I need to add a logical interface to a firewall DMZ port.
The switch that connects the Firewall DMZ interfaces and DMZ servers has several layer 2 VLANs connecting the Different DMZs their interfaces.
It also connects the Outside firewall interfaces and routers.
It has one layer three VLAN interface that connects this switch to the management VLAN subnet also.
This switch also has VTP configured.
I have several questions:
1. If I create a trunk port for the physical and logical interfaces for my DMZ, would I want to have the Physical interface VLAN be the default VLAN and tag the logical interface VLAN?
Does it matter which VLAN I make the default VLAN in the trunk?
2. Is it considered ok practive to have the Management VLAN (inside network)connected to this switch and the rest of the VLANs also ?
(This switch also has the outside interfaces of the firewalls and edge router interfaces, all layer 2 VLAN).
3. With VTP configured, will my new VLAN (logical interface) propogate to all other switches im the network and is there any potential danger in this?