Cisco Network Infrastructure

Cisco Systems, Inc.

Enterprise-grade network infrastructure built on Catalyst 9300 Series switches with SD-Access capabilities, providing secure, scalable connectivity across all county facilities

Active Catalyst 9300 12 Sites

Infrastructure Overview

Primary Switches Cisco Catalyst 9300 Series
Core Routers Cisco ISR 4000 Series
Firewalls Cisco ASA 5500 Series
Wireless Cisco Meraki MR Series
Sites Connected 12 physical locations
VLANs 25+ network segments
Operating System Cisco IOS XE
Management Cisco DNA Center

Catalyst 9300 Specifications

480
Gbps Stacking Bandwidth
8
Max Switches per Stack
128K
Flow Entries (Multigigabit)
1400
NBAR2 App Signatures
100
Gbps Hardware IPSec
x86
CPU for Containers

Network Topology

Core Layer
🔴
ISR 4451-X
Primary Router
🔴
ISR 4451-X
Secondary Router
🛡️
ASA 5545-X
Primary Firewall
🛡️
ASA 5545-X
HA Failover
Distribution Layer
🟡
C9300-48UXM
Admin Building
🟡
C9300-48UXM
Courthouse
🟡
C9300-48P
Emergency Services
🟡
C9300-24P
Data Center
Access Layer
🟢
C9300-48P
Floor Switches (x8)
📶
Meraki MR46
Wireless APs (x45)
📞
PoE Phones
VoIP Endpoints
🖥️
Workstations
End User Devices

Key Features

SD-Access Ready

Foundation for Software-Defined Access architecture with Cisco DNA Center integration.

Flexible NetFlow (FNF)

Advanced flow visibility with up to 128K flow entries for network monitoring and security.

NBAR2 Application Recognition

Deep packet inspection with 1400+ predefined signatures including 150 encrypted apps.

MPLS Support

Layer 3 MPLS capabilities for scalable routing and traffic engineering.

TrustSec Segmentation

Secure network segmentation with security group tags for policy enforcement.

Docker Container Support

Native container environment on x86 CPU for edge applications on the switch.

Hardware IPSec

Line-rate encryption up to 100Gbps with UADP 2.5 ASIC (9300X models).

High Availability

NSF with SSO for nonstop forwarding and minimal downtime during failures.

VLAN Structure

VLAN ID Name Purpose Subnet
1 Default Management traffic 10.1.1.0/24
10 Admin Administrative staff 10.1.10.0/24
20 Finance Controller/Treasury 10.1.20.0/24
30 Courts Judicial systems 10.1.30.0/24
40 Emergency 911/Emergency services 10.1.40.0/24
50 Servers Data center servers 10.1.50.0/24
60 VoIP Voice traffic 10.1.60.0/24
100 Guest Visitor wireless 10.1.100.0/24

+ 17 additional department and site-specific VLANs

Security Features

🛡️
Network Security

  • 802.1X port authentication
  • Dynamic ARP inspection
  • DHCP snooping
  • IP Source Guard
  • Port security

🔐
Data Protection

  • AES-256 SSD encryption
  • Secure Boot
  • Anti-counterfeit measures
  • Configuration encryption
  • Audit logging

📡
Access Control

  • TACACS+ authentication
  • Role-based access
  • SSH/HTTPS management
  • SNMPv3
  • ACL enforcement

Licensing

Network Essentials

  • Full Layer 2 access features
  • Basic routed access
  • Static routing
  • Basic QoS

Network Advantage

  • Complete Layer 3 features
  • Advanced routing (OSPF, EIGRP, BGP)
  • Multicast routing
  • Advanced segmentation
  • SD-Access fabric

Sources