So, let me preface this in that I'm old, and a layer 3/4/7 security guy these days, and always been of the thought that at minimum your external/untrusted/ISP connectivity should always be on a separate physical switch, and ideally your DMZ on another, and then LAN side switching guys they can do whatever they want (as they usually do).
However I haven't done any switching in over a decade, last ones I really touched in anger were Catalyst 6500s.
What's the prevailing opinion these days? Is is safe "enough" to use a single top of rack switch to provide all connectivity and then VLANs to logically separate?
No comments:
Post a Comment