On Wed, 9 Jan 2002 [EMAIL PROTECTED] wrote: > I don't understand what you are saying. Are you suggesting that you simply > unpack your switches and plug them into the network right from the box?
No, I'm saying that I've always tried to avoid plugging in a switch which was configured to talk IP on a production network (Ciscos used to come out the box that way- I tend to buy cheaper/dumber devices these days.) > IP addresses on switches are in my opinion a very good idea, because then > I can monitor the traffic of each port on the switch, whereas otherwise > I'd have to load snmp agents on each server. Not only that, but it's a > very common management model in businesses to have separate WAN and LAN > teams. The person monitoring the switches often doesn't have any > administrative access to the servers. It's been probably 8 years since I've done anything with snmp that didn't count as turning it off. When I've needed to check the status of a server's service, I've done it by checking the actual service itself. When I've needed to check on equipment, I've done it through the console port wired to a terminal server to get away from in-band management issues. The single time I've been mandated to build in management, it got its own network (it was a router cloud- the switches still didn't get IP addresses.) To me, the benefit argument in the cost/benefit/risk analysis hasn't ever met the bar for managing switches. Buying more devices and building redundancy in up-front, or buying cheaper devices and cascading new gear in before anywhere near the MTBF both seem to me to be much better solutions than in-band managment. Unlike MAUs, CAUs and LAMs, I think I've only seen two Ethernet switch failures ever, and one was DOA. I've never been a huge fan of the "router/switch/cusinart" devices either though... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls