I know the 3750X's have a management interface on the back which is a 10/100 Fast ethernet port. Its right next to the RJ-45 console port. I also believe that the 2960 switch that you listed there also has a management port on the front of it, above the SFP ports.
Assuming your switches aren't too far away, you could use the management interfaces to manage your devices remotely if you will. Of course you would require additional cabling back to another "management switch" which would likely contain the VLAN required just to manage these devices.
Otherwise, you could also run a terminal server server such as an OpenGear or something of that nature and have the console connections linked back to this device in order to remotely control them if your entire network is having issues or what not.
These management interfaces do operate on their own VRF and will also not participate in STP as they're not running on the active VLAN that is being trunked down to them. However, I have seen it where some organizations like to have the management VLAN on the same subnet as the hosts on the switch. This allows them to ping and check the arp table/mac address table and pinpoint where devices are a bit easier than if it was just a simple L2 network. There are of course pro's and con's to each method, however, given that you wanted to go about a out-of-band method. I would say the management interface is probably is your best direction.
You have an elegant physical setup, but logically, it’s deficient in a lot of ways. You’re relying on layer 2 for all of your connections, which doesn’t provide any real failover your setup should provide. Luckily, you aren’t wasting any bandwidth with STP because you don’t have any redundant links; VLAN 100 and VLAN 200 only have a single way out, if I’m reading this correctly.
I can't implement multiple area OSPF because the CPE public subnets
are too difficult to summarize and the public range is split over
several POPs without hierarchy, so this would be inefficient.
I don’t even think you need to go as far as setting up multiple areas, the segment your concerned with is fairly small. Cisco recommends you stay under 50 routers per area, though, most will agree that you can exceed that amount by quite a significant margin and still be considered healthy. I have about 80 routers per area with no issues; Ron has even more than that without any hiccups.
- Implementation of EtherChannel between the access switches and CMTS.
This all hinges off what happens higher up in your network. If you’re significantly oversubscribing your distribution to core links, then you may not see any real benefit in increasing your bandwidth at the access layer. The same holds true if you’re doing this with your access to distribution.
Again, as most have mentioned in the comments, implementing OSPF would be pretty easy. If you were utilizing a layer 3 protocol, you would share that load across equal/unequal cost links, too. Perhaps a redundant link between your distribution switches would allow each access switch a redundant path out. As it stands, if one of your access links goes down, you lose an entire subnet (VLAN 100 or VLAN 200).
Best Answer
The layer you labeled in your diagram is considered the core (also called the backbone).
The firewalls in your diagram form a boundary on the core layer, since they transition to another network. Core networks are local to your company or autonomous system.
Keep your core layer as stable as possible. That typically means keeping changes to a minimum, as well as not homing servers or users directly in the core layer. Typically you put your fastest elements in the core; over time the core devices may be repurposed to the edge of the network as the former core devices loose capacity to handle evolving loads.