On Sat, Jul 12, 2008 at 12:35:46AM -0400, Geoff Steckel wrote: > > >I knew it was a matter of time before the "vlan insecurity" bullshit hit > >the fan. RTFA. Who says anything about "blindly trusting" switches? > >If you can't correctly configure VLANs on your switches, and filter on > >vlan(4) interfaces in PF, you shouldn't be administering production > >networks. There's nothing functionally different between: > > > >I've developed networks with over a dozen routed VLAN segments on a > >single physical GbE link. With carp(4) interfaces on top. It's easy. > >In fact, it's a hell of a lot less error- and failure-prone than > >managing 5 interfaces. If you're not going to use the features that > >came with those $5k switches you just bought, you might as well stick > >with $100 Netgears from Best Buy. > > Oh dear gracious goodness me. > > $5K switches > > Can I sell you a few? Or tell me what brand you buy so I > can buy stock? > > And who is your power company so I can buy stock? > > And who is your landlord so I can buy shares? > > I'm sorry, but my application doesn't seem to bear any resemblance > to yours. Certainly my constraints are very different.
How ironic, given that I'm suggesting using *fewer* resources. Let that sink in for a while. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
