Cisco® CCNP Switch Exam Cram Notes : Cisco Access-Layer Switches

4. Appendix

4.3 Cisco Access-Layer switches

The following are the Cisco recommended Access Layer switches:

Catalyst 2950: For less than 50 users 10/100BaseT; 100BaseFX or 1000Base-X uplinks

Catalyst 3550: For less than 50 users 10/100BaseT; 1000Base-X uplinks;Advanced QOS, Inline power

Catalyst 4000/4500: For 250+ users 10/100/1000Base-T; 1000Base-X uplinks; Advanced QOS, Inline power.

Note that Catalyst 4000/4500 Supervisor III and IV support Cisco IOS.

Given below are some Access Layer switches available from Cisco :

1. Model: 2960-X

Max Port Density:384 (Up to 8 48-port switches in a stack) 
Uplinks: 2 10GE or 4 1 Gigabit Ethernet per switch
Max Backplane Speed: 80 Gbps
Power over Ethernet: PoE+

2. Model: 3650

Max Port Density: 432 (Up to 9 48-port switches in a stack)
Uplinks: 2 Gigabit Ethernet or 4 10GE
Max Backplance Speed: 160 Gbps
Others: Full-featured routing available, integrated wireless controller, PoE+

3. Model: 3850

Max Port Density: 432 (Up to 9 48-port switches in a stack)
Uplinks: 4 Gigabit Ethernet, 4 10GE
Max Backplane Speed: 480 Gbps
Others: Full-featured routing available, integrated wireless controller,
Power Over Ethernet: PoE+, UpoE

4. Model: 4500E

Port Density: 384 (Up to 8 48-port modules per chassis)
Uplinks: Up to 12-port 10GE per module
Max Backplance Speed: 928 Gbps
Other Features: Dual supervisors, full-featured routing available, integrated wireless controller
Power Over Ethernet: PoE+, UpoE

For the given requirement, 2960-X is the appropriate answer. It will also have RIP and OSPF available for routed access. 4500-X, 6807-XL are recommended for Distribution/Core Layers. 3850 model is also an Access Layer switch, but with higher performance parameters.

Recommended Distribution and Core Layer in a campus wide network:

Model: 4500-X

Max Port Density: 80 10GE
Max Backplane: 1.6 Tbps
Others: Dual-chassis Virtual Switching System (VSS), redundancy

Model: 4500E

Max Port Density: 96 10GE or 384 Gigabit Ethernet
Max Backplane: 928 Gbps
Others: Dual supervisors

Model: 6807-XL

Max Port Density: 40 40Gbps, 160 Gigabit Ethernet, 480 Gigabit Ethernet
Max Backplane: 22.8 Tbps
Others: Dual supervisor, dual-chassis VSS, redundancy

2960-X and 3650 are access layer switches and high port density of 384 ports and 432 ports respectively.

The following Line Mode configuration options are available on a 1900/2800 or 2900XL series switches:

1. Auto: The port is put into auto negotiation mode. This is the default for 100baseTX ports. Available only on 100baseTX ports.

2. Full: Puts the port into full duplex mode. Available both on 10BaseTX and 100BaseTX

3. Full-flow-control: Puts the 100BaseTX port into full duplex mode with flow control. Available only on 100BaseTX ports.

4. Half: Puts the port into half-duplex mode. Available both on 10BaseTX and 100BaseTX.

The following are the Cisco recommended security measures for controlling access to a campus network:

1. Access Layer: This is the layer at which users log into the network and access network resources. The recommended security measures at Access Layer are:

  • Controlling physical access to network devices (This applies to all layers),
  • Port security, also known as 'MAC address lockdown' is Cisco feature that enables the switch to prevent input from a port when the MAC address of a station trying to access the port is different from the configured MAC address for that port.
  • Passwords: A properly managed network should have login and password for each network device. There are several ways of accessing Cisco devices such as Console, vty, TFTP servers etc. Each of these should have properly defined passwords to control access to the network.

2. Distribution Layer: The security at distribution layer is implemented by using Access Policies. These in turn make use of Access Control Lists. There are two types of IP access lists:

  • Standard
  • Extended

In addition to security, Distribution layer is responsible for sending only the data that need to reach the Core Layer. This not only achieves security, but also makes sure that Core Layer is not burdened with unnecessary traffic. This is achieved by applying Access Control Lists.

Core Layer Security: Core layer is responsible for transmitting data efficiently. For this reason, Cisco recommends that there is little or no policy at Core layer.

Cisco recommends that management VLAN (VLAN 1) be moved to another VLAN. Another way to handle the problem is to disable the ports that are not being used, and secure physical access to the networking devices

Previous   Contents   Next

CCNP Switch Cram Notes Contents ad