The Cisco® Catalyst® 2940 Series switches are small, standalone, managed switches with eight Fast Ethernet ports and a single integrated Fast Ethernet or Gigabit Ethernet uplink. The switches are designed to be used outside the wiring closet in the end-user workspace, and feature a durable metal shell, no fan for silent operation, easy wall or under-the-desk mounting, a security lock slot to prevent theft, and an available cable guard to secure the Ethernet cables and switch.
Figure 1. Cisco Catalyst 2940 Series Switches
The Cisco Catalyst 2940 Series is extremely easy to set up and configure via Cisco Express Setup, a simple Web-Based setup utility. For more advanced configuration and ongoing management, the Cisco Catalyst 2940 Series has a console port and supports remote management protocols such as Telnet, Simple Network Management Protocol (SNMP), as well as Cisco Network Assistant, which is a free PC-based network management application. Combine this with the rich functionality of Cisco IOS® Software, and these switches provide comprehensive functionality and manageability for classrooms, conference rooms, or other very small workgroup environments. In addition, the Cisco Catalyst 2940 Series is supported by a limited lifetime warranty. The Cisco Catalyst 2940 Series switches provide the lowest total cost of ownership in their product class with their durable design, enhanced security, simple installation and management, and award-winning Cisco support.
• Cisco Catalyst 2940-8TT:
– Eight 10/100 ports
– One 10/100/1000BASE-T port
• Cisco Catalyst 2940-8TF:
– Eight 10/100 ports
– One 100BASE-FX port and One 1000BASE-X Small Form-factor Pluggable (SFP) slot (only one active port at a time)
• Cisco Catalyst 2940 Series Cable Guard
– Helps prevent switch theft as well as prevent tampering or removal of Ethernet cables
• Cisco Catalyst 2940 Series Rack Mount
– Allows the switch to be secured in cabinets with 19 inch rack mounting
DESIGNED FOR THE END-USER ENVIRONMENT
The Cisco Catalyst 2940 switches are designed to be used beyond the wiring closet in the end-user environment. The following features make the switches ideal for classrooms, conference rooms, or very small workgroup environments:
• Small form factor: Only 10.6 in. long and 6.4 in. deep, this switch fits unobtrusively into tight areas or small cabinets. By using a right-angle power cord, the space required is even further reduced (see Figure 5 for size comparison to an electrical outlet).
• Durability: An all-metal shell ensures that this switch will not get damaged from incidental blows from furniture or other hardware, as well as mitigates the impact of vandals.
• Silent operation: By employing passive cooling instead of a fan or blower, this switch is completely silent and does not disrupt quite workspaces.
• Flexible mounting capabilities: The switches can be mounted on a wall, on top of or under a desk or table, or on other surfaces using the mounting slots and the supplied screws (see Figure 2). In addition, for easy deployment on metal surfaces not suited for screws, a magnet is included as an additional mounting option. An internal power supply further enhances mounting flexibility because the power cord is not burdened with a large, heavy power brick.
• Physical Security: A security lock slot located on each side of the switch can be used with a standard cable lock to prevent theft (see Figure 3). In addition, the Cisco Catalyst 2940 Series Cable Guard is available to provide extra security against theft as well as protect the Ethernet cables from tampering or removal (see Figures 4 and 5).
The Cisco Catalyst 2940 Series delivers a low total cost of ownership (TCO) within its product class by excelling in three key areas: security, manageability, and investment protection.
Cisco Catalyst 2940 Series switches offer enhanced data security through a wide range of security features. These features allow customers to provide network security based on users or MAC addresses.
Secure Shell version 2 (SSHv2) protects information from being eavesdropped or being tampered with by encrypting information being passed on the network, thereby guarding administrative information. Private VLAN Edge isolates ports on a switch, ensuring that traffic travels directly from the entry point to the aggregation device through a virtual path and cannot be directed to another port. In addition, for authentication of users with a TACACS+ or a RADIUS server, 802.1x provides port-level security. Simple Network Management Protocol Version 3 (SNMPv3) (non-cryptographic) monitors and controls network devices as well as manages configurations, performance, collection of statistics, and security.
For authentication of users with a Terminal Access Controller Access Control System (TACACS+) or RADIUS server, 802.1x provides port-level security. 802.1x, in conjunction with a RADIUS server, allows for dynamic port-based user authentication. 802.1x-based user authentication can be extended to dynamically assign a VLAN based on a specific user, regardless of where they connect on the network. With 802.1x with Guest VLAN, guests are allowed access to the Internet via the Guest VLAN but cannot access the customer's internal network. This intelligent adaptability allows IT departments to offer greater flexibility and mobility to their stratified user populations. By combining access control and user profiles with secure network connectivity, services, and applications, enterprises can more effectively manage user mobility and drastically reduce the overhead associated with granting and managing access to network resources.
