On 1/9/10 5:40 PM, Tortise wrote: > I thought a managed switch was a pre-requisite for VLAN's, as is one > pfSense box (or equivalent).
Not necessarily. At least one box that can forward traffic among VLANs is the only requirement. In many network designs there's a 1:1 correspondence between VLANs and IP subnets, so that box is ... a router. pfSense is a router in the sense that it moves traffic between different IP subnets on different interfaces. (Routers also can run dynamic routing protocols such as OSPF but that's neither here nor there with regard to VLAN and subnet configuration.) VLANs are Ethernet constructs and subnets are IP constructs: - at layer 2, each VLAN is its own broadcast domain (and collision domain, if using 802.11 or old half-duplex Ethernet stuff) - at layer 3, each IP subnet is its own broadcast domain As for "managed," that usually refers to whether a switch supports a network management protocol such as SNMP. Net management stuff is nice to have but isn't necessary for configuring VLANs and/or subnets. So, bottom line: One pfSense box *could* be enough if there are different VLANs/IP subnets defined on each interface and only one physical device per VLAN/subnet. OTOH if you want to have multiple devices in each VLAN, a switch hanging off each VLAN interface would be necessary. dn --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
