Choosing a Core Switch

Similar Messages

• Help me to choose Right Core switches and Edge switches as per my Spec

  Dear All
  Please help me to choose Core and Edge switches and all required hard ware and software. 
  the spec details as per below 
  Core Switches
  1. High performance, highly scalable core switch to provide multi-10GE connectivity to various segments in the network.
  2. Switch should have redundant switch fabric and routing engines or management / supervisor modules
  3.should have separate control and forwarding planes
  4.Each switch should have redundant power supplies in N+N or N+1 fashion
  5. Must allow for two spare slots once services, management, processing modules and line cards populated
  6. Easy to manage firmware- i.e. single code type enterprise/service provider) or train, and robust operating system
  7. Supports for the VRRP, NSR, GRES, BFD, STP, MSTP, RSTP, VSTP, LACP redundancy protocols
  8. Hot plugging and removal 
  9. The switch should have native switching architecture with up to sufficient performance such that the loss of one switching fabric should not lead to degraded performance
  10. Switch should support switching at least 400Mpps
  11. Switch should be able to support 40 10Gig line rate ports in a fully redundant configuration 
  12. Chassis that can scale to 700 Gbps
  13. The proposed Backbone switch should support, but not be limited to the following Layer 3 features:
  Static ip routing
  Routing information protocol (RIP) and RIP2
  Open shortest path first (OSPF)
  IGMP v1, v2 and v3
  IGMP Snooping 
  IP multicast routing protocol 
  14. The switch should support the following features at a minimum:
  Spanning Tree 802.1D, 802.1S, 802.1W
  GVRP
  802.1x single and multi-supplicant: VLAN and ACL assignment
  Dynamic ARP Inspection (DAI), DHCP snooping, IP Source gurard
  LLDP, LLDP-MED
  802.3X, 802.3ad
  Redundant Trunk Group (RTG)
  IGMP snooping 
  Unicast static, OSPF v1/v2, RIP v1/v2
  Multicast IGMPv1/v2, PIM
  Graceful Route Engine Switchover 

  I have gone through your document and I am surprised to see MORE information in the document than what you've posted.  I am so mildly suspicious about the authenticity of the document and spreadsheet you've attached.  
  So far, based on this document, the client wants a chassis that can support up to 700 Gbps backplane.  The only candidate, other than a full-blown Nexus solution, is the 6807-X.  
  Next, the document also states dual supervisor card with two spare slots.  Good luck trying to get that much empty space on a 6807-X.  This means 6509E.  You can't use a 6513E because of line-card-to-slot limitation.  
  If you look under the heading "Edge Switching", the first sentence already makes references to 6800ia switch.
  There's also a reference stating that the product should have a 100 Gbps backplane.  You can take the 6509E chassis out of the equation.  
  So you see, I am suspicious about the authenticity of the document.  I agree with mali's and devil's recommendation that if you are serious, you would be engaging Cisco SE/AM in your region.  There are only three reasons, that I can think of, why you've posted this here.  One of them is the intended purpose of this document (and the audience).

• How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

  Hellp Everyone,
  I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
  I want to allow the whole Intranet but few intranet websites also needs access to the internet.
  Can we create such Access-List with the above requirement.
  I tried to create the ACL on the switch but it blocks the whole internet access.
  i want to do it for a subnet not for a specific IP.
  Can someone help me in creating such access list.
  Thanks in Advance

  The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
  In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
  The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
  You would then use them as follows:
  ip access-list extended main_acl
  permit any object-group intranet any
  permit object-group allowed_servers object-group allowed_sites any
  interface vlan
  ip access-group main_acl in
  More details on the syntax and examples can be found here:
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

• Steps to upgrade Cisco MDS core switch

  Hello,
  We wanted to upgrade our Cisco SAN core switch firmware. Currently we are running below firmware version. We wanted to go to latest version NX OS 5.2 (x) but as per the white paper i need to go to 5.0 (X) and after that i need to upgrade it to 5.2 (x). Can some help me with the steps to follow the upgrade. I have th cook book but just need the main steps to perform the upgrade.
  kickstart: version 4.1(1c)
    system:    version 4.1(1c)

  are you using IVR non-NAT, if you are you need to convert to IVR-NAT before you go to 5.2. Other than that you just follow the  normal procedure, look at the release notes for each firmware to make sure your hardware is supported and then do the usual
  install all system bootflash:m9x00-xxx.bin kickstart bootflash:m9x00-xxx-kickstart-xx.bin
  as a side note, i know you don't mark people replies to your questions as helpful/correct on EMC ECN ..at least do it here to show your appreciation.
  @dynamoxxx

• Difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G?

  Hello All,
  I am new to this domain and yet have to look after the setup of our datacenter for a new branch. Could any one of you provide difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G!
  Thanks in advance!!

  N3K-C3524P-10G
  24 fixed 1/10-Gbps SFP+ ports; upgradeable to 48 with a valid license
  Line-rate Layer 2 and Layer 3 throughput of up to 480 Gbps
  Compact 1RU form factor
  Dual redundant color-coded power supplies
  Four redundant color-coded fans

• Core switch and sub switch gateway

  I have a Layer 3 core switch(backbone) 10.18.16.0/24, and the core switch needs to connect to multiple Layer 2 sub switches.
  The Layer 2  sub switches will connect to multiple workstations. The sub switches network will be 172.20.10.0/24, 172.20.40/24 and so on.
   I use core switch IP 10.18.16.11 to connect to sub switch 172.20.10.0/24. Which gateway IP  should I use for 172.20.10.0/24 ? Should I use 172.20.10.1 or 10.18.16.11 ?
  Thank you for your help in advance.

  I am not sure what you mean by "sup switches", but usually you need a management IP/vlan segment, so you can use it to access the devices.  So if your management segment is 172.20.10.0/24 you assign an SVI to every layer-2 switch and give it an IP in this range and the gateway for all the SVIs should be on the core (172.20.10.1/24
  example:
  access switch-1 172.20.10.11/24
  access switch-2 172.20.10.12/24
  access switch-3 172.20.10.13/24
  and so on
  The default gateway for all your layer-2 switches should be the SVI on the core (172.20.10.1/24)
  HTH

• Connecting core switch to the internet ?

  Hi,
  We have 2 6506's connected through an ether-channel trunk.
  On these 6506's we have configured a vlan, vlan interface and 2 access ports for 2 ASA's.
  These ASA's run in failover mode but only one ASA is physically connected at the moment.
  We want to be more resilient so our provider has provided us with a redundant setup of routers for our internet connection.
  However, for this construction they would need a layer 2 connection on our side to have HSRP running.
  There are 2 options in my opinion :
  - Buy a set of switches to facilitate the layer-2 connection between te routers and to connect the outside of the ASA's.
  - Instead of buying 2 new switches, create a new unrouted vlan on our core 6506's and use access-ports for the routers and the ASA's.
  But how safe is it to connected the core switch with an unrouted vlan to the internet router ?
  In terms of vlan hopping or other possible attacks ?
  I think i have to disable DTP, Spanning-Tree, CDP and maybe a lot more ?

  I am as far as applying this to secure the port :
  switchport
  switchport mode access
  switchport access vlan X
  switchport nonegotiate
  spanning-tree bpdufilter enable
  spanning-tree portfast edge
  switchport port-security
  switchport port-security maximum 3
  switchport port-security violation restrict
  no cdp enable
  Any additions to this ?

• Core switches experience High CPU while generating syslog report from LMS

  Hi Everyone,
  Are there anyone who experience that the CPU utilization of some devices went up while generating a report from RME. Basing from other monitoring tool SNMP is taking up a huge cpu process. Any idea why this happened considering that the report is generated daily but only on one instance it caused the core switches to be paralyze due to high cpu. Changing the SNMP community string is the immediate action that resolve the issue to disconnect it from LMS.
  BTW, this is LMS 2.6.
  Thank you.

