|
Posted by Thrill5 on March 19, 2007, 8:40 pm
If you were Registered and logged in, you could reply and use other advanced thread options
What you are contemplating is very, very insecure. You never, ever mix
inside network ports and outside network ports on the same network. Why,
because there are many different types of attacks and hacks that can very
easily gain access to you internal network once they have access to a
computer connected to the outside network. (Hacking isn't just layer 3!!!!)
If someone compromises one of the outside machines, there are many attacks
that can bring down your switches. The reason you have a firewall is to
prevent these types of attacks, so why are you by-passing it? If you
absolutely need to have these computers outside the firewall, put them on a
completely separate network, separate wires, separate switches, separate
routers. This is the only way to make sure that your internal network stays
secure. Do a search on "Layer 2 security"
http://www.google.com/search?q=layer+2+security
Scott
>I have a number of catalyst 3750 stackable switches in the network.
> We are on 5 floors, each floor has it's own catalyst stack which ties
> into the core stack on the 1st floor. We are also layer 3 ip routing
> capable and have a number of vlans defined. I have some requests to
> run some dedicated ports, on other floors, that terminate to a switch
> that's connected outside the firewall. I'm thinking the way i have to
> do this is to define a vlan on an ip range that is defined on our
> external static range. Then connect the ports in the other floors, to
> access mode configured vlan ports at the floor switches and the core
> switch. Then connect the core port to the external switch. If done
> this way, i believe i'd have to route our external public address
> range internally. Is there another way to do this. Thanks
>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map