.0 mini 24x 1G, 48x 1G fixed uplink offering
* Hardware capable
Data & PoE SKUs
Cisco Catalyst 9200 Series switching SKUs
Data/PoE+ (modular uplinks and fans) Data/PoE+ (fixed uplinks and fans)
24 ports 24 ports
Data Data
48 ports 48 ports
24 ports 24 ports
PoE+ PoE+
48 ports 48 ports
4x 1G and 4x 10G uplinks 4x 1G and 4x 10G uplinks
Modular power supplies available on all SKUs
Multigigabit models
Cisco Catalyst 9200 Series switching SKUs
Cisco Catalyst 9200 with Modular Uplinks Cisco Catalyst 9200L with fixed uplinks
2x 25G Uplinks
16x 1G and 8x Multigigabit Ports
PoE+ 2x 25G Uplinks PoE+
4x 10G Uplinks
16x 1G and 8x Multigigabit Ports 16x 1G and 8x Multigigabit Ports
2x 25G Uplinks
40x 1G and 8x Multigigabit Ports
PoE+ 2x 40G Uplinks PoE+
4x 10G Uplinks
40x 1G and 8x Multigigabit Ports 36x 1G and 12x Multigigabit Ports
All models support Full PoE+

Modular power supplies available on all SKUs
Enhanced VN Models
Cisco Catalyst 9200 Series switching SKUs for SD-Access Fabric Edge
Cisco Catalyst 9200-24PB Cisco Catalyst 9200-48PB
24x 10M/100M/1G Downlink Ports 48x 10M/100M/1G Downlink Ports
4 x 1/10G SFP/SFP+ Uplink Module 4 x 1/10G SFP/SFP+ Uplink Module
All models support Full PoE+
32 VN/VRF Supported with 31 User Configurable and 1 Default

Modular uplink options
• 4x 1G • 4x 10G
• SFP transceivers • SFP and SFP+ transceivers
• Supported on all • Supported on all modular
modular SKUs SKUs
C9200-NM-4G C9200-NM-4X
• 2x 25G • 2x 40G
• SFP and SFP+ transceivers • QSFP transceivers
• 1/10/25G Speed support • Supported on all 9200 mGig
• SKUs only
Supported on all 9200 mGig
SKUs only
C9200-NM-2Y C9200-NM-2Q
All modular uplink modules are field-replaceable units

Modular uplinks supported on Cisco Catalyst 9200 Series modular SKUs
StackWise-160/80* with SSO
Up to 8-
member stack
Stacking kit Ordered

• StackWise-160 supported on all modular Cisco Catalyst 9200 Series separately
switching models
• StackWise-80 supported on all fixed Cisco Catalyst 9200 Series switching
models Stack adapters Stacking cable
• Same Cisco IOS XE and license required on all members

Stacking cable comes with three options:
50 cm, 1 m, or 3 m
© 2019-2020 Cisco and/or its affiliates. All rights reserved. Cisco Informational *Mixed stacking not supported between StackWise-160 and StackWise-80
48-port SKUs - Block diagram
160G/80G stack interface
UADP ASIC MGMT

Packet buffer clock: 500 MHz/ 64
Gbps Flash 4/2 GB
CPU
Forwarding controller
RAM 2 GB
ASIC0
Reassembly crypto
LED
Network interface USB 2.0
USB 2.0
Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY
Mini USB console
12 ports PoE+ 12 ports PoE+ 12 ports PoE+ 12 ports PoE+
RJ-45 console
48x 1G 10/100/1000 Uplink
Catalyst 9200 Series – UADP 2.0 Mini
Lookup tables
Modular SKUs Fixed SKUs Modular SKUs Fixed SKUs
MAC 32,000 16,000 Security ACL 1000 1000

• Port ACL (PACL)
Host route 10,000 8000 • VLAN ACL (VACL)
• Router ACL (RACL)
IGMP groups 1000 1000
Indirect route 4000 3000 QoS ACL 1000 1000

Multicast route 1000 1000
NetFlow ACEs 128 128
SGT 2000 2000
Resilient power supplies
Silver rated (80% efficiency) Platinum rated (90% efficiency)
600W AC 1000W AC
Supported only on 24- Supported only on 48-
125W AC port PoE+ SKUs port PoE+ SKUs
Supported only on 1G data SKUs
Load sharing (1+1) mode supported for PoE+ SKUs
Power supplies are field-replaceable units

Redundant power supply should be identical
Resilient fan modules
Cisco Catalyst 9200 Series Cisco Catalyst 9200 Series

modular models fixed models
Field-replaceable fan modules Fixed fan modules
Switch can operate on a single fan at ambient temperature
Catalyst 9000
High Availability
Today our networks are most resilient
1+1 redundancy active and Platform resilience

standby SSO/NSF Subsecond convergence
Highly available networks ISSU xFSU Hot patching
Cisco StackWise Virtual Software upgrade

GIR HSRP/VRRP Instant fix
Mission-Critical Resiliency
Your business stops if the network is down

(Dual chassis w/ StackWise Virtual)
Cost of only one hour of

downtime to an average Catalyst 9400 Series
enterprise > $300,000**

** Based on industry reports from Gartner and ITIC
Architecture Operating system Platform
In-Service Software Upgrade (ISSU) Hot Patching (SMU) Redundant Supervisors

• Upgrade software with minimal • No downtime for critical fixes (no reboot) • Modular Switches with NSF/SSO
or no traffic loss Graceful Insertion/Removal • SWV Quad-SUP RPR New
StackWise® Virtual • No downtime when device in maintenance Redundant Fan & Power Supplies
New
• Virtualized redundant system for xFSU on C9300/L Standalone • In case of any hardware failure
simplified configuration & protocols
• < 30 sec traffic downtime - Standalone upgrade
Eliminate downtime with high availability designed at every level

