The Cisco® ME 2400 Series Ethernet Access Switch is a next generation family of Layer 2 customer-located switches purposely built for triple-play service. Its design is based on the experience learned from today's most widely deployed access switches, the Cisco Catalyst® 2950 Series.
The Cisco ME 2400 Series offers service provider-friendly hardware and mission-specific software, including a complete security solution for Metro Ethernet access. This cost-effective solution is optimized for the Ethernet-to-the-home (ETTH) triple-play services.
The Cisco ME 2400 Series (Figure 1) includes the following configurations:
• Cisco 2400-24TS AC with 24 Ethernet 10/100 ports, 2 Small Form-Factor Pluggable (SFP) uplinks, and an AC power supply (part number ME-2400-24TS-A)
• Cisco 2400-24TS DC with 24 Ethernet 10/100 ports, 2 SFP uplinks, and a DC power supply (part number ME-2400-24TS-D)
Cisco ME 2400 Ethernet Access Switch for 10/100 Access
The SFP-based Gigabit Ethernet ports accommodate a wide range of 100BASE and 1000BASE SFP transceivers. The options include Cisco 100BASE-LX, 100BASE-FX, 100BASE-BX, 1000BASE-T, 1000BASE-SX, 1000BASE-LX, 1000BASE-ZX, and coarse wavelength-division multiplexing (CWDM) SFP transceivers. These ports also support the Cisco Catalyst 3560 SFP Interconnect Cable for establishing a low-cost Gigabit Ethernet point-to-point connection.
Service Provider-Friendly Hardware
Metro Ethernet access switches are typically deployed in the basements of office buildings or in apartments. Service providers are always challenged to find enough space to deploy equipment. To ease this obstacle, the purpose-built Cisco ME 2400 Series is designed with a compact form factor (1RU x 9.52 in.) and flexible mounting options. In addition, the Cisco ME 2400 Series is built with all front-accessed connectors to simplify field installation and troubleshooting.
The Cisco ME 2400 Series switches run software specifically designed for the Metro Ethernet market. Many new features are added to make the Cisco ME 2400 Series the optimal access switch for service providers. Many default behaviors of the Cisco ME 2400 Series are different from those of traditional Ethernet switches; these differences make the Cisco ME 2400 Series easier to configure, manage, secure, and troubleshoot.
The Cisco ME 2400 Series software introduces the concept of User-Network Interface/Network-Node Interface (UNI/NNI) for Ethernet access switches. Because the software can identify the application of each port, it can provide many powerful default behaviors. Table 1 lists some of the primary behaviors and benefits of UNI/NNI.
Table 1. UNI/NNI Default Behaviors
UNI Default: Down
Ports are be activated by the service provider before customers can receive service.
UNI Default: No Local Switching
Circuit-like behavior protects customers from each other.
UNI Default: Control Plane Security Enabled
Control-plane packet ingresses from the UNI are dropped in hardware to protect against denial of service (DoS).
NNI Default: Up
This feature helps enable automated configuration of the switch through a Dynamic Host Configuration Protocol (DHCP) or BOOTP server.
Comprehensive Security Solution
As Metro Ethernet networks continue to expand, one of the challenges that service providers face is to provide the same level of security as other access technologies. To meet this challenge, the Cisco ME 2400 Series switches provide the most comprehensive security solution for Ethernet access products. By dividing security into three portions and designing features for each, the Cisco ME 2400 can provide complete solution at the access layer. The three different areas of security the switch addresses are subscriber security, switch security, and network security.
The subscriber security helps create protection among customers. One of the biggest concerns about using a shared device for multiple customers is how to prevent customers from affecting each other. The Cisco ME 2400 Series addresses this concern by providing features such as UNI/NNI, DHCP Snooping, and Private VLAN. The UNI/NNI feature creates a circuit-like behavior to separate customers' traffic from each other. DHCP Snooping helps service providers identify each user's MAC address, IP address, and port information and prevents users from attempting DHCP based attacks.
The switch security is about protecting the switch itself from attacks. The Cisco ME 2400 Series offers features to protect CPU and configuration files from attacks. CPU is a critical component of an Ethernet switch; it is responsible for process-control protocols such as Spanning Tree Protocol and routing updates; if CPU is under DoS attack, those control packets could be dropped, resulting in network outage. Features such as Control Plane Security and Storm Control protect the CPU against malicious attacks. Port Security is another important security feature; it allows service providers to control the number of MAC addresses each subscriber is allowed - thereby protecting against overwhelming the switch memory.
The final area of security is network security. The features designed for this area filter all incoming traffic to help ensure that only valid traffic is allowed through the switch. The Cisco ME 2400 Series switches have features such as access control lists (ACLs) and 802.1x to identify the users and packets that are allowed to transmit traffic through the switch.
Table 2 gives the key features of the security solution.
Table 2. Key Features for Each Area of Complete Security Solution
UNI Default: No Local Switching
Control Plane Security
UNI default: Port down
Configuration File Security
Service Management Options
The Cisco ME 2400 Series offers a superior command-line interface (CLI) for detailed configuration. In addition, the switches support CiscoWorks, the Cisco CNS 2100 Series Intelligence Engine, and the Simple Network Management Protocol (SNMP) for networkwide management. Service providers can integrate the Cisco ME 2400 Series transparently into their operations support systems (OSSs) and enable improved flow-through provisioning.
The Cisco CNS 2100 Series network device allows service providers to effectively manage a network of Cisco IOS® Software devices, including the Cisco ME 2400 Series. It is a completely self-contained unit that includes a task-oriented Web GUI, a programmable Extensible Markup Language (XML) interface, configuration template management, and an embedded repository. Network operators can use the Web GUI to quickly turn existing Cisco IOS CLI configuration files into reusable templates. The Cisco CNS 2100 Series integrates easily into existing customer OSSs or business support systems (BSSs) and provisioning systems with its external repository support and the event-based Cisco IOS Software XML interface that effectively "workflow-enables" Cisco device deployment. Service providers also can manage the Cisco ME 2400 Series using SNMP versions 2 and 3. A comprehensive set of MIBs is provided for service providers to collect traffic information on the Cisco ME 2400 Series.
The purpose-built Cisco ME 2400 Series switches help service providers offer a portfolio of profitable, differentiated services such as triple-play services for the ETTH market.
Triple-play service is a popular choice for service providers. By combining Internet access, voice, and video services, service providers can generate higher average revenue per unit (ARPU). Triple-play service provides additional value by increasing customer retention. The Cisco ME 2400 Series switches are optimized for triple-play service. By delivering the primary features in the areas of quality of service (QoS), multicast, and security, the Cisco ME 2400 Series helps service providers deploy successful triple-play service (Figure 2).
Key Features and Benefits
Table 3 gives features and benefits of the Cisco ME 2400 Series.
Table 3. Features and Benefits
Purpose-Built Next-Generation Ethernet Access Switches for Metro Ethernet ETTH Market
• All front access provides ease of deployment and troubleshooting in the field.
• Compact form factor (1RU x 9.52 in.) allows for deployment in space-limited areas.
• Dual-speed SFP transceivers support (100 and 1000 MB) provide flexible uplink options.
• Both AC and DC power options are available.
• Software is optimized for triple-play services.
Availability and Scalability
Superior Redundancy for Fault Backup
• IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) provides rapid spanning-tree convergence independent of spanning-tree timers and offers the benefit of distributed processing.
• Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
• Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic connections or port faults to be detected and disabled on fiber-optic interfaces.
• Switch-port autorecovery (errdisable) automatically attempts to reactivate a link that is disabled because of a network error.
• Bandwidth aggregation up to 800 Mbps through Cisco Fast EtherChannel® technology enhances fault tolerance and offers higher-speed aggregated bandwidth between switches and to routers and individual servers.
Efficient Multicast Distribution
• Multicast VLAN Registration provides efficient multicast distribution in ring networks by dedicating a single VLAN for multicast traffic, thereby removing duplicate multicast traffic in other VLANs.
• Internet Group Management Protocol (IGMP) Snooping helps enable intelligent management of multicast traffic by examining IGMP messages.
Robust Multicast Control
• IGMP Fast Leave provides a fast channel-changing capability for IPTV services.
• IGMP filtering provides control of groups each user can access.
• IGMP Throttling controls the maximum number of multicast groups each user can access.
QoS and Control
• The Cisco Modular QoS CLI (MQC) provides a modular and highly extensible framework for deploying QoS, by standardizing the CLI and semantics for QoS features across all platforms that are supported by Cisco IOS Software.
• Standard 802.1p class of service (CoS) and differentiated services code point (DSCP) field classification are provided, using marking and reclassification on a per-packet basis by source and destination IP address, source and destination MAC address, or Layer 4 TCP/User Datagram Protocol (TCP/UDP) port number.
• Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet basis.
• Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by intelligently servicing the ingress and egress queues.
• Weighted Tail Drop (WTD) provides congestion avoidance at the ingress and egress queues before a disruption occurs.
• Strict priority queuing helps ensure the highest-priority packets are serviced ahead of all other traffic.
• There is no performance penalty for advanced QoS functionalities.
Granular Rate Limiting
• The Cisco Committed Information Rate (CIR) function provides bandwidth in increments as low as 8 kbps.
• Ingress policing is provided based on source and destination IP address, source and destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
• Asynchronous data flows upstream and downstream from the end station or on the uplink are easily managed using ingress policing and egress shaping.
