Re: Multiple small switches vs. a single big one; Granularity of control

[Krzysztof Gajdemski <lists () kosciol com pl>]

01.03.2004 13:33:16, Shimon Silberschlag wrote:

> Lets take it to the extreme: someone (accidentally or intentionally)
> resets (or otherwise changes) the switch configuration. With separate
> switches, each segment can talk freely to all other servers on the
> segment but not outside, since the FW watches that route. For one big
> switch connected to an outside FW, all segments can talk to all
> segments (if the switch behaves as a L2 one). What about 6500 with
> FWSM? does resetting the config prevents it from seeing any traffic?

On C6500 platform all ports are in `disable' or `administratively down'
state after clearing switch configuration depending on type of images
(CatOS or Native IOS) currently running on the switch. So there's no
danger in this case.

     k.
-- 
- -  Krzysztof Gajdemski | songo @ debian.org.pl | KG4751-RIPE 
Registered Linux User # 133457 | BLUG Registered Member # 0005 
PGP publ. key at: http://i.use.vi.pl/gpg/gpgkey * ID: 3C38979D
,,Szanuję was wszystkich, którzy pozostajecie w cieniu'' SNERG 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards