[Gllug] Buying a switch (a sort of repost/recap on an old thread)

[James Hawtin]

On Sun, Feb 07, 2010 at 07:54:15PM +0000, Richard Jones wrote:
> Sorry for bringing this one up again, but at the end of last year I
> asked about buying a reasonable gig-E switch for my home.  Since then
> I've moved in and run Cat5e cabling to most rooms.
> 
> I'd like to find a switch that can perform routing / firewalling
> between VLANs, without requiring a separate firewall.  None of the
> switches I've looked at seem like they can do this.  I could set up a
> cheap PC to do this, but that requires another box with 2 or 3
> ethernet ports, power and so on, so it's a good deal less efficient
> than just having a feature within the switch to set up firewalls.
> More space, more power, more noise ...
> 
> Is this something that any switches can do?

To do this kind of thing you need a pretty expensive layer 3 switch, to be
honest it make sence to seperate your low speed routing which probably need
firewalling from your high speed stuff that does not.

Netgear seems to have produced a range of "Layer 2" switches that have the
ability to do limited layer 3, inter vlan routing. Which might be an
interesting option for you. 

http://www.netgear.com/Products/Switches/FullyManaged10_100_1000Switches/GSM7224.aspx

Clearly your firewalling for the interweb will require a machine too do that,
however your probably always going to have to as I have never seen a swich
that does NAT for example. Your internet connection however does not need
gigabit switching power so you can use a much lower spec system for that. I
know your probably thinking that will make my routing difficult, however
what you do is let the route your vlans, and set the default route of the
switch to your internet gateway and then everything else is seemplez. (the
firewall will require a static route but that is easy enough).

James
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug