Yeah, I would agree with that.. I'm mostly looking at the external
portion for this. If anyone else has any comments, I'd like to hear
them.
- Brian
On Fri, 2001-12-21 at 12:44, Zhang, Anchi wrote:
> That is what I have been doing using 6506 and 6509. Some people have
> advised that the switch with an external and/or DMZ vlan should not have
> any internal vlan for security reasons and I have followed that advise.
>
> Anchi
>
> -----Original Message-----
> From: Brian DeFeyter [mailto:bdf@gospelcom.net]
> Sent: Friday, December 21, 2001 10:41 AM
> To: cisco-nsp@puck.nether.net
> Subject: Switching Advice
>
>
> I'm wondering if anyone could provide some advice wrt catalyst
> connections between routers, firewalls, servers etc...
>
> I'd like to get around having to spread out multiple switches (ie: one
> between routers, between firewalls, each firewall's interface, etc...)
>
> Has any setup something up similar with a larger 4/5/6000 series
> catalyst using VLANs to segment these portions? There'd be a lot of back
> and forth (ie: a packet might travel like:
>
> routers -> switch -> firewalls -> switch -> load balancers -> switch ->
> servers, etc...
>
> where the connections are all cabled back onto the same switch, but
> segmented from each other only by VLANs)
>
> Is this a bad idea? Would I be looking at any performance degregation?
> I'd have a lot fewer switches to manage. ;)
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:26 EDT