2000 users require 42x 48 port switches. If you uplink these switches with 2x 10G to 2 core routers, you would need 2 routers with at least 42x 10G ports each.
So you could probably do something like using 2x Nexus 9372PX as your core switches 45x Cisco 2960X (2x 10G, one to each Nexus). Rather than the Nexus 9372PX, you could also use the * 2x N7700 with a N77-F348XP-23 line card (probably also require a FEX) * 2x C6509 SUP2T with 6x WS-X6908-10G-2T line cards -- Andrew On Wed, Dec 9, 2015 at 3:40 PM, Roland Dobbins <rdobb...@arbor.net> wrote: > On 9 Dec 2015, at 8:19, Laurent Dumont wrote: > >> arp-inspection > > > DAI is a self-defeating misfeature which can result in a self-DoS of the > switch. Don't enable it! > > DHCP Snooping and IP Source Guard are very useful anti-spoofing mechanisms, > and should be enabled on the access ports. > > Also, Root Guard, Loop Guard, and BPDU-Guard should be enabled in a > situationally-appropriate manner. > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/