Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Multiple small switches vs. a single big one

From: Mike Hoskins <mike () adept org>
Date: Tue, 9 Mar 2004 00:02:05 -0800 (PST)
At 01:36 PM 3/2/2004 -0500, Sloane, David wrote:

Can anyone with some good Cisco depth rebut these assumptions about a
6500-series switch "losing it's configuration?"


i've seen cisco's do it.  i've seen extreme's do it.  i haven't seen
foundry's do it, but i'm sure they do.  (if i was a betting man, i'd put
money on it.)  murphy is always with us.  the question is, if you can
choose an architecture which mitigates such an event...  is the cost worth
it given your requirements?

At 18:55 3/5/2004 -0500, Miedaner, Tony wrote:

I was at an ISP company with the same setup.  The switch OS had a memory
leak and that resulted in the switch configuration getting blown
away.  Cisco fixed the problem.


and to be fair, extreme had engineers on-site to fix the problems i
encountered as well -- and this was back in 99/00 when they were a lot
less stable.


The main problem I see is that Cisco has a marginal track record with
switch security.  For instance VLAN1 the default VLAN - that'd be a fail
open for those who don't know.  Maybe that is fixed on the big ciscos
now but it is not fixed on the small ones.


that's the main problem with a lot of things, especially large
organizations that have purchased disparate network platforms and massaged
them into a single product line.

however, i must say, if you're still using the default VLAN for production
port assignment (or anything other than a 'non-assigned port placeholder',
you shouldn't be administering a network...  and you probably can't read,
since a lot of things have been published saying 'don't do that.')


In my view physical separation is good.  Big switch configs can get
pretty complicated.


i do have to agree with this, KISS.

-m

--
 "Information Warfare? Given the state of the industry, what we need is
  Information Welfare."  --Richard A Steenbergen
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: