Linux Advocate wrote: >the switch though must still be vlan capable or >even basic taiwanese switches will do?
Yes, the switch itself must be VLAN capable - so that means your basic £20 jobs won't do. However, you don't have to spend a fortune to get into the lower end of capable switches. For example, the Netgear FS726T (http://netgear.com/Products/Switches/SmartSwitches/FS726T.aspx) can probably be found for £150, and will give you 24 10/100 ports and two 1G ports. Hook one of the gig ports to your router, the other to your server (if you have a separate server), setup your VLANs, and you can have a different network on each of the ports. As a practical example, if you splash out around £300 on the PoE version (http://netgear.com/Products/Switches/SmartSwitches/FS726TP.aspx) then you get 12 powered ports. Many VoIP phones support VLANs as well, so you can have up to 12 desk phones on one subnet (all powered from the switch), and a separate subnet on a separate VLAN for your data traffic. If you don't want to be able to plug your computer into the back of the phone, then the phone doesn't need to support VLANs*. Another use would be to have PoE wireless access points on a different network to your hardwired kit - thus allowing your to have an open wireless while keeping your network secure. With one switch though, you don't really need VLANs (you can just use multiple network ports on the router) - where it REALLY comes into play is on larger installations. At work we have a site (a 'science park' campus) that has an extensive fibre network. All the switches are fully managed, and the different subnets for customer connections are managed from a single router and distributed on their own VLANs - dozens of networks, all segregated, but passed down one cable. * You have a choice for each port on the switch. It can be 'untagged' and belong to a single VLAN - that is just like a basic switch. Or it can be 'tagged' and pass VLAN tagged packets - the device at the other end is then responsible for managing the VLANs it uses. So for a VLAN capable VoIP phone, you can set the switch port to tagged, and configure the phone to connect itself to one VLAN and bridge it's PS port to another VLAN. A PC plugged into the back of the phone would then get connected to a different network to the phone - while only using the one cable. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
