Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
1
Replies

Switch redundency

Go to solution
avilt
Level 3
Level 3

‎02-21-2011 04:27 PM - edited ‎03-03-2019 06:12 AM

I would like to have switch redundency for LAN and WAN segments and I am planning to implement this as shown in the attached diagram. Any recommendation is appreciated.

Also what is the best way to manage the switch in public segment as assigning public IP is not recommended to the switch.

Labels:
Preview file
79 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
IAN WHITMORE
Level 4
Level 4

‎02-24-2011 12:38 AM

Looks OK. It's not on your diagram so I don't know if you were going to do it, but you can trunk between your switches and your firewalls too. This way you can have many DMZs over one physical link (bandwidth permitting).

You can safely put some IP addresses on the public switches in the provate range and create a DMZ for administration and only allow ssh access to the switches for example. Turn of things like cdp and put access-lists also on the switches i.e. you don't need punlic IP addresses on the switches. With access-lists and username/passwords (with radius or tacacs if you have it - but you will have to remeber to allow that through the firewall as well), provate IPs, and in a DMZ for admin, you should be ready to go.

Regards,

Ian

View solution in original post

0 Helpful
1 Reply 1

Go to solution
IAN WHITMORE
Level 4
Level 4

‎02-24-2011 12:38 AM

Looks OK. It's not on your diagram so I don't know if you were going to do it, but you can trunk between your switches and your firewalls too. This way you can have many DMZs over one physical link (bandwidth permitting).

You can safely put some IP addresses on the public switches in the provate range and create a DMZ for administration and only allow ssh access to the switches for example. Turn of things like cdp and put access-lists also on the switches i.e. you don't need punlic IP addresses on the switches. With access-lists and username/passwords (with radius or tacacs if you have it - but you will have to remeber to allow that through the firewall as well), provate IPs, and in a DMZ for admin, you should be ready to go.

Regards,

Ian

0 Helpful
Customers Also Viewed These Support Documents