|
|
 Muhammad Imam presented for Cisco at Tech Field Day Extra at Cisco Live US 2025 |
This Presentation date is June 10, 2025 at 13:00-18:30.
Presenters: Alex Burger, Andrea Orioli, Jacob Rapp, Javed Asghar, Jim Florwick, Joey Ristaino, Kenny Lei, Lee Peterson, Manmeet Kaur, Matt Swartz, Maurizio Portolani, Muhammad Imam, Nico Darrow, Nikitha Shashidhar, Ruben Lobo, Samuel Pasquier, Shankar Ramachandran, Shawn Wargo, Sunil Gudurvalmiki, Tom Kunath
Follow on Twitter using the following hashtags or usernames: #CiscoLive, #CiscoLive25, #TFDx
Introducing Cisco C9000 Series Smart Switches
Watch on YouTube
Watch on Vimeo
Join Cisco as we introduce the Catalyst C9000 family of switches featuring Cisco SiliconOne. This new series represents a significant evolution from the highly successful Catalyst 9000, introduced in 2017, which has been widely adopted by hundreds of thousands of customers. 2025 presents new challenges and opportunities, including the proliferation of AI-powered devices, the widespread adoption of multi-gigabit Wi-Fi 7, and the increasing relevance of quantum computing, especially concerning network security. These changes necessitate a new generation of networking hardware capable of handling evolving traffic patterns, such as the reverse flow of data driven by AI applications, and addressing the threat of “harvest now, decrypt later” from future quantum adversaries.
To address these challenges, Cisco is introducing the C9000 series smart switches, starting with two primary devices: the Cisco C9350 stackable switch and the Cisco C9610. The C9350 is a next-generation stackable switch, while the C9610 is a 10-slot chassis designed as a successor to platforms like the Catalyst 6500 and Nexus 7700. Both leverage Cisco Silicon One ASICs (K100 and A100) for high performance and come with an enhanced IOS-XE operating system, which includes microservices architecture, improved application hosting, and a roadmap towards quantum-safe compliance. A key innovation is the unified management approach, allowing customers to manage these switches via Meraki Dashboard, Catalyst Center, or traditional CLI/API, offering unprecedented operational flexibility.
The C9350 features a Silicon One A6 capable of 1.3 terabits of bandwidth and 1.6 terabits of stacking bandwidth, with significantly higher ACL and routing table scales compared to its predecessors. Its new stacking architecture utilizes standard Ethernet-based VXLAN for greater flexibility and improved resiliency against cable failures. The C9610 chassis is designed for 51.2 terabits per second, with supervisors supporting 25.6 terabits, and incorporates a centralized cable backplane for efficient front-to-back airflow. Both C9000 series switches are built with post-quantum cryptography compliance in mind, featuring secure unique identifiers (SUID) at the hardware level, and are ready for future security enhancements like HyperShield and Cisco Live Protect for rapid vulnerability remediation. The enhanced application hosting capabilities with faster CPUs, increased memory, and internal data connections further solidify their readiness for the AI era.
Personnel: Kenny Lei, Muhammad Imam
Cisco Silicon One ASICs: A100 and E100/K100
Watch on YouTube
Watch on Vimeo
Tune in for this overview of the newest additions to the Cisco SiliconOne lineup, the A100 and the E100/K100. These new Network Processing Units (NPUs) represent a second generation of Silicon One ASICs specifically designed for campus environments, prioritizing features and high scale over just raw speed. Unlike previous generations, these ASICs are built for a feature-rich environment, supporting large tables for MAC addresses, Access Control Lists (ACLs), and NetFlow. This new design is crucial for enabling advanced capabilities like application hosting for containerized environments, AI/ML models, and HyperShield, a containerized distributed firewall, directly on the switch hardware. The intelligence behind this is rooted in cloud-native IOS-XE, which seamlessly integrates with both Meraki Dashboard and Catalyst Center, offering a unified and automated management experience without the need for special commands or reboots.
The A100 and K100 ASICs boast significant advancements in memory and table management, critical for modern network demands. They feature enhanced Longest Prefix Match (LPM) for highly efficient routing table entries, achieving over 90% utilization for millions of routes. A key innovation is HCAM (Hash-based Algorithmic TCAM), which combines a reasonably sized TCAM with fast, cost-effective SRAM to deliver massive scale for ACLs and NetFlow, a crucial requirement for campus networks. This hybrid approach allows for flexible allocation of memory based on specific needs through customizable SDM templates. Furthermore, these ASICs include hardware-based MACsec and IPsec for line-rate data encryption, and support for Precision Time Protocol (PTP) and Audio Video Bridging (AVB) to address latency-sensitive traffic. The A100 and K100 can scale from 400 Gigabit Ethernet all the way down to 10 Megabit half-duplex, accommodating a wide range of devices, from high-performance uplinks to legacy printers.
The presentation also highlighted the architectural benefits of the new switches, particularly the next-generation StackWise. This redesigned stacking capability utilizes a Linux kernel with separate processes for bootstrapping and cluster management, enabling in-service software upgrades (ISSU) and minimizing disruption during updates. The cluster remains operational even if an individual switch process is interrupted, preventing catastrophic link downtime. This standardized, VXLAN-based stacking architecture provides dynamic link additions and ensures consistent management across both the C9350 and C9610. The underlying hardware improvements, including latest-model Intel X86 CPUs with higher and faster DRAM, are fundamental to supporting these advanced software capabilities and the demanding requirements of AI, security, and high-density network environments.
Personnel: Shawn Wargo
Preview of Cisco Cloud Delivered Campus Fabric
Watch on YouTube
Watch on Vimeo
See the future of Cisco’s Cloud Delivered Campus Fabric in this preview. The presentation detailed Cisco’s efforts to extend cloud management capabilities to more Catalyst platforms, particularly with the 17.18 release, which introduces support for the Catalyst 9500 and the rest of the Catalyst 9200 portfolio. This aims to address the challenges of traditional networks, such as management sprawl, troubleshooting difficulties, configuration inconsistencies, and security complexities, by creating a unified, cloud-managed campus fabric. The focus is on enabling larger environments with features like VRF support, BGP, routed interfaces, and RPVST, while also simplifying the integration of existing networks into the fabric.
A key aspect of this cloud-managed fabric is its seamless integration with existing network infrastructures. It allows for the gradual migration of network segments into the fabric, minimizing disruption and the need for extensive hardware overhauls. The underlay is designed to accommodate existing subnets, which can be moved into the fabric and selectively deployed across different leaves. This approach supports distributed wireless configurations and optimizes network topology by controlling broadcast traffic replication. Security is also a central theme, with full integration of adaptive policy and access manager to ensure granular control over endpoints, irrespective of the fabric topology.
The setup process is streamlined into five steps, three of which are critical: creating the fabric, assigning roles, and configuring border routing. A staging function allows for the review and approval of configurations before deployment, enhancing change control processes. The presentation also demonstrated the user experience, highlighting tools for troubleshooting and verifying fabric deployment. This cloud-orchestrated EVPN fabric aims to simplify network management, enhance security, and provide a flexible path for modernizing campus networks without requiring a complete infrastructure replacement.
Personnel: Alex Burger, Nico Darrow
Cisco N9300 Smart Switch and Hypershield Security for AI Scale
Watch on YouTube
Watch on Vimeo
Learn all about the new Cisco N9300 Smart Switch and its role in the data center. Cisco has launched Nexus Smart Switches designed for data center environments, featuring a 24-port, 100-gig switch currently shipping and a new 48-port, 25-gig top-of-rack switch becoming generally available in August. Both switches integrate 800 Gbps of services throughput, primarily offloaded to Data Processing Units (DPUs) that run Cisco HyperShield security. These Smart Switches aim to consolidate traditional networking and security devices into a single unit, with the Silicon One NPU handling network processing (routing, switching, VXLAN, multicast) and the DPUs providing dedicated firewall services. This architecture facilitates a complete isolation of management, with NetOps teams managing the network processor and SecOps teams directly controlling HyperShield software on the DPUs through separate dashboards for enhanced security and operational clarity.
