to vlan or not to vlan, that's the question - Network

This is a discussion on to vlan or not to vlan, that's the question - Network ; Hello everyone, 1st. post on this group here! Actually the network I administer, consists of actually 3 networks, INTERNAL, DMZ, and EXTERNAL, that may be a familiar scenario for most of you, simple and effective. The three networks, are interconnected ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: to vlan or not to vlan, that's the question

  1. to vlan or not to vlan, that's the question

    Hello everyone, 1st. post on this group here!

    Actually the network I administer, consists of actually 3 networks,
    INTERNAL, DMZ, and EXTERNAL, that may be a familiar scenario for most of
    you, simple and effective. The three networks, are interconnected with a
    firewall (on a linux box, using netfilter). I was asked to literally
    divide the network in two (phisically and/or logically), intending to
    improve security & performance.

    That's why we considered the option of a switch with VLAN support (but
    we haven't done it in a serious way yet). Notice that we're talking
    about a network with <100 hosts, counting servers and workstations.

    The 1st. question is:
    1) Why would I spend $$ on a switch that supports VLAN, among other
    features(*), if (IMHO) I can implement the same thing with 2 common
    switches (less money), and a firewall interconnecting them (managing
    security & routing) ?

    beside the -probable- answer is 'you just don't need vlan!!! Don't burn
    money!', please let me write some additional questions:

    2) in what environment is really worthy implement vlan?
    Google took me here:
    http://nislab.bu.edu/nislab/educatio...ementation.htm
    "Why implement Vlan?" but, It'd be nice to see comments about some
    real-life examples.

    3) What can I do with a vlan switch than I CANNOT DO with 2 switches?

    4) The firewall/router interconnecting both networks will have any
    special issues to consider if the interconnected networks are a vlan
    network, or are independient?


    (*) there may be other features, that I don't know, and even I may not
    need, but this can be gently answered in question 2

    Regards,


    pd: sorry for my eventual lack of knowledge, in that case, here go my
    apologies in advance, and I'd be glad to be pointed to some "FMs"...so I
    can RTFM :P


    --
    Jose R. "Xous" Negreira
    [ *xous*at*xouslab_dot_com* ]
    XousLAB - http://www.xouslab.com
    iptableslinux - http://www.iptableslinux.com

  2. Re: to vlan or not to vlan, that's the question

    Just use a firewall between each switch. Once you set it up it will stop
    unwanted traffic in either direction between the switches.


    "Xous - Jose R. Negreira" wrote in message
    news:d29m7p$np6$1@domitilla.aioe.org...
    > Hello everyone, 1st. post on this group here!
    >
    > Actually the network I administer, consists of actually 3 networks,
    > INTERNAL, DMZ, and EXTERNAL, that may be a familiar scenario for most of
    > you, simple and effective. The three networks, are interconnected with a
    > firewall (on a linux box, using netfilter). I was asked to literally
    > divide the network in two (phisically and/or logically), intending to
    > improve security & performance.
    >
    > That's why we considered the option of a switch with VLAN support (but we
    > haven't done it in a serious way yet). Notice that we're talking about a
    > network with <100 hosts, counting servers and workstations.
    >
    > The 1st. question is:
    > 1) Why would I spend $$ on a switch that supports VLAN, among other
    > features(*), if (IMHO) I can implement the same thing with 2 common
    > switches (less money), and a firewall interconnecting them (managing
    > security & routing) ?
    >
    > beside the -probable- answer is 'you just don't need vlan!!! Don't burn
    > money!', please let me write some additional questions:
    >
    > 2) in what environment is really worthy implement vlan?
    > Google took me here:
    > http://nislab.bu.edu/nislab/educatio...ementation.htm
    > "Why implement Vlan?" but, It'd be nice to see comments about some
    > real-life examples.
    >
    > 3) What can I do with a vlan switch than I CANNOT DO with 2 switches?
    >
    > 4) The firewall/router interconnecting both networks will have any special
    > issues to consider if the interconnected networks are a vlan network, or
    > are independient?
    >
    >
    > (*) there may be other features, that I don't know, and even I may not
    > need, but this can be gently answered in question 2
    >
    > Regards,
    >
    >
    > pd: sorry for my eventual lack of knowledge, in that case, here go my
    > apologies in advance, and I'd be glad to be pointed to some "FMs"...so I
    > can RTFM :P
    >
    >
    > --
    > Jose R. "Xous" Negreira
    > [ *xous*at*xouslab_dot_com* ]
    > XousLAB - http://www.xouslab.com
    > iptableslinux - http://www.iptableslinux.com




+ Reply to Thread