Hi All,
So I have a Management VLAN for all my network devices: 10.0.100.0/24
I have a L3 Core Switch doing all interVLAN routing: 10.0.100.254
I have a Firewall connected to the L3 Core Switch on the MGMT VLAN: 10.0.100.1
I also have another connection on the L3 Core Switch in a 10.0.200.0/30 Transit VLAN between the FW and Core. FW's IP is 10.0.200.1 and Core's IP is 10.0.200.2 in a /30 network.
Then I have a default route from Core to Firewall. (#ip route 0.0.0.0/0 10.0.200.1)
Now, I can either use the transit VLAN or the management VLAN to set the static route from the Core to the Firewall. What is the benefit of using the 10.0.200.0/30 network vs. the Management network for routing traffic via static default route? I really want to get rid of the transit network (10.0.200.0/30) and just route traffic over the MGMT link, but what is the security risk?
No comments:
Post a Comment