Jon Marshall Mon, 10/13/2008 - 09:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Marlon


There is nothing inherently wrong with attaching users into your 6500 switches although in Cisco's hierarchical model users are often placed on separate access-layer switches.


So you have in effect collapsed access and distribution functions on the same switches. I can't see however how this would effect future placement of a firewall as you could quite easily place this between the 6500 and the 3845.


It is difficult to be precise without knowing more about your topology but if you did grant Internet access to users on the 6500 would the Internet pipe not actually be at your HQ site and firewalled anyway ?


Jon

news2010a Mon, 10/13/2008 - 09:53
User Badges:

Sorry if I did not explain correctly:


Currently the Internet access is granted thru the HQ and firewalled.


Then in the future, we may allow the local site to get access directly to the Internet. At that point as you pointed out I could place firewall between 6500 and 3845.

Just wanted to make sure.


Thanks!


Jon Marshall Mon, 10/13/2008 - 10:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

No problem.


Just for future referenceyou could just upgrade the 3845 IOS to run the Firewall feature set (CBAC) so you would'nt need an additional device.


Jon

Actions

This Discussion