[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-wizards
Subject:    Re: [fw-wiz] DMZ Ideas
From:       "Dale W. Carder" <dwcarder () doit ! wisc ! edu>
Date:       2004-10-04 14:07:33
Message-ID: BC9AC6AE-160E-11D9-9ECC-000A95C5EF24 () doit ! wisc ! edu
[Download RAW message or body]


On Sep 30, 2004, at 2:58 PM, firewalladmin@bellsouth.net wrote:
> Some ideas are VLAN's, seperate subnet on router, etc.
> The site is the size
>   of a big college campus, so separating the devices onto a seperate 
> backbone/subnet will be physically difficult and expensive as well. 
> All suggestions are appreciated.

Vlans may work for you depending on the size of your switch domain.  
You could use rapid spanning-tree to overcome traditional spanning-tree 
scaling limitations.  However, configuring vlans around town can be a 
chore without some homemade config scripting tools.

It's probably a heck of a lot easier for you to implement VPNs with 
MPLS.  With that you could keep all of your RFID stuff on it's own 
network with its own address space with no or limited connection to the 
outside world, with all of the advantages of using a combined campus 
backbone network infrastructure.  If you do require access off the rfid 
network, you can backhaul all of the MPLS VPNs to a single point and 
save on firewalling, IDS, etc. costs.

Dale
Network Guy
University of Wisconsin


_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]