When we talk about the Layer 2 or Layer 3 switching, we should know the main Cisco IOS Software feature licenses. And the Layer 2 and layer 3 switching seem a hot and popular topics discussed in Cisco switch users.
How to deal with the problems about the Layer 2 or Layer 3 Switching? How to choose and upgrade your Cisco IOS Software Feature License?
In this article, we will share Steven Song’s summary about the Cisco IOS Software Licenses for Layer 2 or Layer 3 Switching, which tell the main differences of Cisco IOS Software feature licenses for switching.
There are 4 common Cisco IOS Software feature licenses for Cisco Catalyst 2K and 3K switches.
LAN Lite: Enterprise EntryLevel Layer 2 Switching
LAN Base: Enterprise Access Layer 2 Switching
IP Base: Enterprise Access Layer 3 Switching
IP Services: Advanced Layer 3 Switching
To be specific, we will concentrate on these popular Cisco Catalyst switches: Cisco Catalyst 2960, Catalyst 2960-S, Catalyst 3560-X and Catalyst 3750-X switches.
LAN Lite License: Cisco Catalyst 2960 and 2960-S Series Switches
LAN Lite and LAN Base are two common licenses for the 2960 and 2960-S switches. As its name suggests, LAN Lite is an entry level license for enterprise layer 2 access switches with many useful features including 802.1Q trunking, (M)STP, STP extensions, CDP, DTP, UDLD, VTPv2, PAGP/LACP, and LLDP. It also supports important security features such as TACACS+, RADIUS, port security, 802.1X and DHCP snooping. At this level, this license does not provide layer 3 routing capabilities. Nor does it have advanced security and management capabilities such as Dynamic ARP Inspection and advanced QoS beyond some basic functions, for example priority queuing.
Introducing the New Cisco Catalyst 2960-L LAN Lite Series Switches
LAN Base License: Cisco Catalyst 2960, 2960-S, 3560-X, and 3750-X Series Switches
LAN Base is a powerful license for layer 2 access switches. Its broad range of access features covers all LAN Lite capabilities plus more robust features such as VTPv3 and FlexLinks. VTP version 3 offers better administrative control over VLAN topology information sharing to reduce unintended or disruptive changes. It also adds more VLAN environment support including expanded ISL VLAN support range. FlexLinks increase Layer 2 resiliency by adding a pair of fast converging active and backup links between access and distribution switches. LAN Base allows layer 3 routing by adding static routing support. Many strong security capabilities are added in LAN Base, too. Examples include Flexible Authentication, Radius Change of Authorization and advanced 802.1X features. On the management side, a long list of capabilities becomes available in LAN Base including a wider range of MIBs, Ingress policing, Trust Boundary, AutoQoS, and DSCP mapping.
If you have a basic layer 2 access networks with essentially no routing needs and no advanced security or management requirements, you might want to consider LAN Lite. For most enterprise layer 2 networks, LAN Base is a minimum requirement. It gives you a robust layer 2 access network with excellent network manageability, security and user experience.
Q: “What are the advantages of Cisco Catalyst 2960 Series Switches with the LAN Base software relative to Cisco Catalyst 2960 Series Switches with the LAN Lite software?”
A: Cisco Catalyst 2960 LAN Base switches deliver intelligent services for branch offices and wiring closets. The LAN Base IOS software supports enhanced Layer 2+ security, quality of service (QoS), availability, and scalable management to enable new converged applications. Catalyst 2960 LAN Base switches include both 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity in 8-, 24-, and 48-port configurations.
Cisco Catalyst 2960 LAN Lite switches are for entry-level branch office and wiring closet networks. They simplify the migration from nonintelligent hubs and unmanaged switches to a fully scalable and reliable network. The LAN Lite IOS software supports standard Layer 2 security, QoS, and availability while lowering the network total cost of ownership. Catalyst 2960 LAN Lite switches deliver 10/100 Fast Ethernet connectivity in 24- and 48-port configurations.
All Cisco Catalyst 2960 Series Switches have technical support service options available through Cisco SMARTNetservice. All come with a Limited Lifetime Hardware Warranty, and LAN Base and LAN Lite software updates are provided at no additional cost.