With the Cisco Catalyst 2940 switches, network managers can make ports and consoles highly secure. MAC-address-based port-level security prevents unauthorized stations from accessing the switch. Multilevel access security on the switch console and the Web management interface prevents unauthorized users from accessing or altering switch configurations and can be implemented using an internal user database on each switch or a centrally administered TACACS+ or RADIUS server.
Manageability is critical for customers who are concerned with user productivity, as it allows them to proactively troubleshoot connectivity or performance issues. Typically, unmanaged switches require network administrators to physically inspect the switch when problems arise and do not provide troubleshooting tools or network statistics. In stark contrast, the Cisco Catalyst 2940 Series has robust SNMP Management Information Base (MIB) support and is fully manageable by the CiscoWorks suite of network management tools. Most importantly, the Cisco Catalyst 2940 runs the same Cisco IOS Software with which so many network administrators are already familiar, thus reducing training and operating costs.
The Catalyst 2940 series comes with an embedded GUI device manager that simplifies initial configuration of a switch. Users now have the option to set up the switch through a Web browser, eliminating the need for more complex terminal emulation programs and knowledge of the command-line interface (CLI). Cisco Smartports have preset Cisco recommended network configurations including quality of service, security, and multicast settings to allow for transparent integration of data, video, IP communications, and wireless LAN applications.
Users can also manage the Catalyst 2940 series with Cisco Network Assistant, an advanced PC-based network management application. Cisco Network Assistant offers centralized management and configuration of Cisco switches and other Cisco devices such as routers and wireless access points. With Cisco Network Assistant, in addition to configuring multiple switches at a time, you can configure Cisco wireless access points, and invoke the device manager on Cisco routers and access points. Software upgrades on Cisco switches, routers, and wireless access points are as easy as a drag-and-drop process. You can download Cisco Network Assistant (available at no cost) from the Cisco website http://cisco.com/go/cna.
Investment Protection-Switches Designed to Outlive Your Deployment Horizon
In contrast to low-end unmanaged switches that often have high failure rates and do not stay current with new technologies, the Cisco Catalyst 2940 Series switches are built to last. A durable all-metal shell, an exceptionally high mean time between failure (MTBF) of over 70 years, and a Limited Lifetime Warranty, help ensure that this switch will outlast your anticipated deployment timeframe.
Finally, the switches provide a smooth migration to Gigabit Ethernet uplinks for those customers who have not yet upgraded their Fast Ethernet uplinks. The 2940-8TT provides an autosensing 10/100/1000BASE-T port for use as a Fast Ethernet or Gigabit Ethernet uplink over copper. Meanwhile, the 2940-8TF provides fiber optic uplink connectivity via an integrated 100BASE-FX Fast Ethernet port, as well as a 1000BASE-X Gigabit SFP slot that supports Cisco's 1000BASE-SX, 1000BASE-LX, 1000BASE-ZX, 1000BASE CWDM, and 1000BASE-T SFPs.
Rich IOS Functionality
The Cisco Catalyst 2940 Series supports a Cisco IOS Software feature set that is nearly identical to that offered in the Standard Image Cisco Catalyst 2950 Series switches. This functionality provides:
• Support for network edge security to prevent unauthorized users
• Quality-of-service capabilities for basic data, video, and voice applications
• High-availability features to ensure user productivity
• Full network management support
Table 1. Product Features and Benefits
Ease of Use and Ease of Deployment
• Dynamic Trunking Protocol (DTP)
• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP)
• Each non-SFP port detects the speed of the attached device and automatically configures the port for 10-,
100-, or 1000-Mbps operation, easing switch deployment in mixed 10, 100, and 1000BASE-T environments.
• Each non-SFP port automatically selects half- or full-duplex transmission mode to optimize bandwidth.
• Switch ports automatically configure as trunks if connected to a trunk port on another switch or router.
• Switch ports automatically configure as Cisco Fast EtherChannel® groups or IEEE 802.3ad groups when there are multiple links to another switch, router, or server.
• Allows a DHCP relay agent to broadcast DHCP requests to the network DHCP server.
• The switch can be connected to the network and can forward traffic with no configuration.
• All ports automatically adjust transmit and receive pairs depending on cable type (cross-over or straight-through) connected.
• Web browser utility allows simple switch set up so that even novices can perform a basic configuration.
Superior Redundancy for Fault Backup
• IEEE 802.1D Spanning
• IEEE 802.1w Rapid Spanning Tree Protocol
• Per-VLAN Rapid Spanning Tree Plus (PVRST+)
• UniDirectional Link Detection (UDLD) and Aggressive UDLD
• Provides rapid spanning tree convergence independent of spanning tree timers and the benefit of
• Allows rapid spanning tree re-convergence on a per-VLAN spanning tree basis, without requiring the implementation of spanning tree instances.
• Transitions a port directly to forwarding state after linkup, allowing users to connect to the network in 2-3 seconds, rather than waiting ~50 seconds for spanning tree to resolve.
• Unidirectional links automatically detected and disabled to avoid problems such as spanning tree loops; Aggressive Mode automatically retries the link periodically to see if it has returned to bidirectional.
• Automatically attempts to re-enable a link that is disabled due to a network error (also known as
• Shuts down Spanning-Tree Protocol PortFast-enabled interfaces when Bridge Protocol Data Units (BPDUs) are received to avoid accidental topology loops.
• Prevents edge devices not in the network administrator's control from becoming Spanning Tree Protocol root nodes.
• Per-port broadcast, multicast, and unicast storm control
• Per VLAN Spanning Tree Plus (PVST+)
• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP)
• VLAN Trunking Protocol (VTP) pruning
• Internet Group Management Protocol (IGMP) Snooping
• IGMP immediate-leave processing
• Multicast VLAN Registration (MVR)
• Prevents faulty end stations from degrading overall systems performance.
• Allows for Layer 2 load sharing on redundant links to utilize the full capacity of a redundant design.
• Allows a spanning tree instance per VLAN, enabling Layer 2 load sharing on redundant links.
• Limits bandwidth consumption on VTP trunks by limiting broadcast traffic only to trunk links required to reach the destination devices.
• Provides bandwidth-intensive multicast traffic to only the requestors, rather than flooding all ports. Support for IGMP version 1 and 2.
• Faster than normal multicast leave processing, this prunes out unnecessary multicast traffic immediately after a leave request.
• Allows multicast streams in a single networkwide multicast VLAN while subscribers remain in separate VLANs for bandwidth and security reasons.
Quality of Service/Control
Advanced Quality of Service
• Honor 802.1p class of service (CoS)
• Mark/override 802.1P CoS per port
• 4 egress queues per port
• Weighted Round Robin (WRR) scheduling
• Strict Priority scheduling
• Ability to prioritize traffic and put it in different queues.
• Network administrator can enforce QoS policies, and prevent users from abusing QoS settings.
• Enables network traffic to be put into 4 different queues, depending on the CoS priority.
• High priority queues can be allocated more time to send traffic. However, WRR also ensures lower priority queues are not neglected.
• Guarantees that the highest-priority packets are serviced ahead of all other traffic. Particularly useful
for time-sensitive applications like voice over IP.
Network Management Security
• VLAN1 minimization
• TACACS+ and RADIUS Authentication
• Multilevel management levels
• Secure Shell v2
• Allows VLAN1 to be disabled on any individual VLAN trunk link.
• Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication Dial-In User Service (RADIUS) authentication enable centralized control of switch administration and management.
• Allows for 15 levels of switch management authorization, ranging from read-only to full read/write capabilities.
• SSHv2 provides network security by encrypting administrator traffic during Telnet sessions. SSHv2 requires a special cryptographic software image because of U.S. export restrictions.
Network Edge Security
• IEEE 802.1x
• IEEE 802.1x with VLAN assignment
• IEEE 802.1x with Guest VLAN
• IEEE 802.1x and port security
• IEEE 802.1x with voice VLAN
• Private VLAN Edge
• SPAN for IDS
• MAC address notification
• Port security
• Autotrusted boundary
• IGMP filtering
• Dynamic VLAN Assignment
• Allows dynamic, port-based security, providing user authentication.
• Allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
• Allows guests without 802.1x clients to have limited network access on the guest VLAN.
• Provided to authenticate the port and manage network access for all MAC addresses, including those of the client.
• Permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port.
• Provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users' traffic.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Secure Intrusion Detection System (IDS) to take action when an intruder is detected.
• Allows administrators to be notified of users added to or removed from the network. Good for tracking location of users or stolen laptops.
• Secures the access to an access or trunk port based on MAC address. After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.
• Ability to trust the QoS priority settings if an IP phone is present and to disable the trust setting in the event that the IP phone is removed, thereby preventing a malicious user from overriding prioritization policies in the network.
• Provides multicast authentication by filtering out non-subscribers and limits the number of concurrent multicast streams available per port.
• Using VLAN Membership Policy Server (VMPS) client functionality, ports can be assigned to VLANs based on the MAC address connected to the port or a user login (using the CiscoWorks User Registration Tool).
• SNMPv1/2/3 (non-crypto) and robust MIB support
• Cisco IOS CLI
• Telnet and console access
• Service Assurance Agent (SAA)
• 802.1q VLANs
• Voice VLAN
• Remote Monitoring (RMON)
• Layer 2 Traceroute
• Switch Port Analyzer (SPAN) port
• Trivial File Transfer Protocol (TFTP)
• Network Time Protocol (NTP)
• Multifunction LEDs per port
• Switch-level Status LEDs
• Enables full management of switches via standard network management tools.
• Provides common user interface and command set with all Cisco routers and Cisco Catalyst desktop switches, minimizing training costs.
• Telnet provides comprehensive remote in-band management, while console port enables out-of-band management.
• Facilitates service-level management by providing network response time measurements.
• Up to 128 802.1Q VLANs per switch, as well as 4096 VLAN IDs. Any port can be a VLAN trunk port.
• Simplifies IP telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
• Propogates VLAN and trunk configuration across all switches in the network.
• For enhanced traffic management, monitoring, and analysis, the Embedded Remote Monitoring (RMON) software agent supports 4 RMON groups (history, statistics, alarms, and events). All 9 RMON groups are supported when using SPAN to mirror traffic to an RMON probe or network analyzer.
• Eases troubleshooting by identifying the physical path that a packet takes from source to destination.
• Mirrors traffic from a port or group of ports to a single destination port, where a network analyzer or RMON probe can be connected. 1 SPAN session only.
• Reduces the cost of administering software upgrades by downloading from a centralized server.
• Provides an accurate and consistent timestamp to all intranet switches.
• For port up/down status; half-duplex and full-duplex mode; and 10BASE-T, 100BASE-TX, and 1000BASE-T indication.
• Provides easy visual indication of system integrity status.
• Cisco Network Assistant is a no-charge Windows-based application that simplifies the administration of networks of up to 250 users. It supports a wide range of Cisco Catalyst intelligent switches. With Cisco Network Assistant, users can manage Cisco Catalyst switches and launch the device managers of Cisco Integrated Services Routers and Cisco Aironet wireless LAN access points.
• The easy-to-use graphical interface provides both a topology map and front-panel view of the community and stacks.
• Cisco AVVID (Architecture for Voice, Video, and Integrated Data) wizards need just a few user inputs to automatically configure the switch to optimally handle different types of traffic: voice, video, multicast, and high-priority data.
• A security wizard is provided to restrict unauthorized access to applications, servers, and networks.
• Upgrading the Cisco IOS software on Cisco Catalyst switches is a simple matter of drag-and-drop upgrades.
• Cisco Network Assistant supports multilayer feature configurations such as routing protocols, ACLs, and QoS parameters
• Multi-device and multi-port configuration capabilities allow administrators to save time by configuring features across multiple switches and ports simultaneously.
• The user-personalized interface allows modification of polling intervals, table views, and other settings
• Alarm notification provides automated e-mail notification of network errors and alarm thresholds.
Cisco Express Setup
• Express Setup simplifies initial configuration of a switch through a Web browser, eliminating the need for more complex terminal emulation programs and CLI knowledge
• The Web interface enables less-skilled personnel to quickly and simply set up switches, thereby reducing the cost of deployment.
• Supported by CiscoWorks LAN Management Solution (LMS), Access Control Server (ACS), Small Network Management Solution (SNMS), and CiscoWorks for Windows
• Cisco Discovery Protocol (CDP) v1, v2
• CiscoWorks network-management software provides management capabilities on a per-port and per-switch basis, providing a common management interface for all Cisco routers, switches, hubs, and other Cisco devices. The CiscoWorks tools save time and reduce human errors.
• Enable a CiscoWorks network-management station to automatically discover and map switches.
Table 2. Hardware Specifications
• 3.6 Gbps maximum forwarding bandwidth
• 2.7 Mpps wire-speed forwarding rate (based on 64-byte packets)
• 16 MB DRAM and 8 MB Flash memory
• Configurable up to 8000 MAC addresses
• Configurable up to 255 multicast groups
• Configurable maximum transmission unit (MTU) of up to 1500 bytes
• 1000BASE-SX, -LX/LH, -T SFP-based port: LC fiber connectors, single-mode or multimode fiber, and RJ-45 connector for copper
• Management console port: Use RJ-45-to-DB9 cable for PC connections
• The internal power supply is an autoranging unit, supporting input voltages between 100 and 240 volts alternating current (VAC)
• Use the supplied AC power cord to connect the AC power connector to an AC power outlet
• Per-port status LEDs: link integrity, disabled, activity, speed, and full-duplex indications
• System-status LED
• (H x W x D) 1.55 x 10.6 x 6.42 in.
• (3.94 x 26.92 x 16.3 cm)
3 lb (1.36 kg)
• Operating temperature 32 to 113° F (0 to 45° C)
• Storage temperature -13 to 158° F (-25 to 70° C)
• Operating humidity 10 to 85% (noncondensing)
• Operating altitude up to 10,000 ft (3000 m)
• Storage altitude up to 15,000 ft (4570 m)
• International Organization for Standardization (ISO) 7779:
• bystander position operating to an ambient temperature of 30° C: 0 decibels (dB)
Telco CLEI Code
• 2940-8TF: CNMEG00ARA
• 2940-8TT: CNMEH00ARA
Mean Time Between Failure (MTBF)-Predicted
• 2940-8TF: 636,000 hrs (73 yrs)
• 2940-8TT: 771,000 hrs (88 yrs)
Limited lifetime warranty
Table 3. Power Specifications
• 15W (maximum)
• 50 Btus per hour
AC input voltage/frequency
100 to 240 VAC (autoranging), 50 to 60 Hz
Table 4. Management and Standards Support
Management Information Bases (MIBs)
• IF-MIB (RFC 1573)
• RFC1213-MIB (MIB-II)
• RFC1398-MIB (ETHERNET-MIB)
• RMON-MIB (RFC 1757)- 4 Groups
Management Information Bases (MIBs)
• IEEE 802.1s
• IEEE 802.1w
• IEEE 802.1x
• IEEE 802.3ad
• IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports
• IEEE 802.1D Spanning-Tree Protocol
• IEEE 802.1p CoS Prioritization
• IEEE 802.1Q VLAN
• IEEE 802.3 10BASE-T specification
• IEEE 802.3u 100BASE-TX specification
• IEEE 802.3ab 1000BASE-T specification
• IEEE 802.3z 1000BASE-X specification
• RMON I and II standards
• SNMPv1, SNMPv2c, SNMPv3 (non-crypto)
Table 5. Compliance
• UL to UL 60950, Third Edition
• C-UL to CAN/CSA C22.2 No. 60950-00, Third Edition
• TUV/GS to EN 60950:2000
• CB to IEC 60950 with all country deviations
• NOM to NOM-019-SCFI
• CE Marking
• FCC Part 15 Class A
• EN 55022: 1998 (CISPR22)
• EN 55024: 1998 (CISPR24)
• VCCI Class A
• AS/NZS 3548 Class A
• CNS 13438 Class A
SERVICE AND SUPPORT
Cisco Systems® is committed to minimizing total cost of ownership (TCO). Cisco offers a portfolio of Technical Support Services to help ensure that Cisco products operate efficiently, remain highly available, and benefit from the most up-to-date system software. The services and support programs described in the table below are available as part of the Cisco Desktop Switching Service and Support solution, and are available directly from Cisco and through resellers.
Table 6. Service and Support Products, Features, and Benefits
Service and Support
• Cisco Total Implementation Solutions (TIS), available direct from Cisco
• Cisco Packaged TIS, available through resellers
• Project management
• Site survey, configuration, and deployment
• Installation, test, and cutover
• Major moves, adds, and changes
• Design review and product staging
• Supplements existing staff
• Ensures functions meet needs
• Mitigates risk
Technical Support Services
• Cisco SMARTnet and SMARTnet Onsite, available direct from Cisco
• Cisco Packaged SMARTnet, available through resellers
• 24-hour access to software updates
• Web access to technical repositories
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance replacement of hardware parts
• Enables proactive or expedited issue resolution
• Lowers TCO by taking advantage of Cisco expertise and knowledge
• Minimizes network downtime
Table 7. Ordering Information
• 8 Ethernet 10/100 ports + 1 Ethernet 100BASE-FX + 1 1000BASE-X SFP port (1 uplink active at a time)
2Please note that the switch can be wall-mounted without the cable guard using the underside mounting slots depicted in Figure 2. However, the switch and cables will not be secured as they are in Figure 5.