[Dshield] Multi- Honed Servers

Tim Tuck tim.tuck at penrith.net
Thu May 30 20:04:55 GMT 2002

John Groseclose wrote:
> * Samantha Fetter <sama at enteract.com> [020530 07:12]:
> > Just to throw another 2cents in here, where I work we also don't allow
> > crossing a firewall boundary on switches, i.e. having the two
> > separate VLANs from either side of the firewalls on the same switch.
> This, I think, is an excellent practice, given that a catastrophic failure might result in the switch being replaced with one that doesn't have the configuration correct.

It should be common practice since some switches are highly vulnarable
to ARP flooding, i.e. if you overrun the arp cache of some switches they
stop being a switch thus directing traffic to all ports and thus become
a hub. blech...



More information about the list mailing list