On 05/08/10 06:51, David Burgess wrote: > my DSL and LAN ports will be on the same switch, different vlans. This ... > what are my risks? I know it has been said on this list that WAN and
if you can clearly label the switch so that you yourself "cannot" make a mistake when connecting cables if you use colour-coded cables to prevent accidental cable swapping if the switch is physically secure requiring a key if the switch has no IP address on untrusted/dangerous vlans if the switch has access controls to limit access to management port to trusted networks, and has username/password authentication (preferably over ssh or https) if the switch's port are set so that connected devices can't cause them to flip from untagged to tagged mode (in cisco speak from access to trunk - "switchport nonegotiate" then I'd say it's fairly safe. but even so I still really want to physically isolate unfirewalled network strands just in case! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