High Availability in Campus
SSO/NSF
Active
Active
SSO SSO NSF
SSO
Standby aware/capable
Standby
Stateful switchover (SSO)
SSO-aware applications
FIB, ACLs, 802.1X Cisco Catalyst StackWise Virtual Cisco Catalyst
Non-Stop Forwarding
PAgP / LACP 9500 Series 9500 Series (NSF) or Graceful Restart
…and more SSO
Active Standby OSPF, BGP, LDP, etc.
SSO-compliant applications
Routing protocols,
NetFlow, etc.
NSF
aware/capable
Active Active
Active Sup StackWise-480/320/160/80
SSO SSO
Standby Sup Standby Standby
Cisco Catalyst 9400 Series Cisco Catalyst 9300 or 9200 Series
Catalyst 9600 StackWise Virtual
Quad SUP RPR
IOSXE 17.2.1
SSO
StackWise-A StackWise-S ICS StackWise-A

RPR ICS ICS ICS
StackWise-S
Chassis-1 Chassis-2 Chassis-1 Chassis-2
• Active supervisor in chassis-2 become StackWise Active RPR: Route Processor Redundancy
SSO: Stateful Switchover
• Warm standby supervisor in chassis-1 continue the boot process StackWise-A: StackWise Virtual Active
StackWise-S: StackWise Virtual Standby
• Become StackWise standby while the line cards in chassis-1 reset ICS: In-chassis Warm Standby
139
StackWise-480/320 and high availability
A
Centralized control plane
S
Distributed data plane

Up to
12 members
1+1 stateful redundancy

with active and standby
SSO/NSF
StackWise-480
StackWise-160/80 with Stateful Switchover (SSO)
Up to 8-
member stack
• StackWise-160 supported on all modular Cisco Catalyst 9200 Series switching models
• StackWise-80 supported on all fixed Cisco Catalyst 9200 Series switching models
• Same Cisco IOS XE and license required on all members
*Mixed stacking not supported between StackWise-160 and StackWise-80
Catalyst 9000 - In-Service Software Upgrade
Dual supervisor ISSU
3-step process
• Install add file <tftp/ftp/flash/disk:*.bin>
• Install activate issu
• Install commit
Granular control on the upgrade
with ability to roll back
1-step process
• Install add file <tftp/ftp/flash/disk:*.bin> activate issu commit
Single command to perform

complete ISSU
Catalyst 9000 - Extended Fast Software Upgrade
Regular upgrade vs. Extended Fast Software Upgrade (xFSU)
Extended fast software upgrade
#Install add file image activate commit #Install add file image activate reloadfast commit
< 30 seconds of
Control Contrtraffic
ol pimpact
p
Data plalane Data plalane
ne ne
Traffic is impacted throughout the upgrade cycle
Supported only on Cisco Catalyst 9300 Series standalone
Layer 2 and 3 Topology with GIR Maintenance
9300#start maintenance
Template default will be applied.
Do you want to continue?[confirm]
*Mar 25 17:43:20.162: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance Isolate
start for router isis 1
*Mar 25 17:43:50.213: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance Isolate
complete for router isis 1
*Mar 25 17:43:50.213: MMODE-6-MMODE_CLIENT_TRANSITION
%_START: Maintenance Isolate start for shutdown l2
*Mar 25 17:44:20.214: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance Isolate Set-overload-bit IS-IS
complete for shutdown l2 Set-overload-bit
*Mar 25 17:44:20.214: %MMODE-6-MMODE_ISOLATED: System Set-overload-bit
is in Maintenance
Order for maintenance:

EGP -> IGPs in parallel (ISIS) -> L2
SMU Patching
Software Maintenance Upgrade (SMU) is an Cold patching:

emergency point fix positioned for expedited Install of an SMU will require a system reload
delivery to a customer in case of a network down or Hot patching:
revenue-affecting scenario Install of an SMU will not require a system reload
• Quick (able to deliver point fixes much faster than possible in Cisco IOS)
• Effective (does not require a monolithic code upgrade)
• Focused (targets the specific area of code that has the issue)
Catalyst 9000
Quality of Service
QoS Features in Catalyst 9000
QoS Features
• Trust/Conditional Trust
• Classify Traffic
• Police Traffic
• Remark/Conditional Remark
Queuing Features
• Prioritize strict traffic (PQ)
• Schedule traffic based on weight (WRR)
• Shape the traffic rate (SRR)
• Manage Congestion (WRED/WTD)
• Dynamic buffers for traffic bursts (DTS)
Catalyst 9000 QoS
QoS Highlights
1P7Q3T or 8 Queues 8 Queues per

MQC
2P6Q3T per Port Port
Trust HQoS No DBL Buffer

By Default 2-Level WRED 8MB – 36MB
Depends on the ASIC
Catalyst 9000 QoS
Buffer Size Comparison
UADP2.0 UADP2.0XL UADP3.0
5 MB Egress
10 MB Egress 27 MB Egress
0.75 MB
FIFO
0.5 MB 1 MB – 1.75 MB
– 1 MB Stack
Ingress 1.5 MB 5 MB
per Core 8 MB
per ASIC 8+8 MB FIFO FIFO
1.5MB – 3.5 2.6 MB
0.4MB- MB Stack 1.4
1.5 MB Stack
UADP2.0 Mini
Ingress
Ingress
3.4 MB Egress
0.6 MB per Core16 MB

FIFO
per ASIC 16 + 16 MB per Core 36 MB
0.5 MB 0.75 MB – 1 MB
– 1 MB Stack per ASIC 36 MB
Ingress
per ASIC 6 MB
Catalyst 9000 QoS
Conditional
Conditional
Policing Marking
Marking
Trust Classification
Unconditional
Unconditional
Marking
Marking
Conditional
Marking Policing
Scheduler
8q3t PQ1
Classification PQ or Q
1p7q3t
PQ2
2p6q3t
Unconditional
Unconditional Q3
Marking
Marking WTD
Q4 or
WTD WRED
Q5 or
WRED
Q6
Q7
Q7
Catalyst 9000 QoS
Dynamic Threshold Scalability (DTS)
• Shared buffer is best for
Switch
burst absorption
Unused
Unused
Dynamic Shared Pool (DTS)
• Dedicated buffer is best for
Unused
predictable performance
Unused
Unused
Unused
(for each port)
• Buffer management is flexible:

Dedicated + Shared
Unused
Unused
• Configurable dedicated threshold
Unused
Unused
per-port/queue
Unused
Unused
Unused
Unused
• Configurable global maximum
shared threshold
• Automatic adjusts depends
Port 1 Port 2 Port N on the available shared pool
Catalyst 9000 QoS
DTS – Dynamic Fair Buffer Sharing
Maximum buffer per
queue (Configurable) • SoftMin – Minimum shared buffer given to a port
• SoftMax – Maximum shared buffer a port can request

SoftMax
from shared pool
Buffer Threshold
• Port Soft Start – Moment when the SoftMax starts to

reduce in steps
Maximum
Burst • Port Soft End - Moment when SoftMin & SoftMax
absorption
available are equal
SoftMin
Dedicated for fairness
Shared Buffer Utilization

75% 100%
Port Soft Start Port Soft End
Catalyst 9000 QoS - TCAM Resources
TCAM Resources UADP 3.0 UADP 2.0 XL UADP 2.0 UADP 2.0 Mini
Class-maps (Ingress) per policy 256 256 256 256
Class-maps (egress) per policy 256 256 256 256
Policers (Ingress) per policy 63 63 63 63
Policers (engress) per policy 63 63 63 63
Total Policy-maps per switch 1599 1599 1599 1599
Aggregate Policers 1R2C per Core 4096 4096 4096 2048
Aggregate Policers 2R3C per Core 2048 2048 2048 1024
Table-maps (ingress) 16 16 16 16
Table-maps (egress) 16 16 16 16
Markdown table (exceed action) 8 8 8 8
Markdown table (Violate action) 8 8 8 8
Egress Queues per port 8 8 8 8
Buffer (MB) per Core 36 16 8 6
Buffer (MB) per ASIC 36 32 16 6
QoS ACLs per Core (IPv4) 16000 18000 5000 1000
QoS ACLs per Core (IPv6) 8000 9000 2500 500
QoS ACLs per Core per Direction 8000 18000 5000 1000
VCU (ingress) 192 192 192 192
VCU (egress) 96 96 96 96
Ingress Forwarding & QoS
UADP 2.0 / 2.0 XL / Mini
Stack Interface
5 4 SQS AQM
Q PBC – Packet Buffers Complex
IQS Ingress Pipeline Egress Pipeline Q Q
1. Received, processed by MACSec and 3 IGR Flex Parser EQS
into FIFO
Lookup Lookup Lookup Lookup
Table Table Table Table
Stage
Stage #15
#15 Stage
Stage #1
#1
2. A copy to buffer and a copy to IFC
Flexible
Ingress Forwarding Egress Forwarding
Stage
Stage #2
Stage
Stage #..
#.. Look up #2
Controller XF XF ControllerStage #..
3. Goes through IFC, result descriptor Stage
Stage #..
#.. XF Lookup
Table
Lookup
Table
Tables
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table XF Stage #..
send to PBC (IFC) C
C C
C (EFC) Stage #..
Stage #2
Stage #2 Stage #..
* Classify based on Original Packet Lookup
Table
Lookup
Table
Lookup
Table
(shared
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
(shared Stage
* Ingress Policer Stage Stage #8
#8
Stage #1
#1 across
across cores)
cores)
* Conditional mark Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
* Unconditional mark Flex Parser EGR

2 ReWrite
4. Descriptor has remote destination, PBC Engine
sends the info to IQS Encryption Recirculation
Engine Engine
5. IQS schedule PBC to send the
packet with descriptor to Stack Egress
Interface Ingress FIFO
FIFO
1
MACSEC
MACSEC MACSEC
MACSEC
Network Interfaces
Egress Forwarding & QoS
6
Stack Interface
SQS AQM
IGR Flex Parser EQS 7
Stage
Stage #15
#15 Stage
Stage #1
#1
Flexible 6. PBC received the frame and sends
the info to EQS

Stage
Stage #2
Stage
Stage #..
#.. Look up #2
Stage
Stage #..
#.. XF Lookup
Table
Lookup
Table
Tables
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table XF Stage #.. 7. SQS provided Scheduling from the
(IFC) C
C C
C (EFC) Stage #.. Stack. AQM applies Egress
Stage #2
Stage #2 Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Stage #.. Scheduling.
(shared
(shared Stage
Stage Stage #8
#8
Stage #1
#1 across cores)
across cores)
ReWrite
EGR8
8. EFC sends results to ReWrite
Flex Parser Engine * Classify based on Ingress

QoS Result and Original packet
* Egress Policer
Encryption Recirculation * Conditional mark
Engine Engine 9 * Unconditional mark
Ingress
FIFO 9. Rewrite the packet and send
Egress out though the egress FIFO
FIFO
MACSEC
MACSEC MACSEC
MACSEC
Network Interfaces
Ingress & Egress Forwarding & QoS
UADP 3.0 – In same ASIC
Backplane 800 Gbps
SQS AQM
Unified Packet Buffer Complex(PBC)
Q Q EQS Q
IQS EQC ESM
Flexible
Ingress Forwarding lookup Egress Forwarding Step 10. EFC performs
Step 1: Packet arrives Step 8:
10.PBCEFCrewrites
performs
at
Step
Step
Step
at
Step
6:
ingress
3:
ingress
3:
PBC
6: MACsec
PBC
port,
MACsec
port,
uses
uses
PHY
the
the
engine
PHY
engine
Controller tables Controller Step
Step
egress
Step
Step
Step9.
Step
egress
Step
packet
11.
7.
12.
9.
11.
7. lookup
12.EFC
EQS
Rewrite
MACsec
lookup
EFC
EQS snoops
Rewrite
with
–– functions
MACsec replication,
snoops
new
engine
engine
packet
functions to
replication,
engine
engine
packet
frame to
Step
frame
Step 5:
2:descriptor
IFC
Network
returns
to
interface
lookup between
rewrites
learn
scheduling,
encrypts
SRC packets
PBC
packet
MAC,
and andqueue
queue
and
prior
egress
rewrite
sends
to
converts
decrypts
Step
converts
decrypts
Step
result
result
4: IFC
the
CTS
4:(frame
determine
passes
determine
passes
IFC
the
CTS
packet
(frame
packet
snoops
signal
packet
snoops
signal
the
the
and
packetpacket
andand
packet
and
descriptor)
to
egress
ingress
port.
descriptor)
to
egress
ingress to
port.
to
(IFC) (EFC) between
rewrites
learn
scheduling,
encrypts
SRC packets
PBC
packet
MAC,
and and and
prior
egress
rewrite
descriptor, reassembles and sends
to
serializes
passes
between unencrypted
FIFO
the bits,
andand
PBC.
packet
then (shared
(shared engine.
through
SPAN,
management.
placingetc.
enqueues the
itthe
on
and
egress
NIF.
sends
frame. FIFO.
PBC.
Egress
MACsec
PBC.
Egress
MACsec onengine.
on engine.
same ASIC,
same ASIC, soso enqueues
results to the frame.
rewrite engine.
ittosends
ingress to FIFO.
network
result to moved to EQS. Core 1 across
across Core 1
interface ports. cores*)
cores*)
Rewrite engine

engine engine
Network interfaces – front panel port
Catalyst 9000
Multicast
Catalyst 9000 Multicast
Multicast Highlights
Performance Internet
Data
Branch
Center
• High L2 and L3 multicast throughput
• Low latency (average ~5us for IMIX)
Flexible Scalability
• Different SDM templates allow reallocating
Multicast routes & IGMP snooping groups
Optimized Replication L3 L3
L2 L2
• Replications are done at the egress stage
• Single copy in buffer memory, during replication
Enhanced Features
• IP-Based forwarding for IGMP snooping
• IGMPv3 snooping explicit host tracking
Multicast Highlights
IPv4 multicast IPv6 multicast

Data
Internet Branch
Center
• PIM-SM, SSM, and Bidir
• PIM-SM and SSM
• AutoRP, BSR RP, MSDP
• IPv6 BSR RP
• MVPN, Multicast VRF-Lite Core • IPv6 embedded RP
Core
• Multicast load splitting
• IPv6 multicast HA
• IPv4 multicast HA
• Dual-stack IPv4 / IPv6 • Dual-stack IPv4 / IPv6

• PIM-SM, SSM and Bidir • PIM-SM and SSM
• IGMPv2,v3 snooping • MLDv1,v2 snooping
• Stub multicast routing Distribution L3 L3 • HW register and RPF Distribution
• PIM BFD • HSRP-aware PIM
L2 L2
• IPv4 multicast HA • IPv6 multicast HA
• IGMP v1,v2,v3 snooping • MLD v1,v2 snooping

• IPv4 multicast QoS & ACL Access • IPv6 multicast QoS & ACL Access
• IGMP v1,v2 filtering • MLD v1,v2 filtering
Catalyst 9000 - Multicast Scale
Feature/Product Catalyst 9200 Catalyst 9300 Catalyst 9400 Catalyst 9500 Catalyst 9500 Catalyst 9600
High-Performance
PIM Neighbors 500 500 500 500 500 500
Mcast Groups (IGMP) 1k 8k 16k 16k 16k 16k
Mroutes (S,G) 1k 8k 16k 16k 32K 32K
Mcast Groups (MLD) 1k 8k 16k 16k 16k 16k
OIFs per group 250 250 250 250 250 250
IPv6 mroutes 512 4k 8k 8k 32K 32K
GRE mroutes (P2P) NA 4k 4k 4k 32K 32K
*The numbers are with the default template when multiple templates are supported.
Multicast – Egress Remote on Input
5 Stack Interface
4
SQS AQM
1. Received, processed by 3 IGR Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Flex Parser EQS
MACSec and into FIFO
Stage
Stage #15
#15 Stage
Stage #1
#1
Flexible
2. A copy to buffer and a copy to

Stage
Stage #2
Stage
Stage #..
#.. Look up #2
IFC Controller XF XF ControllerStage
Stage XF Tables XF #..
Stage #..
Stage #..
#..
3. Goes through IFC, result (IFC) C

C C
C (EFC) Stage #..
Stage #2
Stage #2 Stage #..
descriptor send to PBC Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
(shared
(shared Stage
Stage Stage #8
#8
Stage #1
#1 across
across cores)
cores)
4. Descriptor has remote Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
destination, PBC sends the info to Flex Parser EGR

IQS 2 ReWrite
Engine
5. IQS schedule PBC to send the Encryption Recirculation
packet with descriptor to Stack Engine Engine
Interface Ingress
Egress
FIFO
FIFO
1
MACSEC
MACSEC MACSEC
MACSEC
Network Interfaces
© 2019-2020 Cisco and/or its affiliates. All rights reserved. Cisco Informational Descriptor can contain both local and remote destinations
Multicast – Egress Remote Output Replication done on egress =>
UADP 2.0 / 2.0 XL / Mini Efficient use of BW
Stack Interface
6
SQS AQM
IGR Flex Parser EQS 7
Stage
Stage #15
#15 Stage
Stage #1
#1 6. PBC received the frame and
Flexible
sends the info to EQS

