From: Sheahan, John (John.Sheahan@priceline.com)
Date: Wed Nov 02 2005 - 18:02:31 GMT-3
One more thing....
We specifically made an issue over this with Cisco a couple of years
back. There was talk of a hack at one time that could be put in place
that would "flatten" a switch, thus creating one big vlan. Cisco assured
us, in person, several times that this was considered safe by their
standards. We still did not believe them and continued to always use
separate switches for at least the switches attached to the outside
interfaces of Pix firewalls.
We see now that Cisco put it's money where it's mouth was when they
designed the FWSM. When you configure a FWSM in a 6500 switch, you are
using a VLAN for the outside, dmz and inside interfaces all on the same
switch.
I feel more comfortable now since Cisco came out with this design and we
can clearly see that is the direction Cisco is heading.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
bud selig
Sent: Wednesday, November 02, 2005 3:52 PM
To: Cisco certification
Subject: Re: Switch Network Design Question
Thanks for all the responses on this. They were very helpful.
On 11/2/05, bud selig <bud4bud@gmail.com> wrote:
>
> Hello,
>
> I was wondering what everyone's thoughts were on having a single
switch
> house the outside, inside, DMZ VLANs. I prefer to keep the inside VLAN
on a
> different physical switch for a more secure environment.
>
> Thanks
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3