Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple small switches vs. a single big one; Granularity of control

From: Krzysztof Gajdemski <lists () kosciol com pl>
Date: Tue, 2 Mar 2004 15:57:18 +0100
02.03.2004, 11:37:16, Krzysztof Gajdemski wrote:

01.03.2004 13:33:16, Shimon Silberschlag wrote:

Lets take it to the extreme: someone (accidentally or intentionally)
resets (or otherwise changes) the switch configuration. With separate
switches, each segment can talk freely to all other servers on the
segment but not outside, since the FW watches that route. For one big
switch connected to an outside FW, all segments can talk to all
segments (if the switch behaves as a L2 one). What about 6500 with
FWSM? does resetting the config prevents it from seeing any traffic?

On C6500 platform all ports are in `disable' or `administratively down'

                                      ^^^^^^^
Ooops... 

On CatOS all ports are in *enable* state after `clear config all'
command unless you explicity change that behaviour using `set default
port status disable'. 

Sorry :)

     k.
-- 
- -  Krzysztof Gajdemski | songo @ debian.org.pl | KG4751-RIPE 
Registered Linux User # 133457 | BLUG Registered Member # 0005 
PGP publ. key at: http://i.use.vi.pl/gpg/gpgkey * ID: 3C38979D
,,Szanuję was wszystkich, którzy pozostajecie w cieniu'' SNERG 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: