>I knew it was a matter of time before the "vlan insecurity" bullshit hit >the fan. RTFA. Who says anything about "blindly trusting" switches? >If you can't correctly configure VLANs on your switches, and filter on >vlan(4) interfaces in PF, you shouldn't be administering production >networks. There's nothing functionally different between: > >I've developed networks with over a dozen routed VLAN segments on a >single physical GbE link. With carp(4) interfaces on top. It's easy. >In fact, it's a hell of a lot less error- and failure-prone than >managing 5 interfaces. If you're not going to use the features that >came with those $5k switches you just bought, you might as well stick >with $100 Netgears from Best Buy.
Oh dear gracious goodness me. $5K switches Can I sell you a few? Or tell me what brand you buy so I can buy stock? And who is your power company so I can buy stock? And who is your landlord so I can buy shares? I'm sorry, but my application doesn't seem to bear any resemblance to yours. Certainly my constraints are very different. Oh well.... Please research the archives and contemplate my rant on engineering a few months ago. I'll shut up now.
