Hi
I am seeking some security recommendations and concerns about current project we have going on in my company.
we do have DMZ cisco layer 2 switch that connects to Firewall and we also have Nexus 7K that is doing Layer 3 routing for internal network as core switch .network team is trying to implement Cisco Flexpod in order to add more servers in DMZ network so they created Layer 3 interface on DMZ switch and connected to port on Nexus on access mode .Flex pod has 4 ports connected to Nexus with port aggregation in trunk mode .
my first question is if this is a legit network design solution for Flexpod in order to add DMZ vlans ?
my second question it really freaks me out knowing that DMZ and internal switches are connected physically . I mean if someone get access to our coreswitch he will be able to see DMZ vlan information and can get the mac addresses of the servers in DMZ as well .
I dont know if any other type of potential attacks also be effective in this case as well .
I have also attached the design of network diagram on packet tracer , it might help better to understand the network topology .
Thanks