Chapter 1: Reviewing the Enterprise LAN

In This Chapter

Checking out features that make up the enterprise LAN

Looking at Cisco hardware options for your LAN

Reviewing standard features of switches

Evaluating Cisco service options

Most organizations have a LAN, but what makes a LAN an enterprise LAN is the level of reliance that the organization has on that network. When an organization has a high reliance on the LAN, high-quality equipment with redundant features is used on the network to reduce the chance of interruption to the services provided to the organization’s users. Cisco has an Enterprise category in their product catalog that provides numerous products supporting enterprise LAN.

In this chapter, I introduce you to the features that make up an enterprise LAN, which include such features as Spanning Tree Protocol (STP), VLAN Trunking Protocol (VTP), and EtherChannel. In addition, I show you some basics about how this technology works and the standards that relate to these technologies.

If your network is small, you may be interested in only a few of these features, but if you have more than one switch and thus more than 50 network devices, you will likely make use of the data in this minibook.

Although I introduce you to features of the enterprise LAN in this chapter, you will gather further knowledge on the subject by reading the rest of the chapters in this minibook.

Identifying Features of an Enterprise LAN

Certain features clearly identify an enterprise LAN. In my job, I see networks large enough to be considered enterprise LANs, except that, for reasons of their own, the administrators decided not to implement any of the real features of an enterprise LAN — perhaps because setting up an enterprise LAN can be complicated and, frankly, one heck of a lot of work.

Most of the features of an enterprise LAN take a bit of planning and configuration, but once you have them set up, you should find that implementing them is not very complicated at all.

So what features or characteristics will enable you to really call your network an enterprise LAN? Some of those features include the following:

• Number of nodes: One significant factor that can identify an enterprise LAN is the number of devices on your network. On the other hand, I have seen enterprise-LAN-sized networks, in terms of the number of nodes that were not managed as an enterprise LAN, so using the number of nodes as the sole criterion for an enterprise LAN is ill-advised. What is the magic number of nodes; is it 100, 200, 500, 1,000, 5,000? The answer to that question is still open for discussion, but even on networks as small as 200, you can implement the enterprise-class features listed in this Bullet1ed list. If you have hit 5,000 nodes, I really hope that you have implemented the features in this Bullet1ed list already.

• Managed devices: I am more inclined to call your network an enterprise LAN if you deploy managed switches on your network. However, it is not enough to have managed devices — you really need to be managing them. Cisco has a line of unmanaged switches that you can deploy on small networks, but when you use unmanaged devices, you will not be deploying any of the enterprise LAN features. So, the first step on your path to an enterprise LAN is to deploy managed devices.

• Virtual LAN (VLAN): A VLAN allows you to create many smaller logical networks over the area of your physical LAN. This allows you to create groupings of devices and isolate them from each other, thereby enabling you to control traffic from one VLAN to another VLAN through routers. You will even be able to filter traffic and control data flow among these network segments. In the past, this separation of network devices could have been managed only in a less flexible static solution using physical switches.

• Spanning Tree: Loops are common on your network when you have deployed a large number of switches, but when a loop is created, it can stop all traffic until the loop is removed. Sometimes the network administrator causes these by making mistakes in the wiring closet; other times, loops can occur when a user has access to multiple network ports, but has a lack of knowledge about them. The enterprise solution to protect you from loops in your network is Spanning Tree Protocol (STP), which is only implemented on manage network devices. STP evaluates all the devices connected to a network, and if it identifies a network loop, it shuts down (or actually just blocks) a network port on your managed device. This prevents loops from being an issue on your enterprise LAN.

• Port-based security settings: Most enterprise LAN switches allow you to implement some level of security around your switch port access. This may involve limiting the number of devices attached or forcing the user to log on before being allowed to use the data network.

• EtherChannel: Single links connecting your switches together may cause bottlenecks, so technologies such as EtherChannel and LinkAggregation allow you to combine multiple links or ports so that they act as a single, larger link.

When implemented, these features help move your small LAN into an enterprise LAN. As I said, many people are afraid to implement these features, often simply because of a fear of the unknown. Implementing some or all of these will make your network more redundant and self-correcting, allowing you to have a more reliable and trouble-free network.

Working with Cisco Switching Technologies

Cisco offers a wide variety of products to meet your switching needs on your network:

• Small-to-medium business products: These tend to be scaled down enterprise products that offer a smaller set of features at a lower price point for cost conscious small business owners. The products in this category often come with simplified management tools because many small business clients do not have Cisco management expertise in-house. Usually, you will find the high end of this product set is actually the low end of the Classical enterprise products.

