|
||||||||
Le 2010-11-16 01:36, jonr at destar dot net a écrit : > Rendra, > > To some top=posting is a sin and you might be in danger of eternal > hell fire and losing your immortal soul if you continue doing it. So, > what you will want to do is post below any replies and trim out > everything that does not pertain to your next question in the thread. It is much easier to follow a conversation in the natural read / time order. When a tech support like me receive hundreds of e-mail everyday, it simplifies a lot the task if people trim their e-mails and don't top post. Micro$oft and their infamous Outlook are responsible in large part for top posting. Outlook Top Post by default (and i didn't find a way to change that... holy crap!). > Question 1: Yes, get yourself a couple of new switches that support > VLAN. Let your boss know that he will need to pony up and buy new > switches to achieve what he wants. Otherwise all the traffic will be > able to be sniffed and you will have no real security, just packets > with vlan tags that dont do anything. This is a perfect time for you > to get these switches and be able to expand your networking knowledge > by being able to play with better hardware at no expense to you. I can "sniff" traffic from almost any switch including the one with VLANs. That's why i told you in my previous post that serious security goes with physical switches without vlans per segment. > Question 2: That would work. When you connect both switches together > you will create what is known as a trunk. All that is is a link that > can pass all VLAN traffic between the switches. With HP Procurve, this would enable 802.1Q (Trunking) of vlans 1, 2 and 3 on port 24: conf t vlan 1 tagged 24 vlan 2 tagged 24 vlan 3 tagged 24 quit wr mem --> saves config to nvram! https://learningnetwork.cisco.com/servlet/JiveServlet/showImage/2-76073-13705/802.1q+image http://www.cisco.com/image/gif/paws/24064/171a.gif http://www.corecom.com/external/livesecurity/vlan-fig2.gif > Question 3: Well yes but why? For under 400 dollars US you can have > two new switches that support VLANs. Don't let this opportunity pass > you by. If you do, invariably what will happen is, you will in about > 2-3 months down the road want to do something that will require the > other switch to support VLANs. > > It is easer to have them pay for what you need now then to try and > nickel and dime them later. > > Jon > Better define clearly the needs and security issues/risks before buying. If you go buying managed switches that support 802.1Q, you should with same brand if possible. It will be easier to manage. You could certainly get used Cisco or HP from EBay for a decent price. Stay away from consumer grade stuff like D-Link and the likes. GB -- Guy Boisvert, ing. IngTegration inc. http://www.ingtegration.com AVIS DE CONFIDENTIALITÉ : ce message peut contenir des renseignements confidentiels appartenant exclusivement à IngTegration Inc. ou à ses filiales. Si vous n'êtes pas le destinataire indiqué ou prévu dans ce message (ou responsable de livrer ce message à la personne indiquée ou prévue) ou si vous pensez que ce message vous a été adressé par erreur, vous ne pouvez pas utiliser ou reproduire ce message, ni le livrer à quelqu'un d'autre. Dans ce cas, vous devez le détruire et vous êtes prié d'avertir l'expéditeur en répondant au courriel. CONFIDENTIALITY NOTICE : Proprietary/Confidential Information belonging to IngTegration Inc. and its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email. |