Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
1
Replies

Connection between Distribution and DMZ switches

orkhan.rustamli.96
Level 1
Level 1

‎11-29-2018 04:39 AM - edited ‎03-03-2019 08:57 AM

Hello all. I have a question about the enterprise network design. I have changed my job and here i have seen a couple of new design implementation which was done by previous worker. I do not have to much experience so i haven`t seen so much enterprise networks. I mostly worked in ISP. Here, we use 3750 swtiches stacked as Core-Distribution then Access switches. Moreover, we have 2 Nexus switches which are working as DMZ switches. The unusual thing for me is that Nexus switches and Core-Distribution switches are directly connected by L3 and L2 channels. So workers and users get to ASA trough DMZ Nexus switches but not directly from Core-Distribution switches. I have searched and https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/IE_DG.html here in Figure 8 it also designed similarly. I did not understand what is pros of this design. Previously, in out projects we always separated DMZ and Internal switches and no direct connection. Sometime used some L2 direct connection to WAN switch for L2 Data channels from providers but having L3 connection between these switches...

 

Hope someone will clarify this...

 

Thanks in advance!

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎11-29-2018 07:56 AM

General in design you need to separate the DMZ switches with FW between Core and DMZ.

 

so that Core network protected from External connection.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card