• Classical enterprise products: Cisco already has a major presence in the enterprise market, which has supported Cisco for most of its life as a corporation. In this product range, you find very powerful and reliable devices capable of supporting the largest of enterprises without fail. If you walk into any large organization that depends on its network to support its business operations, you will likely find that the network infrastructure is dominated by Cisco enterprise equipment.

• Carrier-grade products: As a reader of this book, I venture to guess that you are not in the carrier-grade market. This market includes telephone carriers who cannot afford any downtime on their networks. The amount of traffic that needs passed by these high-traffic network users comes at a price that even many enterprises are not willing to pay.

The following two sections describe small-to-medium business products and classical enterprise products, respectively; carrier-grade products are beyond the scope of this book.

Small-to-medium business products

In the small-to-medium business part of the product line, Cisco offers the following:

• 100 Series: This series ranges from 5-port 10/100 switches up to 24-port 10/100/1000 switches in either a desktop or rack mount configuration. These switches are unmanaged, which means they lack all of the advanced functionality that enterprise LANs require.

• 200 Series: These switches come in configurations that support from 18 to 50 ports up to gigabit speeds. These switches start the product lines moving toward management by supporting QoS priority queues and 802.1x network authentication. This series supports some of the enterprise features, but not them all.

• 300 Series: Provides even more management capabilities. These switches support 24- or 48-port configurations and allow for complex Access Control Lists (ACLs) for security, inter-VLAN routing, and basic VLAN implementations. Although these switches are not ready to support a large enterprise, they have a subset of the features that the enterprise products will have.

• Cisco Catalyst 2960 series: At the top of the small business market is a series of mid-range enterprise LAN switches, which support full management and come in configurations from 8 ports to 48 ports. In addition to functionality of the 300 series, these switches offer Power over Ethernet (PoE) on up to 48 ports, stacking options, and 10GB uplink ports. Stacking allows for high-speed connections between switches through a single management interface. These switches also support Layer 3 switching.

Classical enterprise products

When moving up into the purely enterprise class devices, here are a few key product classes:

• Catalyst Compact Switches: Cisco has a new line of Catalyst Compact Switches sporting up to 12 ports of gigabit connectivity and PoE ports. These switches are physically smaller than other enterprise Catalyst switches and have reduced power requirements that will save you money and a fanless construction, which means that they can reside in user areas with few complaints about noise.

• Catalyst 2960 Switches: This series of fixed configuration switches offers 24 to 48 ports of Fast Ethernet or Gigabit Ethernet connectivity. They support Power over Ethernet (PoE) and come with fixed power supplies. Because of their features and price, they are the workhorses of many enterprise networks. The largest of these switches, the 4510R, is a 10-slot chassis that holds two controllers and up to eight line cards. Each line card can contain up to 48 ports, which gives you a huge 384-port switch.

• Catalyst 3560-X Series Switches and Catalyst 3560-E Series Switches: These series of switches offer 24 to 48 ports of Gigabit Ethernet and PoE connectivity. This switch offers enhancements over the Catalyst 2960 Series by supporting a larger set of IOS features and dual redundant power supplies. Dual power supplies increase its availability because it can continue to operate in the case of a single power supply failure.

• Catalyst 4500E Series Switches: The largest of this series of enterprise switches is the 4510R. This 10-slot chassis holds two controllers and up to eight line cards. Each line card can contain up to 48 ports, which gives you a huge 384-port switch. Unlike standalone switches, these modular switches offer benefits in large-scale wiring closets where you only need to install and supply power to a single chassis in order to support a huge number of switch ports.

• Catalyst 6500 Series Switches: Designed for the core of your network, Cisco’s core and distribution switches take it up another step in the form of the Catalyst 6500 Series Switches with its 13-slot 6513-E switches occupying 21 rack units in a communications cabinet. These powerhouse switches operate across network layers from 2 to 4, performing more functions than your standard level two switches.

Cisco provides switching products scaling from the smallest of organizations to the largest of enterprises. It is likely that your organization will fall somewhere within that range.

Examine the whole Cisco catalog online at www.cisco.com to review the products and evaluate what will work best for you.

Reviewing Switching Standards

When shopping for your switch, you will find that a lot of feeds and speeds are mentioned. In this section, I introduce you to many of the terms you will see in switch specifications. Rather than stalling, I will dive right in.

• Ports: Ethernet (10 Mbps, not likely any more), Fast Ethernet (100 Mbps), Gigabit Ethernet (1 Gbps), and 10 Gigabit Ethernet (10 Gbps) speeds, using connectors such as RJ45 copper, Fiber (such as LC connectors), and more likely, Small Form-Factor Pluggable (SFP) and Small Form-Factor Pluggable Plus (SFP+), with the latter allowing you to mix and match connector types through pluggable connectors.

