Cisco Catalyst WS-C2960X-48FPS-L Network Switch Managed L2/L3 Gigabit Ethernet (10/100/1000) Power over Ethernet (PoE) Black (WS-C2960X-48FPS-L)
Cisco Catalyst WS-C2960X-48FPS-L Network Switch Managed L2/L3 Gigabit Ethernet (10/100/1000) Power over Ethernet (PoE) Black
Cisco® Catalyst® 2960-X and 2960-XR
Cisco® Catalyst® 2960-X and 2960-XR Series Switches are fixed-configuration, stackable Gigabit Ethernet switches that provide enterprise-class access for campus and branch applications. They operate on Cisco IOS® Software and support simple device management as well as network management. The Cisco Catalyst 2960-X and 2960-XR Series provide easy device onboarding, configuration, monitoring, and troubleshooting. These fully managed switches can provide advanced Layer 2 and Layer 3 features as well as optional Power over Ethernet Plus (PoE+) power. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure, and energy-efficient business operations with intelligent services. The switches deliver enhanced application visibility, network reliability, and network resiliency.
Cisco Catalyst 2960-X and 2960-XR Series Switches provide a range of security features to limit access to the network and mitigate threats, including:
- MAC-based VLAN assignment, enabling different users to authenticate on different VLANs. This feature enables each user to have a different data VLAN on the same interface.
- Cisco TrustSec®, which uses Security Group Exchange Protocol (SXP) to simplify security and policy enforcement throughout the network. For more information about Cisco TrustSec security solutions, visit https://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/index.html.
- Comprehensive 802.1X features to control access to the network, including Flexible Authentication, 802.1X monitor mode, and RADIUS Change of Authorization.
- IPv6 First-Hop Security enhances Layer 2 and Layer 3 network access for proliferating IPv6 devices, especially BYOD devices. It protects against rogue router advertisements, address spoofing, fake Dynamic Host Configuration Protocol (DHCP) replies, and other risks introduced by IPv6 technology.
- Device sensor and device classifier, enabling seamless versatile device profiles, including BYOD devices. They also enable the Cisco Identity Services Engine (ISE) to provision identity-based security policies. This feature is available on both the 2960-X and 2960-XR Series switches.
- Cisco Trust Anchor Technology, enabling easy distribution of a single universal image for all models of the 2960-X and 2960-XR Series by verifying the authenticity of Cisco IOS Software images. This technology allows the switch to perform Cisco IOS integrity checks at boot-up by verifying the signature, verifying the trusted asset under management, and authenticating the license.
- Cisco Threat Defense features, including Port Security, Dynamic ARP Inspection (DAI), and IP Source Guard.
- Private VLANs that restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multiaccess-like segment. This feature is supported on both 2960-X and 2960-XR Series and is available in both LAN Base and IP Lite feature sets.
- Private VLAN Edge to provide security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic.
- Unicast Reverse Path Forwarding (uRPF) to help mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. This feature is available in the IP Lite feature set only.
- Multidomain Authentication to allow an IP phone and a PC to authenticate on the same switch port while being placed on appropriate voice and data VLANs.
- Access Control Lists (ACLs) for IPv6 and IPv4 for security and QoS ACL elements (ACEs).
- VLAN ACLs on all VLANs to prevent unauthorized data flows from being bridged within VLANs.
- Router ACLs that define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
- Port-based ACLs for Layer 2 interfaces to allow security policies to be applied on individual switch ports.
- Downloadable ACLs (dACLs) to download ACLs from a RADIUS server during 802.1X authentication.
- SSH, Kerberos, and SNMPv3, providing network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
- SPAN, with bidirectional data support, to allow Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
- TACACS+ and RADIUS authentication to facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
- MAC address Notification to notify administrators about users added to or removed from the network.
- Multilevel security on console access to prevent unauthorized users from altering the switch configuration.
- BPDU Guard to shut down Spanning-Tree Port Fast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
- Spanning Tree Root Guard (STRG) to prevent edge devices that are not in the network administrator’s control from becoming Spanning Tree Protocol (STP) root nodes.
- Internet Group Management Protocol (IGMP) filtering to provide multicast authentication by filtering out nonsubscribers and to limit the number of concurrent multicast streams available per port.
- Dynamic VLAN assignment through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
- Cisco Identity Services Engine (ISE) support to enable the 2960-XR Series switches to offer security management for all connected devices.
The Cisco Catalyst 2960-X and 2960-XR Series Switches offer intelligent traffic management that keeps everything flowing smoothly. Flexible mechanisms for marking, classification, and scheduling deliver superior performance for data, voice, and video traffic, all at wire speed. Primary QoS features include:
- Up to eight egress queues per port and strict priority queuing so that the highest-priority packets are serviced ahead of all other traffic.
- Shaped Round Robin (SRR) scheduling and Weighted Tail Drop (WTD) congestion avoidance.
- Flow-based rate limiting and up to 256 aggregate or individual policers per port.
- 802.1p Class of Service (CoS) and Differentiated Services Code Point (DSCP) classification, with marking and reclassification on a per-packet basis by source and destination IP address, MAC address, or Layer 4 TCP/UDP port number.
- Cross-stack QoS to allow QoS to be configured across a stack of 2960-X and 2960-XR Series switches.
- Cisco Committed Information Rate (CIR) function, providing bandwidth in increments as low as 8 Kbps.
- Rate limiting based on source and destination IP address, source and destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
Switching Database Manager (SDM) templates for LAN Base and IP Lite licenses allow the administrator to automatically optimize the Ternary Content-Addressable Memory (TCAM) allocation to the desired features based on deployment-specific requirements, including MAC, routing, security, and QoS scalability numbers, depending on the type of template used in the switch.
Redundancy and Resiliency
Cisco Catalyst 2960-X and 2960-XR Series Switches offer a number of redundancy and resiliency features to prevent outages and help ensure that the network remains available:
- Cross-stack EtherChannel provides the ability to configure Cisco EtherChannel technology across different members of the stack for high resiliency.
- Flex Links provide link redundancy with a convergence time of less than 100 milliseconds.
- IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offer the benefit of Layer 2 load balancing and distributed processing. Stacked units behave as a single spanning-tree node.
- Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
- Cisco HSRP is supported to create redundant, fail-safe routing topologies in 2960-XR Series IP Lite SKUs.
- Switch-port auto-recovery (Error Disable) automatically attempts to reactivate a link that is disabled because of a network error.
- Power redundancy with an optional second power supply on 2960-XR Series models, or with an external redundant power supply (RPS) on 2960-X Series models.
Cisco Catalyst SmartOperations is a comprehensive set of capabilities that simplify LAN planning, deployment, monitoring, and troubleshooting. Deploying SmartOperations tools reduces the time and effort required to operate the network and lowers Total Cost of Ownership (TCO).
- Cisco AutoConfig services determine the level of network access provided to an endpoint based on the type of device. This feature also permits hard binding between the end device and the interface.
- Cisco Smart Install services enable minimal-touch deployment by providing automated Cisco IOS Software image installation and configuration when new switches are connected to the network. This enables network administrators to remotely manage Cisco IOS Software image installs and upgrades.
- Cisco Auto SmartPorts services enable automatic configuration of switch ports as devices connect to the switch, with settings optimized for the device type, for zero-touch port-policy provisioning.
- Cisco Auto-QoS automatically configures QoS, allowing the switch to manage QoS policies based on traffic types, resulting in zero-touch traffic engineering. Auto-QoS supports eight egress queues in the 2960-X and 2960-XR Series.
- Cisco Smart Troubleshooting is an extensive array of diagnostic commands and system health checks within the switch, including Smart Call Home. The Cisco Generic Online Diagnostics (GOLD) and online diagnostics on switches in live networks help predict and detect failures faster.
- Cisco AutoSecure provides a single-line CLI to enable baseline security features (Port Security, DHCP snooping, DAI). This feature simplifies security configurations.
