[c-nsp] Access-layer switch recommendations

Andrew Gray 4457 at blargh.com
Mon Jan 24 13:38:20 EST 2011


Good morning, 

My employer is in the process of doing a review of our current "standard 
deployment" hardware we use for parts of our network.  At present we have 
gone from 3750Gs to 3750Xs, but we are in the middle of a budget crunch and 
are re-evaluating.  Our typical deployment ranges from 12 to 140 ports or so 
(so we use stackables). 

Key things we are looking for (apologies for list length):
 - Some limited PoE capability (the more the merrier, but we need at least 
some, even 100W would be sufficient)
 - Automatic QoS marking for VoIP phones (we presently use Cisco phones, but 
anything that supports it based on, ideally, LLDP-MED will work)
 - SFP uplink ports (we use 2 per stack for redundancy, going to different 
core devices)
 - We've become addicted to the security aspects provided by DHCP Snooping, 
IP Source Guard, BPDU and Root Guard, and broadcast storm control (which at 
least the 3750s can do in a useful increment (pps) as opposed to 6500s which 
seem to be %-based).
 - Command line interface over SSH with some form of remote auth (obviously 
we use TACACS but have support for RADIUS and LDAP).
 - Sane SNMP support (which unfortuantely Cisco seems to not be terribly fond 
of, but we hack around it (especially the kludgy support for CAM tables per 
VLAN since they don't support Q-BRIDGE-MIB).
 - Finally, we are making triple-speed access ports (10/100/1000) a 
requirement for this process.
 - For future proofing, able to access management over IPv6 would be nice.
 - A lot of the more basic things: logging to syslog, serial or USB direct 
access, stacking capability such that all members appear as a single unit, 
jumbo frame support (9000+), if it can be mounted to a wall without hacks is 
nice but not commonly needed. 

Some things we would LIKE to have but are NOT required: Redundant power 
options, remote configuration copy (we use SNMP at present to trigger the 
3750s to save their configuration to our TFTP server and then put that into 
our Wiki for change tracking), 802.1X authentication with MAC bypass, sFlow, 
and remote packet capture (we LOVE Cisco's ERSPAN capability... when and 
where it works... which isn't nearly as often as we'd like) 

One option we are evaluating is to drop down to the 2960S, another is to 
jump product lines entirely (we are eyeing the Extreme Summit X460 for 
example).  I would be interested in hearing from other people their 
experiences not only with the 2960S, but any other manufacturer/product line 
we should consider. 

Thanks in advance for any input. 

 --
Andrew Gray


More information about the cisco-nsp mailing list