hi! I've a setup similar to the diagram in the file attached.
my core switch has it own vtp domain and vlan 210 (transit vlan) is part of the vtp domain abc in the core sw. I've another switch on the production network which is configured with vlan45 (not part of the abc vtp domain). I'm not too sure what's the setup of the firewall. Currently i can ping host on the production network. I've a static route from my core switch to the production network.
My questions are,
1) why do i need a "transit vlan" here?
2) Can i create vlan 45 in vtp abc and use that vlan/network segment in the core sw?
3) Through the firewall, can i use vlan 45 in my corporate network which is in the core sw?
One question which might not related to the questions above. Within a sw itself can i create a vtp domain, and have another vlan created within that switch and not joining that particular vlan into the vtp domain? or can i have multiple vtp domain within a switch itself?
if the firewall works at layer 3 = its interfaces have IP addresses in different IP subnets and this is quite common, then you cannot extend vlan 45 from VTP domain abc to production network or the firewall can be bypassed !!!
I think that current setup is correct from the point of view of security and I would not attempt to change it for the reasons explained above.
hi! does that mean that(vlan behind firewall can be part of the core's vtp domain) can be done? if i would to "bypass" the router, will
i still be able to apply rule as per usual? does that mean if the bypass mode (same ip range on the inside and outside) can be done, the vlan behind the firewall can be part of the core sw's vtp domain?
Another question, i would like to find out about firewall is that. if i would to use a flat network (eg10.34.10.0/24) within my internal LAN, can i've 2 WAN links out with firewalls(checkpoint firewall) configured on each of these wan link (adsl to corporate and optical to internet)?
will it make any different if i have only one vlan within my internal network compared to no vlan configured since i only got one network segment? any changes on the route required?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...