I've seen some of Cisco's private VLAN setup. The way I've seen it implemented is on a DMZ switch. Say you have 3 servers on your DMZ, web, mail, and ftp. If each of those servers is plugged into a different port on the same switch and on the same network, you can configure each of them to be on a private vlan. Reason being if somebody compromises or hacks into your web server, they will not be able to get access to the other two servers. Because to get there, they'd have to go through the firewall first. If the servers were not on a private vlan, the attacker could access the other 2 servers via the switch.
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45776&t=45731 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
