Infrastructure › Switching

Pillar 04 · Switching

The LAN that everything else rides on.

Switches are the boring, foundational layer everyone under-designs. Netcom sizes PoE budgets to the AP load, plans uplinks for the next five years, and builds L2/L3 fabrics that don't become the reason the whole network is slow.

Talk to an Engineer See Reference Architectures

platforms we design on — Catalyst 9000, Meraki MS, Aruba CX, FortiSwitch

90W

per-port UPOE+/PoE++ · PTZ cameras, Wi-Fi 6E APs, digital signage

7 yr

lifecycle planning on access switches — not a 3-year replace cycle

Switching · Catalyst Mid-Market

Cisco Catalyst 9500 StackWise Virtual core with 9300 access switches reference architecture

The Problem

Most switching refreshes solve the wrong thing.

The access switch is the most undervalued component in a campus network. When Wi-Fi is slow, the AP gets blamed. When VoIP cuts out, the phone gets blamed. The switch underneath — undersized PoE budget, oversubscribed uplink, no QoS queue for voice — is invisible on a BOM but is often the actual fault.

We also see the opposite failure mode: enterprises over-buy core switching to "future-proof," then spend seven years operating 30% of the capacity they paid for. The money should have gone into a properly specced access layer with real PoE++, mGig to every AP, and 10G/25G uplinks that match the real traffic shape.

Right-sizing switching means starting from the endpoint. Count PoE devices by power class, measure actual uplink utilization, project three years of growth, and then pick a platform. Netcom does this on every engagement — not because it's fancy, but because it's the only way to avoid buying either too much or too little.

Reference Architectures

Three tiers. Four vendor platforms we actually design on.

Each architecture is a production-tested topology. Use the tabs to match your scale and operating model.

Meraki MS Cloud-Managed Stack

Single-tier collapsed core/access on Meraki MS. PoE+ at the edge, 10G stackable uplinks, cloud-managed configuration. Best for single-building SMBs that want minimal on-site operations.

SMB · single building · 1–3 closets · <300 ports

Meraki MS — cloud-managed, zero-touch

Collapsed-core topology where the same platform handles aggregation and access. Physical stacking for redundancy and single-IP management, cloud-managed configuration with template push across sites, and PoE+ budgeted for Wi-Fi 6 APs and VoIP phones. Best fit for clinics, small offices, and retail stores where cloud-managed operations matter more than hand-crafted CLI.

Role	Vendor & Model	Notes	License
Collapsed core / distribution	Meraki MS355-24X2	24× mGbE + 2× 40G · L3 routing · stackable	Enterprise
Access · office / reception	Meraki MS125-48FP	48× PoE+ · 740W budget · 10G SFP+ uplink	Enterprise
Access · conference / wireless-heavy	Meraki MS225-48LP	48× PoE+ · 370W · L3 lite	Enterprise
Server / NAS closet	Meraki MS225-24	24× 1G non-PoE · quiet fan	Enterprise

Mid-market Cisco Catalyst 9500 StackWise Virtual core with Catalyst 9300 access reference architecture

Mid-Market · multi-closet · 300–1,200 ports · industrial or clean-office

Cisco Catalyst 9500 + 9300 — two-tier with StackWise Virtual core

Classic distribution/core and access topology. Catalyst 9500 pair in StackWise Virtual mode presents as one logical switch with no spanning-tree gymnastics. Catalyst 9300 access stacks deliver PoE++ for Wi-Fi 6E APs, UPOE+ for PTZ cameras and digital signage, and uplinks at 10G/25G. Catalyst IE-9320 extends the same policy to the plant floor for ruggedized industrial environments. Best fit for mid-market enterprises with multi-floor or multi-building campuses and real networking discipline in-house.

Role	Vendor & Model	Notes	License
Distribution / core (HA)	Cisco Catalyst 9500-24Y4C	StackWise Virtual pair · 24× 25G · 4× 100G · L3 routing	DNA Advantage
Access · office	Catalyst 9300-48P	48× PoE+ · 1100W · stackable · 10G uplink	DNA Advantage
Access · wireless-heavy	Catalyst 9300-48UXM	mGig + UPOE+ (90W) · for Wi-Fi 6E AP loads	DNA Advantage
Access · high-density / 25G	Catalyst 9300X-48Y4C	25G SFP28 · 100G uplink · scanner / IoT density	DNA Advantage
Industrial / plant floor	Catalyst IE-9320-26S2C	DIN-rail · -40 to +75°C · ruggedized fiber uplinks	Industrial Network
NAC / policy	Cisco ISE	802.1X · dynamic VLAN · TrustSec tagging	Per-endpoint
Management	Cisco DNA Center	Automation · assurance · SWIM upgrades	DNA Advantage

Catalyst 9600 + Aruba CX 10000 Spine-Leaf

Three-tier VXLAN/EVPN campus fabric with spine, distribution, and access. SD-Access policy across the fabric; Aruba CX 10000 as a distributed services switch in the data center. Request a private design session.

