• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1714
  • Last Modified:

Cisco vs ProCurve

Currently I am in the process of re-designing the network. A thankless task as always but there is light at the end of this tunnel.

Let me explain:

We are trying to add a NAC device and have realised that our switches, though good (Procurve 5421ZL and Procurve 4000M's and PC8000 all linked via fibre) must be 'tweaked' in order to accept the new device.

Currently our 5412ZL is an edge swicth the hosts not only users but the Firewall and router and server ports.

The suggestion:

To put either a Cisco 3560 layer 3 swicth (or and this is the question Procurve Equivielent) into the network, remove all servers, routers and the firewall from the 5412zl and put them on the new switch.

AND THEN, using the fibre card in the 5412ZL uplink this via the NAC to the Cisco 3560 Layer 3 switch.

Sounds great!!

My questions after all this babble:

1. Is this ia good solution and will it work?
2. Do HP have an equivilent to the 3560 as all our other swicthes are HP it would be nice to keep the faith as it were.

My failover should  anything ever happen to the Cisco would be to cut the NAC out and put the se4rvices back into the 5412zl whilst it was being fixed etc?

Does this all make sense?

Your help and comments welcome..

Chris G
1 Solution
I think it would work fine.  I would assume that you would have some sort of router in front of the switch (just for security purposes).  You get a lot of bang for your buck with the 3560, they don't go down too easy, I've had a lot of luck with them myself.
atocltdAuthor Commented:
Cool many thanks for your response.

The setup is really all one network so the only router is facing the internet the other side of the firewall. All we are attemptingt o achieve is isolation of the services to put the NAC in the way of all network traffic.

Um, the HP Procurve 5412zl is a Layer3 switch.

You have a decent chassis-based layer-3 switch and you want to use a 3560 (or equivalent) as your core switch?

I'm not really sure what you're trying to accomplish.
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

atocltdAuthor Commented:
Hi there.

As we are putting in a NAC we want to isolate all traffic that is being sent to the servers etc.

However the network topology I inherited years ago links in a hub spoke fashion the 5412zl to two other lan rooms all with users hanging off from them. The 5412zl has not only users but all the services attached to its 240 ports. The fibre card has two free ports so we were goingto get a new swicth and put all of the servers, firewall etc on that with a fibre uplink. The idea being that the fibre would feed through the NAC into the new switch thus forcing all of the traffic via the NAC into the services switch if you can call it that.

Does that make sense?

Don't get me wrong, what you're asking will work.

What you have right now is a cascaded-switch design with the 5412zl as the core.
From a design perspective, that's the best way to go.

I would separate the network into VLANs.
Put the services in a different VLAN.
In that wat you can better control access across the VLANs
atocltdAuthor Commented:
Cool thanks but what about the NAC?
Plug it into the 5412zl.
You can put it in a separate VLAN if you choose.
atocltdAuthor Commented:
sounds cool will investigate that idea. Are there many benefits thoug jfor having a seprerate switch?
The advantage of a separate 3560 vs. the 5412?

The only thing I can think of is if the 3560, being newer, offers some new feature you need that the 5412 doesn't.
On the other hand...
Generally speaking, chassis-based switches are more robust, having capabilities such as redundant power, redundant management, hot-swap modules, hardware configuration flexibility, etc.

If I were you, I would take the opportunity to update/improve your current network:
    1. Ensure the 5412 has redundant power + a spare (you have 4 PS slots)
    2. Ensure you have redundant management modules
    3. Update, if necessary, the switch modules, maybe purchase spares
    4. Update/renew the maintenamce support contract
    5. Look into an inexpensive network management package (such as SolarWinds IPMonitor or Engineer's Toolkit)
    6. Update/upgrade your other layer-2 switches, maybe a spare switch
    7. Ensure your network backbone is at least 1gig
    8. Ensure all your critical servers are connected at 1gig, maybe redundant connections also
atocltdAuthor Commented:
Thanks that sounds like sound advice. The 5412zl is as redundant as it can be with lodas of extras including power backup etc.

I will take a look at how we can incorperate the NAC into the existing environment, however I have just arranged for a fibre survey with a view to replace it and create better fault tollerance.

Thanks for your advice very helpful

HP = life time warranty
HP = cheap
Cisco = reliable
Cisco = stable
Cisco = higher cost
HP = cheap

winner= Cisco.

I have configured both and nothing beats Cisco if price is not an option.  Since i deal with alot of Casinos where reliabilty and availbilty are factors, they chose Cisco.  In those environments where the fiancial guys are making the decisions, you get HP and other equipment.   HP is still not up there with Cisco but lower in price.
atocltdAuthor Commented:
Wow thanks! Very direct response regarding the kit. Any proposals for the potential solution?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now