maximum number of switches and bandwidth limits

[CloudEngineer]

hey guys, i'm doing a bit of research on the topic of connecting a lot of switches together, are their any issues in doing this besides bandwidth issues?

Cisco SGE2010 48-port Gigabit Switch

I've read that daisy chaining them is a no no, but what about if i have a central switch and hang say 20 switches off gigabit ports? What sort of switch would be ideal in this situation?

the network theoretically would be serving around 832 wired users.

[+BudMan MVC]

No you would not daisy chain switches together for that many nodes.. A star setup would be used -- core switch with switches off it, you could daisy chain off of that if you wanted for some sections.

You would most likely be creating segments, ie vlanning you prob do not want 832 computers all on the same broadcast domain, etc.

Your prob looking something like a 6509 for the core.

[CloudEngineer]

yep will be vlanning

there are 832 ethernet connected users across 4 buildings with 2 floors per building at this site, i also have 2 other much smaller sites to contend with and no budget woot woot :p

left out a lot of detail as this is an assignment and i only needed that specific information :p

thanks for the quick reply

[IrfanL]

Dude,

There is cascading restriction with hubs/repeaters, i.e, there should not be more than 4 hubs between any two stations.

However with switches, in theory there is no cascade restriction. As switches are becoming increasingly intelligent and with switching method such as Store-and-Forward & per-port buffering you can connect many many switches in a cascade. (daisy chaining switches is big NO NO).

In multiple layers of cascade, the latency will increase and bandwidth will reduce as you go deeper in cascade, and you are accessing a station which is connected to the root switch.

But for this problem, instead of using top-bottom approach, you should use bottom-up approach. I.E., you start by how many stations you want to connect (overall size of network), how much traffic they are going to generate (application type, response time, packet size, # of packets transmitted), can you segment/group the stations based on their traffic pattern (vlan, port density). This will give you the basic technical requirement for creating a network. Once you have this or atleast have a rough realistic idea then go to Cisco web and look at various solution, especially Multi-Layer Switching and Fabric Switching. Concepts you need to look at are Core block and Switch Block.

[Sn00pY]

Something wrong with using a stack cable? :unsure:

  On 09/05/2010 at 12:27, .hasan said:

yep will be vlanning

there are 832 ethernet connected users across 4 buildings with 2 floors per building at this site, i also have 2 other much smaller sites to contend with and no budget woot woot :p

left out a lot of detail as this is an assignment and i only needed that specific information :p

thanks for the quick reply

I didn't see this bit, sorry :D

So, we have 8 floors to cover? and do we have WAN connectivity (I'm assuming we do...) I'd put 3750 stacks in each building on each floor - you can easily have 5 3750 switches in a stack so this won't be an issue, nor will bandwidth with stacking cables :) the smaller sites meh, just throw in a 2960 or something equally useful - no need for a stack at smaller sites...

WAN connectivity will connect them all together, ideally you want some core switching, however, your issue here would be placement as we don't know how all builds are laid out etc and we can't just go putting 6500s everywhere :p maybe a 4500 could do, again you've no budget so... :blink:

[CloudEngineer]

It has been a while since i have come back to this thread, i do apologize but i have made a lot of progress since i posted this thread :)

  On 23/05/2010 at 18:05, Sn00pY said:

Something wrong with using a stack cable? :unsure:

I didn't see this bit, sorry :D

So, we have 8 floors to cover? and do we have WAN connectivity (I'm assuming we do...) I'd put 3750 stacks in each building on each floor - you can easily have 5 3750 switches in a stack so this won't be an issue, nor will bandwidth with stacking cables :) the smaller sites meh, just throw in a 2960 or something equally useful - no need for a stack at smaller sites...

WAN connectivity will connect them all together, ideally you want some core switching, however, your issue here would be placement as we don't know how all builds are laid out etc and we can't just go putting 6500s everywhere :p maybe a 4500 could do, again you've no budget so... :blink:

We sure do have wan connectivity! 300Mbps/300Mbps with 6 public ip addresses to use across the 3 sites!

I've decided to stack 3x 3750's in each building, on each floor. The core switch is a 4900M

Atm i'm trying to work out how to make use of these additional ip addresses. I'm thinking of using one at the main campus to host a www server, but i haven't really found any good resources on the subject. From what i understand i need a switch before my first router? I could be way off on that one lol.

On the internal network I have 5 vlan's. The servers are on vlan 100, buildings a,b,c and d are on 200,300,400 and 500, they are all on different subnets. I'm using ip helper so i only need the one dhcp server.

I have a packet tracer design running, had to make do with it's limitations but it gives more than enough information coupled with my visio diagram and some project management stuff that i'm still working on to explain what the hell i'm on about :laugh:

I'm really pushing for a High Distinction on this one, I have put a lot of hours into it so far lol

Thanks to everyone for all the help, i still got a long way to go with the whole cisco scene but i think i'll have to invest some more time/money and attempt some certifications in the near future :)

[Sn00pY]

The advantage of using 3750s is they can actually terminate and work a s router - we use 3750s as CEs for 1Gbit connections - so... you are fine :) the 3750 is a L3 Switch :)

Depending on the fibre coming in, or the connection coming in, you may need something like a 2960 to act as "mux" but it's dependant on the fibre/termination.

SFP in the 3750 - fibre in. boom. job done.

[CloudEngineer]

this was my teachers method of explaining how i should host a web server on the network, he has experience working in australia's largest telco as a network engineer.

another teacher of mine (his from the states, these 2 teachers argue on different points until the cows come home :laugh: )

he told me that, i could do it that way OR (from what i understood) have the www server connected to an interface on the router (customer side) statically assigned, i obviously have no ability to do routing on the isp side but we'll assume it will automagically be done when the connection is provisioned

any opinions?

[CloudEngineer]

i've chosen the dmz approach however still looking on opinions while i mess with access lists on the firewall :whistle:

[+BudMan MVC]

If your router had a extra interface sure you could do that.. But the method shown with the switch on your side of your border is correct, since they are giving you 14 IPs to work with, you might have other machines in the dmz latter other than just a web server.

Now depending on the ISP, I doubt they would connect you with a glue network like that - the 139 network with a /30 mask

They could just put 1 IP of your /28 range on their router -- and then you could do with the rest how you see fit. Not always a need for a glue network like that.

[Sn00pY]

I would much prefer you put the DMZ on a firewall and not a switch - you can't really make a DMZ on a switch you'll just be doing VLANing - you generally would have a DMZ Switch as a whole unit but hey - It's just a project the security isn't the top issue here I'm guessing.

[+BudMan MVC]

"you generally would have a DMZ Switch as a whole unit but hey"

That's the way he has it setup in that drawing -- the whole switch is in the dmz, its on that 203/28 network.. His lan is on a private 10 network behind a nat/firewall.

[Sn00pY]

  On 26/05/2010 at 13:45, BudMan said:

"you generally would have a DMZ Switch as a whole unit but hey"

That's the way he has it setup in that drawing -- the whole switch is in the dmz, its on that 203/28 network.. His lan is on a private 10 network behind a nat/firewall.

"I would much prefer you put the DMZ on a firewall and not a switch"

not like you not to read the whole sentence BudMan...

[+BudMan MVC]

Guess Im just not understanding your point then.. That dmz is not a vlan on the switch from that drawing, the switch looks to be used as method to add ports.

You don't know the feature set of that first CE router -- its could have ACLs on it to only allow specific traffic to the hosts connected to the switch.

And sure you might even subnet that /28 to assign IPs to the dmz, and then the rest to the hosts behind the firewal/nat, etc.

As he said his 2 teachers discuss the different methods, there are always multiple ways to setup something - quite often will depend on what hardware you have on hand, and budget, etc.

Would you want a full firewall device in front of your dmz hosts, and then anther between the dmz and your private network -- sure would be a nice setup.

But sure I agree with you something more like this might be better.

[Sn00pY]

We always agree in the end, have you noticed that? ;)

[+BudMan MVC]

I hear you -- but his drawing would work too. Shoot the DMZ/Firewall segment could be done with 1 device if he had the interfaces on it.

As long as his "dmz" is isolated from his private network -- I would consider it a dmz, etc. So lots of ways to set it up.