https://community.cisco.com/t5/network-security/security-question/m-p/1904576#M457010 <HTML><HEAD></HEAD><BODY><P> To answer it in simple there is no security concern with the Internet router on the DMZ switch but you need take care of all the L2 Layer type of attack by hardening the Switch configuration.</P></BODY></HTML> Tue, 17 Apr 2012 12:29:28 GMT Alexander Moorthy 2012-04-17T12:29:28Z https://community.cisco.com/t5/network-security/security-question/m-p/1904571#M456995 <P>Is it a security issue or concern to add the Internet router on the same DMZ switch but on a different VLAN. To make the question clear here is the setup.</P><P></P><P>The Internet router in on the outside interface of an ASA firewall and the DMZ switch is on the DMZ interface of the Firewall with a security level of 50.</P><P></P><P>Sent from Cisco Technical Support iPad App</P> Mon, 11 Mar 2019 22:54:17 GMT https://community.cisco.com/t5/network-security/security-question/m-p/1904571#M456995 helsayed78 2019-03-11T22:54:17Z https://community.cisco.com/t5/network-security/security-question/m-p/1904572#M456999 <HTML><HEAD></HEAD><BODY><P> Can anyone help out please?</P><P></P><P>Regards,</P><P>H</P></BODY></HTML> Tue, 17 Apr 2012 11:46:08 GMT https://community.cisco.com/t5/network-security/security-question/m-p/1904572#M456999 helsayed78 2012-04-17T11:46:08Z https://community.cisco.com/t5/network-security/security-question/m-p/1904573#M457002 <HTML><HEAD></HEAD><BODY><P>Hi H,</P><P></P><P>There are no security concerns if you plug the DMZ interface and the Internet Router on&nbsp; the same switch until they are separated in differet vlans with correct cofiguration.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 17 Apr 2012 11:55:30 GMT https://community.cisco.com/t5/network-security/security-question/m-p/1904573#M457002 varrao 2012-04-17T11:55:30Z https://community.cisco.com/t5/network-security/security-question/m-p/1904574#M457004 <HTML><HEAD></HEAD><BODY><P>What about the L2 attacks ( VLAN hopping for example? )</P></BODY></HTML> Tue, 17 Apr 2012 12:02:13 GMT https://community.cisco.com/t5/network-security/security-question/m-p/1904574#M457004 helsayed78 2012-04-17T12:02:13Z https://community.cisco.com/t5/network-security/security-question/m-p/1904575#M457009 <HTML><HEAD></HEAD><BODY><P>Hi H,</P><P></P><P>For that your configurations needs to be strict, no traffic should be allowed over native vlans, instead they should be specified in access vlans. Do not set the trunks to auto negotiate. Such steps can be taken to mitigate such L2 attacks and gain access to your DMZ resources without passing through the ASA.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Tue, 17 Apr 2012 12:23:03 GMT https://community.cisco.com/t5/network-security/security-question/m-p/1904575#M457009 varrao 2012-04-17T12:23:03Z https://community.cisco.com/t5/network-security/security-question/m-p/1904576#M457010 <HTML><HEAD></HEAD><BODY><P> To answer it in simple there is no security concern with the Internet router on the DMZ switch but you need take care of all the L2 Layer type of attack by hardening the Switch configuration.</P></BODY></HTML> Tue, 17 Apr 2012 12:29:28 GMT https://community.cisco.com/t5/network-security/security-question/m-p/1904576#M457010 Alexander Moorthy 2012-04-17T12:29:28Z