Using VLAN's to segregate external and internal traffic is just fine as long as there is some type of filtering device between the VLAN's. Add the IDS systems on each side and you have a pretty standard set-up.
Chris Kirschke Lead Engineer Astreya Partners, Inc [EMAIL PROTECTED] 408-790-5900 xt 531 -----Original Message----- From: Paul Robertson [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 11, 2002 3:31 PM To: Chris Kirschke Cc: Jim MacLeod; Fei Yang; [EMAIL PROTECTED] Subject: RE: Cisco IDS On Thu, 11 Apr 2002, Chris Kirschke wrote: > of our clients, actually. Customers aren't in the mood to be buying > alot of switches these days and using the VLAN's for what they were > designed for isn't rocket science:-) VLANs were designed to seperate broadcst domains, *not* to segment external and internal traffic. History has proven that to be at least questionable and sometimes disasterous, and that's probably going to be the case again. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
