InfraRunBook
    Back to articles

    What Are 10G and 40G Cisco Switches and When to Use Them

    Cisco
    Published: Mar 28, 2026
    Updated: Apr 13, 2026

    A deep technical guide to Cisco 10G and 40G switch platforms covering hardware selection, NX-OS configuration, transceiver types, and leaf-spine design patterns for enterprise and data center...

    What Are 10G and 40G Cisco Switches and When to Use Them

    When designing a modern enterprise or data center network, one of the most consequential decisions is which switching tier to deploy at each layer. The jump from 1G to 10G changed how we think about access and distribution switching. The move to 40G redefined what an aggregation or spine layer looks like. Today, 10G and 40G Cisco switches coexist in the majority of production environments, and understanding where each belongs—and why—separates networks that scale gracefully from those that require a full rebuild every three years.

    This article breaks down the hardware platforms, the relevant use cases, and the practical configuration patterns you need to deploy 10G and 40G Cisco switches correctly from day one.

    Understanding the Speed Tiers: 10G and 40G Defined

    10 Gigabit Ethernet (10GbE) operates at 10 Gbps per port. It became the de facto standard for server-to-switch connectivity in virtualized environments around 2012 and remains dominant in many enterprise data centers and campus cores today. 40 Gigabit Ethernet (40GbE) operates at 40 Gbps per port, achieved by bonding four 10G lanes using a QSFP+ transceiver. It became the preferred uplink and spine-layer technology as east-west traffic volumes grew with the rise of distributed workloads and microservices.

    The key distinction: 10G is typically a server-facing or access-layer technology, while 40G serves as an aggregation, spine, or inter-switch link standard. Some architectures use 40G breakout cables to present four 10G ports from a single 40G port, giving network engineers significant flexibility at the aggregation layer without additional hardware.

    Cisco Switch Platforms Supporting 10G

    Cisco Catalyst 9300 Series

    The Catalyst 9300 is the workhorse of the enterprise access and distribution layer. It ships with modular uplink slots that support 10G SFP+ modules, and select SKUs offer 10GBase-T downlinks for backward compatibility with structured copper cabling. The 9300 is an ideal choice when you need 10G uplinks to a distribution or core layer while maintaining 1G access ports for endpoints such as workstations, IP phones, and access points.

    • C9300-48UXM: 12 x 100M/1G/2.5G/5G/10G UPOE copper ports plus 36 x 1G ports, with 8 x 10G SFP+ uplinks — suited for dense wireless deployments requiring high uplink capacity.
    • C9300-48S: 48 x 1G SFP plus 4 x 10G SFP+ uplinks, fully fiber-based for environments where copper access is impractical.
    • C9300-24T: 24 x 1G copper plus 4 x 1G/10G SFP+ uplinks — the standard campus access platform for moderate-density deployments.

    The Catalyst 9300 stacks using Cisco StackWise-480 technology, providing up to 480 Gbps of stack bandwidth and a single management plane across up to eight switches. This makes it a powerful option for large access-layer deployments where simplicity of management matters as much as raw throughput. A stack of eight 9300-48T switches presents 384 access ports under a single management IP and a single spanning-tree domain.

    Cisco Catalyst 9400 Series

    The Catalyst 9400 is a modular chassis platform suited for high-density distribution layers and campus cores. Line cards can provide 10G SFP+ or 10GBase-T connectivity at scale. The supervisor module supports 40G uplinks to a core or spine. The 9400 is the right choice when you need a mix of interface types in a single chassis and expect the distribution role to evolve over a multi-year lifecycle. Its modular architecture allows line card replacement without replacing the entire chassis.

    Cisco Nexus 93180YC-EX and 93180YC-FX

    In the data center, the Nexus 93180YC-EX is the canonical 10G/25G leaf switch. It provides 48 x 25G SFP28 server-facing ports (backward-compatible with 10G SFP+) and 6 x 100G QSFP28 uplinks. Many operators run it with 10G servers and 40G or 100G uplinks to the spine, making it the junction point between 10G server access and higher-speed fabric interconnects. The 93180YC-FX adds MACsec line-rate encryption and enhanced programmability via the same physical form factor.

    Cisco Switch Platforms Supporting 40G

    Cisco Nexus 9332PQ

    The Nexus 9332PQ is a purpose-built 40G spine switch: 32 x 40G QSFP+ ports in a 1RU form factor. In a leaf-spine topology, this switch sits at the spine layer, aggregating uplinks from all leaf switches. Each 40G QSFP+ port can be broken out into four 10G SFP+ connections using a breakout cable (DAC or active optical), making it useful for mixed-speed environments or smaller fabrics where leaf port density is lower. The 9332PQ runs Cisco NX-OS and supports full BGP and OSPF underlay routing.

