>That's poetry. It might be, if it were true. I'm not sure that it is, though.
From a distribution layer (/30 for routing to a firewall from a router), I can't think of what you'd need to intentionally do to allow bypass of the firewall that has anything to do with VLANs. If I somehow moved the router into one of the 'internal' networks, bypassing the firewall, the router would have no route to a host, nor would the host have a route to the router. The only exception would be if you're running a L2 bridging firewall, but then I don't think the concept of VLANs is even applicable... Explain? Best Regards, Nathan Eisenberg