Firewall Wizards mailing list archives
Re: DMZ Ideas
From: "Dale W. Carder" <dwcarder () doit wisc edu>
Date: Mon, 04 Oct 2004 09:07:33 -0500
On Sep 30, 2004, at 2:58 PM, firewalladmin () bellsouth net wrote:
Some ideas are VLAN's, seperate subnet on router, etc. The site is the sizeof a big college campus, so separating the devices onto a seperate backbone/subnet will be physically difficult and expensive as well. All suggestions are appreciated.
Vlans may work for you depending on the size of your switch domain. You could use rapid spanning-tree to overcome traditional spanning-tree scaling limitations. However, configuring vlans around town can be a chore without some homemade config scripting tools.
It's probably a heck of a lot easier for you to implement VPNs with MPLS. With that you could keep all of your RFID stuff on it's own network with its own address space with no or limited connection to the outside world, with all of the advantages of using a combined campus backbone network infrastructure. If you do require access off the rfid network, you can backhaul all of the MPLS VPNs to a single point and save on firewalling, IDS, etc. costs.
Dale Network Guy University of Wisconsin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: DMZ Ideas Luke Butcher (Sep 30)
- <Possible follow-ups>
- Re: DMZ Ideas Marcus J. Ranum (Sep 30)
- Re: DMZ Ideas Kevin (Oct 01)
- Re: DMZ Ideas Carric Dooley (Oct 01)
- Re: DMZ Ideas Dale W. Carder (Oct 05)