What should we have in our network if we got 1 Mil

wanmohdhafiz · ‎12-07-2011

Hi...first of all i will give a short brief about my campus network...

Core switch

- Cat 6500

- Module WiSM

- module IDPS

- Module FWSM

- Module ten gig

Distribution

- Cat 4500 & 3570G (10G uplink)

Access

- Cat 2960S (gigabit)

If top management willing to give 1 Million to strengthen the network, what should i do with the network?

- Buy new module? What module?

- Add more appliance? What appliance?

- Others....Please advice guys...

sleepyshark · ‎12-07-2011

I'm going to assume your network is bigger than 4 switches.

You need to evaluate where your network stands now (utilization/connectivity/etc), how many users are existing vs what the growth expectations are over the next 3-5 years, where your network's weak points are and what new products/services top management wants to deploy/offer to students.

$1m is a nice chunk of change, but goes QUITE fast when you're looking to heavy lift a core network

Ton V Engelen · ‎12-07-2011

i agree, it sure depends on a lot of things

but if we look at the gear you use what comes to mind is

- FWSM > has not much ipv6 support. So maybe there is some $$ to spend for a new firewall which can handle ipv6

- a second 6500 coreswitch w/ blades for redundancy

- more investments in wifi, for instance, we see a tremendous grow of devices in our network

mvsheik123 · ‎12-07-2011

My first priority will be getting another core switch for redundancy at the core.

Make sure to have dual uplink from each distribution / access switch.

(if management ready to give 1Mil budget at these times, then they definitely expect a network that is highly available).

Rest comes next;-).

Thx

MS

darren.g · ‎12-07-2011

wanmohdhafiz wrote:

Hi...first of all i will give a short brief about my campus network...

Core switch

- Cat 6500

- Module WiSM

- module IDPS

- Module FWSM

- Module ten gig

Distribution

- Cat 4500 & 3570G (10G uplink)

Access

- Cat 2960S (gigabit)

If top management willing to give 1 Million to strengthen the network, what should i do with the network?

- Buy new module? What module?

- Add more appliance? What appliance?

- Others....Please advice guys...

Get a second Cat6500 in your core, and upgrade both to VSS.

Ensure all your distribution switches have a VSS/VPC connection to each core switch (to survive core switch failure). Make sure each 6500 has redundant sup's, and if possible enough "spare" capacity to cope with a single line card failure (I.E. only populate half your ports so you can, if desperate, swap cables from a failed module to the free ports in a second module).

Maybe put in a 5500 series wireless controller and link wireless AP's through it (management is a breeze with one of those!).

I'd also consider upgrading access switches to 10 gig uplinks if they're not already.

Cheers.

Leo Laohoo · ‎12-07-2011

If I have a 1 mil budget, I'd hire a consultant to review and re-design the network.

darren.g · ‎12-07-2011

leolaohoo wrote:

If I have a 1 mil budget, I'd hire a consultant to review and re-design the network.

And promptly spend half the 1 mil on long lunches and "planning meetings". :-)

Leo Laohoo · ‎12-07-2011

And promptly spend half the 1 mil on long lunches and "planning meetings". :-)

Mu$ic to my ear$.

wanmohdhafiz · ‎12-07-2011

Base on input from all of u guys, i come out with this diagram.... Still need more info such as :

- Network monitoring ?

--- Wired

--- Wireless

--- Security

- Bandwidth Management

- Others cisco product / new technology update?

mvsheik123 · ‎12-08-2011

I hope this will come true (1Mil approval for improvements) ;-). Between 2 core switch you do not need router. 1Gig link will be your bottleneck. The Sup with proper IOS can do all the required routing. So you can run simply 10G PO channel between the 2 Core switches and with 1 as root and 2nd is secondary for Spanning tree.

As far as monitoring is concerned- I would go with Solarwinds Netmon. You can use TACACS for device access security and ofcourse you got many choices.

As 'leolaohoo' mentioned, hire a consultant for review and resign.

Thx

MS

Leo Laohoo · ‎12-08-2011

Core 1 and Core 2:

1. Sup 2T;

2. WiSM-2 if you plan to use newer WAP like the 3600 with 4 x 4 MIMO and CleanAir.

3. 6916-10GE line card for the Sup2T

4. IF you are comfortable with using FWSM then upgrade to FWSM-2;

Get the 6513E chassis to form a VSS

Staff distro switch;

1. 3750X with 10Gb uplink module and dual path up to the 6513;

2. Don't understand why you have 2960S here if your patch panels and in the same rack as the 3560G switch. If you can upgrade the 3560G to a newer 3750X, full-powered PoE switch then you can terminate your WAPs here.

Router:

Your router is a single-point of failure. There's only one way in and/or out. How big is your WAN link? If you can get a pair of ASR1002 (at least) that'll be good.

Wired and Wireless network monitoring:

DO you want to invest in Cisco Prime NCS to monitor your wired network and manage your WiSM?

Marvin Rhoads · ‎12-08-2011

Remember, cost of acquisition is only the up front capital expense (Capex) cost. Operational expense (Opex) includes "care and feeding" items such as maintenance, service contracts, staff time, operational processes, etc. You can spend 100 x 1 million on Capex but if you don't give proper attention to Opex, it's all for naught.

Hire that consultant for a fraction of a percent of the 1 million (unless it was 1 million Japanese Yen!) to at least help you define your requirements and give you some targeted inventment ideas. If that's not possible, buy a couple of good books and read and learn what they have to offer.

wanmohdhafiz · ‎12-12-2011

Agreed with mklemovitch ..I think for the first step, need to gather all information for cisco latest network technologies. Then try to match it with our existing network.

After that will discuss with cisco representative / consultant to review our design.

Do cisco have consultation services? I got this from cisco web but not really sure is it available in my country (Malaysia). http://www.cisco.com/en/US/products/ps6897/serv_group_home.html

Marvin Rhoads · ‎12-20-2011

Cisco typically prefers to work through partners for small to mid-sized accounts. Please see the Partner Locator Tool. I plugged in LAN switching expertise and Malaysia and there are several authorized partners with Malaysia practices to choose from.

My company does this type of work in the US but unfortunately we do not have a Malaysia practice. Otherwise I'd be happy to work with you directly as I have a good friend in KL.

cashqoo · ‎12-21-2011

try to get in contact with a cisco acct mgr and liase with the partner to get a better pricing.

you might need him again if you need a better price comparison for 3 quotes/partners.

anyway, datacraft (data dimensions) should have office in MY. they do provide SI service and installation services. however, their service are a bit expensive.