On 15 Apr 2002, at 15:56, Ben Nagy wrote: > I'm a young pup, too, and I wouldn't ever use a VLAN in a small > environment where I had the option to use a separate, dumb switch.
If all you're using VLANs for is to slice up a big expensive switch to behave like several smaller (and MUCH cheaper) switches, then separate dumb switches are the way you should go. VLANs only begin to make sense when you ALSO need to have separate networks(*) interspersed in a way that doesn't match your physical topology, so that you are trunking VLANs between dispersed switches. And I'm not sure I'd really recommend them unless you also have routing available on at least a few core switches, rather than depending on a separate box for that. (*) While these networks probably have separate policies, they should essentially all be "trusted" if they are sharing the same set of switches. It's putting untrusted traffic on a VLAN across the same switches as trusted traffic that risks compromise from outsiders. DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
