The Cisco® Catalyst® 9300 Series Switches are Cisco’s lead stackable enterprise switching platform built for security, IoT, mobility, and cloud. They are the next generation of the industry’s most widely deployed switching platform. The Catalyst 9300 Series switches form the foundational building block for Software-Defined Access (SD-Access), Cisco’s lead enterprise architecture. At 480 Gbps, they are the industry’s highest-density stacking bandwidth solution with the most flexible uplink architecture. The Catalyst 9300 Series is the first optimized platform for high-density 802.11ac Wave2. It sets new maximums for network scale. These switches are also ready for the future, with an x86 CPU architecture and more memory, enabling them to host containers and run third-party applications and scripts natively within the switch.
The Catalyst 9300 Series is designed for Cisco StackWise® technology, providing flexible deployment with support for nonstop forwarding with Stateful Switchover (NSF/SSO), for the most resilient architecture in a stackable (sub-50-ms) solution. The highly resilient and efficient power architecture features Cisco StackPower®, which delivers high-density Cisco Universal Power Over Ethernet (Cisco UPOE®) and Power over Ethernet Plus (PoE+) ports. The switches are based on the Cisco Unified Access™ Data Plane 2.0 (UADP) 2.0 architecture which not only protects your investment but also allows a larger scale and higher throughput. A modern operating system, Cisco IOS XE with programmability offers advanced security capabilities and Internet of Things (IoT) convergence.
The foundation of Software-Defined Access
Advanced persistent security threats. The exponential growth of Internet of Things (IoT) devices. Mobility everywhere. Cloud adoption. All of these require a network fabric that integrates advanced hardware and software innovations to automate, secure, and simplify customer networks. The goal of this network fabric is to enable customer revenue growth by accelerating the rollout of business services.
The Cisco Digital Network Architecture (Cisco DNA™) with SD-Access is the network fabric that powers business. It is an open and extensible, software-driven architecture that accelerates and simplifies your enterprise network operations. The programmable architecture frees your IT staff from time-consuming, repetitive network configuration tasks so they can focus instead on innovation that positively transforms your business. SD-Access enables policy-based automation from edge to cloud with foundational capabilities. These include:
● Simplified device deployment
● Unified management of wired and wireless networks
● Network virtualization and segmentation
● Group-based policies
● Context-based analytics
Cisco ONE Software
Cisco ONE™ Software offers a valuable and flexible way to buy software for the access, WAN, and data center domains. At each stage in the product lifecycle, Cisco ONE Software helps make buying, managing, and upgrading your network and infrastructure software easier. Cisco ONE Software provides:
● Flexible licensing models to smoothly distribute customers’ software spending over time
● Investment protection for software purchases through software services–enabled license portability
● Access to updates, upgrades, and new technology from Cisco through Cisco®Software Support Services (SWSS)
● Lower cost of entry with the new Cisco ONE Subscription for Switching model
Cisco ONE for Access lets you manage your entire switching structure as a single, converged component. With one management system and one policy for wired and wireless networks, it offers an efficient way to provide more secure access.
Product Overview: Features
● Highest wireless scale with Wave 2 access points supported on a single switch with select models
● UADP 2.0 Application-Specific Integrated Circuit (ASIC) with programmable pipeline and microengine capabilities, along with template-based, configurable allocation of Layer 2 and Layer 3 forwarding, Access Control Lists (ACLs), and Quality of Service (QoS) entries
● x86 CPU complex with 8-GB memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot (delivering 120GB of storage with an option SSD drive) to host containers
● USB 2.0 slot to load system images and set configurations
● Up to 480 Gbps of local stackable switching bandwidth
● Flexible and dense uplink offerings with 1G, Multigigabit, 10G, 25G, and 40G
● Flexible downlink options with 1G and Multigigabit links
● Leading PoE capabilities with up to 384 ports of PoE per stack, 60W Cisco UPOE, and PoE+
● Intelligent Power Management with Cisco StackPower technology, providing power stacking among members for power redundancy
● Line-rate, hardware-based Flexible NetFlow (FNF), delivering flow collection of up to 64,000 flows
● IPv6 support in hardware, providing wire-rate forwarding for IPv6 networks
● Dual-stack support for IPv4/IPv6 and dynamic hardware forwarding table allocations, for ease of IPv4-to-IPv6 migration
● IEEE 802.1ba AV Bridging (AVB) built in to provide a better audio and video experience through improved time synchronization and QoS
● Precision Time Protocol (PTP; IEEE 1588v2) provides accurate clock synchronization with sub-microsecond accuracy making it suitable for distribution and synchronization of time and frequency over network
● Cisco IOS XE, a modern operating system for the enterprise with support for model-driven programmability including NETCONF, RESTCONF, YANG, on-box Python scripting, streaming telemetry, container-based application hosting, and patching for critical bug fixes. The OS also has built-in defenses to protect against runtime attacks
● SD-Access: The Cisco Catalyst 9300 Series Switches form the foundational building block for SD-Access, Cisco’s lead enterprise architecture:
◦ Policy-based automation from edge to cloud
◦ Simplified segmentation and micro-segmentation, with predictable performance and scalability
◦ Automation through the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)
◦ Policy handled through the Cisco Identity Services Engine (ISE)
◦ Network assurance provided through the Network Data Platform
◦ Faster launch of new business services and significantly improved issue resolution time
● Plug and Play (PnP) enabled: A simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or updates to an existing network
● Advanced security
◦ Encrypted Traffic Analytics (ETA): You benefit from the power of machine learning to identify and take actions toward threats or anomalies in your network, including malware detection in encrypted traffic (without decryption) and distributed anomaly detection
◦ Support for AES-256 with the powerful MACsec 256-bit encryption algorithm available on all models
◦ Trustworthy systems: Hardware anchored Secure Boot and Secure Unique Device Identification (SUDI) support for Plug and Play, to verify the identity of the hardware and software
Switch Models and Configurations
The Cisco Catalyst 9300 Series is made up of seven different switch models. Any of the models can be used together in a stack of up to eight units (Figure 1).
Cisco Catalyst 9300 Series Switches
Table 1 lists port scale and power details for the Cisco Catalyst 9300 Series models.
Table 1. Cisco Catalyst 9300 Series Switch configurations
|Model||Total 10/100/1000 or Multigigabit copper ports||Default AC power supply||Available PoE power||Cisco StackWise-480||Cisco StackPower|
|C9300-24P||24 POE+||715W AC||445W||Yes||Yes|
|C9300-48P||48 POE+||715W AC||437W||Yes||Yes|
|C9300-24U||24 Cisco UPOE||1100W AC||830W||Yes||Yes|
|C9300-48U||48 Cisco UPOE||1100W AC||822W||Yes||Yes|
|C9300-24UX||24 Multigigabit Cisco UPOE (100M, 1G, 2.5G, 5G, or 10 Gbps)||1100W AC||560W||Yes||Yes|
|C9300-48UXM||36x 100 Mbps,1G, 2.5G + 12x Multigigabit (100M, 1G, 2.5G, 5G, or 10 Gbps)||1100W AC||490W||Yes||Yes|
|C9300-48UN||48x 5 Gbps UPOE ports (100M, 1G, 2.5G, 5G)||1100W AC||645W||Yes||Yes|
The Cisco Catalyst 9300 Series Switches support optional network modules for uplink ports (Figure 2). The default switch configuration does not include the network module. When you purchase the switch, you can choose from the network modules described in Table 2.
Cisco Catalyst 9300 Series network modules
Table 2. Network module numbers and descriptions
|C9300-NM-4G||9300 Series 4x 1G Network Module|
|C9300-NM-4M||9300 Series 4 x Multigigabit Network Module|
|C9300-NM-8X||9300 Series 8x 10G Network Module|
|C9300-NM-2Q||9300 Series 2x 40G Network Module|
|C9300-NM-2Y||9300 Series 2x 25G Network Module|
Please note: Existing 3850 network modules are also supported in the Cisco Catalyst 9300 Series platforms.
For additional details, please read our FAQs: https://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-9300-series-switches/nb-09-cat-9k-faq-cte-en.pdf.
The Cisco Catalyst 9300 Series Switches support dual redundant power supplies. The switches ship with one power supply by default, and the second power supply can be purchased when the switch is ordered or at a later time. If only one power supply is installed, it should always be in power supply bay #1. The switches also ship with three field-replaceable fans.
Cisco Catalyst 9300 Series dual redundant power supplies
Table 3 lists the different power supplies available in these switches and available PoE power.
Table 3. Power supply models
|Model||Default power supply||Available PoE power||With 350W Secondary PS||With 715W Secondary PS||With 1100W Secondary PS|
|24-port data switch||PWR-C1-350WAC||–|
|48-port data switch||PWR-C1-350WAC|
|24-port PoE+ switch||PWR-C1-715WAC||445W||720W*||720W*||720W*|
|48-port PoE+ switch||PWR-C1-715WAC||437W||787W||1152W||1440W*|
|24-port Cisco UPOE switch||PWR-C1-1100WAC||830W||1180W||1440W*||1440W*|
|48-port Cisco UPOE switch||PWR-C1-1100WAC||822W||1172W||1537W||1800W**|
|24-port Multigigabit Cisco UPOE switch||PWR-C1-1100WAC-P||560W||910W||1275W||1440W*|
|48-port 2.5G (12 Multigigabit – 1/2.5/5/10G)||PWR-C1-1100WAC-P||490W||840W||1205W||1590W|
|48-port 5G (1/2.5/5G) UPOE switch||PWR-C1-1100WAC-P||645W||995W||1360W||1745W|
25G and 40G in the Cisco Catalyst 9300 Series enable greater architectural flexibility and infrastructure investment protection by allowing a nondisruptive migration from 10G to 25G and beyond.
Performance and Scalability
Performance and scalability metrics for the Cisco Catalyst 9300 Series are provided in Table 4.
Table 4. Performance specifications
208 Gbps on 24-port Gigabit Ethernet model
256 Gbps on 48-port Gigabit Ethernet model
640 Gbps on 24-port Multigigabit Ethernet model
580 Gbps on 48-port 2.5G (12 Multigigabit) Ethernet model
640 Gbps on 48-port 5G Ethernet model
All models are wire-speed nonblocking performance
|Stacking bandwidth||480 Gbps|
|Total number of MAC addresses||32,000|
|Total number of IPv4 routes (ARP plus learned routes)||32,000 (24,000 direct routes and 8000 indirect routes)|
|IPv4 routing entries||32,000|
|IPv6 routing entries||16,000|
|Multicast routing scale||8000|
|QoS scale entries||5120|
|ACL scale entries||5120|
|Packet buffer per SKU||
16 MB buffer for 24- or 48-port Gigabit Ethernet models
32 MB buffer for 24 and 48-port Multigigabit
64,000 flow on 24- and 48-port Gigabit Ethernet models
128,000 flows on 24-port Multigigabit
|Total Switched Virtual Interfaces (SVIs)||2000|
|Jumbo frames||9198 bytes|
|Total routed ports per 9300 Series stack||208|
|Wireless bandwidth per switch||
Up to 96 Gbps on 48-port Gigabit Ethernet model
Up to 48 Gbps on 24-port Gigabit Ethernet model
|Forwarding rate of switch models (with 2x 40 Gigabit Ethernet uplinks for 24-port models and 48‑port models)|
|Forwarding rate for both IPv4 and IPv6 at 64bytes|
What if you could give time back to IT? Provide network access in minutes for any user or device to any application – without compromise? SD-Access is the industry’s first policy-based automation from network edge to cloud. Your foundation for your digital network, Cisco Software-Defined Access (SD-Access). Built on the principles of the Cisco Digital Network Architecture (Cisco DNA™), SD-Access provides end-to-end segmentation to keep user, device and application traffic separate without a redesign of the network. It automates user access policy so organizations can make sure the right policies are set for any user or device with any application across the network. This is accomplished with a single network fabric across LAN and WLAN which creates a consistent user experience anywhere without compromising on security.
