Migration Guide from Cisco Catalyst 2960CX/3560CX Series to 9200CX Series
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco Catalyst® 9000 switching family is the next generation in the legendary Cisco® Catalyst family of enterprise LAN access, aggregation, and core switches. And now with the Catalyst 9200CX Series of switches, we’re bringing the feature richness of the Catalyst 9200 in a fan-less, compact form factor. Cisco Catalyst 9200CX Series switches extend the power of intent-based networking and Catalyst 9000 hardware and software innovation to a broader set of deployments. Compared to the scale and feature richness the of Catalyst 9300 Series switches, Catalyst 9200 Series switches focus on offering features for the mid-market and simple branch deployments. With its family pedigree, Catalyst 9200CX Series offers simplicity without compromise –it is secure, always on and provides IT simplicity.
This document is intended to help network planners and engineers who are familiar with the Cisco Catalyst 2960CX/3560CX Series Switches deploy the Cisco Catalyst 9200CX Series Switches in the enterprise networking environment.
Cisco Catalyst 9200CX Series Switches are Cisco’s latest addition to the compact fixed enterprise switching access platform, and are built for security, resiliency, and programmability. These switches play an integral role as entry-level switches in Cisco Software-Defined Access (SD-Access), Cisco’s lead enterprise architecture. The 9200CX Series provides enterprise-level resiliency and keeps your business up and running seamlessly in a fan-less compact form-factor, by leveraging features such as cold patching, perpetual Power over Ethernet (PoE), and a high Mean Time Between Failures (MTBF).
The Cisco Catalyst 9200CX Series has a flexible fixed-uplink architecture that supports 1-Gbps and 10-Gbps speeds. The platform offers 1-Gbps and multigigabit (mGig) 10-Gbps copper Ethernet switches with up-to 23-Gbps uplink bandwidth.
The Cisco Catalyst 9200CX Series also has a highly resilient and efficient power architecture, which delivers a high density of UPOE and PoE+ ports in a compact switch. The switches provide industry-leading PoE resiliency capabilities, such as perpetual and fast PoE, optimizing them for Internet-of-Things (IoT) deployments. They support the most efficient power supplies in the industry.
The Cisco Catalyst 9200CX Series Switches are also built with the latest Cisco Unified Access® Data Plane 2.0 (UADP 2.0) mini Application-Specific Integrated Circuit (ASIC) and an internal ARM based CPU with open Cisco IOS® XE Software, a converged operating system. Together, they deliver model-driven programmability, streaming telemetry, application visibility, stronger security with MACsec and support for higher-bandwidth uplinks, and a more advanced operating system than the Cisco Catalyst 2960CX/3560CX Series.
The Cisco Catalyst 9200CX Series is based on Cisco’s UADP 2.0 mini ASIC architecture and an internal ARM CPU architecture. This allows the switch to run with the Cisco IOS-XE operating system, which enables the switch to support standard YANG models through NETCONF or RESTCONF and to run scripts natively within the switch.
Table 1 lists the system hardware differences between the Cisco Catalyst 2960CX/3560CX Series and 9200CX Series.
Table 1. Comparison of the Cisco Catalyst 2960CX/3560CX Series and 9200CX Series system hardware
| Catalyst 9200CX Series mGig/UPOE Switch |
Catalyst 9200CX Series POE+ switches |
Catalyst 9200CX Series Data-Only switch |
Catalyst 3560CX Series switches |
|
| CPU |
4 Core @500Mhz Embedded ARM |
4 Core @375Mhz Embedded ARM |
4 Core @375Mhz |
Dual Core CPU@600MHz |
| DRAM (DDR3) |
4GB |
4GB |
4GB |
512MB |
| Flash On board |
8GB |
8GB |
8GB |
128MB |
| Buffer |
6MB/ASIC |
6MB/ASIC |
6MB/ASIC |
4MB/ASIC |
| Power Supply |
315W (Internal) [AC and HVDC options] |
315W (Internal) [AC and HVDC options] |
80W (External) or 802.3bt Type 3 Class 6 60W Uplink Powered |
300W (Internal) or UPOE+ Uplink Powered |
| Switching Bandwidth |
128GB |
60GB/68GB |
70GB |
64GB |
| MACsec |
256-Bit MACsec |
256-Bit MACsec |
256-Bit MACsec |
802.1X-2010(MKA) PSK Support for Switch-2-Switch |
| Max PoE Budget |
240W |
240W |
N/A |
240W |
| Max Depth |
9.6” (24.4cm) |
9.6” (24.4cm) |
6.5” (16.5cm) |
10.6” (26.9cm) |
| Console Port |
USB Type Micro-B |
USB Type Micro-B |
USB Type Micro-B |
USB mini-B and RJ-45 |
| SD-Card Slot |
Support for up-to 16GB |
Support for up-to 16GB |
Support for up-to 16GB |
N/A |
With a consistent hardware architecture and a shared code base with the rest of the Catalyst 9000 family, the Catalyst 9200CX Series inherits enhanced functionalities that otherwise would not be supported on Catalyst 2960CX/3560CX switches. These feature sets provide increased resiliency and security through features such as MACsec, Cisco SD-Access, and support for Cisco TrustSec®. Table 2 Lists the major system software differences between Cisco Catalyst 2960CX/3560CX Series and 9200CX Series switches.
Table 2. Feature comparison between the Catalyst 9200CX and Catalyst 2960CX/3560CX Series of compact switches
|
|
Feature |
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX |
| Modern Operating System |
OS |
IOS-XE Lite |
IOS Classic |
| Model-driven Programmability |
✓ |
X |
|
| Streaming Telemetry |
✓ |
X |
|
| Patching |
✓ |
X |
|
| Cisco Plug and Play (PnP) |
✓ |
✓ |
|
| Full Flexible NetFlow |
✓ |
X |
|
| SD-AVC w/ NBAR2 |
✓ |
X |
|
| Virtual Route Forwarding (VRF) Support |
✓ |
X |
|
| Advanced Routing |
Intermediate System to Intermediate System (IS-IS) |
✓ |
X |
| Enhanced Interior Gateway Routing Protocol (EIGRP) |
✓ |
✓ |
|
| Open Shortest Path First (OSPF) |
✓ |
✓ |
|
| Fabric |
SD-Access Fabric Edge |
✓ |
X |
The system default behavior on Cisco Catalyst 9200CX Series switches are very much the same as that of the Cisco Catalyst 2960CX/3560CX Series. For example, interfaces default to the layer 2 switch-port mode and IP routing is disabled. However, there are also some differences:
● Management interface - The management interface on the Cisco Catalyst 9200CX Series is Gigabit Ethernet with 3 octets, which is in line with the rest of the Catalyst 9000 Series. The management port on the Catalyst 9200CX platform has dedicated Virtual Routing and Forwarding (VRF) for separation of management traffic from normal data traffic, unlike the Catalyst 2960CX/35600CX series platforms, which lack support for virtual VRF instances. Table 3 lists the management port differences between the two platforms.
Table 3. Comparison of management interface default configurations on Catalyst 2960CX/3560CX and 9200CX switches
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| Interface |
GigabitEthernet1/0/1 |
GigabitEthernet0/1 |
| VRF |
Mgmt-vrf |
none |
| Default Configuration |
Interface GigabitEthernet1/0/1 vrf forwarding Mgmt-vrf no ip address speed 1000 negotiation auto end |
GigabitEthernet0/1 no ip address no ip route-cache shutdown end |
● Control Plane Policing (CoPP) - CoPP is enabled on the Cisco Catalyst 9200CX Series with default policing rates for different classes of traffic. These policing rates are optimized for a typical campus environment. The policing rates can be changed or disabled for different application environments. On the Cisco Catalyst 2960CX/33560CX Series, CoPP is not enabled by default, but the system provides a macro to create the different classes, and the user can specify the policing rate for different classes.
Interface reference
Cisco Catalyst 9200CX Series Switches have Gigabit Ethernet (GE) and 10-GE ports only. The uplink ports on the Catalyst 2960CX Series had <Type><Slot#>/<Bay#>/<Port#>, whereas the 9200 Series has
<Type><Switch#>/<Bay#>/<Port#>. Table 4 Compares the interface numbering between the two platforms.
Table 4. Switch interface naming and numbering conventions
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| GE downlink |
GigabitEthernet1/0/1 |
GigabitEthernet0/1 |
| mGig/10G downlink |
Te1/0/5 |
Te1/0/5 |
| GE uplink |
GigabitEthernet1/1/1 |
GigabitEthernet0/9 |
| 10-GE uplink |
TenGigabitEthernet1/1/3 |
TenGigabitEthernet 1/0/1 |
For details on the features supported on the Cisco Catalyst 9200CX Series, use the Feature Navigator on cisco.com. For customers migrating from the Cisco Catalyst 2960CX Series to the 9200CX Series, following are the only feature differences:
System MTU
On the Cisco Catalyst 9200CX Series, the global command “system mtu <1500-9198>” sets the global MTU for all interfaces, whereas on 2960CX/3560CX Series the command to set MTU was “system mtu jumbo <1500-9198>”. With the Cisco Catalyst 9200CX Series, the IP MTU is a per-interface-level command that sets a protocol-specific MTU for the interface. Table 5 explains how to set the system MTU.
