If you have multiple VLANS, then all of their traffic has to pass through a
router to talk between them anyway. Can't you just use that same router to
either route to the internet or connect to a router that connects to the
internet? There's really no need to segregate the internet traffic to
it's own VLAN, is only traffic to/from the internet would get intermingled
into the VLAN traffic anyway.
Mike W.
"Vijay Ramcharan" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks but not quite. I was just wondering about the actual placement
> of the Internet router. Is it in it's own VLAN or is it part of another
> VLAN with hosts, servers etc. In terms of security, wouldn't best
> practice dictate that a router that is directly connected to the
> Internet, be segregated in its own VLAN? Am I right or wrong? I know
> how to make it work either way, but I'd just like to get an idea of what
> the better ways are of separating Internet bound traffic from LAN based
> traffic?
>
> Vijay Ramcharan
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Karen E Young
> Sent: Saturday, June 23, 2001 2:23 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Internet traffic in a VLAN environment [7:9318]
>
>
> Vijay,
>
> All you need is a default gateway on the router that points to the
> internet.
>
> When an Internet destined packet from a workstation on a VLAN hits the
> switch it gets dumped off on the router or MSFC since it doesn't have a
> destination MAC address of a device on that VLAN. The router takes a
> look at the IP and sees if it has a route. If it doesn't recognize the
> destination network then it dumps it out the default gateway. Any return
> traffic will have a destination IP and MAC address that the router and
> switch will recognize.
>
> Hope this helps.
> Karen
>
> *********** REPLY SEPARATOR ***********
>
> On 6/21/2001 at 10:27 AM Vijay Ramcharan wrote:
>
> >Could someone enlighten me on some of the best practices for directing
> >traffic destined for the Internet from a VLAN based environment? I
> >mean, is it best to create a separate VLAN and direct all unknown
> >traffic out through that VLAN and then out to the Internet? OR
> >Do you just choose one preexisting VLAN and have that one connected to
> >your Internet router?
> >
> >I'm a bit confused. (lot confused?)
> >
> >Vijay Ramcharan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9851&t=9318
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
