Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Security considerations for Ethernet connection to ISP

My organizaton is getting an ethernet connection from the ISP to supply internet connectivity. Does anyone have any design or white papers from a security perspective to terminiate the ethernet connection internal. I seen where people bring it into a vlan off a 6500 switch or they bring it directly in to a PIX. Please let me know what you think. Thanks.


Re: Security considerations for Ethernet connection to ISP

Ideally put it straight into a firewall.

As an absolute last resort if this is not possible (for instance if the internet is presented as a VLAN on a trunk) then you will have to use a VLAN, but you must be very careful:

- don't use VLAN1

- use a "dummy" VLAN for native.

- prune that VLAN as much as possible so it only goes where needed.

- keep it as layer2 - don't create "interface vlan.." on MSFC etc

Check out the SAFE whitepapers at

New Member

Re: Security considerations for Ethernet connection to ISP

Thank you for the response. I have been reading over the white papers you referenced and terminating to a security applicance seems to be the best option. Thanks.