|Model||Cisco Catalyst 2960L|
|Switch Type||Access Switch|
|Interface Port||8 x 10/100/1000|
|Power Over Ethernet (POE)||POE,POE+ 67W|
|Redundant Power Supply||No|
|Stack/Cluster||Virtual Stack (Up to 8)|
|Stacking Bandwidth Support||-|
|Switching capacity||20 Gbps|
|Total number of MAC addresses||16000|
|DRAM/FLASH||512 MB/256 MB|
|Software Feature Set||Lan Lite|
Cisco® Catalyst® 2960-L Series Switches are fixed and smart-managed Gigabit Ethernet switches that provide enterprise-class access switching for branch offices, out-of-the-wiring-closet applications, and critical Internet of Things (IoT) deployments, as well as small and medium-sized businesses. They operate on Cisco IOS® Software and support simple device management and network management via Command Line Interface (CLI) as well as an on-box web interface.
Catalyst 2960-L Smart Managed Switches are secure, reliable, enterprise grade switches built for small office deployments. These switches can be configured and managed via an on-box web interface allowing customers a quick and reliable way to get a small branch or office network up and running within minutes. These switches also feature limited CLI support for troubleshooting and monitoring.
The Cisco Catalyst 2960-L Series and 2960-L Smart Managed Switches are fully managed switches that offer advanced Layer 2 and basic Layer 3 features as well as Power over Ethernet Plus (PoE+) power. These switches deliver enhanced network security, network reliability, and operational efficiency.
All Cisco Catalyst 2960-L Series Switches support an enhanced version of Cisco IOS LAN Lite software image. For more information about the software features supported on the Cisco Catalyst 2960-L Series, please refer to the Cisco Feature Navigator: https://tools.cisco.com/ITDIT/CFN/jsp/index.jsp.
Cisco Catalyst 2960-L Switches support the following on-device management features:
- Web UI via Cisco Configuration Professional. Configuration Professional provides a user interface for day-zero provisioning, which enables easy onboarding of the switch. Configuration Professional also has an intuitive dashboard for configuring, monitoring, and troubleshooting the switch (Figure 1). For more information, about Cisco Configuration Professional, please refer to https://www.cisco.com/c/en/us/products/cloud-systems-management/configuration-professional-catalyst/index.html.
Cisco Configuration Professional web UI for the Cisco Catalyst 2960-L Switches
- Bluetooth for over-the-air access. The switches support an external Bluetooth dongle that plugs into the USB port on the switch and allows a Bluetooth-based RF connection with external laptops and tablets (Figure 2). Laptops and tablets can access the switch CLI using a Telnet or Secure Shell (SSH) client over Bluetooth. The GUI can be accessed over Bluetooth with a browser.
Over-the-air switch access using Bluetooth
- Virtual Stacking for managing a group of switches as a single entity. Up to eight switches can be configured and managed using a single IP address. Switches in a virtual stack can be configured from a single switch, which is called the commander switch. All the switches in a virtual stack can be managed using the CLI, SNMP, or the web UI. Switches in the virtual stack can also be configured and managed over the air via Bluetooth from a commander switch using the web UI. Virtual stacking also offers redundancy wherein a standby commander can manage and configure the stack if the primary master fails (Figure 3).
Redundancy in a group of switches managed as a virtual stack
The Cisco Catalyst 2960-L Series Switches offer a superior CLI for detailed configuration and administration. The switches are also supported by the full range of Cisco network management solutions.
- Cisco DNA Center on the Cisco Catalyst 2960-L Series Switches provides a simple web user interface to enterprise network customers for day-zero plug and play, switch discovery and management, topology visualization, and software image management. For details on Cisco DNA Center features, please refer to dnac.cisco.com.
- Cisco Prime Infrastructure provides comprehensive network lifecycle management, including an extensive library of easy-to-use features to automate the initial and day-to-day management of your Cisco network. Cisco Prime technology integrates hardware and software platform expertise and operational experience into a powerful set of workflow-driven configuration, monitoring, troubleshooting, reporting, and administrative tools. For detailed information about Cisco Prime, visit cisco.com/go/prime.
