Cisco vs ProCurve

Posted on 2008-06-18
Medium Priority
Last Modified: 2012-06-22
Currently I am in the process of re-designing the network. A thankless task as always but there is light at the end of this tunnel.

Let me explain:

We are trying to add a NAC device and have realised that our switches, though good (Procurve 5421ZL and Procurve 4000M's and PC8000 all linked via fibre) must be 'tweaked' in order to accept the new device.

Currently our 5412ZL is an edge swicth the hosts not only users but the Firewall and router and server ports.

The suggestion:

To put either a Cisco 3560 layer 3 swicth (or and this is the question Procurve Equivielent) into the network, remove all servers, routers and the firewall from the 5412zl and put them on the new switch.

AND THEN, using the fibre card in the 5412ZL uplink this via the NAC to the Cisco 3560 Layer 3 switch.

Sounds great!!

My questions after all this babble:

1. Is this ia good solution and will it work?
2. Do HP have an equivilent to the 3560 as all our other swicthes are HP it would be nice to keep the faith as it were.

My failover should  anything ever happen to the Cisco would be to cut the NAC out and put the se4rvices back into the 5412zl whilst it was being fixed etc?

Does this all make sense?

Your help and comments welcome..

Chris G
Question by:atocltd
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 21811686
I think it would work fine.  I would assume that you would have some sort of router in front of the switch (just for security purposes).  You get a lot of bang for your buck with the 3560, they don't go down too easy, I've had a lot of luck with them myself.

Author Comment

ID: 21811759
Cool many thanks for your response.

The setup is really all one network so the only router is facing the internet the other side of the firewall. All we are attemptingt o achieve is isolation of the services to put the NAC in the way of all network traffic.

LVL 13

Expert Comment

ID: 21812987
Um, the HP Procurve 5412zl is a Layer3 switch.

You have a decent chassis-based layer-3 switch and you want to use a 3560 (or equivalent) as your core switch?

I'm not really sure what you're trying to accomplish.
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.


Author Comment

ID: 21813061
Hi there.

As we are putting in a NAC we want to isolate all traffic that is being sent to the servers etc.

However the network topology I inherited years ago links in a hub spoke fashion the 5412zl to two other lan rooms all with users hanging off from them. The 5412zl has not only users but all the services attached to its 240 ports. The fibre card has two free ports so we were goingto get a new swicth and put all of the servers, firewall etc on that with a fibre uplink. The idea being that the fibre would feed through the NAC into the new switch thus forcing all of the traffic via the NAC into the services switch if you can call it that.

Does that make sense?

LVL 13

Expert Comment

ID: 21813358
Don't get me wrong, what you're asking will work.

What you have right now is a cascaded-switch design with the 5412zl as the core.
From a design perspective, that's the best way to go.

I would separate the network into VLANs.
Put the services in a different VLAN.
In that wat you can better control access across the VLANs

Author Comment

ID: 21814073
Cool thanks but what about the NAC?
LVL 13

Expert Comment

ID: 21818733
Plug it into the 5412zl.
You can put it in a separate VLAN if you choose.

Author Comment

ID: 21820290
sounds cool will investigate that idea. Are there many benefits thoug jfor having a seprerate switch?
LVL 13

Expert Comment

ID: 21822403
The advantage of a separate 3560 vs. the 5412?

The only thing I can think of is if the 3560, being newer, offers some new feature you need that the 5412 doesn't.
On the other hand...
Generally speaking, chassis-based switches are more robust, having capabilities such as redundant power, redundant management, hot-swap modules, hardware configuration flexibility, etc.

If I were you, I would take the opportunity to update/improve your current network:
    1. Ensure the 5412 has redundant power + a spare (you have 4 PS slots)
    2. Ensure you have redundant management modules
    3. Update, if necessary, the switch modules, maybe purchase spares
    4. Update/renew the maintenamce support contract
    5. Look into an inexpensive network management package (such as SolarWinds IPMonitor or Engineer's Toolkit)
    6. Update/upgrade your other layer-2 switches, maybe a spare switch
    7. Ensure your network backbone is at least 1gig
    8. Ensure all your critical servers are connected at 1gig, maybe redundant connections also

Author Comment

ID: 21822499
Thanks that sounds like sound advice. The 5412zl is as redundant as it can be with lodas of extras including power backup etc.

I will take a look at how we can incorperate the NAC into the existing environment, however I have just arranged for a fibre survey with a view to replace it and create better fault tollerance.

Thanks for your advice very helpful

Accepted Solution

RTh0037 earned 750 total points
ID: 21862714

HP = life time warranty
HP = cheap
Cisco = reliable
Cisco = stable
Cisco = higher cost
HP = cheap

winner= Cisco.

I have configured both and nothing beats Cisco if price is not an option.  Since i deal with alot of Casinos where reliabilty and availbilty are factors, they chose Cisco.  In those environments where the fiancial guys are making the decisions, you get HP and other equipment.   HP is still not up there with Cisco but lower in price.

Author Comment

ID: 21862994
Wow thanks! Very direct response regarding the kit. Any proposals for the potential solution?

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question