Stage
Stage #2
Stage
Stage #..
#.. Look up #2
Stage
Stage #..
#.. XF Lookup
Table
Lookup
Table
Tables
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table
Lookup
Table XF Stage #.. 7. AQM within EQS generate the
(IFC) C
C C
C (EFC) Stage #.. list of egress ports based on
Stage #2
Stage #2 Stage #..
descriptor, schedule for each
(shared
(shared Stage
Stage Stage #8
#8 egress port
Stage #1
#1 across cores)
across cores)
EGR8
Flex Parser
8. For each egress port, frame
ReWrite
goes though the EFC, Rewrite and
Engine
Encryption Recirculation Egress FIFO
Engine Engine
Ingress
Egress
FIFO
FIFO
MACSEC
MACSEC MACSEC
MACSEC
Network Interfaces
Multicast - Ingress & Egress Single copy of packet in
UADP 3.0 – In same ASIC buffer memory during
replication
Backplane 800 Gbps
SQS AQM
Unified PBC (shared buffer)
Q Q EQS Q
IQS EQC ESM
Step
Step 1:
1:3:Packet
Packet arrives
arrives at
at Ingress Forwarding Flexible Egress Forwarding
Step
Step MACsec
3:port,
MACsec engine
engine Step
Step 6:
6: AQM
AQM within
within EQS
EQS generates
generates
ingress
Step
ingress
Step 2: Network
port,
2: PHY
Network
PHY converts
interface
converts
interfacethe
and the lookup
decrypts
Step 4:
decrypts
Step
signal
passes
signal
4: CTS
and
passes
and
CTS
IFC snoops
IFC
packet
packet
snoops
packetpacket
packet
serializes
serializes
FIFO to
packet
and
to ingress
the bits,
bits, and
andingress
the and Controller Controller the
the list
list of
of egress
egress ports
ports based
based on
on
passes
between
passes
between
then
MACsec
it
unencrypted
unencrypted
it sends
FIFO
engine
to and
to network
packet
PBC
packet
PBC
network interface
to
to tables descriptor,
descriptor, schedule
schedule for
for each
each egress
egress
then
MACsec
ingress
ingress
ports
ports
sends
FIFO
FIFO
engine interface
(IFC) (EFC) port.
port.
(shared
(shared
Core 1 across
across cores)
cores)
Core 1
Step
Step 5:
5: IFC
IFC returns
returns lookup
lookup result
result
(frame
(frame descriptor)
descriptor)
to
to PBC
PBC Rewrite engine

engine engine
Network interfaces – front panel ports – slice
Catalyst 9000
Security
Catalyst 9000 Security
Feature Highlights
• SPAN/ERSPAN
Visibility • Security NetFlow &
Encrypted Traffic Analytics (ETA)
Consistently delivered
throughout the
Cisco® Catalyst® 9000 family
• Highest level of Macro
and Micro-Segmentation
Segmentation with Cisco SD-Access
• Multi-domain policy integration
• MACsec 256-bit encryption

Threat • Trustworthy solutions
Defense
• Umbrella Integration
177
Cisco Catalyst 9000 Security
Four types of Security ACLs
Router ACL (RACL) VLAN ACL (VACL) Port ACL (PACL) Security group ACL (SG ACL)
Used to permit or deny the Used to permit or deny the

Used to permit or deny the Used to permit or deny the
movement of traffic between movement of traffic between
movement of traffic between movement of traffic based on the
Layer 3 subnets and VLANs or Layer 3 subnets and VLANs or
Layer 3 subnets SGTs that are assigned
within a VLAN within a VLAN
Applied as an input or output Applied as a policy to a Layer 2

Applied as a policy to a VLAN; is Applied as a policy to a Layer 2
policy to a Layer 3 interface, switch port interface or
inherently applied to both switch port interface; is applied to
SVI, or Layer 3 EtherChannel EtherChannel interface; is
inbound and outbound traffic inbound traffic only
interface applied to inbound traffic only
Standard/extended/ Standard/extended/
Standard/extended ACLs Standard/extended ACLs
MAC ACLs MAC ACLs
Platform Trustworthy Solutions
Design/ Plan/ Service/End

Source Make Quality Delivery
Develop Order of Life (EOL)
PnP SUDI Physical security practices + security technology innovations + logical security processes
Secure boot
support Boot sequence check
Two-way trust
Integrity
Image signing
Authentic OS
verification
Malware protection
Hardware
Runtime defenses
authenticity 64-bit ASLR
Genuine hardware
Cisco® trustworthy systems use industry best practices to help ensure full development lifecycle integrity and end-to-end security
180
Cisco DNA & SD-Access
DNA Center
Automated
Network Fabric
Policy Automation Analytics
Single Fabric for Wired & Wireless
with simple Automation
B B
C
Outside
Identity-Based
Policy & Segmentation
Decouples Security & QoS
from VLAN and IP Address
Insights &
SDA Telemetry
Extension User Mobility
Analytics and Insights into
Policy stays with User
User and Application behavior
IoT Network Employee Network
Cisco Umbrella Native Connector
Available on Catalyst 9000 Series Switches
C9200: IOS-XE 16.12
C9300: IOS-XE 17.1
Branch Office
INTERNET
DNS Umbrell MALWARE
Catalyst 9000 a
Guest Native connector on
Catalyst 9000 forwards
DNS
DNS queries to OpenDNS
cloud
IOS-XE
16.12
IOS-XE
Employees 17.1
Encrypted Traffic Analytics (ETA)
Cisco StealthWatch® Cognitive learning
Cognitive Threat Analytics Engine

Benign records
Flexible NetFlow Malware records

with new extensions
Encrypted
Traffic Analytics
Cisco Catalyst 9000 Series 99%+ accuracy
* Cisco Catalyst 9200 Series does not support ETA
Media Access Control Security (MACsec 256)
Available on Cisco Catalyst 9000 Series Switches
Enhanced security with AES 256-bit Benefits

MACsec encrypted data plane
Complete access security
1 2 3
Complete cross-platform alignment
Extended packet Standard MKA key exchange “AES-256” keys with uplink/downlink support
numbering (802.1ae) Stronger security
Encrypt Encrypt Encrypt

Protection against “Inside threats”
MACsec MACsec MACsec
Securing campus infrastructure
Downlink Uplink Downlink
Decrypt Decrypt Decrypt Hop-by-hop Ethernet encryption

Cisco Catalyst Cisco Catalyst Cisco Catalyst 9400 Cisco Catalyst Cisco Catalyst Line-rate performance on all ports
9200 Series 9300 Series Series 9500 Series 9600 Series
Switch to Supported (128- Supported Supported Supported Supported

switch bit) (128-bit, 256-bit) (128-bit, 256-bit) (128-bit, 256-bit) (128-bit, 256-bit)
256-bit MACsec – Network Advantage
Switch to Supported (128- Supported Supported Supported Supported
host bit) (128-bit, 256-bit) (128-bit, 256-bit) (128-bit, 256-bit) (128-bit, 256-bit)
128-bit MACsec – Network Essentials
187
Catalyst 9000 Security - MACsec in Hardware
UADP 2.0/3.0/Mini ASIC
Stack Interface
PBC – Buffers Complex (Core 0)
PBC – Buffers Complex (Core 1)
IGR Flex Parser
Core 1 Core 1
Looku Looku Looku Looku

Ingress Pipeline Looku
p Looku
p Looku
p Looku
p Egress Pipeline
p
Table p
Table p
Table p
Table
Stage Stage
Flexible
Stage Stage
#15 #1
#15 Looku Looku Looku Looku
#1
Ingress
Ingress Forwarding
Ingress Forwarding
p p p p
Forwarding Ingress Forwarding

p
Table p
Table p
Table p
Table
Egress
Egress Forwarding
Forwarding Egress
Egress Forwarding
Forwarding
Look up
Stage Table Table Table Table Stage
Stage Stage
#.. #2
Controller
Controller
#..
Controller
Controller Controller
Controller
#2
Controller
Controller
XF XF
Tables
(IFC)
(IFC)
Stage
Stage
#.. (IFC)
(IFC) XF Looku
p
p
Table
Looku
p
p
Table
Looku
p
p
Table
Looku
p
p
Table XF (EFC)
(EFC)
Stage
Stage
#.. (EFC)
(EFC)
#..
C
C
C
C
#..
Stage Stage
Stage Stage
Core
Core 0
0
#2
#2 Core
Core 1
1
Looku
Looku
p
p
Looku
Looku
p
p
Looku
Looku
p
p
Looku
Looku
p
p Core
Core 11
#..
#.. Core
Core 00
(Shared
Table Table
(Shared
Table Table
Table
Table
Table
Table
Stage Stage
Stage
#1
#1 Across
Across Cores)
Cores)
Stage
#8
#8
Looku
p Looku
p Looku
p Looku
p
p
Table p
Table p
Table p
Table
Flex Parser EGR
Rewrite
Rewrite Block Rewrite
Block Rewrite Block
Block
FIFO
FIFO
FIFO
FIFO FIFO
FIFO FIFO
FIFO Hardware
Encrypt & Decrypt
MACsec
MACsec MACsec
MACsec
Modules
MACsec
MACsec Network Interfaces (Core 1) MACsec
MACsec
Network Interfaces (Core 0)
188
Catalyst 9000
Unique Innovations
Evolution of PoE
Cisco UPOE+ standardization Growing ecosystem

Cisco UPOE powered
802.1AC compact switches
access points
VoIP phones
USB-C dongle Touchscreen PoE displays
PCs UHD IP Network- HVAC VAVs
90W cameras powered light
60W UPOE+
UPOE Badge
30W readers
IEEE 802.3bt
PoE+
15W
PoE
2018
2011 UPOE powered Nurse call CBRS
Environmental Biometric People-counting
compact switches systems private LTE sensor hubs door locks sensors
2009
2003
IT OT
IEEE standardization expands the PoE ecosystem
• IEEE 802.3bt complements Cisco UPOE+ by adding four new classes of devices
• Safety measures help ensure that up to 90W of power is safely delivered
Cisco innovations in PoE
Deliver a robust low-voltage infrastructure
2-event classification Perpetual PoE Fast PoE
• Fast power negotiation • Uninterrupted PoE • Bypasses Cisco IOS control

without LLDP power during control plane plane boot
• Physical layer negotiation reboot • Restores power to PD
< 1 second within 30 seconds of power
resumption
Cisco Catalyst 9400 Series does not support Fast/Perpetual PoE
Cisco Catalyst 9000 augments Cisco’s leadership in IoT
IBN expands IoT endpoints with security, visibility, scale, and cloud tethering
New Cisco and partner

802.3bt cloud services for
Type 4 control
90W Cisco UPOE+
UPOE+
(low voltage) New
devices
30- to 60-watt devices
Sensor Wall Network- PTZ UHD Large HVAC

(light, motion, switch powered cameras video VAVs
CO2/CO, etc.) light arrays displays
Connect Classify Policy Integrate

• Extended connectivity with • Device classification and profiling • Virtual networks and segmentation of • “Thing” connectivity management
SD-Access Extended node solutions with ISE IoT from IT with SD-Access with cloud IoT services
• CoAP to access lights and other • Emerging standards support for access • Scalable group-based policies • Container-hosted cloud-tethered
sensors for lighting control control (ex: Manufacturer Usage applications on open Cisco IOS
Description [MUD]) XE Software
End-to-end solution managed by central IT team that lowers TCO
Audio Video Bridging (IEEE 802.1BA)
Fewer cables and a transparent collaboration experience
Digital AV network Media on AVB over

