Datasheet
© 2015 Cisco and/or its affiliates. This document is Cisco Public Information. Page 7 of 30
For more information on Converged Wired plus Wireless Access, refer to the Q&A document here:
http://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-3850-series-switches/cisco-catalyst-3850-
series-switches-faq.pdf.
Distributed Intelligent Services
Flexible NetFlow (FNF)
Full visibility into the wired plus wireless traffic is achieved because of the access point Control and Provisioning of
Wireless Access Points (CAPWAP) tunnel termination on the switch. This helps identify users and user traffic flows
in order to identify potential attackers and take corrective action at the access layer before the attack penetrates
further into the network. This is achieved using FNF, which monitors every single flow entering and exiting the
switch stack for wired and wireless users. It also helps identify the top wired/wireless talkers and enforce
appropriate bandwidth provisioning policies.
QoS
The Cisco Catalyst 3850 switch has advanced wired plus wireless QoS capabilities. It uses the Cisco modular QoS
command line interface (MQC). The switch manages wireless bandwidth using unprecedented hierarchical
bandwidth management starting at the per-access-point level and drilling further down to per-radio, per-service set
identification (SSID), and per-user levels. This helps manage and prioritize available bandwidth between various
radios and various SSIDs (enterprise, guest, and so on) within each radio on a percentage basis. The switch is
also capable of automatically allocating equal bandwidth among the connected users within a given SSID. This
makes sure that all users within a given SSID get a fair share of the available bandwidth while being connected to
the network. The UADP ASIC enables the hierarchical bandwidth management and fair sharing of bandwidth,
thereby providing hardware-based QoS for optimized performance at line-rate traffic.
In addition to these capabilities, the switch is able to do class of service (CoS) or differentiated services code point
(DSCP) based queuing, policing, shaping, and marking of wired plus wireless traffic. This enables users to create
common policies that can be used across wired plus wireless traffic. The Cisco Catalyst 3850 also supports
downloadable policy names from the Cisco Identity Services Engine (ISE) when a user successfully authenticates
to the network using the ISE.
Security
The Cisco Catalyst 3850 provides a rich set of security features for wired plus wireless users. Features such as
IEEE 802.1x, port security, Dynamic Host Configuration Protocol (DHCP) Snooping and Guard, Dynamic ARP
Inspection, RA Guard, IP Source Guard, control plane protection (CoPP), wireless intrusion prevention systems
(WIPSs), and so on enable protection against unauthorized users and attackers. With a variety of wired plus
wireless users connecting to the network, the switch supports session-aware networking, in which each device
connected to the network is identified as one session, and unique access control lists (ACLs) and/or QoS policies
can be defined and applied using the ISE for each of these sessions, providing better control on the devices
connecting to the network.
Resiliency
Cisco StackWise-480 Technology
Cisco StackWise-480 technology is built on the highly successful industry-leading StackWise
®
technology, which is
a premium stacking architecture. StackWise-480 has a stack bandwidth of 480 Gbps. StackWise - 480 uses Cisco
IOS Software SSO for providing resiliency within the stack. The stack behaves as a single switching unit that is
managed by an “active” switch elected by the member switches.