[nsp] PIX 535 stateful failover
dr at cluenet.de
Mon Jun 14 06:59:22 EDT 2004
On Mon, Jun 14, 2004 at 11:41:59AM +0100, Ryan O'Connell wrote:
> There's no reasonably likely scenario I can think of in which
> having a trunk to the firewall would be any less secure than having two
> non-trunked connections to the firewall from the same switch on
> different VLANs.
Just for ONE publicly known VLAN hopping problem.
Other techniques involve e.g. flooding the switch which then becomes
essentially a single broadcast domain hub.
More information about the cisco-nsp