[nsp] PIX 535 stateful failover

Daniel Roesen dr at cluenet.de
Mon Jun 14 06:59:22 EDT 2004

On Mon, Jun 14, 2004 at 11:41:59AM +0100, Ryan O'Connell wrote:
> There's no reasonably likely scenario I can think of in which 
> having a trunk to the firewall would be any less secure than having two 
> non-trunked connections to the firewall from the same switch on 
> different VLANs.


Just for ONE publicly known VLAN hopping problem.
Other techniques involve e.g. flooding the switch which then becomes
essentially a single broadcast domain hub.


More information about the cisco-nsp mailing list