Firewall Wizards mailing list archives
RE: Multiple small switches vs. a single big one; Granularity of control
From: Tony Miedaner <miedaner () twcny rr com>
Date: Fri, 05 Mar 2004 18:55:02 -0500
At 01:36 PM 3/2/2004 -0500, Sloane, David wrote:
Can anyone with some good Cisco depth rebut these assumptions about a 6500-series switch "losing it's configuration?"When I had a 6509, we had two supervisor engines (MSFC's?) with mirrored configurations and redundant power. As far as I could tell, any hardware or software failure which would clear the configuration would have to kill both management cards, making the switch inoperative.
I was at an ISP company with the same setup. The switch OS had a memory leak and that resulted in the switch configuration getting blown away. Cisco fixed the problem.
The main problem I see is that Cisco has a marginal track record with switch security. For instance VLAN1 the default VLAN - that'd be a fail open for those who don't know. Maybe that is fixed on the big ciscos now but it is not fixed on the small ones.
In my view physical separation is good. Big switch configs can get pretty complicated.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Multiple small switches vs. a single big one; Granularity of control Sloane, David (Mar 02)
- Re: Multiple small switches vs. a single big one; Granularity of control Dale W. Carder (Mar 04)
- Re: Multiple small switches vs. a single big one; Granularity of control Mike Meredith (Mar 04)
- RE: Multiple small switches vs. a single big one; Granularity of control Tony Miedaner (Mar 07)