Re: Switch recommendations

From: Adam bultman <adamb@glaven.org>
Date: Thu Aug 25 2005 - 10:13:51 AKDT

Damien Hull wrote:

>Arthur Corliss wrote:
>
>
>
>>On Wed, 24 Aug 2005, Damien Hull wrote:
>>
>>
>>
>>
>>
>>>I hope they have a lot of $ to spend. A 48 port switch will cost you.
>>>Getting one that's managed will put nice dent in anyones budget. I'm
>>>currently using a Hawking but it's only 24 ports. Cost me $310 with
>>>shipping. It does a lot more then most switches at that price.
>>>
>>>http://www.hawkingtech.com/products/productlist.php?CatID=36&FamID=49&ProdID=170
>>>
>>>Why do they need VLans? Most networks don't need them.
>>>
>>>
>>>
>>>
>>?! If they have the need for that kind of port density there's very likely a
>>lot of benefit for VLANs and other management capabilities. How about
>>securing and controlling access to your backend servers? How about
>>segregating your departmental traffic? If they have publically exposed
>>systems how about a DMZ?
>>
>>*Most* networks can use them, and there's probably a majority of those
>>networks that should but aren't.
>>
>> --Arthur Corliss
>> Bolverk's Lair -- http://arthur.corlissfamily.org/
>> Digital Mages -- http://www.digitalmages.com/
>> "Live Free or Die, the Only Way to Live" -- NH State Motto
>>---------
>>To unsubscribe, send email to <aklug-request@aklug.org>
>>with 'unsubscribe' in the message body.
>>
>>
>>
>>
>>
>>
>>
>Not sure I would put a DMZ on a VLAN. I prefer mister 3 legged firewall
>for a DMZ. I was planning on using VLANs as part of wireless security. I
>haven't figured out how I'm going to do that yet but that's the plan.
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
>
>

Lots of people do. I'm not aware of too many things you can to do try
to skip over VLANs. At work, there's two switches, and about 7 VLANs.
If you aren't on the right vlan, you're stuck. You can't sniff traffic
on other vlans, period - ports on VLAN1 cannot talk to ports on VLAN2,
and you need a router to make them talk at all. They're pretty safe -
safe enough for lots of people to use them. Three legged firewalls
aren't always available or fast enough (our 5 legged firewall - the
imagestreams - were horrid with that many ports used)

Adam

Adam
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Aug 25 10:14:22 2005

This archive was generated by hypermail 2.1.8 : Thu Aug 25 2005 - 10:14:22 AKDT