- Cisco Network Plug and Play is supported using the Cisco Application Policy Infrastructure Enterprise Module (APIC-EM) and Cisco DNA Center on Cisco Catalyst 2960-L Series Switches. This provides a simple, secure, unified, and integrated offering for enterprise network customers to ease new branch or campus device rollouts or for provisioning updates to an existing network with a near zero-touch deployment experience. For detailed information about APIC-EM-based Plug-and-Play capabilities, please refer to Cisco Network Plug and Play. Licenses have to be purchased for using the Cisco Prime Infrastructure, Cisco Network Plug and Play, or Cisco DNA Center network management solution.
Cisco Catalyst 2960-L Switches support both IEEE 802.3af PoE and IEEE 802.3at PoE+ (up to 30W per port) to deliver a lower total cost of ownership for deployments that incorporate Cisco IP phones, Cisco Aironet® wireless access points, or other standards-compliant PoE and PoE+ end devices. PoE removes the need to supply wall power to PoE-enabled devices and eliminates the cost of adding electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments.
The Cisco Catalyst 2960-L Switches PoE power allocation is dynamic, and power mapping scales up to a maximum of 370W of PoE+ power. Intelligent power management allows flexible power allocation across all ports. With Perpetual PoE, the PoE+ power is maintained during a switch reload. This is important for critical endpoints such as medical devices and for IoT endpoints such as PoE-powered lights, so that there is no disruption during a switch reboot.
Cisco Catalyst 2960-L Switches provide a range of security features to limit access to the network and mitigate threats, including:
- Comprehensive 802.1X features to control access to the network, including flexible authentication, 802.1X monitor mode, and RADIUS change of authorization.
- 802.1x support with Network Edge Access Topology (NEAT) extends identity authentication to areas outside the wiring closet (such as conference rooms).
- IEEE 802.1x User Distribution enables you to load-balance users with the same group name across multiple different VLANs.
- Disable per-VLAN MAC learning manages the available MAC address table space by controlling which interface or VLANs learn MAC addresses.
- Multidomain authentication to allow an IP phone and a PC to authenticate on the same switch port while being placed on appropriate voice and data VLANs.
- AAA command authorization in plug-and-play (PnP) to enable seemless PnP provisioning.
- Access control lists (ACLS) for IPv6 and IPv4 security and Quality-of-Service (QoS) ACL elements (ACEs).
- Port-based ACLs for Layer 2 interfaces to allow security policies to be applied on individual switch ports.
- SSH, Kerberos, and SNMPv3 to provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
- SPAN, with bidirectional data support, to allow Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
- TACACS+ and RADIUS authentication to facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
- MAC address notification to notify administrators about users added to or removed from the network.
- MAC authentication bypass and Webauth with downloadable ACLs allows per-user ACLs to be downloaded from the Cisco Access Control Server (ACS) as policy enforcement after authentication using MAB or Web authentication in addition to IEEE 802.1X.
- Web Authentication redirection enables networks to redirect guest users to the URL that they had originally requested.
- Multilevel security on console access to prevent unauthorized users from altering the switch configuration.
- BPDU guard to shut down spanning-tree PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
- IP Source Guard restricts IP traffic on nonrouted, Layer 2 interfaces by filtering traffic based on the DHCP snooping binding database or manually configuring IP source bindings.
- SSHv2 allows use of digital certificates for authentication between user and server.
- Spanning-Tree Root Guard (STRG) to prevent edge devices that are not in the network administrator’s control from becoming Spanning Tree Protocol (STP) root nodes.
- Internet Group Management Protocol (IGMP) filtering to provide multicast authentication by filtering out nonsubscribers and to limit the number of concurrent multicast streams available per port.
- Dynamic VLAN assignment through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
Basic Layer 3 Features
RIP is a commonly used routing protocol in small to medium-sized TCP/IP networks. It is supported in both IPv4 and IPv6 network environments.
Static routing is used to segment the network into separate workgroups and communicate across VLANs without degrading application performance.
Redundancy and Resiliency
Cisco Catalyst 2960-L Switches offer a number of redundancy and resiliency features to prevent outages and help ensure that the network remains available:
- IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offer the benefits of Layer 2 load balancing and distributed processing.
- Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
- Switch-port autorecovery (error disable) automatically attempts to reactivate a link that is disabled because of a network error.
