Question about routing a device connected to a switch in another building, to the DMZ

dorkilicous · ‎04-30-2019

I have a video streaming device that needs to be in the DMZ. the problem is that the device must be close to the streaming equipment, which is in another building than the DMZ. It is using RTP (UDP) 5004. I would like interface GI9/47 on SwitchB to be where the device is plugged in, and also allow it to stream everything to a server in the DMZ.

Environment:
SwitchA is in BuildingA
SwitchB is in BuildingB
SwitchA manage the DMZ, with IP Hosts using 10.10.10.0 /24 addresses
SwitchA also manages IP Hosts using 10.1.10.0 /24 addresses
SwitchA is also connected to SwitchB via fiber
SwitchB manages IP Hosts using 10.7.10.0 /24 addresses

Is this possible, and / or safe to do?

Please, feel free to let me know if you have any other questions or ideas about how to set this up. Thanks, in advance, for any help you can provide!

shaps · ‎04-30-2019

it is perfectly feasible to have the device connected in another location as long as the neccsary switch/routing configuration is in place to allow this. In terms of it being safe, this depends on the type of traffic and whether it needs to be Firewalled off from other networks.

Alan Ng'ethe · ‎04-30-2019

Going on the information provided, and assuming a trunk link between switches, all that is needed is to tag the vlan that corresponds to the DMZ network on that trunk. The interface GI9/47 would then be a member of that vlan.

Network-wise the security policies which apply to traffic in the vlan should remain the same.

However, the physical security at site B would be something to consider.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.