As my original post said, I am open to suggestions as I am just digging into this stuff for the first time (I had to look up layer2 and layer 3 again today to refresh my memory based on John's "IP Helper" comment - I have heard of it before...).
So ideally in your opinion the firewall would effectively give each VLAN (each VLAN defined by 802.1Q tags) it's own DHCP scope and thus their own IP settings, correct? In this case I use the PowerConnect to assign tags on various ports and the firewall will figure out which VLAN they need to go to, right? Dave -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, August 03, 2011 1:21 PM To: NT System Admin Issues Subject: Re: SMB firewall (was RE: VLAN N00b) On Wed, Aug 3, 2011 at 3:53 PM, David Lum <[email protected]> wrote: > Use the Dell switch, have the firewall be promiscuous and VLAN off the > various ports so they can only see the firewall as well as get DHCP from it. I would tend to prefer to keep IP traffic completely separated -- different DHCP scopes, different subnets, etc. If the firewall supports 802.1Q VLAN tags, you should be able to create a virtual interface on the firewall for each VLAN, and treat them like different physical ports. In such a situation you can actually end up with a firewall with only one physical network connection, using VLANs for everything; this is sometimes called "router on a stick". Not saying what you propose wouldn't work, I just don't like the whole layer two selective forwarding thing (that's what I have the firewall for). Maybe I'm just old fashioned. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
