RE: Multiple small switches vs. a single big one; Granularity of control

[Tony Miedaner <miedaner () twcny rr com>]

At 01:36 PM 3/2/2004 -0500, Sloane, David wrote:
> Can anyone with some good Cisco depth rebut these assumptions about a 
> 6500-series switch "losing it's configuration?"
>
> When I had a 6509, we had two supervisor engines (MSFC's?)  with mirrored 
> configurations and redundant power.  As far as I could tell, any hardware 
> or software failure which would clear the configuration would have to kill 
> both management cards, making the switch inoperative.

I was at an ISP company with the same setup.  The switch OS had a memory 
leak and that resulted in the switch configuration getting blown 
away.  Cisco fixed the problem.

The main problem I see is that Cisco has a marginal track record with 
switch security.  For instance VLAN1 the default VLAN - that'd be a fail 
open for those who don't know.  Maybe that is fixed on the big ciscos now 
but it is not fixed on the small ones.

In my view physical separation is good.  Big switch configs can get pretty 
complicated. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards