Discussions

Do I need manageable layer2 switch in each department?

+
0 Votes
Locked

Do I need manageable layer2 switch in each department?

lexmark112
Hi all,
This is my first challenge in network field I am a telecom engineer and ccna certified
current job in small and new airport after a survey I found no cisco layer 2 switches available in some departments although there are no more than 15 or 20 users in each department need to access to the netowrk at the present time.
My point of view is to replace non-manageable switches with cisco manageable one as access layer switch to get full controll on the bandwith and the ports security.
the exist network includes one main router and six fiber optical, foure of them connected to the mail exchange rack with cisco 2960 switch then connected to non-manageable switches in different departments and other two fiber connected directly to AA and operation department also to non-manageable switches.
The total users in the airport at the moment about 120 users and seven departments.
I need your advices and supports.
Thanks
  • +
    0 Votes
    jekisilman

    hi there,
    the short answer:
    if there are no budget limitations go with cisco

    the longer one will need more info about your network
    you've mentioned that this is your access layer so probably your hosts are connected with 100mbit right?
    does your network include any vlans?
    are you planning on implementing any VoIP solution?
    is port security a must requirement?
    do you need to restrict access from one department to another?
    does all your access layer switches in the same place or one in each department? (is stack switches an option?)

    also you've said "to get full controll on the bandwith and the ports security"
    managing port security ( i assume mac sticky) from the switches will only bring you troubles and more work this matter should be managed by a centralized aaa server (radius, tacacs and even microsoft ias in some cases) or even better a NAC appliance if security is a big part of your project.
    and about controlling the bandwidth we talking about speed/duplex or QOS and traffic shaping?

    +
    0 Votes
    lexmark112

    Thanks Jekisilman,
    The network is designed as fallowing:
    One main router receives the internet from the satellite and fiber cables link to th Mail Exchange room to catalyst 2960 switch 2 fiber cables go directly to AA and Operation department, and others go to terminal, RAMP and CIP departments another cisco catalyst 2960 switch in the terminal to distribute wire and wireless internet to the arrival and departure halls.
    Yes the switches are in each department and each department has nearly 20 users but the number will be increased, most of the switches are non-manageable switch only 2 or three are cisco manageable switch catalyst 2960.
    No vlans therfore, I think I am facing broadcast issues.
    Note: someone planes and designs this network without leaving blueprint so right now I do not know which configurations he has done, but first I need to know if this design is ok or I need to redesign it with cisco hierarchical design.
    Thanks

    +
    0 Votes
    jekisilman

    Basically if it works it works though you probably have some latency in arp requests and such.

    I would go with ???router on a stick??? kind of solution.
    This way the interface connected on your lan side will be subinterfaced using dot1q and trunk link to your primary switch then from that switch 2 gigabit links to each department (2giga port channel for redundancy).
    Each department will have their own vlan and the router sub-if as gateway.
    Then you can even restrict access to your server???s vlan using ACL???s for example wireless guests should not gain access to your exchange server.

    As for the model??? 20 users + 2 uplinks + growth you should go with 48 ports, cisco 2950/2960 will be more then suffice.
    And again if budget is still no issue you can think of replacing your primary router and switch to cisco layer 3 switch like 3750 as a core switch and use the 2960 as one of the access layer switches.

  • +
    0 Votes
    jekisilman

    hi there,
    the short answer:
    if there are no budget limitations go with cisco

    the longer one will need more info about your network
    you've mentioned that this is your access layer so probably your hosts are connected with 100mbit right?
    does your network include any vlans?
    are you planning on implementing any VoIP solution?
    is port security a must requirement?
    do you need to restrict access from one department to another?
    does all your access layer switches in the same place or one in each department? (is stack switches an option?)

    also you've said "to get full controll on the bandwith and the ports security"
    managing port security ( i assume mac sticky) from the switches will only bring you troubles and more work this matter should be managed by a centralized aaa server (radius, tacacs and even microsoft ias in some cases) or even better a NAC appliance if security is a big part of your project.
    and about controlling the bandwidth we talking about speed/duplex or QOS and traffic shaping?

    +
    0 Votes
    lexmark112

    Thanks Jekisilman,
    The network is designed as fallowing:
    One main router receives the internet from the satellite and fiber cables link to th Mail Exchange room to catalyst 2960 switch 2 fiber cables go directly to AA and Operation department, and others go to terminal, RAMP and CIP departments another cisco catalyst 2960 switch in the terminal to distribute wire and wireless internet to the arrival and departure halls.
    Yes the switches are in each department and each department has nearly 20 users but the number will be increased, most of the switches are non-manageable switch only 2 or three are cisco manageable switch catalyst 2960.
    No vlans therfore, I think I am facing broadcast issues.
    Note: someone planes and designs this network without leaving blueprint so right now I do not know which configurations he has done, but first I need to know if this design is ok or I need to redesign it with cisco hierarchical design.
    Thanks

    +
    0 Votes
    jekisilman

    Basically if it works it works though you probably have some latency in arp requests and such.

    I would go with ???router on a stick??? kind of solution.
    This way the interface connected on your lan side will be subinterfaced using dot1q and trunk link to your primary switch then from that switch 2 gigabit links to each department (2giga port channel for redundancy).
    Each department will have their own vlan and the router sub-if as gateway.
    Then you can even restrict access to your server???s vlan using ACL???s for example wireless guests should not gain access to your exchange server.

    As for the model??? 20 users + 2 uplinks + growth you should go with 48 ports, cisco 2950/2960 will be more then suffice.
    And again if budget is still no issue you can think of replacing your primary router and switch to cisco layer 3 switch like 3750 as a core switch and use the 2960 as one of the access layer switches.