There was a bug a while ago in Cisco switches that would allow VLAN jumping, but that has been fixed for some time now. Personally, I would never use a VLAN'd switch for the inside, outside, and DMZ. But if you have to, just stay away from using the native vlan on the switch. Keep in mind, you can get 24 port switches for under $1k now.
A malicious user can cause frames to hop from one VLAN to another depending on the configuration of the switch. This isn't a bug, but rather the result of the dot1q standard and all vendors have this "problem".
As mentioned, don't use native vlans to carry any traffic, and don't provide any trunked ports to any devices. This will mitigate the concerns with VLANs themselves.
The other problem is that a malicious user in the DMZ or on the Outside can hack at the switch itself to gain admin access. If this happens due to poor security configuration of the switch as a host, the attacker could simply make the port of another device on the switch that was formely in the DMZ/Outside in the inside VLAN giving full access.
The last problem is human errors in configuration have a high risk on creating new problems. With three switches, this isn't a concern as each network segment is both logically and physically separate.
Cisco even has 8 port switches now that are cheap. It's hard to make a arguement these days for using one switch for all three purposes.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...