Converged wired plus wireless access
The Cisco Catalyst 3850 is the first stackable access switching platform that enables wired plus wireless services on a single Cisco IOS XE software-based platform. With this, Cisco has pioneered a host of rich capabilities such as high availability based on stateful switchover (SSO) on stacking, granular QoS, security, and Flexible Netflow (FNF) across wired and wireless in a seamless fashion.
Flexible NetFlow (FNF)
Full visibility into the wired plus wireless traffic is achieved because of the access point Control and Provisioning of Wireless Access Points (CAPWAP) tunnel termination on the switch. This helps identify users and user traffic flows in order to identify potential attackers and take corrective action at the access layer before the attack penetrates further into the network. This is achieved using FNF, which monitors every single flow entering and exiting the switch stack for wired and wireless users. It also helps identify the top wired/wireless talkers and enforce appropriate bandwidth provisioning policies.
Advanced wired plus wireless QoS capabilities
The 3850 switch has advanced wired plus wireless QoS capabilities. It uses the Cisco modular QoS command line interface (MQC). The switch manages wireless bandwidth using unprecedented hierarchical bandwidth management starting at the per-access-point level and drilling further down to per-radio, per-service set identification (SSID), and per-user levels. This helps manage and prioritize available bandwidth between various radios and various SSIDs (enterprise, guest, and so on) within each radio on a percentage basis. The switch is also capable of automatically allocating equal bandwidth among the connected users within a given SSID.
Provides a rich set of security features
The Cisco Catalyst 3850 provides a rich set of security features for wired plus wireless users. Features such as IEEE 802.1x, Dynamic Host Configuration Protocol (DHCP) snooping, IP Source Guard and control plane protection, wireless intrusion prevention systems (WIPSs), and so on enable protection against unauthorized users and attackers. With a variety of wired plus wireless users connecting to the network, the switch supports session-aware networking, in which each device connected to the network is identified as one session, and unique access control lists (ACLs) and/or QoS policies can be defined and applied using the ISE for each of these sessions, providing better control on the devices connecting to the network.