Why Companies Should Think Twice Before Adopting Catalyst Center for Access-Layer Switches

Why Companies Should Think Twice Before Adopting Catalyst Center for Access-Layer Switches

There’s no question Cisco’s Catalyst Center has some interesting features.  The real question is whether most organizations actually need those features at the access layer (Catalyst 9Ks specifically), and whether the increased cost and complexity it introduces are justified.

For most companies, the answer is no.  Especially environments with fewer than 500 access switches.

In environments where the access layer performs predictable Layer2/Layer3 functions, Catalyst Center often represents:

• Cost inflation
• Added operational complexity
• Subscription lock-in
• Marginal incremental value

Let's take a look at why.

The Hidden Value in Catalyst Center for Access-Layer Switches

The example above, for just 50 switches, equates to a $451,000 delta between purchasing the same 50 switches with support through the channel and through Edgeium. The switches offered by Edgeium are all brand-new devices sealed in their original Cisco packaging. What exactly does the $451K buy them? What problem is being solved? It's misleading to think of Catalyst Center as an OPEX reduction strategy. And if its not doing that, then what is it doing? Is Zero-touch provisioning, template-based configurations, policy-based segmentation, and/or bulk image management worth $451K? The answer is no.

Access Layer Overview

Access-layer network switches are very different than core and distribution switches. The access layer is not a strategic battleground. The role of access switches, those last connections, is straightforward. They provide port connectivity, VLAN assignment, PoE, 802.1x authentication, and other basic routing.

**Please note, we’re only talking about your access layer network switches that typically represent 60-70% of your overall network switch estate.**

Being forced to adopt a cloud-based management tool for simple hardware creates a burden, not operational efficiency. Access switching is a commodity function that simply doesn’t benefit from Catalyst Center like core and distribution platforms.

Instead of reducing costs, costs are dramatically increasing on the network assets that you have the most of. For a device category that performs standardized, repetitive tasks, this major cost increase on day 1, as well as recurring subscriptions, will drive TCO way up.

Automation ROI Is Often Overstated

Catalyst Center’s strongest justification is automation, offering Zero-touch provisioning, template-based configurations, centralized software management, and compliance monitoring, but how will these really impact our day-to-day management of access switches, since we may not really need them? A soundly engineered access layer with fewer than 500 switches, stable VLAN structures, and good engineers will struggle justifying the cost of a cloud-managed platform. Especially when there are tons of lightweight automation tools that can deliver similar services without recurring software subscriptions. Catalyst Center can quickly become a super premium monitoring dashboard rather than a transformational tool.

Forced Management Change

Access switches have typically been capital assets with long lifecycles. Although companies try to refresh their access switches on a 5-7 year timeline, many still have large amounts of hardware that dates 10+ years old. Why? Because access-layer network switches are extremely reliable, and the technologies' capabilities grow at a much faster rate than our consumption. Being forced into a subscription-based management platform converts highly durable and dependable infrastructure into recurring OPEX where renewal costs become mandatory to preserve an operational state. Why would we do that?

Tightly coupling access-layer switches to a recurring subscription-based cloud management platform reduces architectural flexibility, increases vendor dependency, and erodes procurement leverage. Important feature sets become term-bound and renewals become an operational necessity. Access-layer switches should be simple, stable, replaceable, and cost-efficient.

Software-Defined Access (SDA) Is Not Universally Needed

Catalyst Center’s most advanced feature set centers around SDA for Identity-based segmentation and centralized policy enforcement, but this assumes complex segmentation requirements. We’re being pushed into SDA, but again, is the cost justified when traditional VLAN segmentation, firewall policy enforcement, NAC integration, and other basic endpoint security tools check the boxes? If full SDA hasn’t successfully been deployed, what strategic value does Catalyst Center offer? I recommend waiting. It shouldn’t be your production environment and budget dollars that prove these solutions.

Added Operational Complexity

Catalyst Center isn’t a turn-key solution. In fact, it's arguably at best an immature solution.  Did you know Cisco’s new SMARTnet includes a premium to help with adoption? Cisco Success Tracks is a subscription-based support service designed to assist with the adoption of Cisco technology investments through proactive, guided, and data-driven insights. In other words, Cisco sells a solution and then charges you to “try” and achieve that solution. Rather than simplifying operations, a whole new world of unknowns is added.

When Catalyst Center Does Make Sense

Cisco is trying to force the solution on the market as a whole when it should only apply to certain organizations. Most companies who try to adopt Catalyst Center will likely trade it in for the AI piece that Cisco eventually offers next. Yes, the next software-subscription solution to replace the last unsuccessful software-subscription solution.  Did you know in just 10 years, Cisco has launched and terminated 4 different software subscription programs?  Why not wait and save millions of dollars and millions of headaches? What might make the investment worth it?

• Deploying full Software-Defined Access
• Large Access Networks (1,000+ switches)
• Large OPEX tied to human capital for network engineering
• Requiring identity-based segmentation across wired/wireless

Outside of these conditions, its value proposition weakens substantially.

Wait, wait, wait…

Catalyst Center is an interesting platform with some interesting features, but that doesn’t justify universal adoption. Not every layer of the network must be transformed into a software subscription.

For most organizations with less than 500 switches, attempting to adopt Catalyst Center will:

• Dramatically increase costs without proportional functional gain.
• Introduces unnecessary operational complexity, tools, and vendor dependency.
• Converts capital assets into subscription liabilities.

The access layer’s primary mission is reliability and simplicity. In many environments, that mission is better served by lean management models rather than a cloud management platform.

Catalyst Center has its place in large, security-intensive, SDA-driven environments, but it should be adopted because it solves a defined architectural problem. Not because it is bundled, assumed, or presented as inevitable.

Sometimes, the most strategic decision is restraint.

Subscribe or follow me on LinkedIn for additional content.  https://www.linkedin.com/in/ericsommers/