[c-nsp] Access-layer switch recommendations
Andrew Gray
4457 at blargh.com
Mon Jan 24 13:38:20 EST 2011
Good morning,
My employer is in the process of doing a review of our current "standard
deployment" hardware we use for parts of our network. At present we have
gone from 3750Gs to 3750Xs, but we are in the middle of a budget crunch and
are re-evaluating. Our typical deployment ranges from 12 to 140 ports or so
(so we use stackables).
Key things we are looking for (apologies for list length):
- Some limited PoE capability (the more the merrier, but we need at least
some, even 100W would be sufficient)
- Automatic QoS marking for VoIP phones (we presently use Cisco phones, but
anything that supports it based on, ideally, LLDP-MED will work)
- SFP uplink ports (we use 2 per stack for redundancy, going to different
core devices)
- We've become addicted to the security aspects provided by DHCP Snooping,
IP Source Guard, BPDU and Root Guard, and broadcast storm control (which at
least the 3750s can do in a useful increment (pps) as opposed to 6500s which
seem to be %-based).
- Command line interface over SSH with some form of remote auth (obviously
we use TACACS but have support for RADIUS and LDAP).
- Sane SNMP support (which unfortuantely Cisco seems to not be terribly fond
of, but we hack around it (especially the kludgy support for CAM tables per
VLAN since they don't support Q-BRIDGE-MIB).
- Finally, we are making triple-speed access ports (10/100/1000) a
requirement for this process.
- For future proofing, able to access management over IPv6 would be nice.
- A lot of the more basic things: logging to syslog, serial or USB direct
access, stacking capability such that all members appear as a single unit,
jumbo frame support (9000+), if it can be mounted to a wall without hacks is
nice but not commonly needed.
Some things we would LIKE to have but are NOT required: Redundant power
options, remote configuration copy (we use SNMP at present to trigger the
3750s to save their configuration to our TFTP server and then put that into
our Wiki for change tracking), 802.1X authentication with MAC bypass, sFlow,
and remote packet capture (we LOVE Cisco's ERSPAN capability... when and
where it works... which isn't nearly as often as we'd like)
One option we are evaluating is to drop down to the 2960S, another is to
jump product lines entirely (we are eyeing the Extreme Summit X460 for
example). I would be interested in hearing from other people their
experiences not only with the 2960S, but any other manufacturer/product line
we should consider.
Thanks in advance for any input.
--
Andrew Gray
More information about the cisco-nsp
mailing list