[ previous ] [ next ] [ threads ]
 From:  Guy Boisvert <guy dot boisvert at ingtegration dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Virtual LAN?
 Date:  Tue, 16 Nov 2010 09:53:36 -0500
Le 2010-11-16 01:36, jonr at destar dot net a écrit :
> Rendra,
> To some top=posting is a sin and you might be in danger of eternal 
> hell fire and losing your immortal soul if you continue doing it. So, 
> what you will want to do is post below any replies and trim out 
> everything that does not pertain to your next question in the thread.

It is much easier to follow a conversation in the natural read / time 
order.  When a tech support like me receive hundreds of e-mail everyday, 
it simplifies a lot the task if people trim their e-mails and don't top 
post.  Micro$oft and their infamous Outlook are responsible in large 
part for top posting.  Outlook Top Post by default (and i didn't find a 
way to change that... holy crap!).

> Question 1: Yes, get yourself a couple of new switches that support 
> VLAN. Let your boss know that he will need to pony up and buy new 
> switches to achieve what he wants. Otherwise all the traffic will be 
> able to be sniffed and you will have no real security, just packets 
> with vlan tags that dont do anything. This is a perfect time for you 
> to get these switches and be able to expand your networking knowledge 
> by being able to play with better hardware at no expense to you.

I can "sniff" traffic from almost any switch including the one with 
VLANs.  That's why i told you in my previous post that serious security 
goes with physical switches without vlans per segment.

> Question 2: That would work. When you connect both switches together 
> you will create what is known as a trunk. All that is is a link that 
> can pass all VLAN traffic between the switches.

With HP Procurve, this would enable 802.1Q (Trunking) of vlans 1, 2 and 
3 on port 24:

conf t
vlan 1
tagged 24
vlan 2
tagged 24
vlan 3
tagged 24
wr mem --> saves config to nvram!


> Question 3: Well yes but why? For under 400 dollars US you can have 
> two new switches that support VLANs. Don't let this opportunity pass 
> you by. If you do, invariably what will happen is, you will in about 
> 2-3 months down the road want to do something that will require the 
> other switch to support VLANs.
> It is easer to have them pay for what you need now then to try and 
> nickel and dime them later.
> Jon

Better define clearly the needs and security issues/risks before 
buying.  If you go buying managed switches that support 802.1Q, you 
should with same brand if possible.  It will be easier to manage.  You 
could certainly get used Cisco or HP from EBay for a decent price.  Stay 
away from consumer grade stuff like D-Link and the likes.


Guy Boisvert, ing.
IngTegration inc.

AVIS DE CONFIDENTIALITÉ : ce message peut contenir des
renseignements confidentiels appartenant exclusivement à
IngTegration Inc. ou à ses filiales. Si vous n'êtes pas
le destinataire indiqué ou prévu dans ce  message (ou
responsable de livrer ce message à la personne indiquée ou
prévue) ou si vous pensez que ce message vous a été adressé
par erreur, vous ne pouvez pas utiliser ou reproduire ce
message, ni le livrer à quelqu'un d'autre. Dans ce cas, vous
devez le détruire et vous êtes prié d'avertir l'expéditeur
en répondant au courriel.

CONFIDENTIALITY NOTICE : Proprietary/Confidential Information
belonging to IngTegration Inc. and its affiliates may be
contained in this message. If you are not a recipient
indicated or intended in this message (or responsible for
delivery of this message to such person), or you think for
any reason that this message may have been addressed to you
in error, you may not use or copy or deliver this message to
anyone else. In such case, you should destroy this message
and are asked to notify the sender by reply email.