• Stacking: There is always some way of connecting switches together to make a large network segment. You can always connect them via front side data ports, but many switches support high-speed stacking solutions using special ports and cables. Cisco’s current stacking solution is FlexStack, which offers a 40 Gbps connection between switches and allows all switches in a stack to be managed as if they are one switch. If you are concerned about network throughput and switching speed, when purchasing your switches, ensure that they support a common stacking solution and purchase the gear that you require to implement the solution, which may involve interface cards and technology-specific cables.

• PoE and PoE+: Power over Ethernet (PoE) allows you to provide power to remote devices over the same connection that you are providing data services. This allows for simplified deployments for IP-based phones for your telephony infrastructure or when deploying wireless access points. Both phones and access points can have all of their power needs met by a PoE switch. Standard PoE will supply up to 15.4 watts per port, whereas PoE+ is capable of supplying 30 watts per port. A PoE switch will cost you more than a non-PoE switch, but if you are considering an IP telephony deployment in the near future, you should consider the extra cost as an investment in the future.

• Power supplies: There are a few options for powering your switches. Cisco has standard switches that have universal power supplies that accept standard utility power, between 110 or 240 volts, but you should check the rating on the power supply before connecting it to your power source. Cisco also has switches that take only 12-volt power. In some cases, companies have changed their communications racks over to 12-volt power in places such as ships. Figure 1-1 shows a power connector. Power supplies in some switches are fixed rather than modular (and hot swappable). If a fixed power supply in a switch becomes defective, you will have to replace the switch with a new one, whereas models of switches that have modular power supplies allow you to replace a defective power supply in seconds rather than replacing the entire switch. Modular power supplies typically are found only on the larger, more expensive switches and chassis-based systems.

Another consideration is whether the switch has — or supports — single or dual power supplies. Dual power supplies give you some level of redundancy in the event of a failed power supply. Some switches also support a Redundant Power Supply (RPS) system, which uses a 12-volt power supply system through special RPS power connectors.

• USB storage: Some of the new switches on the market sport a USB connector for storage. This gives you another option for backing up configurations or installing IOS and software upgrades.

• Uplink: Similar to the stacking options I just mentioned, switches will often have special-purpose ports on the front to allow for interconnecting your switches. These are sometimes higher speed ports than the other ports on the switch or allow for flexible connections through SFP slots.

• Port bonding: Book III, Chapter 7, covers EtherChannel, which allows you to treat multiple ports as a single data transfer unit. Port bonding makes use of two main technologies, Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP).

• Media-Dependent Interface Crossover (MDIX): The standard cable that you use to connect your computer to a switch is called a straight-through cable because the eight wires in the connector on one end of the cable match up with the eight wires on the connector at the other end of the cable. A crossover cable swaps the position of two of the wires on the connector at one end of the cable (connecting the send wire on the end of the cable to the receive wire on the other end of the cable). Older switches use straight-through cables to connect end-user computing devices, while requiring a crossover cable for switch-to-switch links. All of your newer switches support medium dependent interface crossover (MDIX) or Auto-MDIX, which detects whether a straight-through or crossover connection is required for the device as it is connected. This means that you no longer need to worry about special cables for your inter-switch connections.

• 802.1x authentication: 802.1x is a standardized authentication protocol. It enables you to implement port-based security requiring users to log on or authenticate before being allowed to send data on the network switchport.

• Port-Base ACLs: Access Control Lists (ACLs) allow you to control where devices connected to a switchport are able to send their data or what other devices they are able to communicate with on the network.

• SSH: Telnet is standard remote access protocol for switch management, but it is not a secure communication method. Secure Shell (SSH) is a secure communication protocol that should be used for all switches.

• SNMPv3: There have been several versions of SNMP, with version 3 being the latest. Version 3 supports additional security and authorization features.

• TACACS+ and RADIUS: If you are implementing 802.1x authentication, you need a source of accounts to authenticate against. This authentication source will be a Terminal Access Controller Access-Control System (TACACS+) or Remote Authentication Dial In User Service (RADIUS) server.

• QoS: Quality of Service (QoS) controls the speed of data transmission by a series of rating data and queuing of rated data. This allows important traffic to move through the network faster than unimportant traffic.

• Forwarding bandwidth: A rating of the speed at which data can be forwarded to the destination port.

• Flash and DRAM memory: Both of these represent the amount of storage in your switch, either to store your IOS software image or as processing memory.

• Maximum VLANs: The highest number of VLANs that are supported by the device. This may be as low as eight or into the thousands, with 256 being fairly common.

• VLAN IDs: Separate from the number of VLANs supported is the range of IDs that can be used. Typically, even if a switch supports only eight VLANs, it will support VLAN IDs from one to 4096. Therefore, the eight VLANs a switch would use may have VLAN IDs of 5, 250, 1495, and 3750.

