Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
2
Replies

LAN/WAN Switching Design

Phil Williamson
Level 1
Level 1

‎01-11-2011 01:07 PM - edited ‎03-06-2019 02:56 PM

LAN/WAN Switching Community,

I am in need of some hardware and design advice.  I've brought up this question before, but not gotten a lot of traction from the community so I'll try again.

My customer has a central core/server farm and currently 48 or so remote offices connected to the core via Metro-E.

Approximately 15 servers at the core.  Each office has 3-5 Mbit/sec bandwidth allowance at the core.
This is a client/server application for healthcare.

At the core is a Cat3560G (IPSERVICES) running OSPF plus various other layer-2 switches not all Cisco.

The 3560 has a 2G trunk to the Metro-E providers Cat6513.
There is a second Cat3560G and the plan is to setup HSRP with the first and a suitable router.
The security module consists of an ASA5510 at present.
There are two (going to 4) wireless LAN controllers serving up 50+ LWAPs - mostly at the remote offices.

The remote office users don't currently use any voice or video services, but this could change.
Each remote office has a routed connection to the core via a Cisco 1721 with layer-2 switches.
There are typically 15-50 users and 50-200 IPs in use at each.
All Internet access is routed thru the ASA5510 at the core.

I'm running OSPF with each remote as its own area and totally stubby.

With this design I have 50+ SVIs on the 3560s and it works OK at this time.

I don't have as much layer 8 and 9 to consider as another poster does, but this is real-world and $$$ are not found on trees anymore.

Questions:
- At what point do the Cat3560s become an issue in this network?  Is it services, capacity, switching speed or ??
- Can I use Cat3560 or 3570s running IPBASE at the remotes and let them be my collapsed distribution-access layer?
- Would I be better off with an ISR router and layer-2 switches at the remotes instead of the 3560/3570s?
- I'll have more questions in a bit.  :-)

Thx,
Phil

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎01-11-2011 02:39 PM

Phil-

- At what point do the Cat3560s become an issue in this network?  Is it services, capacity, switching speed or ??

The limitation would be one of two things. Throughput or the product becoming EoS/EoL.


- Can I use Cat3560 or 3570s running IPBASE at the remotes and let them be my collapsed distribution-access layer?

You stated above that the remotes are L3 linked to the distro via 1721's. If you want to replace the 1700's, then either a router or a switch would work. Depending on your traffic patterns and what services you will need now and in the future, a router may be better. It really depends on where you want your network to go. (e.g. Do you want to use network management features? What about security features?)


- Would I be better off with an ISR router and layer-2 switches at the remotes instead of the 3560/3570s?

See above :-)

Keep the questions coming!

0 Helpful

hobbe
Level 7
Level 7

‎01-12-2011 03:05 AM

Ok lets start with a small thing.

you state that this is a helthcare application.

There are a lot of different rules when it comes to this area.

First are you shure you are not in violation of privacy rules when you are sending the information without encryption (yes the application could encrypt in itself) in regards to being a healthcare company.

Do you realy trust your provider that much ?

Second we do not know enough about the trafficflow or so to state what the best solution would be for you, but 1721 sounds a bit "weak" considering that the 1721 are EOL and far into that aswell.

Now to your questions.

- At what point do the Cat3560s become an issue in this network?  Is it services, capacity, switching speed or ??

  • My guess would be that it will an "issue" when it gets EOL since you can always move it around when the requrements changes.

      
- Can I use Cat3560 or 3570s running IPBASE at the remotes and let them be my collapsed distribution-access layer?

  • Given you are a healthcare company I would state that anything going over any external link must be encrypted and thus it will not work.
  • Since you use a l2 connectivity between the offices you can not use 802.1AE if you had "dark fiber"/L1 connectivity, that would work to secure the information between A and B.

- Would I be better off with an ISR router and layer-2 switches at the remotes instead of the 3560/3570s?

  • How about an ASA5505 to encrypt the information over the links and a couple of l2 switches in the office end of it

- I'll have more questions in a bit.  :-)

  • just keep them coming. it benefits us all.

Good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card