Traditional AV network
(Dante, Cobranet, AVB) Cisco hardware
Quality of experience Scalability Lower TCO

• Improved time-synchronized audio/video • Allows device interoperability • Lower cost and complexity
(latency <2 milliseconds) (60% CapEx and 35% OpEx savings) over 5
• Eliminates proprietary networks
years*
• Standard QoS to simplify and automate
• Increases flexibility to add new
switch configuration • Added functionality and control
media applications
• Ability to scale with higher • No proprietary license fee per endpoint
bandwidth (1G/10G)
AVB not supported on Cisco Catalyst 9400 and 9300 Series in StackWise-480
*Source: Axon and Axis report.
Cisco Catalyst 9000 family
Programmability and automation
B
Open Open
ZTP
bootloader config
PnP
YANG
Device bootstrap and Configuration Server management

onboarding automation through tools on
open interfaces x86 infrastructure
Cisco Catalyst 9000 family offers a complete DevOps toolkit
Model-Driven Telemetry
Export enriched, consistent, and concise data with context

from network devices for a better user and operator experience
Periodic or on-change Structured data Scalable Reduced CPU load
Continue your IBN journey
Application Hosting
Innovate faster Rich ecosystem of apps Scalable deployment

Off the shelf Take your pick Get set, go
Cisco DNA Center
Bring your own app Extensive ecosystem Orchestration
Reduce TCO and minimize OpEx

Choose Cisco DNA Advantage license
Optics
25GE - A Better Alternative
Provides seamless migration path from 10GE
Catalyst 9500 Catalyst 9400 Catalyst 9300 Cisco 25G Optics
C9500-48Y4C
C9500-24Y4C C9400-SUP1XL-25G* C9300-NM-2Y 10/25G CSR/LR*
Reduced Capex through reuse of existing cabling

Single Lan serial optics providing port densities similar to 10G Switches
Gradual Migration options with support of Dual Rate Optics
Reduced OpEx through savings in power and cooling
* - Roadmap
Seamless backbone speed migration enabling any speed, any distance
25G 40G 100G

• SR/CSR/LR/ER/ZR SFP • SR/CSR/LR/ER/ZR/BiDi QSFP • SR/LR/ER QSFP
• 10G/25G multi-rate optics • 1G/10G multi-rate optics • 40G/100G multi-rate optics
Drive speed migration • 10/25G-CSR (4x distance) (with QSA adapter)
• 1/0/25G-LR-S (10km on SMF) • 4x 10G breakouts* • 4x 10G, 4x 25G breakouts*
10G/1G Baseline 10G/1G* support for legacy/traditional deployments
Flexible
deployment
Fiber infrastructure Diverse deployment
1G to 100G
investment protection options
* Roadmap
www.cisco.com/c/en/us/products/interfaces-modules/transceiver-modules/
Multimode fiber, parallel
Cisco QSFP28 100G transceivers Single-mode fiber, dual

Single-mode fiber, parallel
Cables
100G-CR4
IEEE compliant
<5 m copper
4x SFP28 breakout
IEEE compliant (25G)
<5 m copper
100G AOC
IEEE compatible(100G)
<30 m active optical
IEEE compliant 100G SR4 12 fiber MPO, MMF

100 m on MMF (OM4)
IEEE compliant
100G LR4
10 km on SMF
100G PSM4 12 fiber MPO, SMF

MSA compliant
500 m on SMF
100G CWDM4 2 fiber LC, SMF
MSA compliant
2 km on SMF
5m 30 m 100 m 500 m 2 km 10 km 25 km 40 km 80 km
Cisco 100G optics
Support for 100G optics (QSFP28)
500 m to
100 m, MMF 10 km, SMF 2 km, SMF
SR4 QSFP28 LR4 QSFP28 SM-SR QSFP28
CWDM QSFP28
1, 2, 3, 5, 7, 10, 15
1, 2, 3, 5 m, copper
20, 25, 30 m, optical
CU QSFP28 AOC QSFP28
Built-in cable/optics
Built-in cable/optics
Cisco QSFP+ 40G transceivers Multimode fiber, duplex

Single-mode fiber, dual
Cables
4x10G breakout CR4(AC)

<10 m active optical
4x SFP+ breakout (1.5W)
IEEE compliant (10G) <5 m copper
40G AOC (1.5W)
IEEE <30 m active optical
compliant
40G CU (1.5W)
IEEE <5 m copper
compliant
40G SR4/ SR4/SR4-S (1.5W) 12 fiber MPO (parallel fiber), MMF
IEEE compliant 150 m on MMF (OM4)
IEEE compliant
40G CSR4 (1.5W) 12 fiber MPO (parallel fiber), MMF
400 m on MMF (OM4)
IEEE compliant
40G SR Bidir (3.5W) Duplex fiber LC, MMF
150 m on MMF (OM4)
IEEE compliant 40G LR4 (3.5W) Duplex fiber LC, SMF
10 km on SMF
IEEE compatible
40G LR4 Lite (3.5W) Duplex fiber LC, SMF
2 km on SMF
IEEE compatible
40G ER4 (3.5W) Duplex fiber LC, SMF
40 km on SMF
5m 30 m 100 m 300 m 2 km 10 km 40 km
Cisco 40G optics
Support for 40G optics
150 m,
100 m, MMF 10 km, SMF 40 km, SMF MMF
SR4 QSFP+ LR4 QSFP+ ER4 QSFP+ BD
QSFP+
2 km, SMF 10 m,
10 m, copper
WSP- AOC optical QSA
CU/AC/AOC 4X10G
Q40GLR4L ADAPTER
QSF+S CU/AC
QSFP+
20
Cisco SFP28 25G transceivers Single-mode fiber, dual

