I have a new switch and am in the process of configuring it. The switch will be used for servers in the DMZ. My issue is should I configure all the vlans in my current environment to be included in this switch, or just those related to those in the dmz.
If it is the later, how would trunking work? how would I be able to forward traffic from other vlans on the trunk if the switch only know about the DMZ vlans?
Thanks everyone for your replies. I'm kind of new to the networking field, so creating a secure policy isn't my expertise, but I'm trying though.
Currently all the switches, even the old switch with the DMZ servers in it, are connected to each other via fibre links, which create a redundant loop.
From what I can understand from what you have said is that I should not put this new switch in the loop, but have it sit by itself. So if it wanted to access the firewall (pix 515e), which is sitting on another switch I would have to have an ethernet connection between my new switch and the firewall switch, as there aren't any free fibre ports on teh firewall switch. Am I right or is there a better way of designing it?
If it is a DMZ switch then you should keep it seperate from the rest of your network. It doesnt really matter what VLANs it can see, but you do not want multiple VLANs configured as access ports on the switch. You also do not want to manage the switch, so do not give it an IP address. Having an IP address on an external switch makes it vulnerable from attack.
if you are going to add this new switch for DMZ servers and not going to use for the other purpose then you should only configure the switch related to the VLANs of the DMZ...and after all it all depends on your requirement...and you are talking about trunking then with which switch you are going to connect it means connectivity of network and your VLAN requirement is also taking big part in designing
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...