    Cisco Nexus 9396PX

    The Nexus 9396PX provides 48 x 10G SFP+ ports and 12 x 40G QSFP+ uplink ports. This makes it an excellent aggregation or spine device in a three-tier data center topology, or a high-density leaf with 40G uplinks in a leaf-spine design. The 40G ports are commonly used for inter-switch links where multiple 10G server-facing ports generate aggregate traffic exceeding what a single 10G uplink could sustain without becoming a bottleneck.

    Cisco Nexus 9500 Series Modular Chassis

    For large-scale spine or aggregation roles, the Nexus 9500 series offers modular line cards with 40G, 100G, and higher-density options. A single chassis can serve as the spine for hundreds of leaf switches in a massive data center fabric. Line cards such as the N9K-X9736C-EX provide 36 x 100G QSFP28 ports, while older generation line cards offered dense 40G connectivity. When your spine port count requirement exceeds what any fixed-form-factor switch can provide, the 9500 is the platform to evaluate first.

    When to Use 10G Switches

    10G switching is the right choice in several well-defined scenarios:

    1. Virtualized server environments: VMware ESXi, Microsoft Hyper-V, and KVM hosts running dozens of VMs each benefit enormously from 10G NICs. The aggregate traffic of all guest VMs during live migrations, backup windows, and active workloads can easily saturate a 1G uplink. A 10G server port eliminates that bottleneck with no change to the virtualization layer.
    2. Campus distribution layer: Aggregating 1G access layer switches behind 10G uplinks is standard practice. A stack of 9300s connecting to a 9400 or Nexus via 10G port-channels provides the bandwidth and redundancy a campus distribution layer requires at a cost far below 40G alternatives.
    3. Storage replication links: iSCSI and NFS storage fabric links at 10G provide a meaningful improvement over 1G for environments with aggressive backup windows, snapshot replication, or active-active storage cluster synchronization.
    4. Internet edge aggregation: WAN links and internet handoffs typically arrive as 1G or 10G circuits. A 10G switching tier provides a clean demarcation between the routing layer and the internal distribution fabric without over-provisioning capacity that the WAN circuit itself cannot use.

    Rule of thumb: If your servers are generating more than 3–4 Gbps of sustained east-west or north-south traffic, it is time to evaluate 10G server-facing ports. If your inter-switch or uplink ports are sustaining more than 4–5 Gbps aggregate, evaluate 40G or higher.

    When to Use 40G Switches

    40G is the right architectural choice when the following conditions apply:

    1. Leaf-spine spine layer: In a classic leaf-spine architecture, the spine must carry the aggregate bandwidth of all leaf uplinks. If you have 20 leaf switches each connecting to the spine with a single 10G link, the spine ports consume 20 x 10G, which maps naturally to a 40G port-channel or a 40G line-rate spine port with sufficient oversubscription headroom.
    2. NVMe and all-flash storage fabrics: Modern all-flash arrays can saturate 10G links under sequential read or write workloads. NVMe-oF (NVMe over Fabrics) running over 40G RoCEv2 (RDMA over Converged Ethernet) delivers sub-100 microsecond storage access latency while maintaining wire-speed throughput that 10G simply cannot match.
    3. Breakout to 10G at scale: When you need to connect a large number of 10G devices within a constrained rack-unit budget, a 40G switch with breakout cables provides four 10G ports per QSFP+ port. A 32-port 40G switch effectively becomes a 128-port 10G switch with the right breakout cables and platform support.
    4. High-density inter-switch links: Core-to-distribution or distribution-to-access links that are saturating 10G port-channels should be upgraded to 40G. Port-channel hashing may not distribute traffic evenly across all member links under asymmetric flow profiles, so the effective throughput of a 4 x 10G LACP bundle may be lower than a single 40G link in practice.

    Configuring 10G Interfaces on Cisco NX-OS

    The following example configures a 10G server-facing trunk port on a Nexus switch running NX-OS, connecting a VMware ESXi host carrying multiple VM network VLANs:

    sw-infrarunbook-01# configure terminal
sw-infrarunbook-01(config)# interface Ethernet1/1
sw-infrarunbook-01(config-if)# description SERVER-ESXi-01-vmnic0
sw-infrarunbook-01(config-if)# switchport
sw-infrarunbook-01(config-if)# switchport mode trunk
sw-infrarunbook-01(config-if)# switchport trunk native vlan 999
sw-infrarunbook-01(config-if)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-01(config-if)# spanning-tree port type edge trunk
sw-infrarunbook-01(config-if)# spanning-tree bpduguard enable
sw-infrarunbook-01(config-if)# speed 10000
sw-infrarunbook-01(config-if)# duplex full
sw-infrarunbook-01(config-if)# no shutdown
sw-infrarunbook-01(config-if)# exit

    Verify the interface is up and operating at 10G:

    sw-infrarunbook-01# show interface Ethernet1/1
Ethernet1/1 is up
  Hardware: 100/1000/10000 Ethernet, address: 5897.bde0.0001
  Description: SERVER-ESXi-01-vmnic0
  MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
  Duplex: full-duplex,  Speed: 10 Gb/s
  Beacon is turned off
  Input/output flow-control is off

    Configuring 40G Uplinks and LACP Port-Channel on NX-OS

    This example configures a 40G uplink port-channel from a leaf switch to its spine peers. Both physical 40G interfaces are bundled under LACP in active mode for negotiation and fault detection:

    sw-infrarunbook-01# configure terminal
sw-infrarunbook-01(config)# feature lacp

sw-infrarunbook-01(config)# interface port-channel10
sw-infrarunbook-01(config-if)# description UPLINK-TO-SPINE-01-AND-SPINE-02
sw-infrarunbook-01(config-if)# switchport mode trunk
sw-infrarunbook-01(config-if)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-01(config-if)# spanning-tree port type network
sw-infrarunbook-01(config-if)# exit

sw-infrarunbook-01(config)# interface Ethernet1/49
sw-infrarunbook-01(config-if)# description UPLINK-SPINE-01-Eth1/1
sw-infrarunbook-01(config-if)# switchport mode trunk
sw-infrarunbook-01(config-if)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-01(config-if)# channel-group 10 mode active
sw-infrarunbook-01(config-if)# no shutdown
sw-infrarunbook-01(config-if)# exit

sw-infrarunbook-01(config)# interface Ethernet1/50
sw-infrarunbook-01(config-if)# description UPLINK-SPINE-02-Eth1/1
sw-infrarunbook-01(config-if)# switchport mode trunk
sw-infrarunbook-01(config-if)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-01(config-if)# channel-group 10 mode active
sw-infrarunbook-01(config-if)# no shutdown
sw-infrarunbook-01(config-if)# exit

    Configuring 40G Breakout to 4x10G on NX-OS

    To convert a 40G QSFP+ port into four independent 10G sub-interfaces, use the breakout command and reload the switch. The sub-interfaces then appear as numbered ports and can be configured independently:

    sw-infrarunbook-01# configure terminal
sw-infrarunbook-01(config)# interface Ethernet1/25
sw-infrarunbook-01(config-if)# breakout module 1 port 25 map 10g-4x
sw-infrarunbook-01(config-if)# exit
sw-infrarunbook-01(config)# copy running-config startup-config
sw-infrarunbook-01(config)# reload

! After reload, four sub-interfaces are available:
! Ethernet1/25/1, Ethernet1/25/2, Ethernet1/25/3, Ethernet1/25/4

sw-infrarunbook-01(config)# interface Ethernet1/25/1
sw-infrarunbook-01(config-if)# description BREAKOUT-SERVER-RACK3-01
sw-infrarunbook-01(config-if)# switchport
sw-infrarunbook-01(config-if)# switchport mode access
sw-infrarunbook-01(config-if)# switchport access vlan 20
sw-infrarunbook-01(config-if)# spanning-tree port type edge
sw-infrarunbook-01(config-if)# no shutdown
sw-infrarunbook-01(config-if)# exit

    Transceiver and Cable Considerations

    Selecting the right transceiver is as important as selecting the right switch platform. The wrong choice leads to unsupported distances, incompatible connectors, or third-party optic rejections. Common options for 10G and 40G deployments include:

    • SFP+ SR (10GBASE-SR): Multimode fiber, up to 300m on OM3 or 400m on OM4. Used for cross-rack and inter-row links inside data centers.
    • SFP+ LR (10GBASE-LR): Single-mode fiber, up to 10km. Used for campus building-to-building links or long-haul data center interconnects between separate halls.
    • SFP+ DAC (Direct Attach Copper): Passive twinax cable, available in lengths from 0.5m to 7m. Lowest cost and lowest latency option for top-of-rack server connections. No transceiver power budget required.
    • QSFP+ SR4 (40GBASE-SR4): Multimode fiber using MPO-12 connector, up to 150m on OM4. The standard option for leaf-to-spine links within the same data center hall.
    • QSFP+ LR4 (40GBASE-LR4): Single-mode fiber using LC duplex connector via WDM, up to 10km. Used for inter-site or long-distance spine links connecting geographically separated data centers.
    • QSFP+ DAC: Passive twinax for 40G, available up to 5m. The preferred choice for spine-to-leaf links within the same rack or between immediately adjacent racks.