The Nexus Smart Switches are designed to address key data center use cases including cloud edge, zone-based segmentation, and data center interconnect, with the top-of-rack use case being a major focus for future implementation. The switches provide a “before and after” consolidation view, illustrating how a single Smart Switch can replace multiple traditional switches and firewalls, streamlining infrastructure and reducing complexity. Provisioning involves activating DPUs with a simple command and establishing connectivity to the HyperShield public cloud controller. Traffic can be selectively redirected to DPUs for firewalling based on VRF or VLAN policies, ensuring that only necessary traffic is subject to deep packet inspection. The system also supports high availability with state synchronization between Smart Switches for Layer 2 and Layer 3 protocols, and integrates with Cisco Live Protect for rapid vulnerability remediation via EBPF policies.
HyperShield, initially conceived as a distributed advanced firewall, represents a forward-thinking approach to security by distributing enforcement points directly inside the kernel (via EBPF and the acquisition of Isovalent) and deeply within the network via the Smart Switches. It utilizes an intent-driven policy model, allowing security policies to be written once and enforced across both kernel-level agents and network guardrails. Key use cases for HyperShield include zone segmentation, autonomous application segmentation, and distributed exploit protection. By fingerprinting known good behaviors and detecting multi-step anomalies, HyperShield moves beyond traditional IDS/IPS signature matching to a more dynamic, graph-based anomaly detection. A “Digital Twin” capability allows for safe testing of firmware and policy updates, providing a confidence score before deployment. This innovative approach offers a consolidated, high-throughput Layer 4 security solution, complementing existing perimeter firewalls, and integrating with third-party firewall policies for comprehensive security management.
Personnel: Jacob Rapp, Javed Asghar, Maurizio Portolani
Cisco Industrial IoT with Ruben Lobo
Watch on YouTube
Watch on Vimeo
See the newest Industrial IoT Solutions from Cisco in this presentation. Cisco’s Industrial IoT Business Unit focuses on providing consistent network architecture for connectivity outside traditional office spaces, covering rugged environments from manufacturing to mines. With two decades in the industrial space, Cisco has grown to be the largest vendor, driven by increasing IT involvement in operational technology (OT) environments, primarily due to cybersecurity and AI readiness. The key is fostering IT/OT collaboration, as these networks serve different use cases but require joint effort for digitization. A recent survey revealed that 48% of customers expect generative AI to significantly impact their industrial environments, leading to new use cases like machine vision, autonomous vehicles, robotics, and edge-to-cloud integrations, all of which have direct implications for network demands.
These evolving industrial use cases present conflicting network requirements. Machine vision systems, now moving towards networked AI-driven models, are driving a rapid increase in PoE port consumption and a demand for 10-gigabit uplinks to handle large data volumes from high-resolution cameras. Concurrently, the emergence of virtual PLCs, where control is decoupled from physical devices and centralized or moved to general-purpose compute on the factory floor, introduces a need for deterministic, ultra-low latency, and jitter-sensitive control traffic. The challenge lies in enabling these diverse demands, such as large video frames and critical control traffic, to share the same network links efficiently and reliably.
To address these challenges, Cisco is launching a new portfolio of industrial switches and redefining wireless support. The new IE 3500 switch, for example, features significantly amped-up PoE budgets, 2.5-gigabit downlinks, and three 10-gigabit uplinks to support vision systems. Crucially, it incorporates Time-Sensitive Networking (TSN) frame preemption to prioritize latency-sensitive control traffic, ensuring deterministic performance alongside high-bandwidth video. In wireless, Cisco is integrating Wi-Fi and ultra-reliable wireless backhaul technologies into a single access point and management system, targeting Wi-Fi 7, Wi-Fi 6E, and industrial portfolios. This unified approach allows for both IT and OT wireless use cases, offering seamless roaming and near-zero packet loss for critical applications like automated guided vehicles, enabling industrial automation and reducing the need for separate, dedicated networks. Additionally, new Industrial IoT solutions include 19 new switch SKUs, including IP67-rated models and a rack mount switch, all moving towards unified management via the Meraki dashboard, alongside security enhancements utilizing AI for automated asset grouping and segmentation in flat industrial networks.
