RE: VLAN Dumb question

Fri, 21 Jul 2000 12:11:12 -0700 

Can't you make the IP address of firewall the gateway of each VLAN ?

-Ken


At 11:12 AM 7/21/00 -0700, Kent Hundley wrote:
>If your saying you want the devices on each VLAN to have to transit the FW
>to talk to each other, you have 2 choices:
>
>1) Install 1 nic in your FW for each VLAN, the IP address of the NIC becomes
>the DG for its respective VLAN
>
>2) Install a nic in your FW that supports VLAN trunking (intel has these)
>and run a VLAN trunk between your switch and FW.  Each VLAN on the NIC will
>have a separate IP address which will be the DG for its respective VLAN.
>
>My preference is option 1.  You need more hardware, but its more secure.  It
>has been shown that a properly crafted packet can be made to hop from one
>VLAN to another without going through a DG.  This was done with 802.1q, so
>ISL may not have this flaw, but physical separation is always more secure
>than logical separation, and nics aren't very expensive.
>
>-Kent
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>joe
>Sent: Friday, July 21, 2000 9:50 AM
>To: [EMAIL PROTECTED]
>Subject: VLAN Dumb question
>
>
>Hi,
>I am a novice and I  have a dumb question for you learned people ....
>
>I know how the vlans operate and how to configure them stuff ... But I
>seemed to be stumped by a issue here which I am not sure of. I have a
>firewall connecting through a 6000 switch. I need to configure this with
>three VLANS which cannot communicate with each other but they should be able
>to access the network. I have given them different network numbers and all
>that.... my question is
>what is the default gateway for these VLANS
>
>
>joe
>
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to