to vlan or not to vlan, that's the question
Xous - Jose R. Negreira
Actually the network I administer, consists of actually 3 networks,
INTERNAL, DMZ, and EXTERNAL, that may be a familiar scenario for most of
you, simple and effective. The three networks, are interconnected with a
firewall (on a linux box, using netfilter). I was asked to literally
divide the network in two (phisically and/or logically), intending to
improve security & performance.
That's why we considered the option of a switch with VLAN support (but
we haven't done it in a serious way yet). Notice that we're talking
about a network with <100 hosts, counting servers and workstations.
The 1st. question is:
1) Why would I spend $$ on a switch that supports VLAN, among other
features(*), if (IMHO) I can implement the same thing with 2 common
switches (less money), and a firewall interconnecting them (managing
security & routing) ?
beside the -probable- answer is 'you just don't need vlan!!! Don't burn
money!', please let me write some additional questions:
2) in what environment is really worthy implement vlan?
Google took me here:
http://nislab.bu.edu/nislab/education/sc441/six/implementation.htm
"Why implement Vlan?" but, It'd be nice to see comments about some
real-life examples.
3) What can I do with a vlan switch than I CANNOT DO with 2 switches?
4) The firewall/router interconnecting both networks will have any
special issues to consider if the interconnected networks are a vlan
network, or are independient?
(*) there may be other features, that I don't know, and even I may not
need, but this can be gently answered in question 2 ;)
Regards,
pd: sorry for my eventual lack of knowledge, in that case, here go my
apologies in advance, and I'd be glad to be pointed to some "FMs"...so I
can RTFM :P
--
Jose R. "Xous" Negreira
[ *xous*at*xouslab_dot_com* ]
XousLAB - http://www.xouslab.com
iptableslinux - http://www.iptableslinux.com