Personnel: Andrea Orioli, Ruben Lobo
Conquer Complexity – Cisco Unified Branch with Lee Peterson
Watch on YouTube
Watch on Vimeo
Learn more about the latest routing and secure branch solutions from Cisco. Cisco is introducing a unified branch approach designed for deploying branches at scale with optimal reliability and security. This strategy emphasizes leveraging a cloud platform for consistent management, centralized intelligence, and streamlined assurance across both owned and unowned infrastructure. A core challenge in branch deployments is their widespread nature, lack of on-site IT staff, and inherent complexity, which often leads to configuration drift and increased security risks. To combat this, Cisco is advancing its branches as code initiative, treating network configurations like software, storing them in Git for version control, and integrating them into standard CI/CD pipelines.
This “branches as code” methodology, powered by a Terraform provider developed by Cisco, enables rapid and consistent deployment of new branch locations. The workflow demonstrated involves using GitLab to manage network configurations as code, allowing for pre-defined defaults, automated testing, and easy rollbacks if issues arise. This approach significantly simplifies the on-site deployment process, transforming it into a plug-and-play experience that can be handled by non-network engineers, reducing deployment times from hours to minutes. Complementary to this, Cisco is providing validated designs and blueprints for small, medium, and large branches across various verticals, ensuring best practices are embedded in deployments.
Cisco is also launching new hardware, including the Cisco 8000 series secure router, an extension of its existing Catalyst portfolio. This new router features a Cisco networking processor (merchant silicon with Cisco IP) specifically optimized for cryptographic workloads, ensuring high-speed IPsec and SD-WAN performance, and is positioned to be future-proof for a post-quantum cryptography world. It addresses security at multiple levels: secure boot, crypto, management plane, and data in transit. While the 8000 series continues to run IOS XE, maintaining continuity with existing Catalyst deployments, Cisco is also introducing an MX-based variant, the 8455-MX, which will operate with a cloud-native OS. This dual-stream approach, offering both IOS XE and MX operating systems, provides customers with optionality to choose the right tool for their specific needs, whether prioritizing traditional CLI-based management or cloud-native simplicity, with a future vision for greater normalization between the two.
Personnel: Lee Peterson
Unified Data Center Network Operations with Cisco Nexus Dashboard
Watch on YouTube
Watch on Vimeo
Ensure proper network operations for your enterprise with Cisco Nexus Dashboard. Cisco Nexus Dashboard is being reimagined and rebuilt to unify and simplify data center network operations, particularly for diverse deployments of Nexus 9K switches that have evolved over the past decade. These deployments span traditional two-tier and three-tier architectures, large-scale HPC and AI/ML clusters, service provider edge data centers, and secure data center interconnects. Historically, these deployments relied on two distinct architectural options: Cisco NX-OS (supporting classic Layer 2/3 and VXLAN overlays) and Cisco ACI (controller-driven with VXLAN underlays). The Nexus Dashboard aims to bridge these architectures, delivering consistentcy in areas like zero-trust networking (ZTN) with micro-segmentation, advanced service chaining, third-party interoperability, CI/CD pipeline integration, and administrative multi-tenancy, effectively unifying data, control, policy, and management planes.
The re-architected Nexus Dashboard 4.1 (expected in July) moves away from a standalone application model to a fully integrated, modular single application, designed to support the Nexus ONE unification vision. This platform provides comprehensive lifecycle automation for Nexus and MDS product lines, and in certain cases, even extends to Catalyst products for VXLAN EVPN automation in campus environments. Nexus Dashboard’s capabilities are categorized into four core areas: provision, secure, manage, and analyze. Provisioning allows users to bootstrap and build various fabric types (classic LAN, VXLAN EVPN, AI/ML clusters, DCI, media, BGP routed, data broker) from scratch using a fabric builder, and manage incremental configurations. The secure aspect offers compliance dashboards, security advisories, CVE mitigation plans (via Tetragon agent), critical bug alerts, audit logging, and micro-segmentation capabilities.
For managing data center networks, Nexus Dashboard facilitates fabric upgrades, including hitless upgrades, pre/post-upgrade snapshots, and change control with approval workflows integrated into systems like ServiceNow. The analytical capabilities provide extensive network visibility, from global topology views down to link-level details, and advanced AI/ML job visibility to correlate network performance with GPU workloads. Troubleshooting is enhanced with connectivity analysis (showing flow paths and potential hotspots), delta analysis for configuration comparisons, and traffic analytics that go beyond traditional flow records to provide scaled NetFlow-type insights into top talkers and application-specific bandwidth consumption. The platform also promises future support for third-party VXLAN fabrics for a truly unified management and visibility experience.
Presented by Sunil Gudurvalmiki, Senior Director, Product Management, Data Center Networking, and Joey Ristaino, Technical Leader, Technical Marketing, Data Center Networking. Recorded live at Tech Field Day Extra at Cisco Live in San Diego, CA on June 10, 2025. Watch the entire presentation at https://techfieldday.com/appearance/cisco-presents-at-tech-field-day-extra-at-cisco-live-us-2025/ or visit https://techfieldday.com/event/clus25/ or https://Cisco.com for more information.
Personnel: Joey Ristaino, Sunil Gudurvalmiki
Beyond Visibility: The Age of Intelligent Assurance with Cisco
Watch on YouTube
Watch on Vimeo
Is your network reliable? Answer the question with Cisco Network Assurance. Cisco’s vision for network assurance is to unify experiences across Catalyst, Meraki, and ThousandEyes platforms, building smarter, end-to-end capabilities. The goal is to provide a consistent troubleshooting experience for IT administrators, regardless of the Cisco networking solutions they employ. While acknowledging current differences in dashboard complexity, the company aims for simplicity at the core, leveraging popular features from each portfolio, like Meraki’s intuitive flows and ThousandEyes’ path visualization. This unification will eventually lead to a single, consistent assurance score that reflects network health across all platforms, even in hybrid environments.
Cisco’s assurance strategy involves a phased approach: baseline and detect, localize and diagnose, mitigate and remediate, and finally, predict and optimize. Significant investments are being made across all these stages, moving beyond mere visibility to provide actionable insights and intelligent remediation. Recent advancements include org-wide assurance visibility, a feature providing a quick, critical analysis of network health across hundreds or thousands of networks based on a dynamically changing proportional weighted average score. This score considers various network components like clients, devices, infrastructure, and applications (with data from ThousandEyes), allowing for quick identification of problematic areas and contextual drill-downs into specific network health details.
Further enhancements include detailed client visibility, allowing administrators to troubleshoot specific client issues in real-time or historically, identifying connection paths, problems (e.g., DHCP server not responding), and suggested resolutions. The platform leverages root cause analysis frameworks that incorporate knowledge base articles and best practices to guide remediation. Customizable alert profiles help prevent alert fatigue by allowing organizations to set thresholds matching their SLAs. Looking ahead, Cisco is integrating an AI assistant that will enable faster troubleshooting by intelligently processing queries and suggesting actions, streamlining the entire assurance workflow. This AI assistant, along with ongoing improvements to the underlying assurance framework, aims to provide comprehensive and intelligent network management.
Personnel: Nikitha Shashidhar
Automatic Frequency Coordination Updates from Cisco
Watch on YouTube
Watch on Vimeo
Hear the latest updates on 6GHz indoors and outdoors and how to deploy it with Automated Frequency Coordination. The release of the 6 GHz band for unlicensed use was a significant milestone for Wi-Fi, tripling available spectrum with 59 new channels and enabling higher speeds and capacities, while relieving congestion on the 2.4 and 5 GHz bands. However, this band is also occupied by thousands of licensed users, necessitating regulations to protect these incumbents from Wi-Fi interference. Global adoption varies, with North America and South Korea embracing the full band, while Europe and Australia use only the lower half. Additionally, regulations differentiate between indoor and outdoor use: indoor use is permitted at Low Power Indoor (LPI) levels (5 dBm/MHz PSD), but outdoor deployment or higher indoor power requires Standard Power (SP) and Automated Frequency Coordination (AFC).
