© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 70
Overview
The Cisco® Catalyst® 3850 Switch is built on a unified access data plane (UADP) application-specific integrated
circuit (ASIC). This is a state-of-the-art ASIC that has all services fully integrated in the chip and thus requires no
additional modules. The ASIC is programmable and is flexible to support future requirements. It also delivers
services with flexibility and visibility across wired and wireless networks.
The access layer of the network has evolved from just pushing the traffic into the network to delivering a plethora of
services. The convergence of wired and wireless networks adds another level to services being applied at the
access layer. Service-rich and service-aware networking platforms allow organizations to achieve not only lower
total cost of ownership (TCO), but also faster time to service delivery.
This document provides an overview of the Cisco Catalyst 3850 and the steps to deploy services with the Cisco
Catalyst 3850. It broadly includes the following sections:
Security
Quality of service
Flexible NetFlow
Multicast
Mobility
Cisco Catalyst 3850 Security Policy
In today’s networking environment, it has become a challenge to manage security policies on wired and wireless
networks. It is mainly due to the fact that wired and wireless users are being identified in different points on the
network and are subject to different policies.
The Cisco Catalyst 3850 defines a major change in the architecture, because it brings wired and wireless networks
together on an access switch. As we terminate the wireless users on the Cisco Catalyst 3850, we also get visibility
to users who are getting onto the network at the access layer, similar to wired users. This change also moves the
policy point to the access layer, and therefore it gets consistent with the wired endpoints.
Configuring 802.1X in Converged Access
In the topology diagram shown in Figure 1, a wired corporate user and access points are connected to the Cisco
Catalyst 3850. Two wireless clients are connected to the service set identification (SSID) on the Cisco Catalyst
3850. One of the wireless users is a corporate user, and the other user is a partner. Corporate users and partner
users have different security policies defined on Cisco’s Identity Services Engine (ISE) server that is in the campus
services block. There are other servers such as call manager, video streaming server, and the Cisco Prime
Infrastructure server in the campus services block as well.