dedicated external ports

I have a number of catalyst 3750 stackable switches in the network. We are on 5 floors, each floor has it's own catalyst stack which ties into the core stack on the 1st floor. We are also layer 3 ip routing capable and have a number of vlans defined. I have some requests to run some dedicated ports, on other floors, that terminate to a switch that's connected outside the firewall. I'm thinking the way i have to do this is to define a vlan on an ip range that is defined on our external static range. Then connect the ports in the other floors, to access mode configured vlan ports at the floor switches and the core switch. Then connect the core port to the external switch. If done this way, i believe i'd have to route our external public address range internally. Is there another way to do this. Thanks

What you are contemplating is very, very insecure. You never, ever mix inside network ports and outside network ports on the same network. Why, because there are many different types of attacks and hacks that can very easily gain access to you internal network once they have access to a computer connected to the outside network. (Hacking isn't just layer 3!!!!) If someone compromises one of the outside machines, there are many attacks that can bring down your switches. The reason you have a firewall is to prevent these types of attacks, so why are you by-passing it? If you absolutely need to have these computers outside the firewall, put them on a completely separate network, separate wires, separate switches, separate routers. This is the only way to make sure that your internal network stays secure. Do a search on "Layer 2 security"

formatting link

Scott