Firewall Wizards mailing list archives
RE: Multiple small switches vs. a single big one
From: Mike Hoskins <mike () adept org>
Date: Tue, 9 Mar 2004 00:02:05 -0800 (PST)
At 01:36 PM 3/2/2004 -0500, Sloane, David wrote:
Can anyone with some good Cisco depth rebut these assumptions about a 6500-series switch "losing it's configuration?"
i've seen cisco's do it. i've seen extreme's do it. i haven't seen foundry's do it, but i'm sure they do. (if i was a betting man, i'd put money on it.) murphy is always with us. the question is, if you can choose an architecture which mitigates such an event... is the cost worth it given your requirements? At 18:55 3/5/2004 -0500, Miedaner, Tony wrote:
I was at an ISP company with the same setup. The switch OS had a memory leak and that resulted in the switch configuration getting blown away. Cisco fixed the problem.
and to be fair, extreme had engineers on-site to fix the problems i encountered as well -- and this was back in 99/00 when they were a lot less stable.
The main problem I see is that Cisco has a marginal track record with switch security. For instance VLAN1 the default VLAN - that'd be a fail open for those who don't know. Maybe that is fixed on the big ciscos now but it is not fixed on the small ones.
that's the main problem with a lot of things, especially large organizations that have purchased disparate network platforms and massaged them into a single product line. however, i must say, if you're still using the default VLAN for production port assignment (or anything other than a 'non-assigned port placeholder', you shouldn't be administering a network... and you probably can't read, since a lot of things have been published saying 'don't do that.')
In my view physical separation is good. Big switch configs can get pretty complicated.
i do have to agree with this, KISS. -m -- "Information Warfare? Given the state of the industry, what we need is Information Welfare." --Richard A Steenbergen _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Multiple small switches vs. a single big one Mike Hoskins (Mar 09)