For VLAN's you're going to want to go with Cisco managed swiches (2940's from E-bay) for the best experience.
Hands down they handle VLAN's better then any other cheaply available price. Basically you have Native switch ports, and trunked switch ports. On native ports, the device plugged into the other end is clueless about VLAN's, you just assign it one and it talks to everything else in the vlan. On trunked (or tagged) ports the device is responsible for tagging the traffic for which VLAN it's designated to. In Linux you create eth0.100 for a VLAN 100 port. and eth0.200 for vlan 200. As far as security is concerned, traffic for VLAN 200 will not be seen by VLAN100 devices. You could run your internal traffic on VLAN 100, and your Internet on VLAN 666. Your desktop / internal devices would be on a Native VLAN 100 port, The Asterisk machine would have a trunked port (With VLAN 100 and 666 allowed on the trunk port), with eth0.100 and eth0.666 setup on the Linux machine. This would give you two interfaces, with two sets of iptables rules to work with. If you have phones with PC ports on them you can also run 3 VLANs, Internet, Desktop and Voice VLAN's and tell the phones to put the PC data on one vlan, and voice on another. (Polycom and Cisco support this, and more I'm sure) I'm not sure if TAUG has a lab / test area, but I'd be glad to see about bringing some cisco gear up sometime to play with, I think there are even online vlan / switch interfaces for playing with. Chad On Tue, Mar 9, 2010 at 10:18 AM, terry D. Cudney <[email protected]>wrote: > Hi guys, > > Thanks for all the feedback on this question! > > Chad and Matthew suggested the vlan approach. I have a Netgear FS108P > switch available, it is a "smart" switch, not a "managed" switch, but so far > in my limited reading it appears that it should be useable to do this. > > If anyone can recommend a primer on vlans, that would be most helpful. > > thanks, > > --terry >
