Re: Multiple small switches vs. a single big one; Granularity of control

["Dale W. Carder" <dwcarder () doit wisc edu>]

On Mar 2, 2004, at 12:36 PM, Sloane, David wrote:
> When I had a 6509, we had two supervisor engines (MSFC's?)  with 
> mirrored configurations and redundant power.  As far as I could tell, 
> any hardware or software failure which would clear the configuration 
> would have to kill both management cards, making the switch 
> inoperative.

A common scenario is to downgrade the version of CatOS you're running.  
As a side effect, you also get to lose your config.  The MSFC's would 
still have their configs if you're running catos on the switch and IOS 
on the MSFC.

Aside from that, it's not clear to me why you would ever lose your 
config (maybe an accidental configuration is more likely than no 
config), but that's why one has backups, revision control, and change 
management procedures for their configurations.

On a side note, I've seen 6500's fail but never in a way such that the 
other supervisor was able to take over and avoid a complete outage.

>  I like the "set default port-status disable" option - that seems like 
> a more secure way to manage the switch.

Good advice!

> For high throughput and expandability, you might want to combine a 
> fast firewall with several Cisco Catalyst 3750 switches.  They have 
> some nice features (single-IP management of several linked devices) 
> and cost less per port than the chassis switches (especially for 
> gigabit ports).

And they run IOS, not CatOS.  With the 3750, you can also etherchannel 
across multiple boxes.  That's not a new idea in the industry, but it 
is for Cisco.

Dale

-----------------------------------------------
Dale W. Carder                  
Network Engineer        
University of Wisconsin at Madison

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards