Re: Switch Network Design Question

From: bud selig (bud4bud@gmail.com)
Date: Wed Nov 02 2005 - 18:07:10 GMT-3

• Next message: Sheahan, John: "RE: Switch Network Design Question"
• Previous message: Sheahan, John: "RE: Switch Network Design Question"
• Maybe in reply to: bud selig: "Switch Network Design Question"
• Next in thread: Sheahan, John: "RE: Switch Network Design Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is great info. I appreciate it! Any more details on the vulnerability
you mentioned below would be appreciated as well.
 Bud

 On 11/2/05, Sheahan, John <John.Sheahan@priceline.com> wrote:
>
> One more thing....
> We specifically made an issue over this with Cisco a couple of years
> back. There was talk of a hack at one time that could be put in place
> that would "flatten" a switch, thus creating one big vlan. Cisco assured
> us, in person, several times that this was considered safe by their
> standards. We still did not believe them and continued to always use
> separate switches for at least the switches attached to the outside
> interfaces of Pix firewalls.
>
> We see now that Cisco put it's money where it's mouth was when they
> designed the FWSM. When you configure a FWSM in a 6500 switch, you are
> using a VLAN for the outside, dmz and inside interfaces all on the same
> switch.
>
> I feel more comfortable now since Cisco came out with this design and we
> can clearly see that is the direction Cisco is heading.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> bud selig
> Sent: Wednesday, November 02, 2005 3:52 PM
> To: Cisco certification
> Subject: Re: Switch Network Design Question
>
> Thanks for all the responses on this. They were very helpful.
>
>
> On 11/2/05, bud selig <bud4bud@gmail.com> wrote:
> >
> > Hello,
> >
> > I was wondering what everyone's thoughts were on having a single
> switch
> > house the outside, inside, DMZ VLANs. I prefer to keep the inside VLAN
> on a
> > different physical switch for a more secure environment.
> >
> > Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Sheahan, John: "RE: Switch Network Design Question"
• Previous message: Sheahan, John: "RE: Switch Network Design Question"
• Maybe in reply to: bud selig: "Switch Network Design Question"
• Next in thread: Sheahan, John: "RE: Switch Network Design Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3