Madhur writes:
...if we r having multiple addresses on one interface...how we
can make it talk to different networks corresponding to each ip
address the interface has.....i wish to use this in a switch
environment ( LAN) using VLANs. but searchin for some
info on global VLAN, in layer 2 switch one port can belong
to one VLAN, now say i have layer 2 switch with 24 ports
and 23 ports belong to 23 differnet configured VLANS and
24th port i wish to belong to global VLAN ie should be
able to talk to 23 VLANs . On 24th port i wish to connect
my solaris box configured with multiple ip addresses...one
each from 23 vlans
0) Please use the verb 'are' instead of the letter 'r'.
1) Limits on how many VLANs a port may belong to are strictly a vendor
related thing.
2) It sounds to me like you really want a good managed layer 3 switch.
(Every layer 3 switch that I've seen will also function as a layer 2
switch.) For instance our Alcatel/Xylan switches allow a single port to
belong to an absurd number of VLANs based on anything from mac address to ip
address to network protocol (yes, we have DECnet vlans).
3) Don't use a switch as a security device. In concept it's a great idea,
but except for bridging firewalls like the lucent brick, I have yet to see a
switch which was designed as a security device. This means that issues
which are important to security take a back seat to issues involving ease of
use, speed, or 'do what I mean'. Things that you need to check for from a
security standpoint (malicious packet injection) take processing power and
coder budget, so they're unlikely to get added. Finally, while it may be
possible to use a switch as security device, the amount of effort required
to achieve a secure configuration is likely to exceed that required for a
similarly powered router.
- Jeff Younker - [EMAIL PROTECTED] - These are my opinions, not MDL's -
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