Layer 3 Licenses-IP Base and IP Services Licenses
Dynamic routing provides network scalability, adaptability and resiliency. IP Base is a baseline enterprise services license for the 3560-X and 3750-X switches with dynamic routing support. It includes all layer 2 functionalities covered by the LAN Base license, plus an impressive list of layer 3 capabilities including static routing, RIP, EIGRP stub, Protocol Independent Multicast (PIM) stub and OSPF for Routed Access. Here EIGRP stub means that the switch participates in EIGRP routing as a stub and the EIGRP routes will not be extended to any downstream devices connecting to the switch. Also, notice that OSPF for Routed Access is designed specifically to extend Layer 3 routing capabilities to the wiring closet. It supports only one OSPFv2 and one OSPFv3 instance, with a maximum number of 200 dynamically learned routes. On the security front, a huge number of network security features are delivered in IP Base. Examples include ACLs, Private VLANs, TrustSec SXP, and IEEE 802.1AE (also known as MACsec). A new and exciting security feature is device sensor. It is part of the IOS software running on a switch which collects certain endpoint device attributes and sends such info to the Cisco Identify Services Engine (ISE) through RADIUS accounting packets. Cisco ISE then applies the appropriate policies as part of the Bring Your Own Device (BYOD) solution. In addition, new management capabilities have been added to the IP Base image. A good example is Embedded Event Manager (EEM). This is a policy-based framework that allows you to customize a script for real-time network event detection and onboard automation. Also, medianet support gives you the ability to troubleshoot and customize business applications such as video-based collaborations.
IP Services License: Cisco Catalyst 3560-X, and 3750-X Series Switches
IP Services is your full enterprise services license. It supports everything delivered by IP Base. It then adds further capabilities to enable a high-quality user experience that one expects in the next-generation workplace. At the top of the list are full capabilities of EIGRP and OSPF routing protocols with no restrictions on network topology or routing table size. In addition, the BGP routing protocol is supported which is not part of IP Base. Another important area is IPv6 support. IP Services provides OSPFv3 and EIGRP for IPv6 which are not available in IP Base. As many customers are running out of IPv4 addresses, IPv6 support is rapidly becoming a high priority requirement for the networks. Yet another important area is full scale support for PIM for IP multicast routing, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), PIM sparse-dense mode and Source Specific Multicast (SSM). The full PIM routing support greatly improves network efficiency as multimedia, interactive video and business collaborations generate exponential traffic growth. Here’s another important enhancement that IP Services enables: VRF-lite support is not in IP Base but it is in IP Services. As you may recall, VRF-lite is a good way to segment a physical network into multiple logical networks for network virtualization. Additional IP Services capabilities include Web Cache Coordination Protocol (WCCP) and policy-based routing (PRB) support.
Now let’s show some information on various license SKUs, then you can easily recognize them.
For Catalyst 2960 and 2960S switches, the SKU group ending with
-S represents LAN Lite
-L represents LAN Base
For Catalyst 3560-X and 3750-X switches, the SKU group ending with
-L represents LAN base
-S represents IP Base
-E represents IP Services
Here are some samples SKUs.
(24 Ethernet ports, LAN Lite image)
(24 Ethernet ports, LAN Base image)
(Stackable 24 Ethernet ports, LAN Base feature set)
(Stackable 24 Ethernet ports,
IP Base feature set)
(Stackable 24 Ethernet ports,
IP Services feature set)
If you require dynamic routing for your enterprise access networks, you’ll need to begin with IP Base. It gives you full layer 2 capabilities, plus robust layer 3 features to support your access network with enhanced scale, performance and network services such as security and application optimization. IP Services takes you one step further with full scale support of unicast and multicast routing protocols, as well as critical services such as network segmentation and IPv6 support for OSPF/EIGRP to enable the full experience of the next generation workplace.
If yourinitial software choices were LAN Base or an IP Base license for your Catalyst 3560-X and 3750-X switches, you would need an upgrade license to deploy IP Services. A family of new IP Services SKUs is available (SKUs ending with –E). These new SKUs make it easy for you to deploy IP Services directly.