  The problem did not reoccurred any more. When I checked on the Syslogcollector.log it appeared that it is unable to subscribe. I assumed that the reason why snmp packets were flooded during the time that it they experience high cpu is because the client is generating syslog report for all devices while the syslog collector is not subscribe. Is this possible?
  Thanks

• Hyper-v cluster with core switch downtime... what to do?

  Is there a way to essentially "pause" the hyper-v cluster and keep things running but do NOT attempt to failover anything for any reason?
  We have one Procurve 5412zl switch with two c7000 enclosures. In each c7000 enclosure there are two switches that connect all the blade servers within the enclosure. Those two switches are interconnected internally so they can communicate within the enclosure.
  So if the core switch goes down the hyper-v servers in the same c7000 enclosure can still communicate but they will be seperated from the others in the other enclosure.
  So we have 4 hyper-v servers in one enclosure and 3 in another. If i disconnect the core switch i'm wondering what will happen (if I reboot the switch which is what I need to do).
  How can I avoid having to shut down everything for this and just tell hyper-v cluster to not do anything when the network is lost?

  Hi Quadrantids,
  " to essentially "pause" the hyper-v cluster and keep things running but
  do NOT attempt to failover anything for any reason"
  Based on my understanding  you need to keep cluster running on the same C7000 enclosure , in another words before you cut the connection between the C7000 enclosures  you may migrate VMs to same enclosure to keep running (I assume that the
  storage will not be affected by the restart ).
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• LAN design - how to implement a core switch?

  Hi all,
  First post here so please be gentle :-)
  I'm looking for a bit of advice with a LAN setup I've been tasked with.
  The basic requirements are to have a demonstration suite of servers/storage devices networked with internet access with certain devices segmented in different VLANs. Also, a separate VLAN is required for training and meeting rooms which will receive DHCP addresses from a WIN2K3 server.
  The kit I've inherited consists of:
  1 ADSL Modem/Router
  1 2611XM router
  2 Catalyst 4006 switches with Supervisor II engines (CatOS :-( ), one with a layer 3 routing module
  Several Catalyst 2950/3500xl switches
  Netscreen 100 Firewall
  F5 Firepass for VPN
  After a lot of fun resetting devices I've currently setup the LAN with a router on a stick configuration which routes between different VLANs (on the 3500/2950s) and which has internet access via the 2611 and ADSL modem router in turn. That's about as far as my current knowledge goes I'm afraid!
  What I have to do is incorporate the 4006s but I don't really know how to go about it or what's the best way to use them. How would I use them as core switches?
  I was hoping someone could point me in the right direction on the best way to connect the switches up, i.e. network design, cabling (fibre uplinks between switches) and some basic configuration advice with the layer 3 routing module.
  Any advice will be most appreciated!! It's my first networking job and I'm a bit lost.
  Thanks.

  Peter,
  I would do the same - with a twist...
  Have 1 4006 as a VTP server, also the spanningtree root for all vlans.
  Have a trunk between the two 4006's - and make it an etherchannel 2 or 3 ethernet links (redundancy).
  Make the second 4006 also a vtp server (redundancy) and have that 4006 the secondary 4006 for spanningtree (more redundancy!)
  That way if you decide to have a distribution layer - you have 2 uplinks into the core 1 into 4006-1 as the primary, and the second 4006-2 as the secondary.
  You could then have a trunk (etherchannel) between the distribution switches, then have a access layer into the distribution layer with duel links. This way you could have multiple switch and or link failures and still work!!!
  You use the layer 3 module to do the inter-vlan routing - correct. Then have your adsl modem/router as the gateway to the internet - you put a default route in the layer 3 module point to the adsl modem! then you have the routes for the various vlan subnets pointing from the modem back to the layer 3 module......done!
  HTH.

• 6509 core switch

  Hello,
  I'm configuring a 6509 core switch that has 4 blades and each blade has 48 ports by default the ports are shutdown.  I know I can do a port range with a no shutdown command to brings all ports up for each blade. However is there only one command that can make all ports active on each blade or a module command that can bring all ports for each 48 port blade?
  Thanks,

  Horacio
  From memory the int range command can be used to specify ports on different linecards so you could try one command that includes the range for all ports on all linecards. Cant say for sure it will work but i seem to remember doing something like this before.
  Jon

• Where to install CCM, access or core switch?

