Solved

Cisco vs ProCurve

Posted on 2008-06-18
12
1,423 Views
Last Modified: 2012-06-22
Currently I am in the process of re-designing the network. A thankless task as always but there is light at the end of this tunnel.

Let me explain:

We are trying to add a NAC device and have realised that our switches, though good (Procurve 5421ZL and Procurve 4000M's and PC8000 all linked via fibre) must be 'tweaked' in order to accept the new device.

Currently our 5412ZL is an edge swicth the hosts not only users but the Firewall and router and server ports.

The suggestion:

To put either a Cisco 3560 layer 3 swicth (or and this is the question Procurve Equivielent) into the network, remove all servers, routers and the firewall from the 5412zl and put them on the new switch.

AND THEN, using the fibre card in the 5412ZL uplink this via the NAC to the Cisco 3560 Layer 3 switch.

Sounds great!!

My questions after all this babble:

1. Is this ia good solution and will it work?
2. Do HP have an equivilent to the 3560 as all our other swicthes are HP it would be nice to keep the faith as it were.

My failover should  anything ever happen to the Cisco would be to cut the NAC out and put the se4rvices back into the 5412zl whilst it was being fixed etc?

Does this all make sense?

Your help and comments welcome..

Chris G
0
Comment
Question by:atocltd
12 Comments
 
LVL 1

Expert Comment

by:benellism90
ID: 21811686
I think it would work fine.  I would assume that you would have some sort of router in front of the switch (just for security purposes).  You get a lot of bang for your buck with the 3560, they don't go down too easy, I've had a lot of luck with them myself.
0
 

Author Comment

by:atocltd
ID: 21811759
Cool many thanks for your response.

The setup is really all one network so the only router is facing the internet the other side of the firewall. All we are attemptingt o achieve is isolation of the services to put the NAC in the way of all network traffic.

Cheers
0
 
LVL 13

Expert Comment

by:kdearing
ID: 21812987
Um, the HP Procurve 5412zl is a Layer3 switch.

You have a decent chassis-based layer-3 switch and you want to use a 3560 (or equivalent) as your core switch?

I'm not really sure what you're trying to accomplish.
0
 

Author Comment

by:atocltd
ID: 21813061
Hi there.

As we are putting in a NAC we want to isolate all traffic that is being sent to the servers etc.

However the network topology I inherited years ago links in a hub spoke fashion the 5412zl to two other lan rooms all with users hanging off from them. The 5412zl has not only users but all the services attached to its 240 ports. The fibre card has two free ports so we were goingto get a new swicth and put all of the servers, firewall etc on that with a fibre uplink. The idea being that the fibre would feed through the NAC into the new switch thus forcing all of the traffic via the NAC into the services switch if you can call it that.

Does that make sense?

Thanks
0
 
LVL 13

Expert Comment

by:kdearing
ID: 21813358
Don't get me wrong, what you're asking will work.

What you have right now is a cascaded-switch design with the 5412zl as the core.
From a design perspective, that's the best way to go.

I would separate the network into VLANs.
Put the services in a different VLAN.
In that wat you can better control access across the VLANs
0
 

Author Comment

by:atocltd
ID: 21814073
Cool thanks but what about the NAC?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 13

Expert Comment

by:kdearing
ID: 21818733
Plug it into the 5412zl.
You can put it in a separate VLAN if you choose.
0
 

Author Comment

by:atocltd
ID: 21820290
sounds cool will investigate that idea. Are there many benefits thoug jfor having a seprerate switch?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 21822403
The advantage of a separate 3560 vs. the 5412?

The only thing I can think of is if the 3560, being newer, offers some new feature you need that the 5412 doesn't.
On the other hand...
Generally speaking, chassis-based switches are more robust, having capabilities such as redundant power, redundant management, hot-swap modules, hardware configuration flexibility, etc.

If I were you, I would take the opportunity to update/improve your current network:
    1. Ensure the 5412 has redundant power + a spare (you have 4 PS slots)
    2. Ensure you have redundant management modules
    3. Update, if necessary, the switch modules, maybe purchase spares
    4. Update/renew the maintenamce support contract
    5. Look into an inexpensive network management package (such as SolarWinds IPMonitor or Engineer's Toolkit)
    6. Update/upgrade your other layer-2 switches, maybe a spare switch
    7. Ensure your network backbone is at least 1gig
    8. Ensure all your critical servers are connected at 1gig, maybe redundant connections also
0
 

Author Comment

by:atocltd
ID: 21822499
Thanks that sounds like sound advice. The 5412zl is as redundant as it can be with lodas of extras including power backup etc.

I will take a look at how we can incorperate the NAC into the existing environment, however I have just arranged for a fibre survey with a view to replace it and create better fault tollerance.

Thanks for your advice very helpful
0
 
LVL 3

Accepted Solution

by:
RTh0037 earned 250 total points
ID: 21862714
simple..

HP = life time warranty
HP = cheap
Cisco = reliable
Cisco = stable
Cisco = higher cost
HP = cheap

winner= Cisco.

I have configured both and nothing beats Cisco if price is not an option.  Since i deal with alot of Casinos where reliabilty and availbilty are factors, they chose Cisco.  In those environments where the fiancial guys are making the decisions, you get HP and other equipment.   HP is still not up there with Cisco but lower in price.
0
 

Author Comment

by:atocltd
ID: 21862994
Wow thanks! Very direct response regarding the kit. Any proposals for the potential solution?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now