Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question on users connected to core switches (and future untrusted network)

Hi, can you give me your insight regaqarding this design. Please see attached diagram with question. Thanks

3 REPLIES
Hall of Fame Super Blue

Re: Question on users connected to core switches (and future unt

Marlon

There is nothing inherently wrong with attaching users into your 6500 switches although in Cisco's hierarchical model users are often placed on separate access-layer switches.

So you have in effect collapsed access and distribution functions on the same switches. I can't see however how this would effect future placement of a firewall as you could quite easily place this between the 6500 and the 3845.

It is difficult to be precise without knowing more about your topology but if you did grant Internet access to users on the 6500 would the Internet pipe not actually be at your HQ site and firewalled anyway ?

Jon

New Member

Re: Question on users connected to core switches (and future unt

Sorry if I did not explain correctly:

Currently the Internet access is granted thru the HQ and firewalled.

Then in the future, we may allow the local site to get access directly to the Internet. At that point as you pointed out I could place firewall between 6500 and 3845.

Just wanted to make sure.

Thanks!

Hall of Fame Super Blue

Re: Question on users connected to core switches (and future unt

No problem.

Just for future referenceyou could just upgrade the 3845 IOS to run the Firewall feature set (CBAC) so you would'nt need an additional device.

Jon

116
Views
0
Helpful
3
Replies