I have a situation where I have all traffic going through a firewall and
one of the VLANs shouldn't talk to the other VLANs. I just put a router
between the switches and the firewall and null routed traffic from the
restricted VLAN to any of the other VLANs.
Karen E Young
Network Engineer
ELF Technologies, Inc
[EMAIL PROTECTED]
Desk: 206-770-4035
Pager: 206-994-4514
"Kent
Hundley" To: "'joe'" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
<khundley@luc cc:
ent.com> Subject: RE: VLAN Dumb question
Sent by:
nobody@groups
tudy.com
07/21/00
11:12 AM
Please
respond to
"Kent
Hundley"
If your saying you want the devices on each VLAN to have to transit the FW
to talk to each other, you have 2 choices:
1) Install 1 nic in your FW for each VLAN, the IP address of the NIC
becomes
the DG for its respective VLAN
2) Install a nic in your FW that supports VLAN trunking (intel has these)
and run a VLAN trunk between your switch and FW. Each VLAN on the NIC will
have a separate IP address which will be the DG for its respective VLAN.
My preference is option 1. You need more hardware, but its more secure.
It
has been shown that a properly crafted packet can be made to hop from one
VLAN to another without going through a DG. This was done with 802.1q, so
ISL may not have this flaw, but physical separation is always more secure
than logical separation, and nics aren't very expensive.
-Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
joe
Sent: Friday, July 21, 2000 9:50 AM
To: [EMAIL PROTECTED]
Subject: VLAN Dumb question
Hi,
I am a novice and I have a dumb question for you learned people ....
I know how the vlans operate and how to configure them stuff ... But I
seemed to be stumped by a issue here which I am not sure of. I have a
firewall connecting through a 6000 switch. I need to configure this with
three VLANS which cannot communicate with each other but they should be
able
to access the network. I have given them different network numbers and all
that.... my question is
what is the default gateway for these VLANS
joe
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
