On Mon, Feb 15, 2010 at 5:28 PM, Gary Buckmaster <[email protected]> wrote: > David Burgess wrote: >> >> I would like to know if somebody can tell me an advantange, other than >> raw throughput, of a router with multiple interfaces when compared >> with a router using few physical interfaces but vlans in their place. >> I cannot come up with one. >> > > Physical segregation of network segments with differing security policies > would be another. Admittedly, this is a philosophical difference, but I > typically don't keep network segments that have different security stances > on the same hardware if I can help it. Multiple LAN segments can certainly > share the same physical hardware and just be segmented by VLANs, but I would > shy away from having a LAN segment and a DMZ segment on the same switch and > sharing the same NIC on the router/firewall. >
This depends on how much you trust your switches, and more so, how much you trust your admins. It's usually easier to inadvertently configure something on the wrong VLAN than it is to plug something into the wrong switch. Especially if you have people without much network knowledge messing with your switches. There are also possibilities, if your switch has bugs or is improperly configured, to hop between VLANs where that's impossible with physically separate switches. Most of it comes down to using a proper configuration, and ensuring it stays a proper configuration. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
