On Sun, Aug 17, 2003 at 09:28:32AM -0600, John Repass wrote: > My question is this: Can I treat say bond0.433 and bond0.434 as completely > seperate interfaces for iptables purposes? What I mean to say is, I know I > can do it, can I do it as safely as the old fashioned method of configuring > one port to be vlan 433 and one on 434, one internal, one external, or with > putting a firewall in-line with each internet connection?
Both the old method (one physical port per vlan) and the new method (multiple physical ports in a trunk using tagged vlans) are (somewhat) unsafe *if* the switch uses a single MAC address table for all the VLANs. Just make sure that the model / version of Cisco switch / IOS firmware supports separate tables per VLAN and you should be able to tread bond0.433 and bond0.434 as completely separate interfaces. Hope this helps, Luca -- Luca Filipozzi "Linux gives us the power to crush those that oppose us." - switchlinux gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
