RE: Using Nexus 7k ports for ASA DMZ Vlan ports?

If this was a bank with billions of dollars potentially risk would you trust
putting your DMZ VLAN on a Nexus VDC vs Physical Isolation? I guess half of
this is about best practice regardless of make/model/manufacturer.

From:
Christopher Copley [mailto:copley.chris_at_gmail.com]
Sent: Thursday, September
09, 2010 9:33 PM
To: Jason Aarons (US)
Cc: ccielab_at_groupstudy.com
Subject:
Re: Using Nexus 7k ports for ASA DMZ Vlan ports?

How about using a
different VDC for the DMZ?

Chris
On Thu, Sep 9, 2010 at 9:19 PM, Jason
Aarons (US) <jason.aarons_at_us.didata.com<mailto:jason.aarons_at_us.didata.com>>
wrote:
A customer want's to put a Layer2 DMZ vlan on his Nexus 7k, and is
wondering
if Private VLAN/VDCs will keep that vlan from his inside network.
Basically
he needs some switchports for his DMZ and doesn't want to put them
on a 3750.
From a security perspective I would never advise this to mitigate
risk by
using Physical Isolation, but I'm not clear if the Nexus Private
VLAN/VDC
would mitigate the risk.
http://en.wikipedia.org/wiki/VLAN_hopping
-----------------------------------------
Disclaimer:

This e-mail
communication and any attachments may contain
confidential and privileged
information and is for use by the
designated addressee(s) named above only.
If you are not the
intended addressee, you are hereby notified that you have
received
this communication in error and that any use or reproduction of
this
email or its contents is strictly prohibited and may be
unlawful. If
you have
received this communication in error, please
notify us immediately
by replying
to this message and deleting it
from your computer. Thank you.
Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 09 2010 - 21:53:59 ART