There are many challenges today in managing the network to drive business outcomes. These limitations are due to manual configuration and fragmented tool offerings. SD-Access provides:
● A transformational management solution that reduces operational expenses and enhances business agility
● Consistent management of wired and wireless network provisioning and policy
● Automated network segmentation and group-based policy
● Contextual insights for fast issue resolution and capacity planning
● Open and programmable interfaces for integration with third-party solutions
For an overview of key use-cases SD-Access addresses, refer to SD-Access Solution Overview.
Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various automation mechanisms are outlined below.
● Automated device provisioning is the ability to automate the process of upgrading software images and installing configuration files on Cisco Catalyst switches when they are being deployed in the network for the first time. Cisco provides both turnkey solutions such as Plug and Play and off-the-shelf tools such as Zero-Touch Provisioning (ZTP) and Preboot Execution Environment (PXE) that enable an effortless and automated deployment.
● API-driven configuration is available with modern network switches such as the Cisco Catalyst 9300 Series. It supports a wide range of automation features and provides robust open APIs over NETCONF and RESTCONF using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources.
● Granular visibility enables model-driven telemetry to stream data from a switch to a destination. The data to be streamed is identified through subscription to a data set in a YANG model. The subscribed data set is streamed to the destination at specified intervals. Additionally, Cisco IOS XE enables the push model. It provides near-real-time monitoring of the network, leading to quick detection and rectification of failures.
● Seamless software upgrades and patching supports OS resilience. Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support lets you add patches without having to wait for the next maintenance release.
● Encrypted Traffic Analytics (ETA) is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is becoming encrypted, the visibility this feature affords for threat detection is critical for keeping your network secure at different layers.
● AES-256 MACsec encryption is the IEEE 802.1AE standard for authenticating and encrypting packets between switches. The Cisco Catalyst 9300 Series switches support 256-bit and 128-bit Advanced Encryption Standard (AES), providing the most secure link encryption.
● Trustworthy systems built with Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. With The Catalyst 9300 Series, these technologies enable hardware and software authenticity assurance for supply chain trust and strong mitigation against man-in-the-middle attacks that compromise software and firmware. Trust Anchor capabilities include:
◦ Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software are authentic and unmodified. As the system boots, the system’s software signatures are checked for integrity.
◦ Secure Boot: Cisco Secure Boot technology anchors the boot sequence chain of trust to immutable hardware, mitigating threats against a system’s foundational state and the software that is to be loaded, regardless of a user’s privilege level. It provides layered protection against the persistence of illicitly modified firmware.
◦ Cisco Trust Anchor module: A tamper-resistant, strong cryptographic, single-chip solution provides hardware authenticity assurance to uniquely identify the product so that its origin can be confirmed to Cisco. This provides assurance that the product is genuine.
Resiliency and High Availability
● StackWise-480: The Cisco Catalyst 9300 Series supports the industry’s highest back-panel stacking bandwidth solution (480 Gbps) with StackWise-480. Up to 8 Switches can be configured in a Stackwise-480 with the special connector at the back of the switch using dedicated stack cables.
● Cisco StackPower: Cisco StackPower is an innovative power interconnect system that allows the power supplies in a stack to be shared as a common resource among all the switches. This allows you to simply add one extra power supply in any switch of the stack and either provide power redundancy for any of the stack members or simply add more power to the shared pool. Up to 4 switches can be configured in a StackPower stack with the special connector at the back of the switch. However, with the use of XPS-2200 appliance, up to 9 switches can be configured in the StackPower stack.
