Cisco IOS Software Licenses: What’s What for Layer 2 and Layer 3 Switching – Part 2

- May 21, 2012 - 1 Comment

In my previous post, I discussed 4 common Cisco IOS Software feature licenses for Cisco Catalyst 2K and 3K switches. I specifically concentrated on LAN Lite and LAN Base licenses for layer 2 networks. Today I’ll take a closer look at layer 3, IP Base and IP Services licenses. I’ll point out again that this post is not intended to represent or replace any Cisco documentation. Product information can change very quickly and use of this post is solely at the readers’ own risk.

For those of you who have used Cisco switches for a long time, do you remember the Cisco Catalyst 5500 switches with a Route Switch Module (RSM)? That was how layer 2 and layer 3 were put together within a single chassis – in a kludgy way. Those days are long gone. The Cisco Catalyst switches today feature powerful and integrated layer 3 capabilities. Layer 3 switching and routing are so close that they spark lots of fun discussions. Here, I’ll concentrate on the layer 3 switching capabilities of the Cisco Catalyst 3560-X and Catalyst 3750-X switches.

IP Base License: Cisco Catalyst 3560-X and 3750-X Series Switches

Dynamic routing provides network scalability, adaptability and resiliency. IP Base is a baseline enterprise services license for the 3560-X and 3750-X switches with dynamic routing support. It includes all layer 2 functionalities covered by the LAN Base license, plus an impressive list of layer 3 capabilities including static routing, RIP, EIGRP stub, Protocol Independent Multicast (PIM) stub and OSPF for Routed Access. Here EIGRP stub means that the switch participates in EIGRP routing as a stub and the EIGRP routes will not be extended to any downstream devices connecting to the switch. Also, notice that OSPF for Routed Access is designed specifically to extend Layer 3 routing capabilities to the wiring closet. It supports only one OSPFv2 and one OSPFv3 instance, with a maximum number of 200 dynamically learned routes. On the security front, a huge number of network security features are delivered in IP Base. Examples include ACLs, Private VLANs, TrustSec SXP, and IEEE 802.1AE (also known as MACsec). A new and exciting security feature is device sensor.  It is part of the IOS software running on a switch which collects certain endpoint device attributes and sends such info to the Cisco Identify Services Engine (ISE) through RADIUS accounting packets. Cisco ISE then applies the appropriate policies as part of the Bring Your Own Device (BYOD) solution. In addition, new management capabilities have been added to the IP Base image. A good example is Embedded Event Manager (EEM). This is a policy-based framework that allows you to customize a script for real-time network event detection and onboard automation. Also, medianet support gives you the ability to troubleshoot and customize business applications such as video-based collaborations.

IP Services License: Cisco Catalyst 3560-X, and 3750-X Series Switches

IP Services is your full enterprise services license. It supports everything delivered by IP Base. It then adds further capabilities to enable a high-quality user experience that one expects in the next-generation workplace. At the top of the list are full capabilities of EIGRP and OSPF routing protocols with no restrictions on network topology or routing table size. In addition, the BGP routing protocol is supported which is not part of IP Base. Another important area is IPv6 support. IP Services provides OSPFv3 and EIGRP for IPv6 which are not available in IP Base. As many customers are running out of IPv4 addresses, IPv6 support is rapidly becoming a high priority requirement for the networks. Yet another important area is full scale support for PIM for IP multicast routing, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), PIM sparse-dense mode and Source Specific Multicast (SSM). The full PIM routing support greatly improves network efficiency as multimedia, interactive video and business collaborations generate exponential traffic growth. Here’s another important enhancement that IP Services enables: VRF-lite support is not in IP Base but it is in IP Services. As you may recall, VRF-lite is a good way to segment a physical network into multiple logical networks for network virtualization. Additional IP Services capabilities include Web Cache Coordination Protocol (WCCP) and policy-based routing (PRB) support.

Let me provide you with some information on various license SKUs, so that you can easily recognize them.

For Catalyst 2960 and 2960S switches, the SKU group ending with
-S represents LAN Lite
-L represents LAN Base

For Catalyst 3560-X and 3750-X switches, the SKU group ending with
-L represents LAN base
-S represents IP Base
-E represents IP Services

Here are some sample SKUs.

Switches LAN Lite LAN Base IP Base IP Services
(24 Ethernet ports, LAN Lite image)
(24 Ethernet ports, LAN Base image)
N/A WS-C3750X-24T-L
(Stackable 24  Ethernet ports, LAN Base feature set)
(Stackable 24  Ethernet ports,
IP Base feature set)
(Stackable 24  Ethernet ports,
IP Services feature set)

The Bottom Line

If you require dynamic routing for your enterprise access networks, you’ll need to begin with IP Base. It gives you full layer 2 capabilities, plus robust layer 3 features to support your access network with enhanced scale, performance and network services such as security and application optimization. IP Services takes you one step further with full scale support of unicast and multicast routing protocols, as well as critical services such as network segmentation and IPv6 support for OSPF/EIGRP to enable the full experience of the next generation workplace.

Final Comment

In the past, your initial software choices were LAN Base or an IP Base license for your Catalyst 3560-X and 3750-X switches. You would need an upgrade license to deploy IP Services. Going forward, a family of new IP Services SKUs is now available (SKUs ending with –E).  These new SKUs make it easy for you to deploy IP Services directly.

Here’s a new product document with more details about these Cisco Catalyst 3750-X and 3560-X IP Services feature set switches:

  1. This has been very convenient for me now that Im designing a project and had the doubt of the use of upgrading some 3560x to IP services or not, considering that such that upgrade is worth 4,000. The network Im working with is small, less than 50 subnets and I learned by all these that I can run OSPF on the access switches just running IP Base. Thanks,