Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Gold

PIX vs Switch

we usually create a dmz by using a pix. however, one of my customers uses a switch to create a dmz rather than a pix. customer does that by creating 3 vlans.

i was wondering what is the difference between the two.

3 REPLIES
Silver

Re: PIX vs Switch

a layer 2 managed switch can create vlans, but cannot route between them. a l3 managed switch can, but generally does not have the firewall capabilities that a pix does, so there is network segmentation, but limited security segmentation functionality.

Gold

Re: PIX vs Switch

thanks for your response. that's exactly why customer puts a router between vlans. is this a popular way to create a dmz? i've never seen that before.

in terms of security, obviously a pix would be much more secure. however, how would i show that to my customer?

Gold

Re: PIX vs Switch

Yes, VLANs can provide security to your LAN but to use it as a DMZ, I personaly don’t think it’s such a good idea, but I suppose it all depends on the network and security requirements.

The Benefits of VLANs are the following:

1.It eases the change and movement of devices on IP network

2.It helps to control broadcast traffic

3.It provides security

To have a proper DMZ (and as you correctly said) use a Firewall (PIX) and create your DMZ on the PIX.

i.e.

internet--primeter_router--PIX(with DMZ)--LAN_Router--LAN.

Hope this helps --

112
Views
5
Helpful
3
Replies
CreatePlease login to create content