We deploy 2620/2621 in our microwave network with Catalyst 1912/1924 to 'fan out' via VLANs, but we just use the aux port on the 26xx to reverse telnet to the 19xx, rather than assigning an IP address to the switch.
I have seen several situations where ARP requests leak across VLANs on 29xx/35xx series equipment, never really had the chance to observe enough on the other platforms (4xxx/5xxx/6xxx) to know if they're involved - the 19xx seem to be very stable and I've never detected anything like leaking information on them. The big benefit for us, besides cheaper port density, is that we 'twin' each port - an on site tech wanting to work on the thing plugged in to port 1 on the cat 1924 knows he can just hook his laptop to port 11 and he is on the same segment. Andrew Dorsett wrote: > On Fri, 21 Mar 2003, Paulo Roque wrote: > > > I usually separate firewall zone with different physical LAN in different > > switches. > > What do you think of separating firewall zone with VLANs in the same > > switch/chassis? > > Generally a very bad idea! I fully agree with physical seperation. > Because if it's based on VLANs then they only have to compromise the > switch to compromise the entire network. Also because there are new layer > 2 techniques that can allow a packet to hop across VLANs. These are the > only things that worry me about the FW module for the 6500 chassis. It's > based on VLANs. So if I can hop VLANs somewhere then I can bypass the > firewall. > > Andrew > --- > > http://www.andrewsworld.net/ > ICQ: 2895251 > Cisco Certified Network Associate > > "Learn from the mistakes of others. You won't live long enough to make all > of them yourself." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65952&t=65938 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