Cisco Catalyst 9300 Series StackPower
● High availability: The Catalyst 9300 Series supports high-availability features, including the following:
◦ Cross-stack EtherChannel provides the ability to configure Cisco EtherChannel technology across different members of the stack for high resiliency.
◦ IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) provides rapid spanning tree convergence independent of spanning tree timers and also offers the benefit of Layer 2 load balancing and distributed processing.
◦ Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning tree (IEEE 802.1w) reconvergence on a per-VLAN spanning tree basis, providing simpler configuration than MSTP. In both MSTP and PVRST+ modes, stacked units behave as a single spanning tree node.
◦ Switch-port auto-recovery (“err-disable” recovery) automatically attempts to reactivate a link that is disabled because of a network error.
◦ The Catalyst 9300 Series platform delivers the best NSF/SSO resiliency architecture in a stackable solution with sub-50-ms failover.
● Flexible NetFlow (FNF): Cisco IOS® Software FNF is the next generation in flow visibility technology. It enables optimization of the network infrastructure, reduces operation costs, and improves capacity planning and security incident detection with increased flexibility and scalability. The Catalyst 9300 Series is capable of up to 64,000 flow entries on 48-port and 24 port models and up to 128,000 flow entries on Multigigabit models.
Application Visibility and Control
● NBAR2: Next-Generation Network-Based Application Recognition (NBAR2) enables advanced application classification techniques, accuracy with up to 1400 predefined and well-known application signatures and up to 150 encrypted applications on the Cisco Catalyst 9000 Series. The most popular applications included are Skype, Office 365, Microsoft Lync, Cisco WebEx®, and Facebook, among many others that are predefined and easy to configure. NBAR2 provides the network administrator with an important tool to identify, control, and monitor end-user application usage while helping ensure a quality user experience and securing the network from malicious attacks. NBAR2 leverages FNF to report application performance and activities within the network to any supported NetFlow collector, such as Cisco Prime®, Cisco Stealthwatch®, or any compliant third-party tool.
● Superior QoS: The Cisco Catalyst 9300 Series offers Gigabit Ethernet speeds with intelligent services that keep traffic flowing smoothly, even at 10 times the normal network speed. Industry-leading mechanisms for cross-stack marking, classification, and scheduling deliver superior performance for data, voice, and video traffic at wire speed. Superior QoS includes granular wireless bandwidth management and fair sharing, 802.1p Class of Service (CoS) and Differentiated Services Code Point (DSCP) field classification, Shaped Round Robin (SRR) scheduling, Committed Information Rate (CIR), and eight egress queues per port.
● Multicast DNS (mDNS) gateway: This service discovery gateway capability facilitates sharing of services advertised using the Apple mDNS (Bonjour) protocol, such as printers, Apple TVs, and file services across the network. Additionally, the administrator can create policies defining which services can be seen and accessed by the users in the network. This capability facilitates a Bring-Your-Own-Device (BYOD) rollout.
● WebUI: WebUI is an embedded GUI-based device-management tool that provides the ability to provision the device, to simplify device deployment and manageability, and to enhance the user experience. It comes with the default image, so there is no need to enable anything or install any license on the device. You can use WebUI to build configurations, and to monitor and troubleshoot the device without having CLI expertise.
● Efficient switch operation*: Cisco Catalyst 9300 Series Switches provide optimum power saving with Energy Efficient Ethernet (EEE) on the RJ-45 ports and low-power operations for industry best-in-class power management and power consumption capabilities. The ports support reduced power modes so that ports not in use can move into a lower power utilization state. Other efficient switch operation features are as follows:
◦ Per-port power consumption command allows customers to specify a maximum power setting on an individual port.
◦ Per-port PoE power sensing measures actual power being drawn, enabling more intelligent control of powered devices. The PoE MIB provides proactive visibility into power usage and allows you to set different power-level thresholds.
● RFID tags: The Catalyst 9300 Series switches have an embedded RFID tag that facilitates easy asset and inventory management using commercial RFID readers.
