[nsp] PIX 535 stateful failover
Arnold Nipper
arnold at nipper.de
Mon Jun 14 08:27:37 EDT 2004
On 14.06.2004 13:59 Daniel Roesen wrote:
> On Mon, Jun 14, 2004 at 01:48:09PM +0200, Arnold Nipper wrote:
>
>>>>>Other techniques involve e.g. flooding the switch which then
>>>>>becomes essentially a single broadcast domain hub.
>>>>
>>>>Which would not happen if you have two non-trunked connections??
>>>
>>>I'm not sure what setup you have in mind exactly.
>>
>>We were talking about it 5 min. ago :-)
>
>
> We were talking about "two seperate switches" vs. "one switch with
> VLANs".
>
We were talking about "There's no reasonably likely scenario I can think
of in which having a trunk to the firewall would be any less secure than
having two non-trunked connections to the firewall from the same switch
on different VLANs."
>
> To quote Randy B... "I fully encourage..."... you know the drill. :-)
>
Yes pls do. Spend more money/manpower than necessary :-)
Arnold
More information about the cisco-nsp
mailing list