Automated Frequency Coordination (AFC) is a cloud-based service that facilitates the use of the unlicensed 6 GHz band at Standard Power levels for indoor, outdoor, and external antenna deployments. This service coordinates spectrum sharing with incumbent users. Cisco’s AFC service resides in the cloud, where access points (APs) send requests containing their location (latitude, longitude, height) to the service. Cisco’s service then queries an AFC service provider (e.g., Federated Wireless) which, using a regulatory database, determines and returns the allowed channels and power levels to the AP. This response is valid for 24 hours, requiring APs to periodically send new requests to continue operating at Standard Power.
Operating at Standard Power offers significant gains, typically 3 to 6 dB (24 to 28 dBm) compared to LPI, extending coverage outdoors. While AFC ensures protection for licensed users, a potential concern is service availability; if the AFC service is unavailable for more than 24 hours, outdoor 6 GHz radios will cease operation, falling back to 5 GHz and 2.4 GHz, while indoor APs can still operate at LPI. Design considerations for Standard Power deployments include identifying appropriate use cases, checking channel availability beforehand, assessing client device penetration, accurately determining AP location (latitude, longitude, and manually entered height), and configuring through Cisco’s management platforms such as Meraki and Catalyst Center.
Personnel: Manmeet Kaur
Breaking Barriers in Connectivity – Exploring the Latest Advancements in Cisco High-Density Wi-Fi Solutions with Wi-Fi 7
Watch on YouTube
Watch on Vimeo
See the latest in high-density Wi-Fi from Cisco with their newest outdoor wireless solution. Cisco is addressing the significant challenges of high-density Wi-Fi deployments in large public venues like stadiums and convention centers. These environments present complex issues, including environmental factors, regulatory compliance (especially for 6 GHz indoors/outdoors with Automatic Frequency Coordination), unique architectural layouts impacting line of sight, and the need for flexible configuration and optimization. The diverse range of client devices and evolving specifications further complicate deployments. To overcome these hurdles, Cisco is releasing the CW9179F, their fourth-generation antenna designed specifically for such venues, which is the first Wi-Fi 7.1 solution capable of ubiquitous coverage.
The CW9179F boasts several innovative features for flexible and reliable deployment. A key advancement is its ability to operate as either an indoor or outdoor AP using a unique “environment pack” with a specialized chip and gaskets, eliminating the need for separate SKUs and simplifying inventory. This ensures waterproofing for outdoor use while allowing full 1200 MHz spectrum access indoors. The antenna also offers switchable 2.4 GHz and 5 GHz low-band/high-band radio placement on the back for localized coverage, complementing the primary 6 GHz radio directed to the masses. Furthermore, a “Quick Connect” accessory allows for off-ladder installation, improving safety and efficiency for deploying these large antennas at height by enabling technicians to pre-assemble and seal sensitive components on the ground.
Performance-wise, Cisco advocates for line-of-sight (LOS) deployments in high-density environments over under-seat solutions, as LOS offers more consistent performance, lower co-channel interference, and better bandwidth distribution. The CW9179F features improved “hyper-directional” capabilities with minimized side lobes, which significantly increases throw distance and performance in challenging environments by reducing interference. It also offers simplified configurable beam steering with fewer modes (narrow/wide) for ease of deployment, and an accelerometer that provides tilt angles for precise installation and monitoring. Real-world testing at events like BottleRock has demonstrated the CW9179F’s superior performance, especially with 6 GHz, achieving high throughput even in dense crowds, solidifying its role as a robust solution for breaking connectivity barriers in high-density Wi-Fi.
Presented by Matt Swartz, Distinguished Engineer, Cisco Wireless, Jim Florwick, Principal TME, Cisco Wireless. Recorded live at Tech Field Day Extra at Cisco Live in San Diego, CA on June 10, 2025. Watch the entire presentation at https://techfieldday.com/appearance/cisco-presents-at-tech-field-day-extra-at-cisco-live-us-2025/ or visit https://techfieldday.com/event/clus25/ or https://Cisco.com for more information.
Personnel: Jim Florwick, Matt Swartz