● Blue beacon: The Catalyst 9300 Series switches support a blue beacon LED for easy identification of the switch being accessed.
High-Performance IP Routing
The Cisco Express Forwarding hardware routing architecture delivers extremely high-performance IP routing in Cisco Catalyst 9300 Series Switches, based on:
● IP unicast routing protocols (including static, Routing Information Protocol Version 1 [RIPv1], RIPv2, RIPng, and Open Shortest Path First [OSPF], Routed Access) are supported for small network routing applications with the Network Essentials stack. Equal-cost routing facilitates Layer 3 load balancing and redundancy across the stack.
● Advanced IP unicast routing protocols (including Full [OSPF], Enhanced Interior Gateway Routing Protocol [EIGRP], Border Gateway Protocol Version 4 [BGPv4], and Intermediate System-to-Intermediate System Version 4 [IS-ISv4]) are supported for load balancing and for constructing scalable LANs. IPv6 routing (using OSPFv3 and EIGRPv6) is supported in hardware for maximum performance.
● Protocol-Independent Multicast (PIM) for IP multicast routing is supported, including PIM Sparse Mode (PIM SM), and Source-Specific Multicast (SSM).
● IPv6 addressing is supported on interfaces with appropriate show commands for monitoring and troubleshooting.
Audio Video Bridging (AVB)
Starting with Cisco IOS XE Software Release 16.8, the Cisco Catalyst 9300 Series supports the IEEE 802.1 AVB standard. This standard provided the means for highly reliable delivery of low-latency, time-synchronized audio and video streaming services through Layer 2 Ethernet networks. The standard also makes it easier to integrate new services and for AV equipment from different vendors to interoperate.
● Improves quality of experience by lowering jitter and latency for time-synchronized delivery of high-quality AV.
● Provides scalability of applications across networked deployments, including expansive and complex AV infrastructure.
● Lowers Total Cost of Ownership (TCO) with reduced cabling (lowers CapEx) and no license fees (lowers OpEx).
For more details about AVB and specific models supported, check https://www.cisco.com/go/avb.
Multigigabit Ethernet technology: Cisco Multigigabit Ethernet technology allows you to achieve bandwidth speeds from 1 Gbps to 10 Gbps over traditional Category 5e cabling or above. This technology addresses the need for exponential increases in bandwidth with the enormous growth of 802.11ac and new wireless applications without having to replace current cabling infrastructure.
Power Over Ethernet Leadership
Cisco Universal Power over Ethernet (Cisco UPOE): PoE removes the need for wall sockets to power each PoE-enabled device and eliminates the cost of additional electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments. Cisco UPOE extends the IEEE PoE+ standard to double the power per port to 60 watts. This facilitates delivery of network power to a broad range of devices requiring higher power, including virtual desktop terminals, IP turrets, compact switches, building management gateways, LED lights, wireless access points, and IP phones. The Catalyst 9300 Series supports Cisco UPOE, PoE+ and PoE, thereby addressing the largest range of network power needs.
Tables 5 and 6 show the power supply combinations required for different PoE needs.
Table 5. Power supply requirements for PoE/PoE+
|24-port PoE switch||48-port PoE switch|
|PoE on all ports (15.4W per port)||1 PWR-C1-715WAC||1 PWR-C1-1100WAC or 2 PWR-C1-715WAC|
|PoE+ on all ports (30W per port)||1 PWR-C1-1100WAC or 2 PWR-C1-715WAC||2 PWR-C1-1100WAC or 1 PWR-C1-1100WAC and 1 PWR-C1-715WAC|
Table 6. Power supply requirements for Cisco UPOE
|24-port Cisco UPOE switch||48-port Cisco UPOE switch||48 and 24-port Multigigabit Cisco UPOE switch*|
|Cisco UPOE (60W per port) on all ports (24-port switch) or up to 30 ports (48-port switch)||1 PWR-C1-1100WAC and 1 PWR-C1-715WAC|