Cables
IEEE compliant <5 m copper (1W)
IEEE compliant
25G AOC (1W)
1 to <10 m active optical
25G SR (1.5W)
IEEE compliant 70 m on MMF (OM3) Duplex fiber, MMF
100 m on MMF (OM4)
10/25G CSR (1.5W)
Cisco® proprietary 300 m* on MMF (OM3) Duplex fiber, MMF
400 m* on MMF (OM4)
MSA compliant
10/25G LR (1.5W) Duplex fiber LC, SMF
10 km on SMF
* Depends on fiber quality 5m 30 m 100 m 500 m 2 km 10 km 25 km 40 km 80 km
Cisco 25G optics
Support for 25G optics
300 m/400 m, MMF 10 km, SMF

100 m, MMF
10/25G CSR 10/25G LR
SR SFP28
SFP28 SFP28
10 m fiber 10 m, copper
AOC cables CU cables
Catalyst 9000
Summary
Cisco Catalyst 9000 Family
Scalability, Reliability, Security across the network
Access points Access switches Core/Distr. switches Wireless controllers

Cisco Catalyst Cisco Catalyst Cisco Catalyst Cisco Catalyst
9100 APs 9200/9300/9400 Series 9500/9600 Series 9800 Series
mGig & 25G,

1G
UPOE
10 G
40G
4040G,
G
100G
The Full Experience, End to End
Built for Intent-Based Networking Automation Security Analytics
Cisco Catalyst 9000 Catalyst 9K continues to be the fastest
ramping product in the company's history”
The Fastest Ramping Product!
- Chuck Robbins, CEO Cisco Systems
Security
Catalyst 9000 platform Programmable IoT

shipping since June 21, 2017
30,000+ Customers Cloud Mobility

…and growing!
The Channelco® The Channelco®
CRN ®
CRN® Design Licensing
Products of Products of
the Year the Year
2017 2018
Cisco UADP Open IOS XE
2X Winner Overall Product of the Year
Would you like to know more?
FREE
• cisco.com/go/cat9K
• Cisco Catalyst 9000 At-a-Glance
• Cisco Catalyst 9000 Family FAQ
• Catalyst 9000 Series - Cisco Community
• Catalyst 9000 Series – CiscoLive Library
cs.co/cat9kbook

Cisco Catalyst 9000 Series Technical Overview: Product Marketing March 2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Catalyst 9000 Series Technical Overview: Product Marketing March 2020

Uploaded by

Copyright:

Available Formats

Cisco Catalyst 9000 Series

Agenda • Catalyst 9200 Series

Catalyst Catalyst Catalyst Catalyst Catalyst Catalyst

Access Switching Core Switching

Programmable x86 Open & Extensible Unified Access Data Plane

Cisco Application Framework (CAF)

Docker Docker Docker Docker

IOS Control Plane CAF / IOX Cisco IOS subsystems

Common Infrastructure & HA

Open, Model Driven & Secure Operating System

Flexible & Programmable ASIC – Adapts to New Technologies

Flex Parser & Multiple

Enhanced scale and buffering

384,000 flex Shared Up to 240G Up to 2X to 4X

Embedded CPUs Up to 32 MB Up to 64,000 x2

Ingress Forwarding Look up Egress Forwarding

Ingress FIFO Egress FIFO

MACsec Encryption Recirculation MACsec

Network Interfaces - Front Panel Ports

UADP 3.0 Customizable 36 MB

19.2 Up to 1.6 TB 1G, 10G,

Ingress FIFO Egress FIFO

MACsec engine Encryption Recirculation MACsec engine

Network interfaces – front panel ports – slices

Enhanced scale and buffering

16,000 Flexible SDM templates

9200 9300 9400 9500 9600

1G max 48 + 4 48 + 8 96, 192, 384 + 8 48 + 8 192

mGIG max 12 48 + 4 48, 96, 192 -- 192

* Default SDM Template 9200 9300 9400

Stack/Slot Bandwidth 80G 160G 320G 480G 80G 240G

MAC Addresses * 16K 32K 32K 32K 64K 64K

IP Routes * 3K 4K 8K 8K 64K 64K

Power Over Ethernet 15,30W 15,30W 15,30,60W 15,30,60,90W 15,30,60,90W 15,30,60,90W

Precision Time Protocol Yes Yes Yes Yes -- --

App Hosting No No Yes Yes Yes Yes

* Default SDM Template 9500 9500(H) 9600

Stack/Slot Bandwidth 240G 1.6T 1.6T

MAC Addresses * 64K 82K 32K

IP Routes * 64K 114K 212K

Custom SDM Templates -- Yes Yes

Graceful Insertion & Removal Yes Yes Yes

Precision Time Protocol Yes Yes --

App Hosting Yes Yes Yes

MACsec Encryption 256-bit AES 256-bit AES 256-bit AES

Software Defined Access Yes Yes Yes

Leads the industry

25.6 Tbps Total Capacity

Ready for Cisco Catalyst 6500 and 6800 migration

Dual-serviceable 4 Line-Card slots

6.4 Tbps per slot

9.6 Tbps capacity 2.4 Tbps per slot

8 core X86 CPU

M.2 SATA SSD

C9600-LC-24C - 100G/40G (fiber)

C9600-LC-48YL - 25G/10G/1G (fiber)

C9600-LC-48TX - mGig (copper)

• All 24 ports are capable of 100G (QSFP28) OR 40G (QSFP+)

• All 48 ports support 25G/10G/1G (SFP28/SFP+/SFP)

* hardware capable of 10/100M

For collapsed-core copper deployments and connectivity to servers

• All 48 ports support 1G

Line Card Line Card Line Card • Passive Backplane