Cisco vs ProCurve

Posted on 2008-06-18
Medium Priority
Last Modified: 2012-06-22
Currently I am in the process of re-designing the network. A thankless task as always but there is light at the end of this tunnel.

Let me explain:

We are trying to add a NAC device and have realised that our switches, though good (Procurve 5421ZL and Procurve 4000M's and PC8000 all linked via fibre) must be 'tweaked' in order to accept the new device.

Currently our 5412ZL is an edge swicth the hosts not only users but the Firewall and router and server ports.

The suggestion:

To put either a Cisco 3560 layer 3 swicth (or and this is the question Procurve Equivielent) into the network, remove all servers, routers and the firewall from the 5412zl and put them on the new switch.

AND THEN, using the fibre card in the 5412ZL uplink this via the NAC to the Cisco 3560 Layer 3 switch.

Sounds great!!

My questions after all this babble:

1. Is this ia good solution and will it work?
2. Do HP have an equivilent to the 3560 as all our other swicthes are HP it would be nice to keep the faith as it were.

My failover should  anything ever happen to the Cisco would be to cut the NAC out and put the se4rvices back into the 5412zl whilst it was being fixed etc?

Does this all make sense?

Your help and comments welcome..

Chris G
Question by:atocltd

Expert Comment

ID: 21811686
I think it would work fine.  I would assume that you would have some sort of router in front of the switch (just for security purposes).  You get a lot of bang for your buck with the 3560, they don't go down too easy, I've had a lot of luck with them myself.

Author Comment

ID: 21811759
Cool many thanks for your response.

The setup is really all one network so the only router is facing the internet the other side of the firewall. All we are attemptingt o achieve is isolation of the services to put the NAC in the way of all network traffic.

LVL 13

Expert Comment

ID: 21812987
Um, the HP Procurve 5412zl is a Layer3 switch.

You have a decent chassis-based layer-3 switch and you want to use a 3560 (or equivalent) as your core switch?

I'm not really sure what you're trying to accomplish.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.


Author Comment

ID: 21813061
Hi there.

As we are putting in a NAC we want to isolate all traffic that is being sent to the servers etc.

However the network topology I inherited years ago links in a hub spoke fashion the 5412zl to two other lan rooms all with users hanging off from them. The 5412zl has not only users but all the services attached to its 240 ports. The fibre card has two free ports so we were goingto get a new swicth and put all of the servers, firewall etc on that with a fibre uplink. The idea being that the fibre would feed through the NAC into the new switch thus forcing all of the traffic via the NAC into the services switch if you can call it that.

Does that make sense?

LVL 13

Expert Comment

ID: 21813358
Don't get me wrong, what you're asking will work.

What you have right now is a cascaded-switch design with the 5412zl as the core.
From a design perspective, that's the best way to go.

I would separate the network into VLANs.
Put the services in a different VLAN.
In that wat you can better control access across the VLANs

Author Comment

ID: 21814073
Cool thanks but what about the NAC?
LVL 13

Expert Comment

ID: 21818733
Plug it into the 5412zl.
You can put it in a separate VLAN if you choose.

Author Comment

ID: 21820290
sounds cool will investigate that idea. Are there many benefits thoug jfor having a seprerate switch?
LVL 13

Expert Comment

ID: 21822403
The advantage of a separate 3560 vs. the 5412?

The only thing I can think of is if the 3560, being newer, offers some new feature you need that the 5412 doesn't.
On the other hand...
Generally speaking, chassis-based switches are more robust, having capabilities such as redundant power, redundant management, hot-swap modules, hardware configuration flexibility, etc.

If I were you, I would take the opportunity to update/improve your current network:
    1. Ensure the 5412 has redundant power + a spare (you have 4 PS slots)
    2. Ensure you have redundant management modules
    3. Update, if necessary, the switch modules, maybe purchase spares
    4. Update/renew the maintenamce support contract
    5. Look into an inexpensive network management package (such as SolarWinds IPMonitor or Engineer's Toolkit)
    6. Update/upgrade your other layer-2 switches, maybe a spare switch
    7. Ensure your network backbone is at least 1gig
    8. Ensure all your critical servers are connected at 1gig, maybe redundant connections also

Author Comment

ID: 21822499
Thanks that sounds like sound advice. The 5412zl is as redundant as it can be with lodas of extras including power backup etc.

I will take a look at how we can incorperate the NAC into the existing environment, however I have just arranged for a fibre survey with a view to replace it and create better fault tollerance.

Thanks for your advice very helpful

Accepted Solution

RTh0037 earned 750 total points
ID: 21862714

HP = life time warranty
HP = cheap
Cisco = reliable
Cisco = stable
Cisco = higher cost
HP = cheap

winner= Cisco.

I have configured both and nothing beats Cisco if price is not an option.  Since i deal with alot of Casinos where reliabilty and availbilty are factors, they chose Cisco.  In those environments where the fiancial guys are making the decisions, you get HP and other equipment.   HP is still not up there with Cisco but lower in price.

Author Comment

ID: 21862994
Wow thanks! Very direct response regarding the kit. Any proposals for the potential solution?

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question