RE: [fw-wiz] Multiple small switches vs. a single big one

From: Mike Hoskins (mike_at_adept.org)
Date: 03/09/04

Next message: ArkanoiD: "Re: [fw-wiz] Evolution of Firewalls"

Previous message: Chunduru Rama Krishna Prasad: "Re: [fw-wiz] Evolution of Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 9 Mar 2004 00:02:05 -0800 (PST)

At 01:36 PM 3/2/2004 -0500, Sloane, David wrote:
>> Can anyone with some good Cisco depth rebut these assumptions about a
>> 6500-series switch "losing it's configuration?"

i've seen cisco's do it. i've seen extreme's do it. i haven't seen
foundry's do it, but i'm sure they do. (if i was a betting man, i'd put
money on it.) murphy is always with us. the question is, if you can
choose an architecture which mitigates such an event... is the cost worth
it given your requirements?

At 18:55 3/5/2004 -0500, Miedaner, Tony wrote:
> I was at an ISP company with the same setup. The switch OS had a memory
> leak and that resulted in the switch configuration getting blown
> away. Cisco fixed the problem.

and to be fair, extreme had engineers on-site to fix the problems i
encountered as well -- and this was back in 99/00 when they were a lot
less stable.

> The main problem I see is that Cisco has a marginal track record with
> switch security. For instance VLAN1 the default VLAN - that'd be a fail
> open for those who don't know. Maybe that is fixed on the big ciscos
> now but it is not fixed on the small ones.

that's the main problem with a lot of things, especially large
organizations that have purchased disparate network platforms and massaged
them into a single product line.

however, i must say, if you're still using the default VLAN for production
port assignment (or anything other than a 'non-assigned port placeholder',
you shouldn't be administering a network... and you probably can't read,
since a lot of things have been published saying 'don't do that.')

> In my view physical separation is good. Big switch configs can get
> pretty complicated.

i do have to agree with this, KISS.

-m

--
 "Information Warfare? Given the state of the industry, what we need is
  Information Welfare."  --Richard A Steenbergen
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: ArkanoiD: "Re: [fw-wiz] Evolution of Firewalls"

Previous message: Chunduru Rama Krishna Prasad: "Re: [fw-wiz] Evolution of Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]