sunhux
asked on
Out-of-band LAN for backup traffic, lowest end Cisco switch gigabit RJ45 ports, Cisco 29xx support link aggregation?
Hi,
Q1:
What's the lowest end gigabit Cisco switch that comes with gigabit network ports (RJ45)?
Any non-chassis (such as 3xxx series) models ? 6xxx & 4xxx models are the chassis
type : we don't want those if possible. Looking for something that's 2U dimension type
(so Alcatel models are fine too as long as they support gigabit)
Q2:
BTW, can Layer 2 switches namely the 29xx series support link aggregation (ie
2 NIC ports on a server) connects to it & get the bandwidth of 2xGigabit ports?
We have several LANs/VLANs including two DMZs.
We're planning to set up a backup LAN dedicated to central backup traffic (Data
Protector, Netbackup).
Q3:
So the central backup server needs a spare NIC port (or would it help if we used
two NIC ports to aggregate them to get faster bandwidth/backup when backing up
from multiple clients concurrently??)
Q4:
So we'll need a spare NIC port on each client to be backed up, spare switches
(as our current switch is running out of ports) and a firewall? Is the policy for
setting up a backup LAN to connect to DMZ requires a firewall?
Q5:
if we don't get a firewall (due to budget constraints), any way to perform central
backup of the servers in DMZ? Is it acceptable from security point of view to use
a Cisco Layer 3 switch with ACLs to segregate between the Backup LAN & DMZ
LAN?
Q1:
What's the lowest end gigabit Cisco switch that comes with gigabit network ports (RJ45)?
Any non-chassis (such as 3xxx series) models ? 6xxx & 4xxx models are the chassis
type : we don't want those if possible. Looking for something that's 2U dimension type
(so Alcatel models are fine too as long as they support gigabit)
Q2:
BTW, can Layer 2 switches namely the 29xx series support link aggregation (ie
2 NIC ports on a server) connects to it & get the bandwidth of 2xGigabit ports?
We have several LANs/VLANs including two DMZs.
We're planning to set up a backup LAN dedicated to central backup traffic (Data
Protector, Netbackup).
Q3:
So the central backup server needs a spare NIC port (or would it help if we used
two NIC ports to aggregate them to get faster bandwidth/backup when backing up
from multiple clients concurrently??)
Q4:
So we'll need a spare NIC port on each client to be backed up, spare switches
(as our current switch is running out of ports) and a firewall? Is the policy for
setting up a backup LAN to connect to DMZ requires a firewall?
Q5:
if we don't get a firewall (due to budget constraints), any way to perform central
backup of the servers in DMZ? Is it acceptable from security point of view to use
a Cisco Layer 3 switch with ACLs to segregate between the Backup LAN & DMZ
LAN?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For WS-C3560G-24TS-E, if there's not enough ports, can I cascade (using a cross
Utp RJ45 cable) or should I trunked a few of these switches together ?
On 2nd thought, perhaps this backup server (which are buying a fresh hardware as
existing hardware is going to be end of life / end of support), ought to come with
as many NIC ports : we want this dedicated backup LAN to backup servers in
DMZ1, DMZ2, Production VLAN (hosting production servers), UAT VLAN (hosting
UAT servers), our outsourced vendors VLANs, VMWare blade VLANs etc.
Or only the secure LANs/VLANs such as the DMZs need a separate physical NIC ports
while all other LANs (Prod, Uat, vendors, etc) can have their 2nd spare NIC ports connected
up to the Cisco switches to form one subnet (purely for backup traffic)?
Utp RJ45 cable) or should I trunked a few of these switches together ?
On 2nd thought, perhaps this backup server (which are buying a fresh hardware as
existing hardware is going to be end of life / end of support), ought to come with
as many NIC ports : we want this dedicated backup LAN to backup servers in
DMZ1, DMZ2, Production VLAN (hosting production servers), UAT VLAN (hosting
UAT servers), our outsourced vendors VLANs, VMWare blade VLANs etc.
Or only the secure LANs/VLANs such as the DMZs need a separate physical NIC ports
while all other LANs (Prod, Uat, vendors, etc) can have their 2nd spare NIC ports connected
up to the Cisco switches to form one subnet (purely for backup traffic)?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is 3560G a Layer 3 switch (to allow us to configure ACLs)?
Is there a 48 port Gigabit Cisco switch - what's the model?
3560Gs are layer 3 switches.
Search for:
WS-C3560G-48TS-E
and
WS-C3560G-48TS-S
They should be 48 port 10/100/1000
Originally S/E indicated which image the device shipped with.
'E' was for EMI (Enhanced multilayer image) which has many more layer 3
features, and functions suitable for enterprises. Supports things like advanced routing protocols (OSPF, etc)
The 'S' one is IP Base (formerly SMI) for "simple" multi-layer image (i.e. very limited layer 3 features) The SMI images don't support many routing protocols, and have a few bothersome restrictions, that will hit you if you need to do any advanced routing on your switch.
Search for:
WS-C3560G-48TS-E
and
WS-C3560G-48TS-S
They should be 48 port 10/100/1000
Originally S/E indicated which image the device shipped with.
'E' was for EMI (Enhanced multilayer image) which has many more layer 3
features, and functions suitable for enterprises. Supports things like advanced routing protocols (OSPF, etc)
The 'S' one is IP Base (formerly SMI) for "simple" multi-layer image (i.e. very limited layer 3 features) The SMI images don't support many routing protocols, and have a few bothersome restrictions, that will hit you if you need to do any advanced routing on your switch.
ASKER
How many RJ45 Gigabit ports does WS-C3560G-24TS-E has ? 24?
Is this a layer 3 or layer 2 switch ? If it's Layer 2 switch, possibly we
can't have ACL, is that right?
To save us from spending on a firewall to segregate the DMZ LANs/VLANs from
the backup LAN, I thought if the backup server has multiple NIC ports, one NIC port to
DMZ1 LAN and a 2nd NIC port to DMZ2 LAN and this backup server has some sort
of software firewall running on it to prevent attacks via this backup server. Or is this
software firewall still needed if there's no routes being defined to permit routing
between DMZ1, DMZ2 and other LANs/VLANs?