Dear Joseph,

I was going with 6800 but it was costing huge amount of money. Please check attached topology, company needed redundant network. So I designed network in this way. For each building we are planning to have 7 - 2960-XR switches with stacking enabled per each building. All the buildings will be connected using fiber and will be connected to Primary switch and backup switch connecting Building one. Please let me know if this design is okay.

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

That looks about right, although as Reza already noted, ideally you would like to have ASA connected to second 4500-X too (just like your downstream switch stacks).

If cost is a factor, a stackable L3 switch series, e.g. 3750-X, 3650, 3850 might also be used.

PS:

BTW, with VSS you don't really have a "backup" switch, both 4500-Xs will operate concurrently and the pair is managed/configured as a single unit.

When you link from your VSS pair, you use Etherchannel between them and the 2960 stacks.  Also, insure you don't terminate both Etherchannel links on the same stacked 2960.  (You may also need to insure your 2960 stack is using the best Etherchannel load balancing algorithm for your traffic.)

Dear Joseph,

VSS will make two switches into one logical switch. If we configure in one switch configuration will be synced with other switch. The other switch will be in standby mode?

So if one unit fails another unit will take over. Is that correct? 

What happens when failed unit come back online. The configuration applied on synced switch will be again re-sync with online switch?

Please let me know. Thank you

I am configuring a pair of 4500x series switches currently in my topology. I come from a Nexus environment so I am trying to understand vPC vs VSS.

When you say both 4500x switches are forwarding what do you mean by this? They are both forwarding traffic northbound? or the standby is processing traffic and sending it to the active switch to then send northbound?

Should I be using LACP portchannels (MEC) to my Cisco ASA active/standby pair?

I am having a difficult time understanding the traffic flow with this topology?

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

With VSS the two units operate as one, unlike Nexus, where vPC hosting units are still distinct.

Because VSS units only have limited bandwidth between them, they try to avoid moving traffic between VSS units.  For example, if both units have a routed link that's, from the logical pair, with the same cost to the destination, they will "prefer" the local routed link.  I.e. they will use the routed link that egresses the same VSS member that that the ingress traffic arrived on.  Or if you have Etherchannel that spans VSS members, again, VSS will use the locally connected Etherchannel egress links.

VSS is very nice if you have a lot of L2 that you can MEC.  If you're doing L3, you might be better off not using VSS.

I guess I am confused on what I am using more of? lol the VSS units have SVIs that are gateways for downstream clients and SVIs that are part of a transit network between them and the northbound ASAs.

Dear Reza,

Please find the topology and let me know. What changes can be made for better performance?

Hi,

The topology is fine.  You just need an additional link from the backup VSS 4500 switch to the ASA.

HTH

Dear Reza,

Thank you for the valuable reply. That is a nice idea. Will mark it as a bookmark this post. I will come back here during the implementation. 

Following are the part numbers I am going to place an order for, based on the topology for building one. Please correct me if I am wrong. 

1. Cisco Catalyst WS-C4500X-F-16SFP+ = 2 Cisco switches one for primary another for backup by enabling VSS

2. Cisco SFP-H10GB-CU1-5M= 4 Twinax cables for connecting VSS on two core 4500-X switches and connecting both Primary and back up to Cisco ASA. 

3. Cisco SFP-10G-SR-X = 8 SFP+ modules For connecting all the buildings to Primary and backup switch. 

4. SFP+ to 10Gbase-t module I am unable to find on Cisco. Could you please let me know this part number?

Remember also that the 4500X series switches do not come with Power Supplies, they are separate part numbers.

If resiliency is your aim then I would get a total of 4 PSU's, two for each 4500.

Thanks

Hello,

Thank you for letting me know. This was very important and helpful. Please check the follwoing part number now I am confused about Front to back or back to front airflow. Which is best?

1. CISCO C4KX-PWR-750AC-F = power supply which has back-to-front airflow 

2. CISCO C4KX-PWR-750AC-R =  power supply which has front-to-back airflow

Which is the best? Can switch power on with single power supply unit per each switch? In case our budget is getting high?

What about hot-swappable fans? Do we have to purchase even that or it includes with factory installed switch? Waiting for your response. Thank you