On Wed, Aug 3, 2011 at 13:20, Ben Scott <[email protected]> wrote: > > On Wed, Aug 3, 2011 at 3:53 PM, David Lum <[email protected]> wrote: > > Use the Dell switch, have the firewall be promiscuous and VLAN off the > > various ports so they can only see the firewall as well as get DHCP from it. > > I would tend to prefer to keep IP traffic completely separated -- > different DHCP scopes, different subnets, etc. If the firewall > supports 802.1Q VLAN tags, you should be able to create a virtual > interface on the firewall for each VLAN, and treat them like different > physical ports. In such a situation you can actually end up with a > firewall with only one physical network connection, using VLANs for > everything; this is sometimes called "router on a stick". > > Not saying what you propose wouldn't work, I just don't like the > whole layer two selective forwarding thing (that's what I have the > firewall for). Maybe I'm just old fashioned. > > -- Ben
+1 There's a place for old-fashioned in this arena. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
