Hi Guy and all m0n0wallist
Sorry for the top-post. Actually I am not ttrying to top-post anyone's
messages, just trying to reply your message. I hope I do this correctly now.
If not, please forgive me for I am not too experienced in forum manners.
By the way, what I wanted to achive is that I have 1 small 8 ports switch
and 1 wireless access point with 4-ports extended switch. I need to be able
to give full access to people connected to the wireless AP/Switch and block
the internet access for people connected to the regular 8-ports switch.
I was told to create 2 separate zone using VLAN. M0n0wall has that VLAN
feature and I never used it. Reading all the replies from the other guys, it
seemed I need VLAN supported Switches in order to enable the VLAN function.
However, I still want to confirm few things, can anyone helped me:
1. If I use 2 switches, do I still need to use VLAN Supported switches?
Based on the pictures you sent me it seemed I do :) Please confirm me on
2. If I use 2 switches, would this be the correct structure? (I only have 2
LAN CARDS, one for WAN, and one for LAN). At the bottom picture, should I
connect the switch 1 to switch 2 by LAN?
m0n0wall WAN - m0n0wall LAN --> switch 1 --> open users
--> switch 2 --> restricted users
3. If the structure above is correct, then I would need only 1 Switch to
support VLAN (Switch 1). Is this correct?
Thank you so much.
From: Guy Boisvert [mailto:guy dot boisvert at ingtegration dot com]
Sent: Saturday, November 13, 2010 3:47 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Virtual LAN?
> [Stuff deleted...]
> We use VLANs to separate broadcast domains (a switch already separate
> collision domains). You could see vlans as separate dumb switches
> (that doesn't support VLANs). 2 VLANs on 1 managed switch would be
> equivalent to 2 physical dumb switch. VLANs are defined at layer 2 of
> the OSI model.
> [Stuff deleted...]
Replying to myself, i forgot to point out than in applications where
security is very important, separate switches are safer than 1 swith with
VLANs. That's because switches can be fooled into forwarding frames between
VLANs by using advanced hack technique (like VLAN hopping).
Guy Boisvert, ing.