Since the last blog on IOS-XE release, there has been a standard maintenance release which was followed by the recently published Extended Maintenance Release(EMR) and the last release on the 16.x train, IOS-XE 16.12.1. With this being an EMR release, it would be supported for 36 months with multiple rebuilds providing defect and PSIRTS fixes. This EMR release would also support SMUs for issues wherever possible.   Availability of IOS-XE 16.12.1 for Catalyst Switches continues our journey to building Intent-based Networking through introduction of key software features and exciting innovations on Catalyst 9200, 9300, 9400, 9500 and 9600 Series Switches. Hardware introductions Since 16.10.1 was released, we continued the expansion of Catalyst Switching family by releasing “The ONE thing”,the Catalyst 9600 built on the tradition of the Catalyst6k with all the modern capabilities of Catalyst 9000 family.   Expansion of Catalyst family continued with introduction of new variants of Catalyst 9200 and Catalyst 9300 Series Switches   One family, One Operating System Cisco IOS-XE 16.12.1 is supported across the Catalyst 9000 Series switching family. Taking it further, the same binary image is shared across Catalyst 9300, 9400, 9500 and 9600 thus simplifying the life cycle management of devices across your network. Extending Intent Based Networking The Catalyst 9000 family sits at the heart of everything Intent Based Networking, and with these key innovations delivered on our platform we are able to deliver value and experience that our customers desire. In this release, features across security, high availability, segmentation and infrastructure were delivered. Here’s some of the key features introduced on this release. The open, extensible and programmable IOS-XE 16.12.1 accelerates innovation with the introduction of native docker engine as part of Application Hosting on C9300 enabling Intelligence at Edge. With native docker support, developers can quickly develop applications and deploy them where needed and its entire lifecycle can either be managed via Cisco DNA Center or through CLI and YANG Data models. With the release, Catalyst 9600 and 9300 Series switches now support StackWise Virtual, bringing virtual chassis redundancy to your network. Using StackWise Virtual, your effective bandwidth can be doubled, while providing multiple paths to all downstream and upstream devices and services, without the need for complex protocols or traffic engineering. We can now Secure StackWise Virtual by encrypting both Control and Data Plane to provide FIPS compliance using Symmetric Early Stack Authentication (SESA) a control plane protocol for key-exchange. MKA high availability feature adds support for Platforms which support SSO redundancy mode. The feature allows to preserve the existing MKA sessions which are established between Host to Switch and Switch to Switch after failover by syncing the MKA sessions between Active and Standby Switches. Flexlinks+ has now been introduced in IOS-XE with the 16.12.1 release, which solves the use-cases of Flexlinks, a very well deployed feature. This   enables the user to configure up to 26 pairs of   Layer 2 interfaces (trunk ports or port channels) where one interface is configured to act as a backup to the other. Using a Bluetooth dongle connected to front panel USB port, now a user can access the console over the air through Bluetooth allowing easy device management without having to draw cables on the console port. Catalyst 9300 and 9400 series switches that support 60W of power are now all of IEEE 802.3bt type 3 standards thus allowing administrators to power any end point that is complaint with the standard. The standard itself is backward compatible with 802.3at and 802.3af. Along with this, now there is support for port priority on Catalyst 9400 Series switches to provide more control to users on which ports are given priority in case of power shortage. IEEE 1588v2 is now supported on Catalyst 9500 High Performance SKUs extending the same support that exists today on Catalyst 9300. With this release, we also introduced Native Layer 3 PTP interface support. Enhancements have been done on BGP-EVPN domain as well, there is now support for StackWise Virtual on VTEP providing a unified control plane and load balancing across EtherChannels without having to perform any additional configuration on the VTEP.   On the border leaf switch, external connectivity now can be achieved through VRF Lite handoff or via L2VPN and L3VPN handoff. As this being a EMR release, In Service Software Upgrade (ISSU)would be supported within the 16.12 train, enabling users to upgrade their networks with minimal downtime. ISSU can either be done on a standalone Catalyst 9400 and Catalyst 9600 with dual supervisors, or on StackWise Virtual System on Catalyst 9300, 9400, 9500 and 9600. Finally, support for new optics and breakout cables has also been added and more specifics on this and all other features can be found in the platform specific IOS-XE 16.12 release notes, links to which are provided below: Catalyst 9200 Catalyst 9300 Catalyst 9400 Catalyst 9500 Catalyst 9600 Call for action!  Participate in Code for Catalyst Challenge where you’ll be building Docker apps for Catalyst 9300 that analyses data available on the switch, generates insights and drives network automation outcomes. The timeframe for the challenge is July 16, 2019, at 12:00 a.m. Pacific Time and ends on September 13, 2019, at 11:59 p.m. Pacific Time. You can participate as an individual contributor or in group of maximum of 3. All the rules and regulations can be found here. And don’t forget to visit our GitHub repository for examples on how YANG models and Ansible can be used to automate various network tasks. Have an idea of your own? Just do a git push and have your scripts published! ... View more

Business adoption of Internet of Things (IoT) is picking up and entering mainstream production environment. At last, industry is moving away from pilot projects and proofs-of-concept and are beginning to run their businesses on IoT, a recent study shows that 69% of organizations are adopting or planning to adopt IoT. To have these IoT devices on board, organizations now expect more out of their campus network than moving data.   The Catalyst 9000 family  has been designed from ground up to meet the needs of growing IoT devices. Long before 802.3bt became a standard, Catalyst 9000 family of switches provided Cisco Universal Power over Ethernet to power end points that require up to 60W of power. Enabling endpoints does not just stop by providing increased power, but by ensuring resilient, constant and immediate delivery of such power to these business-critical endpoints. The Catalyst 9000 family of switches deliver on that need through their industry leading innovations such as Perpetual PoE, Fast PoE and 2-event classification. Such innovation are not only limited to leading platforms, but are now available to all with Catalyst 9200, that can support full PoE+ on all ports and also deliver on the various PoE innovations.     With more and more IoT endpoints being onboarded to the network, security of these devices becomes quintessential to protect network against breaches. Using the power of UADP ASIC, Catalyst 9000 family of switches deliver security on hardware to ensure that security does not come with a compromise on network performance. Every Catalyst 9000 switch, including the recently introduced Catalyst 9200  supports MACsec, a technology that does link encryption between host-to-switch and switch-to-switch to secure the link by maintaining integrity and confidentiality of data being sent. We are taking this notion of securing network even further through Encrypted Traffic Analytics  that helps detect encrypted malware without ever having the need to decrypt the packet for inspection.   Enabling such massive numbers of IoT endpoints increases an organizations’ attack footprint. To ensure such attack surface is contained, segmentation becomes key. Cisco, through industry-leading Software Defined Access  architecture makes the job easy. SD-Access simplifies network segmentation and provides end-to-end automation capabilities along with consistent secure policy-based automation. Software defined access and network assurance capabilities together makes managing security violations and network malfunctions simple. With the advent of Catalyst 9200, now this architecture can become a reality for all sized organizations.   And with support for SD-Access Extension for IoT, organizations can now extend their policies to even wider deployments! For the needs of organizations of all sizes as they try to bring in more and more IOT devices, Cisco has a solution for all. From small organizations or branch campus using Catalyst 9200 up to a large business critical enterprise using Catalyst 9300/9400, Catalyst 9000 family of switches deliver unparalleled infrastructure to enable a secure IoT experience. ... View more

With today’s day and age, connectivity has become ubiquitous. Not only do people expect a reliable and fast connectivity in their offices, but also at their favorite coffee shops and grocery stores. Setting up the network to provide such connectivity is not everybody’s cup of tea; setting these networks is complex and time consuming and most of the times small business with little to no in-house expertise, end up hiring third party companies to do such tasks. Now, with the introduction of Catalyst 2960-L Smart Managed switches  small businesses would no longer need to worry about setting up their access network. Bringing years of expertise to masses The unparalleled knowledge and expertise of Cisco engineering and sales teamshas been synthesized and provided to the customers in a simple, and easy-to-consume Day 0 Wizard required to configure their networks. We broke down the boundaries between a Switch and an Access Point by allowing users to configure not only their Catalyst 2960-L series switches, but also Mobility Express  Access points from the same Web UI thus allowing small business a single pane of glass to configure everything they need to provide connectivity to their customers. Set up your small office in just three clicks! Using day 0 wizard, powered by Cisco Configuration Professional for Catalyst (CCPC)  is simple and quick! Power on the switch, connect the Access Point to any port and press the mode button on the switch, and the Day 0 Wizard is ready for you to configure. Once you enter the wizard, there are just three steps that a user needs to follow in order to complete their network’s configuration. The wizard provides for context based helps and tips providing detailed overview of what that particular field really means and how the user should go about completing them. First, it asks for some basic configuration required to identify and connect to the devices followed by interface configuration wherein the user provides their network segregation intent, and enabling SVIs and DHCP Services over these network segments has never been easier. Lastly, the wizard would ask for Wireless specific details which it could not derive from the previous two steps such as the Country to determine RF parameters, SSID and the security mechanism to authenticate clients over. Once a user finishes these three steps, they have successfully set up their entire access layer in one go Cisco recommended best practices enabled out of the box. So, all the people, who could not get their SSID to work because they either did not allow proper VLANs on switchport or did not set the correct native VLAN for AP management network, worry no more, Cisco is here for you! Once the network is set up, CCPC also provides a comprehensive dashboard to allow customers to monitor their device from a single pane of glass. Conclusion   Cisco has been a leader in enterprise networking for decades and now brings the same reliability and enterprise quality to SMB with the introduction of new Catalyst 2960-L Smart Managed switches. Together with Cisco Catalyst and Mobility Express, customers do not need to be IT experts to set up their network with ease and quickness.   So why settle for “good enough” when you can have the best– Cisco! ... View more