[ previous ] [ next ] [ threads ]
 
 From:  GD Incorporation <rbasuki at gdincorporation dot com>
 To:  "'Guy Boisvert'" <guy dot boisvert at ingtegration dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Virtual LAN?
 Date:  Tue, 16 Nov 2010 11:53:15 +0700
Hi Guy and all m0n0wallist

Sorry for the top-post. Actually I am not ttrying to top-post anyone's
messages, just trying to reply your message. I hope I do this correctly now.
If not, please forgive me for I am not too experienced in forum manners.

By the way, what I wanted to achive is that I have 1 small 8 ports switch
and 1 wireless access point with 4-ports extended switch. I need to be able
to give full access to people connected to the wireless AP/Switch and block
the internet access for people connected to the regular 8-ports switch.

I was told to create 2 separate zone using VLAN. M0n0wall has that VLAN
feature and I never used it. Reading all the replies from the other guys, it
seemed I need VLAN supported Switches in order to enable the VLAN function.

However, I still want to confirm few things, can anyone helped me:
1. If I use 2 switches, do I still need to use VLAN Supported switches?
Based on the pictures you sent me it seemed I do :) Please confirm me on
this.
2. If I use 2 switches, would this be the correct structure? (I only have 2
LAN CARDS, one for WAN, and one for LAN). At the bottom picture, should I
connect the switch 1 to switch 2 by LAN?

Please help?
   Internet 
      |
      |
  ADSL Modem
      |
      |
 m0n0wall WAN - m0n0wall LAN --> switch 1 --> open users
                                   |
                                   --> switch 2 --> restricted users
 

3. If the structure above is correct, then I would need only 1 Switch to
support VLAN (Switch 1). Is this correct?

Thank you so much.
Rendra

-----Original Message-----
From: Guy Boisvert [mailto:guy dot boisvert at ingtegration dot com] 
Sent: Saturday, November 13, 2010 3:47 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Virtual LAN?


> [Stuff deleted...]
> We use VLANs to separate broadcast domains (a switch already separate 
> collision domains).  You could see vlans as separate dumb switches 
> (that doesn't support VLANs).  2 VLANs on 1 managed switch would be 
> equivalent to 2 physical dumb switch.  VLANs are defined at layer 2 of 
> the OSI model.
>
> [Stuff deleted...]

Replying to myself, i forgot to point out than in applications where
security is very important, separate switches are safer than 1 swith with
VLANs.  That's because switches can be fooled into forwarding frames between
VLANs by using advanced hack technique (like VLAN hopping).

http://www.itsyourip.com/Security/vlan-hopping-layer-2-security-exploit-bypa
ss-layer-3-security/


--
Guy Boisvert, ing.
IngTegration inc.
http://www.ingtegration.com