but the question here why are you going with routed access layer and in your case you have large Mcast routing table that going to be everywhere !!
have you considered using Cat65k or 45K in the distribution in VSS and use L2 from access to distribution
in this case you need to concern about the distribution routing table size and also VSS simplify the topology and managerially of the network rather than have it with a complicated routing design
routed access is a good and recommend as well for quicker convergence time and no reliance on STP or HSRP/VRRP timers
however it could comlicate the routing design !
while VSS will also eliminate the reliance on HSRP/VRRP and STP with more added simplicity to the topology and design
so you may go with 45K VSS in the distribution and 65K with VSS in the core as well and in the access using L2 uplinks to the distribution and the uplinks everywhere can use multi-chassis etherchannel MEC, for increased network capacity in terms of bandwidth and quicker convergence time in the case of a link failure as well, Plus you will be able to support the desired Mcast routing table in the distribution and Core !!
The reason we choose ME switch for routed access design because:
- I need to implement traffic-shaping in access layer with cost effective, so ME 3400E in access layer and ME 3800X in distribution layer is chosen.
- At the beginning of the design, large multicast group is not in the picture.
- I want to avoid network issue that caused by STP, if i run STP between access and distribution layer.
Also, Catalyst 4500E/4500X haven't support VSS at the moment when this design come out.
So, I'm thinking the below solution:
- Option 1: Change design to Layer 3 at Core/Distribution layer, and Layer 2 at Access layer.
- Option 2: Use more powerful switch at access layer: ME 3800X, Cat4500E
- Option 3: Ask the CCTV vendor to limit using multicast group to less than 1000.
Option 2 and Option 3 are not possible. Because the nature of business requirements (option 3) and too expensive (option 2) because there are few network device (PC/Camera/...) connect to access switch.
Beside that 3 options, could you let me know are there any others options that i could go with?
well your choices are limited here because the hardware you have is hitting the max Mcast table limit also option 1 is not a good one without using VSS because this means that STP will take place and this is not a good design in a modern Cisco network
where VSS/vPC and other tochnologies where intriduced to over come its limitations
i would say if you can upgrade only the distribution switches and run VSS you will be fine !!
if the CCTV vendor able to reduce the size of Mcast ( taking into account future growth ) you may keep your current setup using routed access layer