Table 5. Setting the system MTU
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| System MTU |
C9200CX(config)#system mtu ? <1500-9198> MTU size in bytes |
C3560CX(config)# system mtu jumbo ? <1500-9198> MTU size in bytes |
| IP MTU |
C9200CX(config)# int gi1/0/1 C9200CX(config-if)#ip mtu ? <832-1500> MTU (bytes) |
C3560CX(config)# system mtu routing |
Host tracking feature
The Cisco Catalyst 2960CX/3560CX Series supports IP Device Tracking (IPDT) for keeping track of connected hosts (association of MAC and IP addresses). The Cisco Catalyst 9200CX Series, with the latest Cisco IOS XE Software release, supports the new Switch Integrated Security Features (SISF) based on the IPDT feature. It acts as a container policy that enables snooping and device-tracking features available with First-Hop Security (FHS), in both IPv4 and IPv6, using IP-agnostic Command-Line Interface (CLI) commands. See Appendix A for more information on migrating from the IPDT CLI configuration to the new SISFbased device-tracking CLI configuration.
Full Flexible NetFlow
Both the Catalyst 9200CX Series and the Catalyst 2960CX/3560CX Series support Flexible NetFlow. Besides the scalability differences, there are a few differences in the capabilities and configurations, as listed in Table 6.
Table 6. Flexible NetFlow differences
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| Flow support |
Ingress and egress |
Ingress only |
| Export formats |
Version 9 and Version 10 |
Version 9 |
| NetFlow support on L2 VLAN |
Yes |
No |
| Sampler rate |
1 out of 2 to 1 out of 1024 |
1 out of 32 to 1 out of 1022 |
| Timestamp |
Use absolute time [0 is at time 00:00:00 January 1, 1970] |
Use system uptime |
| Bridged traffic |
Apply the flow monitor to a VLAN |
None |
Boot mode
The Catalyst 9200CX Series supports the monolithic bundle boot mode as well as the optimized install boot mode, whereas the Catalyst 2960CX/3560CX Series supports only the traditional bundle mode. All Catalyst 9200CX switches ship with the default install boot mode. Table 7 compares the boot mechanism between the two platforms. Table 8 shows how to ignore the startup configuration.
Table 7. Boot modes on Catalyst 2960CX/3560CX and Catalyst 9200CX Series Switches
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| Boot modes |
Install, bundle |
Bundle |
| Default |
Install Mode (recommended) |
Bundle Mode |
| Boot configuration |
C920CX# install add file flash:cat9k_xxx.bin activate commit |
C3560CX(config)#boot system flash:c2960x-xx.152.bin |
Table 8. Ignoring the startup configuration
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| Cisco IOS Software |
C920CX(config)#system ignore startup config |
|
| ROMMON |
SWITCH_IGNORE_STARTUP_CFG=1 |
Confreg, use the interactive prompt to enable/disable ignore startup configuration |
Switch reset
The Cisco Catalyst 2960CX/3560CX Series uses the traditional “write erase” command in Cisco IOS Software and deleting of the configuration file and vlan.dat file in ROMMON to reset the switch. The Cisco Catalyst 9200CX Series provides exec “factory-reset”, “write erase”, and “erase nvram:” commands; either of which can be used to remove all customer- specific data that has been added to the device since the time of its shipping. Erased data includes configurations, log files, boot variables, core files, and credentials. The device reloads to perform the factory-reset task and stays in ROMMON mode.
Quality of service
The ASICs and operating system that power the Cisco Catalyst 2960CX/3560CX and Catalyst 9200CX Series are different, resulting in some differences in QoS behaviors, as described in Table 9.
Table 9. QoS differences between the 9200CX and 2960CX/3560CX Switches
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX |
| Model |
MQC |
MLS |
| QoS default |
Enabled |
Disabled |
| Trust interface configuration |
Trust all |
Trust none |
| Port ingress |
Classification/Policing/Marking |
Classification/Policing/Marking/Scheduling |
| Port egress |
Policing/Marking/Queueing |
Queueing and scheduling |
| SVI ingress |
Classification/Marking |
Not Supported |
| SVI egress |
Classification/Marking |
Not Supported |
| Hierarchical QoS |
Supported |
Not Supported |
| Queues |
2P6Q3T (8 Queues) |
2P6Q3T (8 Queues) |
| Classification |
Ingress and Egress |
Ingress Only |
| Marking |
Ingress and Egress |
Ingress Only |
| Policing |
1r2c, 2r3c |
1r2c |
| Sampler rate |
1 out of 2 to 1 out of 1024 |
1 out of 32 to 1 out of 1022 |
| Policing action |
Drop, mark down using Table Maps, (DSCP, CoS, Precedence) |
Drop, mark down DSCP, CoS, precedence |
| Egress queuing |
YES – Shaping, Bandwidth, tail-drops (AFD, WRED) and priority queuing |
WTD (Weighted Tail Drp), Priority queueing, Shaping, Bandwidth |
Table 10 lists other QoS specifications in the Cisco Catalyst 2960CX/3560CX Series and Catalyst 9200CX Series.
Table 10. QoS specifications in the Cisco Catalyst 2960CX/3560CX Series and Catalyst 9200CX Series
|
|
Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| Buffer |
6 MB/ASIC |
4 MB/ASIC |
| Buffer Sharing |
Buffer sharing is within the ASIC |
Buffer sharing is within the ASIC |
| Number of Priority Queues |
2 |
0 to 1 |
Congestion avoidance
The Cisco Catalyst 2960CX/3560CX Series supports only Weighted Tail Drop (WTD), which discards packets based on configured thresholds. The Cisco Catalyst 9200CX Series uses both WTD and Weighted Random Early Detection (WRED), which randomly discards packets at specified queue thresholds based on IP precedence, Differentiated Services Code Point (DSCP), or Class of Service (CoS), giving the network architect much more control over the drop behavior. Following is an example of a WRED configuration on the 9200CX Series.
policy-map 2P6Q3T
class PRIORITY-QUEUE
priority level 1|
class VIDEO-PRIORITY-QUEUE
priority level 2 class DATA-QUEUE
bandwidth remaining percent <number> queue-buffers ratio <number> random-detect dscp-based
random-detect dscp 10 percent 60 80
Cisco Catalyst 2960CX/3560CX Series platform-specific commands
Table 11 lists commands that are specific to the Cisco Catalyst 2960CX Series and are not available on the Catalyst 9200CX Series.
Table 11. Platform specific commands
| Catalyst 9200CX Series |
Catalyst 2960CX/3560CX Series |
| Not applicable |
vlan internal allocation policy ascending |
| Not applicable |
ntp update-calendar |
| See Appendix A |
ip device tracking |
Accessories
The Cisco Catalyst 9200CX come with newly designed accessories. Like the Cisco Catalyst 2960CX and 3560CX, there are four different mounting options to meet different customer mounting needs: wall mount, table-top/bottom/shelf mount, rack mount, and din rail mount. These versatile deployment options help reduce cost of premium space; and the C9200CX is designed to dissipate heat better with its’ newly, custom designed accessories. These accessories are special designed for the Cisco Catalyst 9200CX, and the mounting accessories of the Cisco Catalyst 2960CX/3560CX are not compatible with the Cisco Catalyst 9200CX. The mounting options are shown in Image 1 below.
Cisco Catalyst 9200CX Mounting Options
The Cisco Catalyst 9200CX Series is Cisco’s latest addition to our fixed enterprise switching access platform. It is the new generation of the access platform, with many additional capabilities, and is well- suited for enterprises looking to migrate from their existing Cisco Catalyst 2960CX/3560CX Series deployment.
If your device has no legacy IP device-tracking or IPv6 snooping configurations, you can use only the new SISF-based device-tracking commands for all your future configurations. The legacy IPDT commands and IPv6 snooping commands are not available.
Table 12 displays the new SISF-based device-tracking commands and the corresponding IPDT and IPv6 snooping commands.
Table 12. IPDT, IPv6 snooping, and device-tracking CLI compatibility
| IP device tracking |
IPv6 snooping |
SISF-based device tracking |
| IP device tracking probe count |
Not Supported |
Not Supported |
| IP device tracking probe delay |
ipv6 neighbor binding reachable-lifetime |
device-tracking policy reachable-lifetime |
| IP device tracking probe interval |
ipv6 snooping tracking retry-interval |
device-tracking policy retry-interval |
| IP device tracking probe use-svi |
Accepted and interpreted as IP device tracking probe auto-source override |
Accepted and interpreted as IP device tracking probe auto-source override |
| IP device tracking probe auto-source fallback |
Not supported |
Not supported |
| IP device tracking probe auto-source override |
Not supported |
Not supported |
| IP device tracking tracebuffer |
Not supported |
Not supported |
| IP device tracking maximum |
ipv6 snooping policy <name> limit |
device-tracking snooping policy <name> limit |
| IP device tracking probe count |
Not supported |
Not supported |
| IP device tracking probe interval |
Not supported |
Not supported |
| Clear IP device tracking all |
Not supported |
Not supported |
To view buying options and speak with a Cisco sales representative, visit https://www.cisco.com/c/en/us/buy.html