[nsp] PIX 535 stateful failover
Daniel Roesen
dr at cluenet.de
Mon Jun 14 07:59:17 EDT 2004
On Mon, Jun 14, 2004 at 01:48:09PM +0200, Arnold Nipper wrote:
> >>> Other techniques involve e.g. flooding the switch which then
> >>> becomes essentially a single broadcast domain hub.
> >>
> >> Which would not happen if you have two non-trunked connections??
> >
> > I'm not sure what setup you have in mind exactly.
>
> We were talking about it 5 min. ago :-)
We were talking about "two seperate switches" vs. "one switch with
VLANs".
> The statement was that two physical connection from the *same* switch to
> a firewall don't buy you more than a trunkened connection.
We were talking about "two seperate switches" vs. "one switch with
VLANs", not "diverse links into VLANs" vs. "one trunk".
> I wouldn't call VLAN a security technique either. But it's much
> cheaper and easier to install than a couple of fibre/copper links.
Sure. Have fun to explain this to your insurance company after a
break-in incident into your corporate network with half-way measurable
damages.
To quote Randy B... "I fully encourage..."... you know the drill. :-)
Regards,
Daniel
More information about the cisco-nsp
mailing list