Internet switches

Unanswered Question
Mar 7th, 2003
User Badges:

My company has 2 3512's as our external publically addressed switches, these are what my load balancers plug into. Our Fw's are inside the LB and then we have two 3548's inside the FW's. I want to find out someone else's opinion on whether or not we should vlan and attach the 3512's to the 3548's for redundancy. we currently have a gig and fe connections between the 3512's and someone wants to put a gig connection between the 3512's and the 3548's using tagging.


I would like to see some documentation on whether this is safe or should not be done?


Thank You

J

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Fri, 03/07/2003 - 06:42
User Badges:
  • Red, 2250 points or more

From your posting I understand that this means that you are physically "bypassing" the firewall? I do not think that it is intended that any traffic passes along this path, so the point of redundancy does not become clear to me.

The only point could be when you have insufficient ports on the 3512's and want to borrow a few from the 3548. This can be done and when you use two different vlans's for inside and outside, no one will notice, but ...

A misconfiguration or a defect could mean that you are bypassing your firewall.

At least you are making it physically possible that this can happen. Ever heard of Murphy? This would never be my choice.

Hope this helps you to defend your case!


Leo

Actions

This Discussion