Check this doc out for the "best pactices" of securing VLAN's www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf That may help prevent vlan hopping form the DMZ On 2/1/07, JT Moree wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > JT Moree wrote: > > Does anyone know enough about VLANs on a Cisco Catalyst 4506 switch to explain > > the security implications of this setup: > > More info to throw around and some answers to half posed questions . . . > > No money is allocated to do anything new (except maybe gigabit NICS in a > few servers). We want to maximize use of the equipment that we have. > > We have multiple 100M switches but one is failing. Since we can't keep > using it and none of the other switches are gigabit (to my knowledge) we > want to use the CISCO gigabit switch for as many servers as possible. > Right now the backup servers are using it to sync with each other. > > The thing is huge. It's got 3 banks of 32 ports. We've got 17+ dmz > servers and a handful of internal servers. > > The DNS and web servers are in the DMZ so yes the internal network needs > to get to them. > > The backup servers also need to get to them. > > There is a cisco firewall somewhere connecting the networks and the 'net. > > it seems the popular consensus is > don't use VLANS that talk to each other if it can be avoided. > > - -- > JT Morée > PC Xperience, Inc. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFwpxu1JwGi/ukQqERAnZRAKDnqUA/WhHhktCeqySDy0F+2xtNSQCeK/P/ > FSI9mfl551lm3+l0ABdaULI= > =mmnA > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss