Re: Question on users connected to core switches (and future unt

news2010a · ‎10-13-2008

Hi, can you give me your insight regaqarding this design. Please see attached diagram with question. Thanks

Jon Marshall · ‎10-13-2008

Marlon

There is nothing inherently wrong with attaching users into your 6500 switches although in Cisco's hierarchical model users are often placed on separate access-layer switches.

So you have in effect collapsed access and distribution functions on the same switches. I can't see however how this would effect future placement of a firewall as you could quite easily place this between the 6500 and the 3845.

It is difficult to be precise without knowing more about your topology but if you did grant Internet access to users on the 6500 would the Internet pipe not actually be at your HQ site and firewalled anyway ?

Jon

news2010a · ‎10-13-2008

Sorry if I did not explain correctly:

Currently the Internet access is granted thru the HQ and firewalled.

Then in the future, we may allow the local site to get access directly to the Internet. At that point as you pointed out I could place firewall between 6500 and 3845.

Just wanted to make sure.

Thanks!

Jon Marshall · ‎10-13-2008

No problem.

Just for future referenceyou could just upgrade the 3845 IOS to run the Firewall feature set (CBAC) so you would'nt need an additional device.

Jon

Question on users connected to core switches (and future untrusted network)