• Egress shaping for each queue provides smooth traffic control of available bandwidth.
• Egress port rate limiting allows the service provider to control the traffic rate that is transmitted out of the port.
Complete Security Solutions
• IEEE 802.1x allows dynamic, port-based security by providing user authentication.
• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
• IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses.
• No local switching behavior provides security and isolation between UNIs, helping ensure that users cannot monitor or access other users' traffic on the same switch.
• DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses.
• Control Plane Protection prevents DoS attacks on the CPU.
• Secure Shell (SSH) Protocol, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
• Port security secures the access to an access or trunk port based on MAC address. After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.
• Multilevel security on the console access prevents unauthorized users from altering the switch configuration.
• TACACS+ and RADIUS authentication facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
• Configuration File Protection helps ensure that only authenticated users have access to the configuration file.
• Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
• Port-based ACLs for Layer 2 interfaces allow for application of security policies on individual switch ports.
• MAC address notification allows administrators to be notified of users added to or removed from the network.
• IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
• Remote Switched Port Analyzer (RSPAN) allows for remote monitoring of the user interface.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
• The Cisco IOS CLI provides a common user interface and command set with all Cisco routers and Cisco Catalyst desktop switches.
• Service Assurance Agent (SAA) provides service-level management throughout the LAN.
• VLAN trunks can be created from any port, using standards-based 802.1Q tagging. Up to 1005 VLANs per switch and up to 128 spanning-tree instances per switch are supported.
• Four thousand VLAN IDs are supported.
• RSPAN allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
• For enhanced traffic management, monitoring, and analysis, the embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
• Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
• All nine RMON groups are supported through a SPAN port, permitting traffic monitoring of a single port, a group of ports, or the entire stack from a single network analyzer or RMON probe.
• Domain Name System (DNS) provides IP-address resolution with user-defined device names.
• Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
• Network Timing Protocol (NTP) provides an accurate and consistent time stamp to all intranet switches.
• The Cisco ME 2400 Series supports the Cisco CNS 2100 Series Intelligence Engine and SNMP for network-wide management.
• CiscoWorks network-management software provides management capabilities on a per-port and per-switch basis, providing a common management interface for Cisco routers, switches, and hubs.
• SNMP versions 1, 2c, and 3 and Telnet provide comprehensive in-band management, and a CLI-based management console provides detailed out-of-band management.
• Cisco Discovery Protocol versions 1 and 2 help enable automatic switch discovery for a CiscoWorks network management station.
• The CiscoWorks 2000 LAN Management Solution is supported.
Table 4 lists product specifications for the Cisco ME 2400 Series Ethernet access switches.
Table 4. Product Specifications
• Forwarding bandwidth:
· Cisco ME 2400-24TS AC (part number ME-2400-24TS-A): 8.8 Gbps
· Cisco ME 2400-24TS DC (part number ME-2400-24TS-D): 8.8 Gbps
• Forwarding rate:
· Cisco ME 2400-24TS AC (part number ME-2400-24TS-A): 6.5 Mpps
· Cisco ME 2400-24TS DC (part number ME-2400-24TS-D):6.5 Mpps
• 64-MB DRAM and 16-MB flash memory
• Configurable up to 2000 MAC addresses
• Configurable up to 1000 IGMP groups and multicast routes
• Configurable maximum transmission unit (MTU) of up to 9000 bytes, with a maximum Ethernet frame size of 9018 bytes (jumbo frames) for bridging on Gigabit Ethernet ports, and up to 1546 bytes for bridging and routing on Fast Ethernet ports
Cisco Systems® is committed to minimizing total cost of ownership (TCO). Cisco offers a portfolio of technical support services to help ensure that Cisco products operate efficiently, remain highly available, and benefit from the most up-to-date system software. The services and support programs described in Table 8 are available as part of the Cisco Desktop Switching Service and Support solution, and are available directly from Cisco and through resellers.
Table 8. Service and Support
Service and Support
• Cisco Total Implementation Solutions (TIS), Available Directly from Cisco
• Cisco Packaged TIS, Available through Resellers
• Project management
• Site survey, configuration, and deployment
• Installation, text, and cutover
• Major moves, adds, and changes
• Design review and product staging
• Supplement existing staff
• Help ensure functions meet needs
• Mitigate risk
• Cisco SP Base Support and Service Provider-Based Onsite Support, Available Directly from Cisco
• Cisco Packaged Service Provider-Based Support, Available through Resellers
• 24-hour access to software updates
• Web access to technical repositories
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance Replacement of hardware parts
• Facilitate proactive or expedited issue resolution
• Lower TCO by taking advantage of Cisco expertise and knowledge
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.