|
Posted by Manfred Kwiatkowski on September 6, 2006, 12:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Do you need physical ports, or could you start subdividing existing
>> physical ports with tagged VLANs? Or is the firewall too old for
>> that?
>
>VLANs are usually a hassle to configure, maintain, document, and there is
>always the risk that someone did them wrong and you don't have the security
>of separation you thought you had. I've also seen switches with bugs that
>allow traffic to cross VLANs unintentionally.
A switch acting as a fanout of untagged ports is conceptually the
same as a multiport ethernet card. On the front you get seperated
ethernets an on the rear there runs some multiplexing software between
the cpu and some firmware you cannot check to 100%. It is just
an external ethernet card, that runs dot1q instead of a proprietary
protocol or e.g USB. BTW have you considered an USB-Ethernet
adapter if you put more confidence in that...?
--
Manfred Kwiatkowski kwiatkowski@zrz.tu-berlin.de
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map