On Wed, Aug 3, 2011 at 3:53 PM, David Lum <[email protected]> wrote: > Use the Dell switch, have the firewall be promiscuous and VLAN off the > various ports so they can only see the firewall as well as get DHCP from it.
I would tend to prefer to keep IP traffic completely separated -- different DHCP scopes, different subnets, etc. If the firewall supports 802.1Q VLAN tags, you should be able to create a virtual interface on the firewall for each VLAN, and treat them like different physical ports. In such a situation you can actually end up with a firewall with only one physical network connection, using VLANs for everything; this is sometimes called "router on a stick". Not saying what you propose wouldn't work, I just don't like the whole layer two selective forwarding thing (that's what I have the firewall for). Maybe I'm just old fashioned. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