  What's the recommendation on where the CCM server should be, in access switch or core switch? Based on ipt readiness assessment seems servers should be on access switch. Thanks

  If you have many wiring closets (access layer) that has phones plugged into them, its better to centrally colocate CCM and such to the core, or in a distribution block that is connected to the core.
  HTh
  Sankar.
  PS: please remember to rate posts!

• ISE wireless with HP core switch

  Hi all,
  We are planning to implement ISE for Wireless users. Our core switch is HP and our WLC is 5500.
  I would like to know if we need to change our core switch so that we can use ISE or there is no need to change it.

  You'd need 2 separate SSIDs as the access method will be different for each, e.g:
  Employee - WPA2 and 802.1x
  Guest - Webauth
  You don't have to have a quarantine, we do but it's not essential.
  For your employee WLAN you could have just one VLAN or you could have multiple. We started off with just one for our employee WLAN but now we've got several on each WLC (laptops, medical devices, etc.). I would suggest starting off simple with one.
  Your employee WLAN clients won't get an address until after they authenticate so you don't need a VLAN before then.

• UCS C 220 server teaming on two core switches.

  Hello Everyone,
  I am using UCS C 220 M3 server and it has 8 HDD. I created RAID for redundancy and installed call manager custom software on it. Now in the network topology there are two core switches. I connected the UCS server on first core switch from Gig port 1 of the server.
  Now client is Demanding to connect on other core switch also. I am aware of the concept of teaming and i did it many times on microsoft server but either on the single switch or on the VSS system
  Here the scenario is core switch 1 and cor switch 2 are two seperate device. Indeed there is a ether channel between them but these switches are not virtual.
  Kindly suggest the solution how i can achieve the redundancy for UCS 220 server.
  Thanks in Advance.
  Please reply.

  Hello again, Im stuck
  This is what I have done. I have created the vPC between my esx host and my two nexus 5000 switches, but it doesnt seem to come up:
  S02# sh port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
          M - Not in use. Min-links not met
  Group Port-       Type     Protocol  Member Ports
        Channel
  4     Po4(SD)     Eth      LACP      Eth1/9(D)
  vPC info:
  S02# sh vpc 4
  vPC status
  id     Port        Status Consistency Reason                     Active vlans
  4      Po4         down*  success     success                    -
  vPC config:
  interface port-channel4
    switchport mode trunk
    switchport trunk allowed vlan 20,27,30,50,100,500-501
    spanning-tree port type edge trunk
    vpc 4
  interface Ethernet1/9
    switchport mode trunk
    switchport trunk allowed vlan 20,27,30,50,100,500-501
    spanning-tree port type edge trunk
    channel-group 4 mode active
  Im unsure what I must configure on the cisco 240M3(esx host) side to make this work. I only have the two default interfaces(eth0 and eth1) on the vic-1225 installed in the esx host, and both have the vlan mode is set to TRUNK.
  Any ideas on what I am missing?
  Message was edited by: HDA

• Looking for the list of maintaining and configuring tasks on Core switch.

  I have some experiences DMS switches, things like setting up zone, alias, zoneset etc, but never have any experiences on core switches or something between core and edge switches since the SAN environment here has not reached that scale.
  Would you please list those tasks that needs to be done in daily maintenance, and required configurations? or some related documents? including those on core switches or something between core and edge switches?
  Thank you very much for your ideas.

  Hello ciscomagic1,
  The definition of core and edge swicthes in a FC architecture is related the topology point of view.
  The core could be NPIV enabled switche and all edges running as NPV mode.
  Also the core could be the switch that will make the translation of FC to another protocol as FCoE, FCIP or iSCSI and should be licensed to those protocols.
  Normally the core is the more centralized switch in the entire fabric, with more backplane capacity, redundancy and high port density. Of course this is not a rule at all.
  Essentially the core and edge switches can perform the same tasks and have the same functionality, the point is how them will be better availed in a design.