1999-03-17-15:59:45 Pavlichek, Doris (GEIS, GE Capital Consulting):
> Uh, that's kind of a moot point if you're using CWSI or some other tftp
> server config. You should *always* have backup configs on hand. Just my
> two cents...
Errh, yup. Yes, you should back up your config somehow, and be able to restore
that backed-up config. Having done so, your swap-in time is gonna be
significantly longer than just using a switch as a rip-roaring snorting fast
hub, which it does without any fancy help; you'll have to download that
config, and since you want to have a single cold spare be able to swap in for
any of several live boxes, if you're downloading exotic VLAN setup stuff you
are gonna have to do something intelligent and do it right to make the swap-in
work properly. I prefer being required to be intelligent on my own time, and
try to arrange things so I can be dumb during a crisis.
Oh, and yup, you can use tftp for those configs, only tftp doesn't have any
authentication at all, and when you use it for upload you are making those
configs world-writeable, so the net on which those tftp configs live is the
most intimate, trusted, vulnerable net you have; the proposal that launched
this discussion thread would have the same switch that can see that tftp
config server also plugged right into the internet. And probably doing open
bridging until the tftp reconfig completed....
Please, no, I don't think I'll have any of that today, thanks.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
