On 7/25/06, Eugen Leitl <eugen at leitl dot org> wrote:
> I have an unrelated question:
As someone else said, don't hijack threads. Whether your question is
related or not, it's never appropriate to throw a second question into
> to 1) use the mini-ITX system to protect any system but the switch
yes. You can also protect the switch's IP by setting up a dedicated
management VLAN. All decent switches support this.
> 2) by removing the VLANs I should be able to recover from a
> misconfigured or defect firewall.
No. When you have VLAN's, it's the same as having a bunch of
individual switches. Different broadcast domains, and different IP
subnets on each. If there isn't anything to route between them, your
network is dead.
> If I do the above, can I still do VLAN isolation of each
> individual host on the switch? (how?)
Depending on what kind of switch, you may be able to put all hosts in
a single VLAN and prevent them from talking to each other (google
PVLAN, and/or check out the docs for your switch).