Enterprise · multi-campus · 5,000+ ports · VXLAN/EVPN fabric

Catalyst 9600 spine + 9500 distribution + 9400/9300 access

Three-tier SD-Access campus fabric running VXLAN with EVPN control plane. Catalyst 9600 as spine, 9500s at distribution, modular 9400 or fixed 9300 stacks at access. Policy propagates end-to-end via TrustSec Security Group Tags. In the data center, Aruba CX 10000 (optional) handles distributed stateful services — microsegmentation in hardware. Fits enterprises with multi-campus real estate, regulatory scale requirements, and a dedicated networking team.

Role	Vendor & Model	Notes	License
Campus spine	Cisco Catalyst 9606R	Modular · 400G-capable · 12.8 Tbps	DNA Advantage
Distribution	Catalyst 9500-48Y4C	48× 25G · 4× 100G · StackWise Virtual pairs	DNA Advantage
Access · modular chassis	Catalyst 9407R	High-density closets · hot-swappable SUP redundancy	DNA Advantage
Access · fixed stackable	Catalyst 9300-48UXM	mGig + UPOE+ · 8-unit stack	DNA Advantage
DC distributed services	Aruba CX 10000	Stateful L4 services in-switch · microsegmentation	Advanced
Fabric control	Cisco DNA Center · ISE	SD-Access · LISP · TrustSec SGTs	Per-device + per-endpoint
Observability	ThousandEyes · DNA assurance	Path visibility · client journey · fabric health	Per-agent

Vendor Fit

Which switching platform for which environment.

The recommendation depends on scale, operating model, PoE load, and existing vendor estate. Here's how Netcom thinks about it.

Environment	Primary	Alternates
Single-site SMB · no network engineer on staff	Meraki MS125 / MS225	Aruba CX 6100 · FortiSwitch 100F
Multi-site retail · centralized config template	Meraki MS	Aruba Instant On · FortiSwitch
Mid-market campus · office + warehouse mix	Cisco Catalyst 9300	Aruba CX 6300M
Fortinet-estate customer · one-vendor security fabric	FortiSwitch 148F / 624F (FortiLink)	Standalone L3 if more needed
Aruba-estate customer · ClearPass NAC	Aruba CX 6300M / 8325	Cisco Catalyst 9300
Industrial / OT · plant floor · ruggedized	Catalyst IE-9320 / IE-3400	Aruba CX 4100i · FortiSwitch Rugged
Data center · spine-leaf · EVPN	Cisco Nexus 9000 / Aruba CX 8360	Arista 7050 (via partner)
Enterprise campus · SD-Access fabric	Catalyst 9600 + 9500 + 9300	Aruba CX + NetEdit
Healthcare · HIPAA · dynamic segmentation	Catalyst 9300 + ISE TrustSec	Aruba CX + ClearPass
Very tight budget · single closet	FortiSwitch 148F · Meraki MS120	Aruba CX 6000

What Netcom delivers

Port count and PoE budget derived from actual endpoint inventory, not generic "48-port per closet"
Uplink sizing based on measured utilization plus three-year growth projection
L2/L3 topology design · STP strategy · redundancy pattern · management VRF
VLAN plan · IP addressing · DHCP relay · QoS policy for voice, video, and IoT
NAC integration design with ISE / ClearPass / FortiNAC and dynamic VLAN rules
Stack / VSS / StackWise Virtual clustering design for failure-domain minimization
Staged deployment with pre-configured units shipped ready to rack
Optional managed service: 24/7 monitoring via our NOC partner with Netcom as your named engineer, firmware management, quarterly lifecycle review

Our design process

Endpoint inventory: count PoE devices by class (AP, phone, camera, signage, sensor)
PoE budget math per closet · verify 25%+ headroom for growth and simultaneous draw
Uplink measurement on existing network (if present) · peak and 95th percentile
Cable plant review · fiber availability · termination / splice requirements
Platform pro/con with operating-model weighting (cloud, on-prem, hybrid)
BOM with license tier justification · not every port needs DNA Advantage
Firmware / code version standardization plan · SWIM or template-based
Cutover plan per closet · rollback criteria · acceptance tests

Ready to size it correctly?

Send us your floorplan, endpoint counts, and current utilization stats (if available). We'll come back with a port-by-port BOM, PoE math, and a phased cutover plan.

Request an Architecture Review Back to Infrastructure

The LAN that everything else rides on.

Most switching refreshes solve the wrong thing.

Three tiers. Four vendor platforms we actually design on.

Meraki MS — cloud-managed, zero-touch

Cisco Catalyst 9500 + 9300 — two-tier with StackWise Virtual core

Catalyst 9600 spine + 9500 distribution + 9400/9300 access

Which switching platform for which environment.

What Netcom delivers

Our design process

Where switching design really matters.

Industrial

Education

Healthcare

Hospitality

Ready to size it correctly?

The LAN that everything else rides on.

Most switching refreshes solve the wrong thing.

Three tiers. Four vendor platforms we actually design on.

Meraki MS — cloud-managed, zero-touch

Cisco Catalyst 9500 + 9300 — two-tier with StackWise Virtual core

Catalyst 9600 spine + 9500 distribution + 9400/9300 access

Which switching platform for which environment.

What Netcom delivers

Our design process

Where switching design really matters.

Industrial

Education

Healthcare

Hospitality

Pairs naturally with

Wireless

Zero Trust Architecture

Security & Firewall

Ready to size it correctly?