About a big network with 2950, 2960,2970,3560 catalyst...

cv040320 · ‎03-04-2020

i kindly request your opinion about this plant. The manufacturing company is located in only a productive plant on the center of Italy.

The company does not have problems of speed of networks. And the networks is not a problem for the IT .

The server are inside and use low bands for connection.

The It manager says the networks band is used by CCTV cameras but the Camera traffic is small percentual of traffic.

The wifi speed are not a problem infact the Wifi is used only for Telnet connections.

The network is managed by a Cisco 3560 Layer 3 connected with ring connections to other 45 Cisco Switches .

The industrial plant is large and all switches, are monitored by Logs / Sensors..

The switches connection (except old 2950 for small printer located in strange position ) are using 1 gigabit UTP cables UTP or fiber 1giga connections.

The other switches on the plant are : Cisco 3560 ,Cisco 2960G, Cisco 2960, Cisco 2970, Cisco 2950. Normally all the switches are racked and have 24 ports.

The politic of the company is replace bad switches with reconditioned Cisco 2960G, or 3560 switches. The IT Team takes some 3560 /2960G for solve in case of fail, and the stop time for the swithes is max. 1 hour.

At the network are connected to nr. 25 access points AP 1240 G, with a unique configuration replaced in ever access point. The wifi speed are not a problem infact the Wifi is used only for Telnet connections.

All the cisco switches/apoints are update to the last version available , and every day the configuration are automaticcaly saved.

The company budget for IT is very small.

My questions are:

1) What do you think about this network?

2 ) having old device like Cisco 2950 on the network , can slow all the network even if the traffic of the 2950 are very poor [the 2950 are used only for printers] ?

3) Which is your first things to do, for renew this plant?

Best Regards

CV

Leo Laohoo · ‎03-04-2020

`tis all about the money.

Nothing wrong with this setup.
If the boss says "`tis good", then it is good.

cv040320 · ‎03-04-2020

Yes. If it works is ok. But other questions remain:

- ) having old device like Cisco 2950 on the network , can slow all the network even if the traffic of the 2950 are very poor [the 2950 are used only for printers] ?

-) Which is your first things to do, for renew this plant?

Thank you

CV

balaji.bandi · ‎03-04-2020

- ) having old device like Cisco 2950 on the network , can slow all the network even if the traffic of the 2950 are very poor [the 2950 are used only for printers] ?

BB - if you have budget replace with same 3750X - but they going to end of life, so i invest on Cat 9200

-) Which is your first things to do, for renew this plant?

BB - replace with Cat 9200 or Cat 9300 depends on budget.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andrew.butterworth · ‎03-05-2020

If it works, you are happy with the performance and you have spares then I'd honestly stay with what you have got.

If you are looking at new technologies or ways to automate the configuration of the devices in the network (IBN) or if you feel you need to secure stuff more than 802.1x gives you then look to upgrade. Catalyst 9x00 series and DNAC would be the way to go.

However its a fairly big cost and I suspect you won't see many benefits.

48-port Catalyst 3560G current price on any popular auction site is no more than $100. This will provide 48-ports at 1Gbps (plus SFP uplinks). It supports 802.1q VLANs & trunks, IPv4 & IPv6 Routing, Routing protocols - RIP, EIGRP, OSPF, ISIS & BGP (IP Base/IP Services image restrictions obviously), IPv4 Multicast routing (IP Services), VRF-lite (IP Services). It will do QoS (sort of - MLS QoS so ingress classification & policing and egress queuing..), it will do 802.1x so you can secure your wired Ethernet ports to authorised devices only (EAP or MAB but that's a whole other conversation and design), it supports lots of monitoring options via SNMP. It doesn't however support MACsec, VRF/full MPLS or SD-Access like the 9x00 series does (as well as the 3650/3850 series that are nearing EoS).

The L2 2960's support all these features except the L3 routing functions (the later 2960S/X support some L3 forwarding features but its very limited).

Even the old 2950 supports 802.1q VLANs & trunks as well as some rudimentary QoS features and 802.1x.

If you don't need the newer features (MACsec, VRF/MPLS & SD-Access) then I would honestly stick with the older (and massively cheaper if purchased used...) switches.

Andy (I don't work for Cisco obviously...)

Joseph W. Doherty · ‎03-06-2020

As many of the others have noted, if you're not having "issues", there's really no super pressing need to upgrade equipment beyond the chance the really old equipment is probably more likely to fail, and/or equipment that no longer has its software being updated is usually more at risk from some kind of security bug.

As to 2950s "slowing" your network, that really depends on your traffic loads, on those devices, are more than they can handle (and often it's not).

BTW, in my last job a few years ago, we had about 5,000 Enterprise network devices (supporting over 100,000 users), we were still in the process of replacing 2950s, which as just described was due to concerns about possible device failure (you could no longer get them on Cisco HW maintenance) and/or security holes, not their performance compared to newer switches.