* Gordon Grieder <[EMAIL PROTECTED]> [2008-07-12 15:27]:
> [ VLANs ] just work well when configured properly.
which is exactly the point. there are too many misconfigured VLAN
setups out there, and some vendors (namely: cisco) have fucked up
defaults. cisco (at least: used to, not sure about the current status,
I long abondoned that crap) puts all ports in "dynamic" mode by
default, where a port automagically goes to vlan tagged ("trunk" in
their terminology) when they see their proprietary GVRP-alike protocol
announcements, and worse, their "trunks" by default carry ALL !!!
vlans. every other switch i came across has sane defaults as in ports
do not automagically traverse to tagged and vlans have to be assigned
to a port specifically, unless explicitely configered otherwise.
also, averybody SHOULD have mac address limits on every port, VLANs or
not. unfortunatly pretty much all vendors make that way too hard and
have stupid limitations in their implementations, aka configurable mac
address limit per port is 1-32 or unlimited (hello HP? stupid).
all that said, I do trust PROPERLY CONFIGURED vlan setups. I do trust
mine. I rely on VLANs and their seperation.
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
