dedicated external ports

Discussion in 'Cisco' started by mmark751969@yahoo.com, Mar 19, 2007.

  1. Guest

    I have a number of catalyst 3750 stackable switches in the network.
    We are on 5 floors, each floor has it's own catalyst stack which ties
    into the core stack on the 1st floor. We are also layer 3 ip routing
    capable and have a number of vlans defined. I have some requests to
    run some dedicated ports, on other floors, that terminate to a switch
    that's connected outside the firewall. I'm thinking the way i have to
    do this is to define a vlan on an ip range that is defined on our
    external static range. Then connect the ports in the other floors, to
    access mode configured vlan ports at the floor switches and the core
    switch. Then connect the core port to the external switch. If done
    this way, i believe i'd have to route our external public address
    range internally. Is there another way to do this. Thanks
     
    , Mar 19, 2007
    #1
    1. Advertising

  2. Thrill5 Guest

    What you are contemplating is very, very insecure. You never, ever mix
    inside network ports and outside network ports on the same network. Why,
    because there are many different types of attacks and hacks that can very
    easily gain access to you internal network once they have access to a
    computer connected to the outside network. (Hacking isn't just layer 3!!!!)
    If someone compromises one of the outside machines, there are many attacks
    that can bring down your switches. The reason you have a firewall is to
    prevent these types of attacks, so why are you by-passing it? If you
    absolutely need to have these computers outside the firewall, put them on a
    completely separate network, separate wires, separate switches, separate
    routers. This is the only way to make sure that your internal network stays
    secure. Do a search on "Layer 2 security"
    http://www.google.com/search?q=layer 2 security

    Scott

    <> wrote in message
    news:...
    >I have a number of catalyst 3750 stackable switches in the network.
    > We are on 5 floors, each floor has it's own catalyst stack which ties
    > into the core stack on the 1st floor. We are also layer 3 ip routing
    > capable and have a number of vlans defined. I have some requests to
    > run some dedicated ports, on other floors, that terminate to a switch
    > that's connected outside the firewall. I'm thinking the way i have to
    > do this is to define a vlan on an ip range that is defined on our
    > external static range. Then connect the ports in the other floors, to
    > access mode configured vlan ports at the floor switches and the core
    > switch. Then connect the core port to the external switch. If done
    > this way, i believe i'd have to route our external public address
    > range internally. Is there another way to do this. Thanks
    >
     
    Thrill5, Mar 20, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. rex
    Replies:
    2
    Views:
    2,220
  2. smic
    Replies:
    1
    Views:
    2,040
  3. James S
    Replies:
    3
    Views:
    533
  4. roadster3043
    Replies:
    2
    Views:
    447
    roadster3043
    Oct 13, 2004
  5. Mike
    Replies:
    27
    Views:
    1,516
Loading...

Share This Page