Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
5
Helpful
4
Replies

Nexus 5K with Nexus 2K for user connections

Go to solution
ateixido
Level 1
Level 1

‎01-02-2017 08:47 AM - edited ‎03-08-2019 08:46 AM

Hi, as I do know, Nexus solution is for Data Center so for server connections and Catalyst is more for the campus and user staff.

I found a network with 2 x N5K for Core and 12 x N2K for user connections that also has 4 or 5 Catalsyt 2960X.

I'm trying to find arguments that helps me convince this client to move to a Catalyst solution for user access.

The arguments that I can put on the list are:

- PoE

- EnergyWise

- 802.1x (I'm not sure this could not be done with N2K)

- TrustSec

- Netflow Lite

- Stacking capabilities

Any help would be much appreciated.

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to ateixido

‎01-03-2017 02:17 AM

Hi

so that's good nothings broke or effected , nexus switches are PCI compliant so I don't think you will have an issue with security as a lot of lower end catalysts are not PCI , Nexus support dot1x , ISE, POE, Netflow and everything that catalyst do and probably more in ceratin circumstances , they also are macsec secure and you can encrypt traffic between the switches if required

couple of docs that show what they do in terms of security

http://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-10-slot-switch/brochure_cisco_nexus_7000_series_security_features.pdf

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/513_n1_1/b_Cisco_n5k_security_config_gd_513_n1_1/b_Cisco_n5k_security_config_gd_513_n1_1_chapter_01.html

I do agree with you that really you should use campus switches for campus setup as theres probably no need to go so resilient with just user traffic and bit overkill with the throughput but they may see there user traffic as being really critical too and if its already in place it could be quite expensive to rip out and replace , 5ks can run up to 50k and more with licenses, while just adding a few more fexs are a couple of hundred each , they have up to 24 fex between these 5ks so theres plenty of future proofing left for them

View solution in original post

4 Replies 4

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-02-2017 11:23 AM

yes that's what there used for usually but plenty of networks now use 5ks In campus , there may be a very good reason there using FEX the price,  there a fraction of what a 2900 series costs and easier to maintain as there basically extended linecards , the clients may not require the features of catalyst usually access layer don't,theres much more resiliency in a 5k/2k setup than standard core/access/dist , its also a lot cheaper to move to 10gb on a fex 2232 than a catalyst as you could end up paying 10grand for a 10gb switch like the new 3850s so future proofing for them may have been a thought  , is there a reason you want them to change other than feature sets ? if its working well why change it or are there issues with the design setup ? servers work very well in 5k setups as the throughput is much more than a standard catalyst

0 Helpful

Go to solution
ateixido
Level 1
Level 1
In response to Mark Malone

‎01-03-2017 01:53 AM

Thanks Mark to respond. There is no actual reason to change to Catalyst, but I'm assess this client to move to a more secure network as their business requirements and I'm recommending to move to a 802.1x with network access control with Cisco ISE for Wireless and Wired access, and I'm not sure this could be done with N2K+N5K.

The other features like EnergyWise, PoE and NetFlow Lite are not mandatory or needed.

What do you think for a security point of view?

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to ateixido

‎01-03-2017 02:17 AM

Hi

so that's good nothings broke or effected , nexus switches are PCI compliant so I don't think you will have an issue with security as a lot of lower end catalysts are not PCI , Nexus support dot1x , ISE, POE, Netflow and everything that catalyst do and probably more in ceratin circumstances , they also are macsec secure and you can encrypt traffic between the switches if required

couple of docs that show what they do in terms of security

http://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-10-slot-switch/brochure_cisco_nexus_7000_series_security_features.pdf

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/513_n1_1/b_Cisco_n5k_security_config_gd_513_n1_1/b_Cisco_n5k_security_config_gd_513_n1_1_chapter_01.html

I do agree with you that really you should use campus switches for campus setup as theres probably no need to go so resilient with just user traffic and bit overkill with the throughput but they may see there user traffic as being really critical too and if its already in place it could be quite expensive to rip out and replace , 5ks can run up to 50k and more with licenses, while just adding a few more fexs are a couple of hundred each , they have up to 24 fex between these 5ks so theres plenty of future proofing left for them

Go to solution
ateixido
Level 1
Level 1
In response to Mark Malone

‎01-03-2017 03:41 AM

Thanks a lot Mark, this is what I was looking for.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card