Cisco Catalyst 3560 Series Switches

Cisco Catalyst 3560 Series Switches Brochure

  • Viewing Options

  • PDF (162.6 KB)
  • Feedback

Foundation for Innovation-Powered by Cisco

Figure 1. Catalyst 3560 Series Switches

The Cisco ® Catalyst ® 3560 Series (Figure 1) is a line of fixed-configuration, enterprise-class switches that includes IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) capability
in Fast Ethernet and Gigabit Ethernet configurations. The Cisco Catalyst 3560 is an ideal access-layer switch for small enterprise LAN access or branch-office environments, combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection while facilitating the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks. Customers can deploy networkwide intelligent services-such as advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching.


IEEE 802.3af and Cisco Prestandard Power over Ethernet

The Cisco Catalyst 3560 Series can provide a lower total cost of ownership (TCO) for deployments that incorporate Cisco IP phones, Cisco Aironet ® wireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device. PoE removes the need for wall power to each PoE-enabled device and eliminates the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments.
The Cisco Catalyst 3560 24-port PoE configurations can support 24 simultaneous full-powered PoE ports at 15.4 watts (W) for maximum powered-device support. Taking advantage of Cisco Catalyst Intelligent Power Management, the 48-port PoE configurations can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between through the sophisticated power-management features in Cisco IOS ® Software.
Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst 3560 Series switch is combined with the Cisco RPS 675 Redundant Power System for transparent protection against internal power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages.

Gigabit Ethernet

At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while increasing the return on existing and new infrastructure investments. Today's workers are placing higher demands on networks, running multiple, concurrent applications. For example, a worker joins a team conference call through an IP videoconference, sends a 10-MB spreadsheet to meeting participants, broadcasts the latest marketing video for the team to evaluate, and queries the customer relationship management (CRM) database for the latest real-time feedback. Meanwhile, a multiple-gigabyte system backup starts in the background, taking advantage of simple and affordable network attached storage (NAS) to comply with regulatory record keeping requirements such as Sarbanes-Oxley.
The Cisco Catalyst 3560 Series can scale the access network to 1 Gbps over existing Category 5 copper cabling and make the most of the desktops and notebooks that are now shipping with Gigabit Ethernet network interface cards (NICs) and higher PC bus speeds for full bandwidth utilization. In addition to being easy to deploy, Gigabit Ethernet networks are simpler to maintain with the new Cisco Time Domain Reflectometry (TDR) that helps verify existing cabling.
The Gigabit Ethernet models of the Cisco Catalyst 3560 Series also facilitate high-performance Grid and distributed computing in addition to preparing your network to deploy software applications such as Microsoft Exchange, as well as Microsoft Vista's remote imaging, data synchronization, and computer-to-computer search capabilities.

Enhanced Security

With the wide range of security features that the Cisco Catalyst 3560 Series offers, businesses
can protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation. The Cisco Catalyst 3560 Series supports a comprehensive set of security features for connectivity and access control, including network admission control (NAC), ACLs, Dynamic ARP Inspection, IP Source Guard, VPN Routing/Forwarding Lite (VRF Lite), port-level security, and identity-based network services with 802.1x and extensions. These features increase LAN security; protect passwords and configuration information; offer options for network security based on users, ports, or MAC addresses; and help quicken responses to intruder and hacker detection. NAC helps organizations to limit damage from viruses and worms by enforcing security-policy compliance on endpoint devices.

Availability and Scalability

The Cisco Catalyst 3560 Series is equipped with a robust set of features that allow for network scalability and higher availability through IP routing as well as a complete suite of Spanning Tree Protocol enhancements aimed to maximize availability in a Layer 2 network. Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), Uplink Fast, and Port Fast, as well as innovations such as Flex Links, maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design. Uplink Fast, Port Fast, and Backbone Fast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time.
The Cisco Catalyst 3560 Series also delivers high-performance, hardware-based IP routing for either unicast or multicast traffic. The Cisco Express Forwarding-based routing architecture allows for very high-speed lookups while delivering the stability, performance, and scalability necessary
to meet the needs of future requirements. Implementing routed uplinks to the core will improve network availability by enabling faster failover protection and simplifying the Spanning Tree Protocol algorithm by terminating all Spanning Tree Protocol instances at the aggregator switch. Additionally, routed uplinks allow better bandwidth utilization by implementing equal cost routing (ECR) on the uplinks to perform load balancing. Routed uplinks optimize the utility of uplinks out
of the wiring closet by eliminating unnecessary broadcast data flows into the network backbone. Private VLANs improve scalability and provide IP address management benefits and Layer 2 security by partitioning a regular VLAN domain into subdomains. Support for the IPv6 industry standard in the Cisco Catalyst 3560 Series also alleviates address space problems.

Advanced Quality of Service

The Cisco Catalyst 3560 Series provides intelligent services to keep everything flowing smoothly. Industry-leading mechanisms for marking, classifying, and scheduling deliver best-in-class performance for data, voice, and video traffic-all at wire speed. Important features include Shaped Round Robin scheduling and policing/rate limiting as well as innovations like Scavenger Traffic Queuing functions. The IP Services license (formerly called the Enhanced Multilayer Image, or EMI) provides a richer set of enterprise-class features, including advanced hardware-based IP Unicast and IP Multicast routing as well as policy-based routing (PBR).

Enhanced Security

The Cisco Catalyst 3560 Series uses the following capabilities to protect sensitive data and network resources from internal and external threats:

• The Cisco Catalyst 3560 Series supports Network Admission Control (NAC), an industry initiative sponsored by Cisco Systems® that uses the network infrastructure to enforce security-policy compliance on all devices seeking to access network computing resources, thereby limiting damage from viruses and worms. Using NAC, organizations can provide network access to endpoint devices such as PCs, personal digital assistants (PDAs), and servers that are verified to be fully compliant with established security policy. NAC can also identify noncompliant devices and deny them access, place them in a quarantined area, or give them restricted access to computing resources.

• Dynamic ARP Inspection and IP Source Guard are security features in the Cisco Catalyst 3560 Series that protect the network from certain man-in-the-middle attacks. Dynamic ARP Inspection validates Address Resolution Protocol (ARP) packets in a network and ensures that only valid ARP requests and responses are relayed. IP Source Guard restricts IP traffic from untrusted sources.

• VPN Routing/Forwarding Lite (VRF Lite) in the Cisco Catalyst 3560 Series helps enable unique VPNs without additional equipment at the customer site.

• The IEEE 802.1x standard supported by the Cisco Catalyst 3560 Series prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated.

• Cisco Identity Based Networking Services (IBNS) in the Catalyst 3560 Series prevents unauthorized access and helps ensure that users receive only their designated privileges.
It provides the ability to dynamically administer granular levels of network access.

• Secure Shell Protocol Version 2 (SSHv2) and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic-preventing unauthorized users from accessing passwords or configuration information.

• Access control lists (ACLs) can be used to restrict access to sensitive portions of the network by denying packets based on source and destination MAC addresses, IP addresses, or TCP/UDP ports. ACLs can be used to guard against denial-of-service (DoS) and other attacks, and because ACL processing is done in hardware, forwarding performance of the switch is not compromised when implementing ACL-based security.

• Private VLAN edge provides security and isolation between ports on a switch, helping ensure that voice traffic travels directly from its entry point to the aggregation device through a virtual path and cannot be directed to a different port.

• Port security can be used to limit access on an Ethernet port based on the MAC address
of the device that is connected to it. It also can be used to limit the total number of devices plugged into a switch port, thereby reducing the risks of rogue wireless access points
or hubs.

• MAC Address Notification can be used to monitor the network and track users by sending an alert to a management station so that network administrators know when and where users entered the network. The Dynamic Host Configuration Protocol (DHCP) Interface Tracker (Option 82) feature tracks where a user is physically connected on a network by providing both switch and port ID to a DHCP server. Additionally, the DHCP Snooping Option 82 feature enables granular control over IP address assignment by a DHCP server by augmenting a host IP address request so that the DHCP server can make a more sophisticated address assignment.

• TACACS+ or RADIUS authentication facilitates centralized access control of switches and restricts unauthorized users from altering the configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators.


The Cisco Catalyst 3560 Series supports the following capabilities to optimize network availability, so that users can access data at all times, locally and remotely:

• Per VLAN Rapid Spanning Tree Plus (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.

• Flex Links are a pair of Layer 2 interfaces (switch ports or port channels), where one interface is configured to act as a backup to the other. This feature provides an alternative solution to the Spanning Tree Protocol, allowing users to turn off Spanning Tree Protocol and still provide basic link redundancy.

• 802.1s Multiple Spanning Tree Protocol facilitates load balancing and improves network fault tolerance by providing multiple forwarding paths for data traffic. 802.1w Rapid Spanning Tree Protocol provides rapid recovery of uplink connectivity following failure.

• Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, failsafe routing topologies.

• Equal cost routing (ECR) provides load balancing and redundancy. Basic IP Unicast routing protocols (static, RIPv1, and RIPv2) are supported for small-network routing applications. Advanced IP Unicast routing protocols (OSPF, Interior Gateway Routing Protocol [IGRP], Enhanced IGRP [EIGRP], and Border Gateway Protocol Version 4 [BGPv4]) are supported for load balancing and constructing scalable LANs. IP Services is required.

• Switch port auto-recovery (errdisable) automatically attempts to re-enable a link that is disabled because of a network error.

• The optional Cisco RPS 675 Redundant Power System protects against internal power supply failures.


The Cisco Catalyst 3560 Series supports the following management capabilities:

• IEEE 802.3af and Cisco prestandard PoE support come with automatic discovery to detect a Cisco prestandard or IEEE 802.3af endpoint, negotiate the power to be budgeted for that device, and provide the necessary power-all done by the Cisco Catalyst 3560 Series switch without any user configuration.

• Cisco Smartport macros offer a set of verified feature templates per connection type in an easy-to-apply manner. With these templates, users can consistently and reliably configure essential security, IP telephony, availability, QoS, and manageability features with minimal effort and expertise. Smartport macros simplify the configuration of critical features for Ethernet networks.

• All Cisco Catalyst 3560 Series switches can be managed by the CiscoWorks LAN Management Solution (LMS) applications such as Resource Manager Essentials, Campus Manager, Device Fault Manager, and CiscoView. CiscoWorks LMS is a suite of powerful management tools that simplify the configuration, administration, monitoring, and troubleshooting of large Cisco networks. It integrates these capabilities into a world-class solution for improving the accuracy and efficiency of operations staff, increasing the overall availability of networks through proactive planning, and maximizing network security.

• Cisco Network Assistant software can manage a small network consisting of a diverse array of network devices, such as Cisco routers and Cisco Aironet wireless access points. A few mouse clicks enable the security, availability, and QoS features recommended by Cisco, without the need to consult a detailed design guide. The Security wizard automatically restricts unauthorized access to servers with sensitive data. Cisco Smartports and wizards save hours of time for network administrators, reduce human errors, and help ensure that the configuration of the switch is optimized for these applications. Available at no cost, Cisco Network Assistant can be downloaded from

• The Cisco Express Setup feature simplifies initial configuration, eliminating the need for more complex terminal emulation programs and knowledge of CLI. This reduces the cost
of deployment by enabling less-skilled personnel to quickly and simply set up switches.

• The DHCP Server feature enables a convenient deployment option for the assignment of
IP addresses in networks that do not have a dedicated DHCP server.

Bandwidth Optimization

• Voice VLAN allows network administrators to assign voice traffic to a VLAN dedicated to IP telephony, simplifying phone installations and providing easier network traffic administration and troubleshooting.

• Cisco Fast EtherChannel® and Gigabit EtherChannel technology allows for aggregating ports for up to 2 Gbps full duplex on network or server connections. Use Port Aggregation Protocol (PAgP) for automatic configuration. Similarly, Link Aggregation Group Protocol (LACP) allows creation of Ethernet channeling with devices that conform to IEEE 802.3ad standard.

• Internet Group Management Protocol (IGMP) facilitates monitoring and management of multicast applications (such as e-learning and videoconferencing) while minimizing the performance impact of managing group membership information.


• The Cisco Catalyst 3560 Series supports the IPv6 standard, which increases Internet global address space to accommodate the rapidly increasing number of users and applications that require unique global IP addresses.

• In addition to the larger address space, the Cisco Catalyst 3560 Series switches also make the most of other IPv6 features such as address autoconfiguration, embedded IP Security (IPSec), routing optimized for mobile devices, and Duplicate Address Detection.

Advanced Quality of Service

Cisco Catalyst intelligent switches offer industry-leading QoS features to prioritize critical traffic and applications thereby avoid bottlenecks. These features bring new levels of control, predictability, and adaptability to networks of all sizes:

• The Cisco Catalyst 3560 Series can identify traffic flows or traffic groups, and classify or reclassify these groups using Differentiated Services Code Point (DSCP) in the IP packet and the 802.1p class of service (CoS) field in the Ethernet packet.

• Users can mitigate DoS attacks by assigning a minimal bandwidth queue to "scavenger traffic" or unimportant traffic used for peer-to-peer media sharing, gaming, or any entertainment video applications. This reduces scavenger traffic during periods of congestion, but allows it to be available if bandwidth is not being used for business purposes, for example during off-peak hours.

• Rate limiting gives control over the amount of bandwidth across any configured interface,
for appropriate distribution of available bandwidth.

• Four egress queues help network administrators to be more discriminating and specific in assigning priorities for the various applications on the LAN. Scheduling is performed in egress to assign the appropriate queues to the outgoing packets.

• Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by intelligently servicing the ingress queues and egress queues.

• Weighted Tail Drop (WTD) provides congestion avoidance at the ingress and egress queues before a disruption occurs.

• 64 policers per 10/100 or Gigabit Ethernet port used to allocate bandwidth based on source/destination (IP address, MAC address) or TCP/UDP port numbers.


Each model is available with the IP Base or the IP Services software loaded on it.
Table 1 lists the switches currently available in the Cisco Catalyst 3560 Series.

Table 1. Cisco Catalyst 3560 Series Switches


Port Speed

Number of Ports


When to Buy

Cisco Catalyst 3560-8PC

10/100 with IEEE 802.3af and Cisco prestandard PoE


1 dual-purpose 10/100/1000
and Small Form-Factor Pluggable (SFP) port

For deployments outside the wiring closet requiring low-density access with PoE

Cisco Catalyst 3560-24TS



2 SFP-based ports

For networks requiring low-density access, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560-48TS



4 SFP-based ports

For networks requiring medium-density access, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560-24PS

10/100 with IEEE 802.3af and Cisco prestandard PoE


2 SFP-based ports

For networks requiring low-density access, PoE, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560-48PS

10/100 with IEEE 802.3af and Cisco pre-standard PoE


4 SFP-based ports

For networks requiring medium-density access, PoE, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560G-24TS



4 SFP-based ports

For networks requiring low-density 10/100/1000 access, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560G-24PS

10/100/1000 with IEEE 802.3af and Cisco prestandard PoE


4 SFP-based ports

For networks requiring low-density 10/100/1000 access, PoE, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560G-48TS



4 SFP-based ports

For networks requiring medium-density 10/100/1000 access, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks

Cisco Catalyst 3560G-48PS

10/100/1000 with IEEE 802.3af and Cisco prestandard PoE


4 SFP-based ports

For networks requiring medium-density 10/100/1000 access, PoE, Layer 2+ features with optional advanced IP routing, and one or more fiber uplinks


For more information, please visit
Text Box: Printed in USA	C02-379065-01   03/09