RE: Internet traffic in a VLAN environment [7:9318]

Mon, 25 Jun 2001 06:23:38 -0700 

Thanks but not quite.  I was just wondering about the actual placement
of the Internet router.  Is it in it's own VLAN or is it part of another
VLAN with hosts, servers etc.  In terms of security, wouldn't best
practice dictate that a router that is directly connected to the
Internet, be segregated in its own VLAN?  Am I right or wrong?  I know
how to make it work either way, but I'd just like to get an idea of what
the better ways are of separating Internet bound traffic from LAN based
traffic?

Vijay Ramcharan


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Karen E Young
Sent: Saturday, June 23, 2001 2:23 AM
To: [EMAIL PROTECTED]
Subject: Re: Internet traffic in a VLAN environment [7:9318]


Vijay,

All you need is a default gateway on the router that points to the
internet. 

When an Internet destined packet from a workstation on a VLAN hits the
switch it gets dumped off on the router or MSFC since it doesn't have a
destination MAC address of a device on that VLAN. The router takes a
look at the IP and sees if it has a route. If it doesn't recognize the
destination network then it dumps it out the default gateway. Any return
traffic will have a destination IP and MAC address that the router and
switch will recognize.

Hope this helps.
        Karen

*********** REPLY SEPARATOR  ***********

On 6/21/2001 at 10:27 AM Vijay Ramcharan wrote:

>Could someone enlighten me on some of the best practices for directing 
>traffic destined for the Internet from a VLAN based environment? I 
>mean, is it best to create a separate VLAN and direct all unknown 
>traffic out through that VLAN and then out to the Internet? OR
>Do you just choose one preexisting VLAN and have that one connected to
>your Internet router?
> 
>I'm a bit confused. (lot confused?)
> 
>Vijay Ramcharan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9778&t=9318
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to