Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Firewall/Switching/VLAN Design and Security considerations

Hi,

Consider the following:

/SW3---|

External--S1--FW---/ |Subnet 1

| \ \ |

| \__\SW4---|

| /\

| / /SW5--|

External--S2--FW-/ |Subnet 2

\ |

\SW6--|

Requirements:

Router/Switch/Firewall/NIC resiliency. We can pretty much cover this with HSRP/redundant links(STP)/HA between firewalls/ and (HP) NIC Teaming.

Question:

Is it unreasonable to have SW3-SW6 physically on the one switch due to lack of available ports?

I take it this wouldn't be the securtiy purists choice of implementation?

If it is reasonable/doable, what are the features on IOS on switches eg. 2950's to implement this?

Any help appreciated.

Thanks

Mark

1 REPLY
Silver

Re: Firewall/Switching/VLAN Design and Security considerations

You can configure network security by using ACLs by either using the Cluster Management Suite (CMS) or through the command-line interface (CLI). You can also use the security wizard to filter inbound traffic on the Catalyst 2950 switches. Filtering can be based on network addresses or TCP/UDP applications. You can choose whether to drop or forward packets that meet the filtering criteria. To use this wizard, you must know how the network is designed and how interfaces are used on the filtering device. For more information refer to following url:

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e8ed.html#36127

109
Views
0
Helpful
1
Replies
CreatePlease to create content