- Link State Tracking binds the link state of multiple interfaces. The server NIC adapters form a group to provide redundancy in the network. When the link is lost on the primary interface, network connectivity is transparently changed to the secondary interface.
Cisco Catalyst 2960-L Switches offer intelligent traffic management that keeps everything flowing smoothly. Flexible mechanisms for marking, classifying, and scheduling deliver superior performance for data, voice, and video traffic, all at wire speed. Primary QoS features include:
- Up to eight egress queues and two thresholds per port, supporting egress bandwidth control, shaping, and priority queuing so that high-priority packets are serviced ahead of other traffic.
- Ingress policing allows the analysis of IP service levels for IP applications and services using active traffic monitoring - generating traffic in a continuous, reliable, and predictable manner—for measuring network performance. The number of ingress policers available per port is 64.
- QoS through Differentiated Services Code Point (DSCP) mapping and filtering.
- QoS through Traffic Classification
- Trust Boundary to configure device-based trust.
- Auto-QoS simplifies the deployment of QoS features.
- Shaped Round Robin (SRR) scheduling and Weighted Tail Drop (WTD) congestion avoidance.
- 802.1p Class of Service (CoS) classification, with marking and reclassification.
For more information on features supported on the intuitive Web-UI for Cisco Catalyst 2960-L Switches, refer to the Cisco Catalayst 2960-L Smart Managed Switches Configuration Guide.
Cisco Catalyst 2960-L Switches offer a range of industry-leading features for energy efficiency and management:
- IEEE 802.3az Energy Efficient Ethernet (EEE) enables ports to dynamically sense idle periods between traffic bursts and quickly switch the interfaces into a low-power idle mode, reducing power consumption.
- Cisco EnergyWise® policies can be used to control the power consumed by PoE-powered endpoints, desktop and data center IT equipment, and a wide range of building infrastructure. Cisco EnergyWise technology is included on all Cisco Catalyst 2960-L Series Switches. For more information about Cisco EnergyWise technology, visit cisco.com/go/energywise.
- Cisco Catalyst SmartOperations is a comprehensive set of capabilities that simplify LAN planning, deployment, monitoring, and troubleshooting. Deploying SmartOperations tools reduces the time and effort required to operate the network and lowers TCO.
- Loop detection is a new method to detect network loops in the absence of STP.
- Cisco AutoConfig services determine the level of network access provided to an endpoint based on the type of the endpoint device. This feature also permits hard binding between the end device and the interface.
- Cisco Smart Install services enable minimal-touch deployment by providing automated Cisco IOS Software image installation and configuration when new switches are connected to the network. This enables network administrators to remotely manage Cisco IOS Software image installs and upgrades.
- Cisco Auto SmartPorts services enable automatic configuration of switch ports as devices connect to the switch with settings optimized for the device type, resulting in zero-touch port-policy provisioning.
- Cisco Smart Troubleshooting is an extensive array of diagnostic commands and system health checks in the switch, including Smart Call Home. The Cisco Generic Online Diagnostics (GOLD) and online diagnostics on switches in live networks help predict and detect failures more quickly.
For more information about Cisco Catalyst SmartOperations, visit cisco.com/go/SmartOperations.
- Cisco AutoSecure provides a single-line CLI to enable baseline security features (port security, Dynamic Host Configuration Protocol [DHCP] snooping, Dynamic Address Resolution Protocol [ARP] Inspection). This feature simplifies security configurations with a single touch.
- DHCP auto configuration of multiple switches through a boot server eases switch deployment.
- Auto negotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
- Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
- Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups or Gigabit EtherChannel groups to link to another switch, router, or server.
- Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
- Automatic media-dependent interface crossover (MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed.
- Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic wiring or port faults to be detected and disabled on fiber-optic interfaces.
- Local Proxy ARP works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.
- VLAN1 minimization allows VLAN1 to be disabled on any individual VLAN trunk.
- IGMP snooping for IPv4 and IPv6 and Multicast Listener Discovery (MLD) v1 and v2 snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requesters.
- Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall system performance.
- Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
- Cisco VLAN Trunking Protocol (VTP) supports dynamic VLANs and dynamic trunk configuration across all switches.
- For enhanced traffic management, monitoring, and analysis, the embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
- Layer 2 trace route eases troubleshooting by identifying the physical path that a packet takes from source to destination.
- Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location
- Network Time Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.