LAN redesign advice

Unanswered Question
Apr 16th, 2007

Looking to redesign a flat network, and would like advice in terms of design/equipment needed. The current network has 500 users. Their are 15 data closets with HP 4000 switches, being fed back to one switch via fiber. No vlans are in use. Most network traffic is used to run medical software spread across 6 servers, all housed in the same data center. My plan is to replace the 15 HP switches with catalyst 3500 series switches. I will need to stack these access switches I am assuming as I have up to 60 users connecting per closet, being fed back via fiber. Each closet will be divided into it's own vlan, and will feed via fiber 802.1q trunk, to a distribution switch, where inter-vlan routing for the other switches/subnets can take place. 2 distribution switches will be used. The servers will also connect to the distribution switches this way I am thinking. Any traffic not destined for another vlan/subnet, will be sent right to the pix firewall for internet access, or via static route to our service providers layer 3 switch to our MPLS cloud, which will have 5 remote sites connected. All remote sites are less than 35 users. One site does use voip. Right now, they have their own dedicated 3mbp pipe for voice. In the future, that pipe will be removed and traffic will come back via the mpls cloud. My question is, what flavor catalyst will work in the access and distribution layer to support this environment. Distribution I was thinking a 4500 series? HSRP will be running on the distribution switches, as each access switch will have a connection to both distribution switches.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)

How much fiber do you have between each floor and the core? If only one-pair, I would consider adding either more fiber, or copper to add some redundancy.

You are describing a collapsed-core in that your distribution and core would all be within the 4500. One thing to consider is utilizing the 3750/3560 access switches to have routed ports back to the collapsed core. Troubleshooting at layer3 is much easier than at layer2 with spanning-tree. Convergence is also much faster at layer3.

Another consideration would be with the 4500. If you are purchasing only one 4500, which makes sense with only one pair of fiber per floor, and the small number of users, I would recommend looking at dual supervisor's.

Just a couple thoughts.

walleyewiz Tue, 04/17/2007 - 10:19

I agree with routing at the access layer. Just make sure you get all the features you need. Currently, multicast is not supported with IPBASE code but that will be added in an upcoming release. If you are running EIGRP, you can use the stub feature on the IPBASE code and save money. There is a big cost difference between IPBASE and IPSERVICES.

dphuang70 Tue, 04/17/2007 - 13:48

We have 2 pairs of fiber in each closet back to the core. I will setup routing in the access layer this week in my test environment. Would HSRP still be utilized for redundancy between access layer and distribution switches? Any speed issues with intervlan routing if servers are in their own vlan. I agree about the dual supervisors, not sure if the boss will like the pricing. Thanks for your help.

walleyewiz Tue, 04/17/2007 - 17:44

If you route at all layers, no HSRP is needed. Vlan on access switch is the default gateway for the subnet. Load balancing is accomplished by routed uplinks. Inter vlan routing is just as fast as switching--there will be no peformance hit.

vanguard1 Wed, 04/18/2007 - 08:01

Thanks for the response. Any recommendations in terms of the switches in the collapsed core/distribution layer. Obviously I will need enough fiber ports for all of the closets feeding back. Would a 3750 get the job done, or do I need to go with a 4500 series.

Amit Singh Wed, 04/18/2007 - 08:28


The switch for collapsed/core distribution layer depends on the number of fiber links and traffic terminating on the core/distribution.

First of all you have to select the design/configuration for the access layer. As you have 60 users per wiring closet that means you require atleast one 48 port and one 24 port switch per closet. If you are using seperate switches per wiring closet, inturn you would need 30 fiber ports per distribution switch.

My Idea for the access switch would be :

1. Use a stack of 3750's one 48 port and one 24 port and inturn run one fiber from eack stack switch to each of the distribution switch.

2. Use cat4503 chassis at each wiring closet which will give you, PS redundancy, more sclability and easy migration to 10GE in future.

Using both the options will use only 15 ports on each distribution/core chassis.

If you are using any of the options above then you can use either 4506 or 4507R chassis at the distri/core layer.If you need an intra-chassis CPU level redundancy then you can use 4507R otherwise 4506 or 4507R with a single CPU will solve your purpose.


-amit singh

vanguard1 Wed, 04/18/2007 - 12:01

Excellent. Thank you. Question once the vlans hit the distribution layer/core. What is best practice for routing to a pix firewall/remote sites connected via MPLS. Just static routes on the dist./core switches pointing to those locations. Would I run a routing protocol here? Connection to the MPLS cloud will be a catalyst 3550. MPLS will be up in 3 months or so, that's why I am trying to use money in the budget for equipment/redesign. Also, in this setup, would their be a connection between the 2 distribution switches? Again, thanks for your help.


This Discussion