Well, it depends.. I definately still would not VLAN off ports from a big
switch.. do you plan on putting a NetManager box on the inside, and wanting
to monitor the DMZ Hub/Switch? If not, a Cat3524XL could be best (though
I've had bad track record personally with those boxes, I'm sure over-all
they're fine.. I've just been unlucky to come across 14 bad ones out of 17
I've installed).
Anyways.. hope you can straighten it out.. those are just my .02c worth.
Regards,
Trevor J Corness
Radian Corporation
http://www.radiancorp.com
-----Original Message-----
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 02, 2001 4:20 AM
To: Trevor J Corness, CCNA
Subject: Re: VLAN Security [7:18203]
Cisco's pushing the Fast 10/100 hub now, but I don't know that state of
those older HP/Cisco 10 base T models. The Internet connection I am looking
to start with is @ least 10 Megs, maybe as high as 30 Megs. Does that
change your advice any ???
Thanks
Phil
----- Original Message -----
From: "Trevor J Corness, CCNA"
To: "'Circusnuts'"
Sent: Sunday, September 02, 2001 2:26 AM
Subject: RE: VLAN Security [7:18203]
> If you are talking about a single 3500 as the DMZ, with no links to the
> internal network... or just VLAN'ing off ports of a 6509 or something
> larger.. I would definately suggest a standalone 3500.. simply because of
> the problems of "Leaky Buckets". A well planned attack, will overload the
> buffers of the switch, and "leak" traffic onto the Private network. This
is
> why I normally used managed hubs for DMZ (normally a customer won't have
> more than a T1 in this case).. so that I can split off a single port for
> monitoring.. and no "leaky buckets". This is a personal preference
though.
> Your situation may be much different than my normal encounters at my job.
> You have not supplied the information needed to make the "hub/switch"
> decision.. Out of curiosity, do you know if Cisco still sells managed
Hubs?
> Or are they all EOL? I normally use HP 10base-T hubs (again, decided by
the
> 1.544Mbps T1).
>
> Regards,
> Trevor J Corness
> Radian Corporation
> http://www.radiancorp.com
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Circusnuts
> Sent: Saturday, September 01, 2001 5:11 PM
> To: [EMAIL PROTECTED]
> Subject: VLAN Security [7:18203]
>
>
> I'm finishing a project @ work & have an opportunity to recommend multiple
> 3500 series switches or VLAN configuration. The placement of these boxes
> will
> be before a firewall, coming off of a BGP router (for IDS's, SwitchProbes,
> DMZ, etc.,). Can anyone think of an argument either way ???
>
> Thanks Everyone
> Phil
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18245&t=18203
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