    Always use Cisco-compatible or Cisco-branded transceivers when possible. Third-party optics may require the

    service unsupported-transceiver
    command on NX-OS or IOS-XE to activate, and Cisco TAC may limit support on cases where third-party optics are identified as the potential failure point.

    ! Allow third-party transceivers on NX-OS:
sw-infrarunbook-01(config)# service unsupported-transceiver

! Verify installed transceiver details:
sw-infrarunbook-01# show interface Ethernet1/49 transceiver
Ethernet1/49
  transceiver is present
  type is QSFP-40G-SR4
  name is CISCO
  part number is 740-011784
  revision is A0
  serial number is FNS2049AXXX
  nominal bitrate is 40000 Mb/s
  Link length supported for 40GE-SR4 with OM3 is 100m
  Link length supported for 40GE-SR4 with OM4 is 150m
  Rx Power (dBm): -2.1  (threshold: low=-11.0, high=2.0)
  Tx Power (dBm): -1.9  (threshold: low=-8.5, high=2.3)

    Designing a Leaf-Spine Fabric with 10G and 40G

    A practical leaf-spine design for a medium-sized data center combining 10G server access with 40G spine interconnects might be structured as follows:

    • Leaf switches: Cisco Nexus 93180YC-EX — 48 x 10G/25G server-facing SFP28 ports (operating at 10G with installed SFP+ optics), 6 x 100G QSFP28 uplinks to spine (or 40G QSFP+ with appropriate transceivers on a 9332PQ spine).
    • Spine switches: Cisco Nexus 9332PQ — 32 x 40G QSFP+ ports. Each leaf connects via two 40G uplinks (one to each spine) for redundancy and ECMP load sharing across both paths simultaneously.
    • IP addressing (underlay): Point-to-point /30 subnets for routed spine-leaf connections. Example: 10.0.0.0/30 between spine-01 Eth1/1 and leaf-01 Eth1/49, 10.0.0.4/30 between spine-01 Eth1/2 and leaf-02 Eth1/49.
    • Routing protocol: BGP or OSPF for underlay reachability, VXLAN with BGP EVPN for the overlay fabric carrying tenant VLANs.

    This design delivers non-blocking bandwidth between any server and any other server in the fabric, assuming uniform traffic distribution. The 40G spine uplinks from each leaf provide 80 Gbps of total uplink capacity (2 x 40G) per leaf, which comfortably serves 48 x 10G server ports even under high utilization scenarios typical of virtualized workloads.

    Management Plane and NTP Configuration

    For any production 10G or 40G switch, NTP synchronization and secure management access are non-negotiable. The following applies to both platforms running NX-OS:

    sw-infrarunbook-01# configure terminal

! NTP configuration using management VRF
sw-infrarunbook-01(config)# ntp server 10.0.1.10 use-vrf management
sw-infrarunbook-01(config)# ntp server 10.0.1.11 use-vrf management
sw-infrarunbook-01(config)# clock timezone UTC 0 0

! Management VRF default route
sw-infrarunbook-01(config)# vrf context management
sw-infrarunbook-01(config-vrf)# ip route 0.0.0.0/0 10.0.255.1
sw-infrarunbook-01(config-vrf)# exit

! SSH and local admin account
sw-infrarunbook-01(config)# username infrarunbook-admin privilege 15 password 0 Str0ngP@ss2026!
sw-infrarunbook-01(config)# ssh key rsa 4096
sw-infrarunbook-01(config)# ip ssh server enable

! Disable Telnet
sw-infrarunbook-01(config)# no feature telnet

    Common Operational Pitfalls

    Even experienced engineers encounter predictable problems when deploying 10G and 40G switching infrastructure. The following are the most frequently encountered:

    • MTU mismatch causing jumbo frame drops: End-to-end jumbo frame support requires MTU 9216 to be configured on every hop in the path. A single intermediate switch configured at MTU 1500 causes silent packet drops for any frame exceeding that limit, which is extremely difficult to diagnose without systematic MTU testing.
    • Hash polarization in ECMP or port-channel: If all traffic flows hash to the same member link in a port-channel or ECMP group, throughput does not scale as expected. Verify the load-balancing algorithm with
      show port-channel load-balance
      and consider enabling GRE encapsulation at key aggregation points to rehash flows.
    • FEC mismatch on high-speed links: On 25G and 40G links, Forward Error Correction must be consistent on both ends. RS-FEC and BASE-R FEC are not interoperable. Auto-negotiation does not always resolve this correctly on direct-attach connections, so configure FEC explicitly.
    • Transceiver compatibility matrix gaps: Not every QSFP+ module supports breakout mode, and not every port on a given switch platform accepts every transceiver type. Always consult the Cisco Transceiver Module Group (TMG) compatibility matrix before ordering hardware for a specific platform.

    Related Articles

    Frequently Asked Questions

    What is the difference between 10GBase-T and 10G SFP+?

    10GBase-T uses RJ-45 copper connectors with Cat6A or Cat7 cabling up to 100m and introduces 2–5 microseconds of latency due to PHY encoding overhead. SFP+ uses fiber or DAC twinax cables with sub-microsecond latency and is preferred in latency-sensitive data center environments. 10GBase-T suits campus deployments retrofitting existing structured copper cabling.

    Can I use a 40G QSFP+ port to connect to a 10G device?

    Yes, using a QSFP+ to 4x SFP+ breakout cable. This splits one 40G port into four independent 10G ports. You must configure the breakout at the NX-OS CLI with the breakout module command and reload before the sub-interfaces appear. Not all ports on all platforms support breakout — verify the hardware installation guide for your specific model.

    What Cisco switches support 40G ports at the access layer?

    The Nexus 9396PX, 9332PQ, and Catalyst 9500 series support 40G natively. These are typically deployed at the aggregation or spine layer, not the access layer. Access layer switches generally use 1G or 10G server-facing ports with 40G or 100G uplinks toward the distribution tier.

    How do I verify that a port is running at 40G on NX-OS?

    Use 'show interface Ethernet1/49' and look for the line 'Speed: 40 Gb/s' in the output. You can also use 'show interface Ethernet1/49 transceiver' to confirm the installed transceiver type and live DOM power readings for both transmit and receive paths.

    What is the difference between QSFP+ and QSFP28?

    QSFP+ supports 40G by bonding four 10G lanes. QSFP28 supports 100G by bonding four 25G lanes. They share the same mechanical form factor but are not electrically interoperable for speed negotiation. Always verify supported transceiver types in the platform datasheet before ordering hardware.

    Should I choose 40G or 25G for leaf-spine uplinks in a new build today?

    For new greenfield builds, 25G/100G generally offers better price-per-gigabit performance and a longer technology runway. However, if you have existing 40G spine hardware or budget constraints, 40G uplinks remain cost-effective and fully capable of handling mid-sized data center fabric demands through the near term.

    What is the maximum cable length for a 40G QSFP+ DAC cable?

    Passive QSFP+ DAC cables reach up to 5m. Active DAC cables extend to 10–15m. For longer distances, use 40GBASE-SR4 (up to 150m on OM4 multimode fiber) or 40GBASE-LR4 (up to 10km on single-mode fiber). In most top-of-rack designs, 1–3m passive DAC cables are sufficient and provide the lowest latency.

    How does StackWise-480 affect 10G capacity on the Catalyst 9300?

    StackWise-480 provides 480 Gbps of bidirectional shared stack bandwidth. High-volume server-to-server flows crossing different stack members consume this shared bus capacity. To minimize overhead, co-locate communicating servers on the same physical stack member so their traffic does not traverse the stack interconnect at all.

    Can Cisco Catalyst 9300 10G uplinks form a port-channel to a Nexus switch?

    Yes. LACP (IEEE 802.3ad) interoperates between IOS-XE and NX-OS. Configure 'channel-group <id> mode active' on both sides and ensure matching allowed VLAN lists, native VLANs, and STP port types to prevent negotiation failures or topology changes across the platform boundary.

    What license is required to enable advanced routing on a Cisco Nexus 40G switch?

    The LAN_ENTERPRISE_SERVICES_PKG license is required to enable OSPF, BGP, PIM, and MPLS on Nexus 9000 series switches. Without it, only Layer 2 and static routing are available. Verify current entitlements with 'show license usage' and 'show license feature' before deploying routing protocols in production.

    Related Articles