Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Jacob1701
Jacob1701
Here to help
Member since Sep 26, 2020
May 24 2023
Community Record
8
Posts
0
Kudos
0
Solutions
Badges
May 18 2023
4:08 PM
OK, so it sounds like a compromise (Office US). I get some protection internally to stop any potential malware going through the internal network dur to IPS and thee manager gets some of what he wants that is not letting the MX do all of the work! So I will go this route. thanks alot.
... View more
May 17 2023
4:50 PM
Thanks alot. I did totally forget to put IPS into the equation. But since everything will be in one Vlan, does that mean IPS will not help either staying in Layer 2?
... View more
May 17 2023
4:47 PM
Can you talk my boss into get my location a 210? haha
... View more
May 17 2023
4:46 PM
You are correct. I did not explain my question very well. All PC's will be VLAN 1 and all IP phones vlan 200. Daisy-chaining would not use AMP staying within the Layer 2 range correct? I know it will communicating with external clients but does 3 switches put too much processing power on the MX if the switches are connected directly? I did not realize the max clients of an MX 84 but it seems to be ok.
... View more
May 17 2023
4:42 PM
I would love a layer 3 switch but if I use one MS120 as a core, it wouldtake a way the single point of failure but AMP would still not do anything if the data does not go past the core to the MX right?
... View more
May 17 2023
4:40 PM
YOur right. We are only using 2 Vlans, Vlan 1 for everyone and Vlan 200 for voice. Yes, going from 1.4 to .5 would stay within the switch (layer 2 MAC) so it does not need to go to the MX being in the same Vlan and talking via layer 2. So if PC1 downloaded malware, the MX and AMP would never see it to do anything about it correct? It is a simpled setup and so my main concerns is will AMP help any if data is staying within the same subnet via a layer 2 switch and if we just connected all switches directly to the MX, the data will still need to travel through the MX even it is in the same subnet then AMP could possibly do some help correct? I did make my question too long for a simple answer. Does connecting switches directly to the MX use alot of processing power for the routing and AMP as opposed to daisy-chaining which prevents the MX from doing more processing but AMP does nothinbg in the same subnet/vlan. SO basically everything is in the same subnet.
... View more
May 17 2023
5:40 AM
That would be great but we cannot get a Layer 3 switch! We only have MS120's
... View more
May 17 2023
4:59 AM
Hello Just want to see some thoughts and ideas. So our network consists on MX84, 3 MS120-48LP switches and 6 MR36 AP's. Management prefers to have a daisy-chain type topology where it goes from MX->MS1->MS2->MS3 and of course each switch is connected to a certain amount of nodes each. His way of thinking is that the MX is not a true router but a firewall so he doesnt want all of the switches connected directly to the MX to route everything including internally. What I prefer is for each MS to be connected to the MX directly through the front ports. This way even if the data is only staying internal from node to node, it is being router by the MX where the data can also be protected by AMP and get rids of a single point of failure in a switch. I am sure the MX84 has enough power to effectively do all the routing for the switches and AP's. The AP's would be connected to any switch in both scenarios. It is my understanding that AMP does not work in between switches so if one pc//node got infected with malware or ransomware so if each switch was directly connected to the MX, it can hopefully be stopped at the MX and not spread to the other switches and other network devices. It is correct that AMP does not work between switches right? only through the MX right? There are about a total of 300 PC's, printers and IP phones in this location. If the switches were daisy-chained, you would be wasting the 9 or so MX front ports. What do you all think so I can try to get him to switch to my way, if it secures the whole network better by AMP. Thanks @AMP @Security @NetDesign
... View more
© 2025 Cisco Systems, Inc.
