[c-nsp] Campus - Best Practices

Paul Stewart pstewart at nexicomgroup.net
Tue Jun 27 21:18:14 EDT 2006


We are currently bidding on a campus deployment for a local educational
facility.  The requirement involves approximately 1000 ethernet drops to
student residences.

Cisco Clean Access (or NAC) is a requirement and we are considering
deploying Cisco 3560-48TS switches throughout the campus linked on GigE
fiber between them.  Our original plan was for something along the lines
of 6509's but because of the way the ethernet drops are located, we need
to put smaller switches in more locations than a centralized deployment.

A Cisco 7206VXR would then provide DHCP services with public IP
addresses (a requirement) to each of the desktops via the switches.

What is best practice in a setup like this and/or should we look at a
completely different setup?  I presume NAC can communicate via SNMP with
almost any switch that supports VLAN's?

Because this is really one large LAN, what kind of security can be
provided to stop "snooping" of other traffic, man-in-middle attacks etc.
etc?  Any pointers from people who have done lots of these would be very
appreciated.  Also, traffic will be approximately 200 Mb/s throughout
the entire network at peak time....

Thanks in advance,

Paul Stewart
Network Administrator
Nexicom Inc.
http://www.nexicom.net/ 



More information about the cisco-nsp mailing list