Selecting an Access Switch

Answered Question
Oct 8th, 2007

There ar emany switches one can purchase to act as access switches in the LAN environkment or the server farm access layer.

There are the 3750s, 4500s, 6000, etc. Some switches have modulaqr chassis and others are fixed, like the 3750...

So what criteria shoul done use to decide which would be the best switch. If I have say, 200, users, a 3750 stack could do the trick, or a 4506/7, etc....

Any suggestions?

I have this problem too.
0 votes
Correct Answer by paul.matthews about 9 years 2 months ago

How is your design planned? How spread are the users?

If you need L3 switching in access layer, look at 3750 upwards if not don't. You may need to look into cost per port in detail, including if there is a cost for rack space.

Depengin upon your physical topology, you may need to look at two locations to serve 200 users - eg opposite corners of the building (assuming UTP, as 100m can get used up very quickly) which may mean 100 users per location - that is not much above 2*48 port switches.

What is the impact of users being off air for a while? If it is something like a trading floor, you may want the high availability features of 4500 upwards.

Basic office work, no L3, 100 users or so I would look at 2950/2960 type switches.

I would probably skip 3560s and go up to 3750 if I was looking at up to around 150 users per location, and wanted L3 but did not need full HA. If the HA is a requirement, I would look at 4507R/4510Rs, or if the ports per location is nearer 300. If absolute uptime is important or huge user density then I would

look at 6500.

So, basically It depends!

Criteria are L3 requirements, port density and availability requirement.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
paul.matthews Mon, 10/08/2007 - 12:00

How is your design planned? How spread are the users?

If you need L3 switching in access layer, look at 3750 upwards if not don't. You may need to look into cost per port in detail, including if there is a cost for rack space.

Depengin upon your physical topology, you may need to look at two locations to serve 200 users - eg opposite corners of the building (assuming UTP, as 100m can get used up very quickly) which may mean 100 users per location - that is not much above 2*48 port switches.

What is the impact of users being off air for a while? If it is something like a trading floor, you may want the high availability features of 4500 upwards.

Basic office work, no L3, 100 users or so I would look at 2950/2960 type switches.

I would probably skip 3560s and go up to 3750 if I was looking at up to around 150 users per location, and wanted L3 but did not need full HA. If the HA is a requirement, I would look at 4507R/4510Rs, or if the ports per location is nearer 300. If absolute uptime is important or huge user density then I would

look at 6500.

So, basically It depends!

Criteria are L3 requirements, port density and availability requirement.

Jagdeep Gambhir Mon, 10/08/2007 - 13:16

I would suggest you to go for 3750. It has all advance security feature (less operating cost) that you will need for 200 users, The following dot1x features are supported:

? 802.1x authentication with VLAN assignment

? 802.1x authentication with per-user ACLs

? 802.1x authentication with guest VLAN

? 802.1x authentication with inaccessible authentication bypass.

? 802.1x authentication with voice VLAN ports

? 802.1x authentication with port security

? 802.1x authentication with wake on LAN

? 802.1x authentication with MAC authentication bypass

Network Admission Control (NAC)

IEEE 802.1x helps ensure that all access to the network infrastructure requires authentication.

? 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port.

? Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same switch port.

? MAC Auth Bypass (MAB) for voice allows third-party IP phones without 802.1x supplicant to get authenticated using their MAC address.

? Root Guard and BPDU Guard protect from attacks on Spanning Tree Protocol.

? Port-level security features provide a powerful defense against some of the most damaging voice network attacks, such as a "man-in-the-middle" attack where an intruder could capture packets being sent from one end device to another and use them to eavesdrop on a conversation or establish a new connection. Features such as DHCP snooping, dynamic ARP inspection, and IP Source Guard work together to thwart such attacks by positively authenticating each end-user device.

Scalability to Address Future Needs: The Cisco Catalyst 3750-E Series Switches are well positioned to accommodate both the growing number of end devices and the increasing amount of traffic. Up to nine switches can be stacked together using Cisco StackWise Plus technology

Power over Ethernet, Support for high availability, Less operating costs

Cisco Catalyst 3750-E Series Switches Q&A:

http://www.cisco.com/en/US/products/ps7077/products_qanda_item0900aecd805bbea5.shtml

http://www.cisco.com/en/US/products/ps7077/products_data_sheet0900aecd805bbe67.html

Regards,

~JG

Please rate helpful posts

lamav Tue, 10/09/2007 - 18:00

Thanks you to the both of you for your thoughtful answers.

Actions

This Discussion