• MTU: The Maximum Transmission Unit (MTU) is the largest frame that the switch will support passing on the network. All switches support the standard Ethernet II frame size of 1500 bytes.

• Jumbo frames: Some switches will support jumbo frames, which are oversized data frames — up to 9000 bytes, depending on hardware. These are used for specialized purposes such as iSCSI storage area networks (SANs).

• Forwarding rate: Similar to the forwarding bandwidth, the forwarding rate is measured in million packets per second (mpps).

• Unicast MAC addresses: A switch address database has a limited size. For small switches, you may want to ensure that the switch will be capable of holding all of the addresses that are attached to the switch’s network segment. This is not typically a problem unless you have overly large network segments running into the thousands.

• List of standards: Usually the information on the switch’s data sheet or specification sheet will have a laundry list of standards that the switch supports. Scan this information for any technologies that you really care about.

• List of compliant RFCs: All standards around the TCP/IP are documented in a series of documents called Request for Comments (RFC). Similar to the previous item, your switch will support several standard protocols and features that are found in the RFCs. Review this list for important requirements that you may have.

The list you have just reviewed represents the major points or features on which you will want to evaluate your switches for purchase. This selection or evaluation process is a task that I regularly perform when selecting products that will match a customer’s environment. That process will start by evaluating their goals and requirements and then identifying which products have the features that they require. When ranking the possible products, the switch characteristics from the previous list play a role in what product makes it through the final selection process.

Purchasing Support

When purchasing a Cisco product, you do not need to purchase Cisco service options. If you run into issues when you get the switch unboxed and are attempting to connect it to your network, you may wish you had purchased support. I cover the major levels of support from Cisco in this section.

Cisco SMARTnet Service

This is the premier level of service for enterprise customers of Cisco. It provides IT staff immediate access to Cisco support engineers and a range of online resources. If you have a problem on your network that you are not able to resolve, this fast and efficient access to Cisco resources will be a great benefit. Some of the features included in Cisco SMARTnet Service include

• Around-the-clock, global access to Cisco’s Technical Assistance Center (TAC)

• Unrestricted access to the extensive Cisco.com knowledge base and tools

• Next-business-day, 8x5x4, 24x7x4, or 24x7x2 advance hardware replacement and onsite parts replacement and installation available, depending on options purchased. 8x5x4 means that you call support 8 hours a day, 5 days a week, and you have a replacement product within 4 hours, the other times listed work the same way. As these levels reduce your downtime, your cost for the coverage goes up.

• Ongoing operating system software updates within the licensed feature set

Cisco Smart Foundation Service

This is a reduced service level from the Cisco SMARTnet Service. This support offering is aimed at small-to-medium size businesses that do not have the requirement to have all network services running around the clock and can manage with the reduced window of access to Cisco support services. The features included in Cisco Smart Foundation Service include

• Next-business-day advance hardware replacement as available

• Access to Small Medium Business (SMB) Technical Assistance Center (TAC) during business hours (access levels vary by region)

• Access to Cisco’s SMB knowledge base

• Online technical resources through Smart Foundation Portal

• Operating system software bug fixes and patches

Cisco Smart Care Service

This support option is only available in North America and Europe and is aimed toward small and medium size businesses. The service offering provides a higher level of service through proactive health checks conducted on your network. This allows for a higher level of network availability and reduced downtime through proactive network management. The features included in Cisco Smart Care Service include

• Network-level coverage for the needs of small and medium-sized businesses

• Proactive health checks and periodic assessments of Cisco network foundation, voice, and security technologies

• Technical support for eligible Cisco hardware and software through Smart Care Portal

• Cisco operating system and application software updates and upgrades

• Next-business-day advance hardware replacement as available, 24x7x4 option available

Cisco SP Base Service

Through the available support options, Cisco SP Base Service will assist you with problem resolution from simple problem to complex problems. With this service, you will be able to increase network availability and reduce network downtime. This is important to keep your mission critical applications running. The features included in Cisco SP Base Service are

• Around-the-clock, global access to the Cisco TAC

• Registered access to Cisco.com

• Next-business-day, 8x5x4, 24x7x4, and 24x7x2 advance hardware replacement. Return to factory option available.

• Ongoing operating system software updates

When purchasing your support options, pay attention to the software updates. The base service gives you software updates for the operating system, but not necessarily for other software that may be included on your router. So if your switch comes with other software components, such as integrated switch management software, they may not be included in the software updates. Moreover, when working with a product like the Cisco Adaptive Security Appliance (ASA), in addition to the IOS installed on the ASA, you have VPN client software and the Adaptive Security Device Manager (ASDM), which you will likely want to upgrade; however, the Cisco SP Base Service and Smart Foundation Service cover updates only to the IOS.