Vlans on a switch for Public and Private networks

Discussion in 'Cisco' started by daniel, Mar 8, 2005.

  1. daniel

    daniel Guest

    Hi,

    At a small company we want to use a switch (2950) to do our private
    network, but also vlan off 4 ports to do handle the internet
    connection / public network.

    So of the 4 "Public network" vlan ports, one is the internet
    connection from the ISP and 3 others are their firewall and 2 public
    servers.

    So the firewall has one cable from the "public network" VLAN and one
    cable from the "internal network" VLAN. But the whole thing is cabled
    from one switch.

    Is that a good idea? Are we more open to security issues than if we
    have the usual router before the switch?

    Hope that makes sense.

    Many Thanks,

    Daniel.
     
    daniel, Mar 8, 2005
    #1
    1. Advertisements

  2. daniel

    Brian V Guest

    Hi Daniel,

    Yes, you are opening yourself to all kinds of security problems. VLAN hoping
    for 1. Best practices would move all but 2 of those ports away from the
    outside. Router ethernet and Firewall outside. Servers should never be
    "public" (unless it's a bastion device) and should be protected by the
    firewall and put on a DMZ. The outside ports should be on their own switch,
    not on a shared switch.

    -Brian
     
    Brian V, Mar 8, 2005
    #2
    1. Advertisements

  3. Walter Roberson, Mar 8, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.