Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Patching all endpoint cables vs. only what's needed in MDFs and IDFs.

My colleague and I are having a debate at work. We are currently in the process of upgrading several of our remote branch sites from from old Cat5 spaghetti mess to Cat6/6A and also upgrading their switches to our enterprise standard in the process. We typically do two drops per office for a computer and possibly another device such as a printer, IP Phone, etc... These are complete cabling overhauls where none of the old cabling will be used. We are remote network support so we are not onsite at these locations unless absolutely necessary.

The question - Would you buy the necessary amount of switches to support patching all jacks regardless if there is an endpoint plugged in or not, or would you just plug in what's necessary to save port capacity?

I'm on the side of plugging everything in:

  • We usually don't have an onsite IT person so patching everything in would keep them from adding patch cables and create a future mess in the MDF/IDF.

  • It's easier to go through and cutover from the old cabling to the new cabling since all jacks would be active - instead of tracking which ports have endpoints on them versus which ones don't.

  • We're already paying ~$300 per drop, if another switch investment is needed to support those unused drops, it's only an additional $46 per port (assuming we're paying $2200 for a switch, hence $2200/48 = $46/per port, excluding switch support)

His reasoning for only patching in what's needed:

  • Saves switch port capacity

  • Reduces security risk by not having open ports where an outsider can just plug into our network (this is a moot point in my opinion because we are simultaneously moving forward with a Clearpass NAC deployment)

What would you typically do for new cabling installs?

50% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1
13 points · 7 days ago

Plug in everything and then shutdown ports that aren’t live. It’s much easier to remotely enable a port than to have to go and cable. And switch port density isn’t that much cheaper when you consider a 7-10 year lifecycle for a simple branch office for 24 vs 48.

You highlight $46/port estimate. From a business perspective over a long term, that’s peanuts.

level 2

This. And if 10Gb to the desktop is in your future (plan for it now if this cable plant will be in place for 10 years) and you need the full 100m cable length go with CAT 6A. You might be able to get away with 10Gb over CAT 6 up to 55m in a pristine environment (unlikely). Make sure your patch cables at each end match the spec of the structured cabling AND are stranded not solid core.

level 1
6 points · 7 days ago

As someone who had to travel to various sites constantly to patch and activate, I would patch every single one and add the patch number description so remote activation would be a breeze. Then change the locks to every IDF.

level 2

Then change the locks to every IDF.

This. If you let anyone in they will just screw with stuff or let some vendor do it. PITA.

level 1

I wanted to cable everything but someone in the upper layers decided it was too expensive. And then use 802.1x and have everything not detected to go to a visitor VLAN (Aruba Clearpass here too)

So now we have someone going to the new building at least three times a week to just cable new stuff :)

level 1
2 points · 7 days ago

With 1u access switches or no on-site personnel, patch everything.

The only time it doesn't make sense is when you are using chassis switches and your cost-per-port isn't very constant: adding another chassis makes that first port very expensive. Even then, if you had to make onsite trips to patch things in, I'd still buy 120% switch capacity and patch everything.

IMO, it's pretty rare for a drop to be run in a business environment where there isn't a clear need for it to be active in the next 6 months.

Reduces security risk by not having open ports where an outsider can just plug into our network

Patched does not mean active.

level 1
2 points · 7 days ago

If I had the opportunity available, I'd patch everything. I work in K12, and even though we could easily grab the port number off the wall and run to the MDF/IDF to patch it, it's way easier in the long-term to patch everything and enable the port as necessary.

level 1
higher ed cisco aruba nac 2 points · 7 days ago

We cable all, patch all, and use Clearpass for access control.

level 1

Yeah, definitely plug everything in. Moving cables around one at a time is by far the biggest cause of cable spaghetti, and having everything patched lets you do things neat and not touch it anymore.

level 1
1 point · 7 days ago

From my experience (I dont patch it, helpdesk does) you'd be saving on support more than you'd pay for extra ports

level 1
CCNP1 point · 7 days ago · edited 7 days ago

There is no way way I would just say plug everything in as a universal answer. Going from $30 per port to $76 per port almost triples your initial cost, plus the yearly maintenance cost on the additional hardware.

If you are supporting small sites with a dozen people and less than 100 drops, sure. Buy the gear and patch away.

If your sites support many hundreds of people and the rooms are all built to support flexible seating arrangements, no way. One of the buildings I used to support has over 6,000 drops and has never seen more than 300 active devices. There is no way to justify that much cost in active equipment and service plans. It's cheaper to have someone to drive out and manage the patch cables.

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.