- DHCP auto configuration of multiple switches through a boot server eases switch deployment.
- Stacking primary configuration management with Cisco FlexStack-Plus and Cisco FlexStack-Extended technology helps ensure that all switches are automatically upgraded when the primary switch receives a new software version. Automatic software version checking and updating help ensure that all stack members have the same software version.
- No configuration is required to use Cisco FlexStack-Plus and Cisco FlexStack-Extended modules for stacking (Plug and Play).
- Autonegotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
- Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
- Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups or Gigabit EtherChannel groups to link to another switch, router, or server.
- Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
- Automatic Media-Dependent Interface Crossover (MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed.
- Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic wiring or port faults to be detected and disabled on fiber-optic interfaces.
- SDM templates for access, routing, and VLAN deployment allow the administrator to easily maximize memory allocation to the desired features based on deployment-specific requirements.
- Local Proxy ARP works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.
- VLAN1 minimization allows VLAN1 to be disabled on any individual VLAN trunk.
- Smart Multicast with Cisco FlexStack-Plus and FlexStack-Extended technology allows the Cisco Catalyst 2960-X and 2960-XR Series to offer greater efficiency and support for more multicast data streams such as video by putting each data packet onto the backplane only once.
- IGMP Snooping for IPv4 and IPv6 and Multicast Listener Discovery (MLD) v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requesters.
- Multicast VLAN Registration (MVR) continuously sends multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons.
- Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall system performance.
- Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
- Cisco VLAN Trunking Protocol (VTP) supports dynamic VLANs and dynamic trunk configuration across all switches.
- Remote Switch Port Analyzer (RSPAN) allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
- For enhanced traffic management, monitoring, and analysis, the embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
- Layer 2 trace route eases troubleshooting by identifying the physical path that a packet takes from source to destination.
- Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
- Network Time Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
Additional Product Notes
- 24 or 48 Gigabit Ethernet ports with line-rate forwarding performance
- 4 fixed 1 Gigabit Ethernet Small Form-Factor Pluggable (SFP) uplinks or 2 fixed 10 Gigabit Ethernet SFP+ uplinks
- PoE+ support with a power budget of up to 740W and Perpetual PoE
- Cisco IOS LAN Base or LAN Lite1 and Cisco IOS IP Lite
- Device management with web UI, over-the-air access via Bluetooth, Command-Line Interface (CLI), Simple Network Management Protocol (SNMP), and RJ-45 or USB console access
- Network management with Cisco Prime®, Cisco Network Plug and Play, and Cisco DNA Center
- Stacking with FlexStack-Plus and FlexStack-Extended
- Layer 3 features with routed access (Open Shortest Path First [OSPF]), static routing, and Routing Information Protocol (RIP)
- Visibility with Domain Name System as an Authoritative Source (DNS-AS) and Full (Flexible) NetFlow
- Security with 802.1X, Serial Port Analyzer (SPAN) and Bridge Protocol Data Unit (BPDU) Guard
- Reliability with higher Mean Time Between Failures (MTBF) and Enhanced Limited Lifetime Warranty (E-LLW)
- Resiliency with optional dual field-replaceable power supplies
|Networking standards||Switch type||Switch layer||Basic switching RJ-45 Ethernet ports quantity||Basic switching RJ-45 Ethernet ports type||USB 2.0 ports quantity||Management protocols||Memory type||Internal memory||Flash memory||Noise level||Switching capacity|
|IEEE 802.1ab,IEEE 802.1D,IEEE 802.1p,IEEE 802.1Q,IEEE 802.1s,IEEE 802.1w,IEEE 802.1x,IEEE 802.3,IEEE 802.3ab,IEEE 802.3ad,IEEE 802.3ae,IEEE 802.3af,IEEE 802.3ah,IEEE 802.3at,IEEE 802.3az,IEEE 802.3u,IEEE 802.3x,IEEE 802.3z||Managed||L2/L3||48||Gigabit Ethernet (10/100/1000)||2||SNMPv3||DRAM||512 MB||128 MB||43 dB||216 Gbit/s|