Merging two networks

[stauftm]

Hi all, our hospital and clinic are merging our two networks. We are all nortel, they are a mix and match of cisco, netgear, nortel. They have a core that consist of two cisco 3750's. Our core, a stack of 5500 series switches will eventually become the primary core. We simply have a single fiber link between us attached physically to our core's (the two organization are in one building). We created a vlan between us (113), I'm 10.10.113.2, they 10.10.113.1. Each port on the both cores are a tagged port. We put in static routes to communicate between the two networks.
This connection used to be connected via firewalls, we eliminated the firewalls due to integration purposes. Trying to make things as simple and clean as possible for apps, and networking to work. But I'm wondering if this could cause some issues on my core. I just wanted others opinion, or experience in this scenario. I'm actually considering moving the connection back to our firewall right now due to limited knowledge on this network, and possible issues, loops, broadcasts, etc.

Thoughts?
Thanks

[Michael McNamara]

It's usually a good idea to connect two new networks utilizing a firewall so you can determine if there is any suspicious traffic originating from the new network.

Ultimately it really comes down to security and how cautious you want to be and how risk adverse you are. I recently connected a new hospital to our network and utilized a firewall for that purpose. I slowly opened specific IP networks and ports/protocols reviewing the logs every day for any suspicious activity such as bots/trojans probing via ICMP and SMB. If you have a firewall interface available I would strongly suggest you use it. After you've had a chance to evaluate the new networks security posture you can always move the interface during a scheduled maintenance window. The first thing I usually review is the Antivirus solution that is deployed on the desktops/laptops and servers. If the users have local Administrator rights the things you can find are downright scary.

Good Luck!

[stauftm]

I have noticed that my STP root has moved over to those 3750's. Not sure if that is a big issue or not. Support hasn't blinked at it being an issue.

[Michael McNamara]

You probably don't want to run Spanning Tree between the two networks, at least initially... that might definitely create some unforeseen issues. I would advise that you disable STP on the ports connecting the two networks, just remember to leave it enabled globally.

Good Luck!

[stauftm]

So basically treat the port like a MLT type port in regards to STP, so on a 5500 series.

config t
interface fastethernet 1/19
spanning-tree learning disable

Is that what I'm understanding???
Thanks,
Todd

[Michael McNamara]

That is the correct command syntax.