Q. What are the Cisco
® 3560 Series Switches?
A. The Cisco Catalyst 3560 Series is a line of fixed configuration, enterprise-class switches that include IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations. The Cisco Catalyst 3560 Series is an ideal access-layer switch for small enterprise LAN access or branch offices, combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks. Users can deploy networkwide intelligent services-for example, advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching. Available for the Cisco Catalyst 3560 Series at no charge, Cisco Network Assistant is a centralized management application that simplifies the administration tasks for Cisco switches, routers, and wireless access points. Cisco Network Assistant provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services.
The Cisco Catalyst 3560 Series is part of a larger and more scalable family of Cisco Catalyst switches that include the Cisco Catalyst 3560-E and the Cisco Catalyst 3750 and 3750-E Series with Cisco StackWise
™ technology and the Cisco Catalyst 4500 and 6500 Series Switches. The entire family is united by Cisco IOS
® Software and offers superior availability, integrated security, optimized delivery, and manageability.
Q. What is the Cisco Catalyst 3560-8PC Compact Switch?
A. The Cisco Catalyst 3560-8PC Compact switch is small form factor switch designed for deployments outside the wiring closet. This switch has a durable metal shell, no fan for silent operation, easy wall or under the desk mounting, a security lock to prevent theft, and an available cable guard to secure the Ethernet cables and switch. Now customers can deliver intelligent services such as Network Admission Control for the office workspace, micro branch office, classroom, cruise ship, and other wiring constrained environments.
Table 1. Cisco Catalyst 3560-8PC Compact Switch
Cisco Catalyst 3560-8PC
• 8 Ethernet 10/100 ports and 1 dual-purpose 10/100/1000 and SFP port
• Compact form factor with no fan
• IEEE 802.3af and Cisco prestandard PoE
• IP Base software installed
• Basic RIP and static routing, upgradable to full dynamic
Q. What are the benefits of PoE?
A. Power over Ethernet can provide a lower total cost of ownership for deployments that incorporate Cisco IP Phones and Cisco Aironet
® wireless LAN access points, as well as any IEEE 802.3af compliant end device. It removes the need for wall power to each PoE-enabled device and eliminates the cost for additional electrical cabling that would otherwise be necessary in IP phone and wireless LAN deployments.
Q. How many devices can the Cisco Catalyst 3560 Series power?
A. The Cisco Catalyst 3560 Series 24-port PoE configurations can support 24 simultaneous full-powered PoE ports at 15.4W for maximum powered device support. Using Cisco Catalyst Intelligent Power Management, the 48-port version can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between. The Cisco Catalyst 3560 Compact Switch can support 8 simultaneous full-powered PoE ports at 15.4W.
Q. Does the Cisco Catalyst 3560 Series support standards-based PoE?
A. Yes. The Cisco Catalyst 3560 Series supports IEEE 802.3af. It provides investment protection for the installed base of Cisco IP Phones and Cisco Aironet wireless LAN access points by also supporting the Cisco prestandard PoE (inline power).
Q. Can the Cisco Catalyst 3560 Series provide power to both IEEE 802.3af and Cisco prestandard PoE simultaneously?
A. Yes, the switch automatically detects the end point to provide the appropriate power without any user intervention.
Q. What software images does the Cisco Catalyst 3560 Series support?
A. The Cisco Catalyst 3560 Series can be purchased with the IP Base or IP Services licenses pre-installed. The IP Base license (formerly called the Standard Multilayer Image, or SMI) offers advanced QoS, rate limiting, ACLs, and basic static and Routing Information Protocol (RIP) routing functions. The IP Services license (formerly called the Enhanced Multilayer Image, or EMI) provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license.
Q. Does it cost more for a Layer 3 or special-features license?
A. The Cisco Catalyst 3560-24PS-E, 3560-48PS-E, 3560G-24TS-E, 3560G-24PS-E, 3560G-48TS-E, and 3560G-48PS-E are loaded with the IP Services license, so all feature license fees are part of the standard list price. However, the Cisco Catalyst 3560-8PC-S, 3560-24PS-S, 3560-48PS-S, 3560G-24TS-S, 3560G-24PS-S, 3560G-48TS-S, and 3560G-48PS-S switches are loaded with the IP Base software. The Cisco Catalyst 3560-8PC-S, 3560-24PS-S and 3560-48PS-S switches can be upgraded to the IP Services features with the purchase of the IP Services upgrade kit for US$1995. The Cisco Catalyst 3560G-24TS-S, 3560G-24PS-S, 3560G-48TS-S, and 3560G-48PS-S switches can be upgraded to the IP Services features with the IP Services upgrade kit for $3995. The IP Base feature set includes RIP and static routing.
Q. What features are supported only on the IP Services feature license?
A. The following features and functionality are supported with the IP Services license:
• Dynamic IP routing protocols for load balancing and constructing scalable LANs: Open Shortest Path First (OSPF), Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), and Border Gateway Protocol (BGPv4)
• Policy-based Routing (PBR allows superior control by enabling flow redirection regardless of the routing protocol configured
• Protocol-Independent Multicast (PIM) for IP multicast routing within a network that enables the network to receive the multicast feed requested and for switches not participating in the multicast to be pruned-support for PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode
• Distance Vector Multicast Routing Protocol (DVMRP) tunneling for interconnecting two multicast-enabled networks across non-multicast networks
Q. Is the IP Service license required to allow Layer 3 and Layer 4 lookups for QoS and security?
A. No. Both the IP Base and the IP Services licenses allow for Layer 3 and Layer 4 lookups for QoS and security.
Q. Can the Cisco Catalyst 3560 Series support Cisco GigaStack
® or Cisco StackWise technology?
A. The Cisco Catalyst 3560 Series does not support Cisco GigaStack technology (available on the Cisco Catalyst 3550, 2950G, and 3500 XLs) or Cisco StackWise technology (available on the Cisco Catalyst 3750 Series). However, a cluster of any combination of these platforms can be managed over a single IP address using the Cisco Network Assistant software. There are more details on Cisco Network Assistant later in this document.
Q. Does the Cisco Catalyst 3560 Series support Inter-Switch Link (ISL) VLAN trunking?
A. Yes, the Cisco Catalyst 3560 Series supports both 802.1Q trunking and ISL trunking. VLAN trunks can be created from any port using either standards-based 802.1Q tagging or the Cisco ISL VLAN architecture.
Q. What are Small Form-Factor Pluggables (SFPs)?
A. SFPs are transceivers that provide Gigabit Ethernet connectivity from the Cisco Catalyst 3560 Series to distribution layer switches. They are functionally equivalent to Gigabit Interface Converters (GBICs), but are much smaller.
Q. What SFPs are supported on the Cisco Catalyst 3560 Series?
A. Cisco Catalyst 3560 Series Switches support 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-T, 1000BASE-BX, 1000BASE-CWDM, and 100BASE-FX (supported after 12.2(20)SE) SFP transceivers. In addition, they support the Cisco Catalyst 3560 SFP Interconnect Cable for establishing a low-cost Gigabit Ethernet point-to-point connection.
Q. What is the Cisco Catalyst 3560 SFP Interconnect Cable?
A. The Cisco Catalyst 3560 SFP Interconnect Cable provides for a low-cost point-to-point Gigabit Ethernet connection between Cisco Catalyst 3560 switches. The 50-cm cable is an alternative to using SFP transceivers when interconnecting Cisco Catalyst 3560 switches through their SFP ports over a short distance.
Q. Is there a limit to the number of SFPs that can be used on a Cisco Catalyst 3560 Series Switch?
A. No. Users can populate all the SFP ports of any Cisco Catalyst 3560 Series Switch with the same SFP or with a combination of different SFPs.
Q. Does the Cisco Catalyst 3560 Series have Redundant Power Supply (RPS) support?
A. Yes. Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst 3560 Series Switch is combined with the Cisco Redundant Power System 675 (RPS 675) for protection against internal power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages. The Cisco Catalyst 3560-8PC Compact Switch does not have RPS support. For more information on the Cisco RPS 675, go to
Q. Why do I need intelligence at the edge of my network?
A. Networks are evolving to address four new developments at the network edge:
• Increase in desktop computing power
• Introduction of bandwidth-intensive applications
• Expansion of highly sensitive data on the network
• Presence of multiple device types, such as IP phones and wireless LAN access points
These new demands are contending for resources with many existing mission-critical applications. As a result, IT professionals must view the edge of the network as critical to effectively manage the delivery of information and applications. The more companies rely on networks as the strategic business infrastructure, the more important it is to try to ensure their high availability, security, scalability, and control. By adding Cisco intelligent functions to the wiring closet, companies can now deploy networkwide intelligent services that address these requirements in a consistent way from the desktop to the core and through the WAN.
Cisco Catalyst Intelligent Ethernet switches help companies realize the full benefits of adding intelligent services to their networks. Deploying capabilities that make the network infrastructure highly available to accommodate time-critical needs, scalable to accommodate growth, secure enough to protect confidential information, and capable of differentiating and controlling traffic flows are key to further optimizing network operations.
Q. In what other ways does Cisco intelligent switching help my network?
A. New applications are requiring higher bandwidth and the need to differentiate and control the traffic flow. Applications such as enterprise resource planning (ERP), voice (IP telephony traffic), and CAD/CAM require prioritization over less time-sensitive applications such as FTP or Simple Mail Transfer Protocol (SMTP). For example, it would be highly undesirable to have a large file download destined to one port on a wiring closet switch and have quality implications such as increased latency in voice traffic, destined to another port on this switch. This condition is avoided by helping ensure that voice traffic is properly classified and prioritized throughout the network. Cisco Intelligent Ethernet switches implement superior
QoS to make sure that network traffic is classified, prioritized, and congestion is avoided.
Q. How are the security needs of a network handled?
A. Cisco Ethernet switches enhance data security against internal threats through a wide range of features including Secure Shell (SSH) and Simple Network Management Protocol version 3 (SNMPv3) protocols, ACLs, 802.1x, port security, private VLAN edge, Dynamic Host Configuration Protocol (DHCP) interface tracker, private VLANs, Dynamic Address Resolution Protocol (ARP) Inspection, IP Source Guard, MAC address notification, and RADIUS/TACACS+. Depending on your security needs, the Cisco Catalyst 3560 Series complements devices such as firewalls, VPNs, and intrusion detection systems.
Q. For security purposes, how can I protect unauthorized users from accessing my network?
A. The Cisco Catalyst 3560 Series supports 802.1x that works in conjunction with a RADIUS server to authenticate users as they access a network. The 802.1x standard is considered port-level security and is commonly used for wireless LANs. Additionally, portions of the network can be restricted by using ACLs. Access can be denied based on MAC addresses, IP addresses, or TCP/User Datagram Protocol (UDP) ports. ACL lookups are done in hardware-forwarding, and routing performance is not compromised when implementing ACL-based security. An additional protection method is to use port security, which helps ensure that the appropriate user is on the network by limiting access to the port based on MAC addresses.
Q. For security purposes, how can I monitor or track activities in my network?
A. Intrusion detection systems are tailored to monitor and track activities in a network. The Cisco Catalyst 3560 Series can complement this through features such as MAC address notification, which sends an alert so network managers know when and where users came on to the network and can take appropriate actions. The DHCP Interface Tracker (Option 82) feature tracks where a user is physically connected on a network by providing both switch and port ID to a DHCP server. With the Dynamic ARP Inspection feature, the switch logs denied or dropped ARP packets and gives administrators the ability to look at statistics for forwarded, dropped, MAC validation failure, IP validation failure, ACL permitted and denied, and DHCP permitted and denied packets for all VLANs configured on the switch, for a specified VLAN, or for a range of VLANs. In addition, DHCP snooping combined with IP Source Guard enables the administrator to keep track of both dynamic and static IP/MAC mapping tables.
Q. How do I protect administration passwords and traffic going to the switch during configuration or troubleshooting?
A. To protect administration traffic during the configuration or troubleshooting of a switch (such as passwords or device configuration settings), the best approach is to encrypt the datBoth SSH and SNMPv3 provide encryption of data during Telnet sessions and SNMP sessions.
Q. Does the Cisco Catalyst 3560 support SSHv2?
Q. What is the difference between the Private VLAN Edge (Protected Port) and Private VLAN features?
A. The Private VLAN Edge feature. also known as the Protected Port feature, is a limited subset of the full Private VLAN feature. The Private VLAN feature supports primary and secondary VLANs and Community and Isolated VLANS, whereas Private VLAN Edge only supports the equivalent of Isolated VLANs.
Q. Does the Cisco Catalyst 3560 Series support Cisco Switch Clustering technology?
A. Yes, these switches can be managed using the Cisco Network Assistant software, which uses Cisco Switch Clustering technology. Cisco Network is a PC-based network management application optimized for LANs of small and medium-sized businesses with up to 250 users. Cisco Network Assistant offers centralized management of Cisco switches, routers, and WLAN access points. It supports a wide range of Cisco switches from Cisco Catalyst 2950 through Cisco Catalyst 4506. Through a user-friendly GUI, users can configure and manage a wide array of switch functions and start the device manager of Cisco routers and Cisco wireless access points. Cisco Network Assistant is available at no cost from Cisco.com.
Cisco Network Assistant provides an integrated management interface for delivering intelligent services, enabling users to manage their entire LAN with one robust tool. By bringing the simplicity of traditional LAN switching to intelligent services such as multilayer switching, QoS, multicast, and security ACLs, Cisco Network Assistant allows administrators to take advantage of benefits formerly reserved for only the most complex networks. The Guide Mode in Cisco Network Assistant leads the user step-by-step through the configuration of high-end features and provides enhanced online help for context-sensitive assistance. In addition, a solution wizard provides automated configuration of the switch for video streaming or videoconferencing.
Cisco Network Assistant supports standards-based connectivity options such as Ethernet, Fast Ethernet, Fast EtherChannel
®, Gigabit Ethernet, and Gigabit EtherChannel connectivity. Because Cisco Switch Clustering technology is not limited by proprietary stacking modules, stacking cables, or interconnection media, Cisco Network Assistant expands the traditional cluster domain beyond a single wiring closet and lets users mix and match interconnections to meet specific management, performance, and cost requirements.
Cisco Catalyst 3560 switches can be configured either as command or member switches in a Cisco switch cluster. Cisco Network Assistant also allows the network administrator to designate a standby or redundant command switch, which takes the commander duties should the primary command switch fail. Other important features include the ability to configure multiple ports and switches simultaneously, as well as perform software updates across the entire cluster at once. Bandwidth graphs and link reports provide useful diagnostic information and the topology map gives network administrators a quick view of the network status.
Q. How does the Cisco Catalyst 3560 Series compare to the Cisco Catalyst 3550 Series?
A. The Cisco Catalyst 3560 Series extends Cisco PoE and 10/100/1000 offerings. Both product families are designed for deployments in similar topological positions in the network and support networkwide intelligent services such as advanced QoS, rate-limiting, ACLs, multicast management, and high performance routing. In contrast to the Cisco Catalyst 3550 Series, the Cisco Catalyst 3560 Series offers 10/100/1000 models as well as the flexibility of several uplink options through SFP-based instead of GBIC-based Gigabit Ethernet ports. The smaller form factor allows a design with 48 10/100 ports with PoE and 4 SFP-based uplink ports in a 1 rack unit (RU) form factor. Also, the Cisco Catalyst 3560 Series supports the IEEE 802.3af PoE implementation in addition to Cisco prestandard PoE (inline power) implementation. The Cisco Catalyst 3550 Series is a broader product family that includes AC and DC powered 10/100 configurations, low-port-density Gigabit Ethernet configurations, and a 100FX aggregator switch. All of the Cisco Catalyst 3550 configurations support the Cisco GigaStack GBIC for stacking connections.
Q. How does the Cisco Catalyst 3560 Series compare to the Cisco Catalyst 3750 Series?
A. The Cisco Catalyst 3560 Series consists of mainstream products for fixed configuration enterprise 10/100 and 10/100/1000 applications. The Cisco Catalyst 3750 Series is ideal when a group of interconnected switches requires higher levels of availability, redundancy, performance, and ease-of-use inherent in the Cisco StackWise technology. The Cisco Catalyst 3750 Series also has Fast Ethernet configurations that support IEEE 802.3af and Cisco prestandard PoE.
The hardware warranty available on Cisco Catalyst 3750-E, 3560-E, 3750, Catalyst 3560, Catalyst 3550, Catalyst 2970, Catalyst 2960, Catalyst 2950, Catalyst 2940, Catalyst Express 500, and Catalyst 3500 Series Switches is the Limited Lifetime Hardware Warranty. This warranty automatically comes with the purchase of eligible Cisco Catalyst products, free of charge. Additionally, it offers free advanced replacement of products within 10 business days. For details on the Limited Lifetime Hardware Warranty, visit
Q. What types of service and support are available for the Cisco Catalyst 3560 Series?
A. A full complement of lifecycle service and support is available for the Cisco Catalyst 3560 Series. From implementation to operation and optimization, Cisco offers Technical Support Service and Advanced Service delivered either directly or through one of its partners.
Technical Support Service
Technical Support Service is available through Cisco SMARTnet
® and SMARTnet Onsite. SMARTnet augments the resources of your operations staff by providing them with access to expertise, both online and on the telephone, and a range of hardware Advance Replacement options. SMARTnet Onsite complements the hardware Advance Replacement feature by adding the services of a field engineer. For more information about SMARTnet, visit
PRODUCT AND CONTACT INFORMATION
Q. Where can I find technical and product specifications and other additional information about the Cisco Catalyst 3560 Series?