[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLANs and m0n0wall
 Date:  Fri, 2 Dec 2005 12:42:32 -0500 
On 12/2/05, Adam Armstrong <adama dash lists at memetic dot org> wrote:
> In this instance the m0n0wall box should replace the layer 3 card in the
> cat5k, unless you have lots of static routes on the devices within the vlan,
> else all of the traffic will becoming from the layer 3 card on vlan 1,
> rather than on the vlan sub interfaces you created.
>

No, no firewall should replace a L3 switch for the L3 purposes.  The
Cat is *much* faster than any firewall could be with routing between
the VLAN's.  If you're more concerned about easy filtering between the
VLAN's than performance, and not much traffic goes between the VLAN's,
you could get by with routing between them using m0n0wall.  In
virtually every situation, I would strongly discourage replacing a L3
switch with any firewall.

-Chris