ASCII.jp Cisco Announces "Catalyst" New Model, SD-WAN Integrated Security

On November 28, 2018, Cisco Systems announced that it will expand the lineup of the "Cisco Catalyst" family, including new wireless LAN controllers, and integrate security functions into service routers and new products in the "Cisco SD-WAN" solution. Added model. By adding models based on "IOS XE", Catalyst has further expanded the application area of ​​"Intent-Based Networking" advocated by the company.

At the press conference on the same day, Mr. Koichi Masaki, executive officer in charge of the enterprise network business of the company, attended and talked about the changes and issues in the corporate network environment behind the new product release, and the solutions that Cisco considers and this time. Product features were explained.

New model of entry access switch "Cisco Catalyst 9200L"

Mr. Koichi Masaki, Executive Officer in charge of Enterprise Network Business, Cisco Systems

Mr. Keiichi Yoshino, Technical Solutions Architect, Enterprise Network Business

Expansion of Catalyst 9000 family supporting "Intent-Based Network"

With this announcement, access switch "Catalyst 9200 series" and wireless LAN controller "Catalyst 9800 Wireless Controller" are added to the lineup added. Both are new products that make up the "Catalyst 9000 Family" campus network product portfolio.

The Catalyst 9200 series is an entry-level access switch that succeeds the conventional "Catalyst 2960" series switches. It is 1U size and has 24/48 PoE+ ports and 1G/10G uplink ports (9200 with modular uplink ports and 9200L with fixed uplink ports).

Characteristics of the Catalyst 9200 series switches. Based on IOS XE, automatic control and virtual network configuration by "DNA Center" are also possible

Unlike the previous model 2960, the Catalyst 9200 is equipped with the same IOS XE as the other 9000 family products (Catalyst 9300/9400/9500) as the network OS. As a result, automated control by the intent-based SDN controller "Cisco DNA Center" has become possible, expanding the scope of application of intent-based networks to include small-scale access switches. It also supports "Cisco SD-Access" that configures a virtual network.

Other security features such as Flexible NetFlow, TrustSec and MACSec, and Trustworthy technology that support full-flow information acquisition are also included as with other 9000 family products. For the ASIC, the UADP 2.0 mini ASIC, which integrates the UADP 2.0 ASIC installed in other family products and the multi-core x86 CPU, reduces power consumption and price.

Switches of the Catalyst 9000 family. With the addition of 9200 this time, the whole is the next generation model based on IOS XE

The Catalyst 9800 wireless controller is a product that integrates the campus wireless LAN controller that has been offered in the "Cisco Aironet" series into the Catalyst 9000 family. This has also been newly redeveloped based on IOS XE, with the addition of automatic control and programmability by DNA Center, and the ability of network virtualization by SD-Access.

The Catalyst 9800 has a rolling AP upgrade function that automatically handles upgrades for a large number of access points (APs) without blocking user access, and integration with Stealthwatch, which uses flow analysis to detect threats hidden in encrypted traffic. It has functions etc.

Furthermore, the Catalyst 9800 is offered not only as an appliance for on-premises deployment, but also as a software (virtual appliance) that can be deployed on private/public clouds and even on Catalyst switches. As a result, small and medium-sized bases such as branch offices can simply prepare a wireless LAN environment without increasing the number of devices.

Features of the Catalyst 9800 Wireless Controller. This is also based on IOS XE

"(With this expansion of the lineup), including the wireless controller, we have almost the full lineup as the Cisco 9000 family. Simple operation by 'automation' including wireless, 'security' guarantee from the hardware level. , and the ability to 'analyze' all kinds of information on the campus network, including operational status and security status." (Mr. Masaki)

Incorporating security functions into SD-WAN-compatible routers to solve branch problems

Cisco SD-WAN adds two models of compatible service routers, firewall/IPS and DNS firewall "Cisco "Cisco SD-WAN Security" that realizes "edge security" such as "Umbrella" cooperation function with a single branch router was announced.

Cisco SD-WAN, which is based on acquired Viptela technology, is currently working to integrate Viptela's "vEdge" capabilities into Cisco ISR/ASR routers. This time, a compact service router for branches equipped with Wi-Fi and LTE "ISR 1111X-8P" and a high-performance and expandable "ISR 4461" service router have been added to the lineup. Both are scheduled to be available in December 2018.

Overview of new SD-WAN compatible router models (ISR 1111X-8P, ISR 4461)

"Cisco SD-WAN Security" integrates firewall/IPS/URL filter functions and Umbrella linkage functions into these SD-WAN compatible edge routers, enabling centralized management. This solution enables secure cloud access without increasing the number of devices in branch offices and small to medium-sized enterprise networks. An anti-malware function will be added in 2019.

The edge security function is integrated into the SD-WAN router, enabling integrated management

Learn more about the four security features built into Cisco SD-WAN

Setting and monitoring of these security functions are also integrated with the SD-WAN management tool "vManage", allowing administrators to perform centralized management work.

Mr. Keiichi Yoshino, Technical Solutions Architect, Cisco Enterprise Network Business, said that the use of public cloud/SaaS is increasing in companies, and the devices that access them are diversifying, so the position of WAN is changing. point out that Along with that comes a variety of use cases for SD-WAN, with “internet breakouts” being particularly popular in Japan, he said.

"In Japanese companies, there is a particularly high need for Internet breakouts that allow direct access to the Internet from each base. For this reason, there is an advantage in enhancing the security functions of edge routers in branch offices." (Yoshino) Mr)

Mr. Yoshino explained that since these security functions are included in the Cisco SD-WAN license, there is no separate license fee.