One issue I see immediately - you'll have to have an *extremely* tight
access control to your switch, best if you will not configure ip address on
it at all and only access it via console (it may introduce some interesting
issues of its own though), from *physically* AND *logically* secure access
server/station, best connected to trusted network segment (the list of
issues will go on and on).
So in general I would strongly advice against mixing secure/dmz/unsecure
network segments on the same switch - dedicate own for each type of security
zone.
On Fri, Dec 21, 2001 at 11:41:16AM -0500, Brian DeFeyter wrote:
> I'm wondering if anyone could provide some advice wrt catalyst
> connections between routers, firewalls, servers etc...
>
> I'd like to get around having to spread out multiple switches (ie: one
> between routers, between firewalls, each firewall's interface, etc...)
>
> Has any setup something up similar with a larger 4/5/6000 series
> catalyst using VLANs to segment these portions? There'd be a lot of back
> and forth (ie: a packet might travel like:
>
> routers -> switch -> firewalls -> switch -> load balancers -> switch ->
> servers, etc...
>
> where the connections are all cabled back onto the same switch, but
> segmented from each other only by VLANs)
>
> Is this a bad idea? Would I be looking at any performance degregation?
> I'd have a lot fewer switches to manage. ;)
---end quoted text---
SY,
-- CCNP, CCDP (R&S) Dmitri E. Kalintsev CDPlayer@irc Network Architect @ connect.com.au dek @ connect.com.au phone: +61 3 9674 3913 fax: 9251 3666 http://-UNAVAIL- UIN:7150410 cell: +61 414 821 382
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:26 EDT