[Bridge] Question about VLANs, bridges and switches

Ryan McConigley ryan at csse.uwa.edu.au
Fri Aug 26 02:56:16 PDT 2005

	I have a question about bridges, vlans and switches.    We had been using 
a bridge to provide filtering between our student labs and the main 
network.  All the filtering does is check that a known IP matches a known 
MAC address, this stops students plugging in laptops and stealing an IP 
address.  (And yes, we know about the MAC spoofing issues too)  The 
connection was nice and simple, basically:

        [Main switch]-----<bridge firewall>-------[Lab 

	And it was working fine.  Then of course, earlier this year, we upgraded 
our network and the guy who did it created vlans so now we're bridging from 
Vlan_1 to Vlan_2 on seperate ports on the same switch.

	That has apparently been working fine as well, but when one of the uni 
network guys looked at it he freaked and started going on about the 
problems of arp broadcasts and he was insisting we replace it immediately, 
but of course, couldn't provide any suggestions as to how to replace 
it.  Since we're in a university and things appeared to be working 
normally, I did what seemed natural... I ignored him.  (Mainly because it 
was the middle of semester and changing things then is bad)

	Step forward a few months and here I am currently building two replacement 
firewalls, so I thought I'd ask the list about problems with bridging vlans 
on the same switch.

	I'll admit, the switch sees the mac address on two ports with each port 
being on different vlans, so there could be some issues there, but also 
everything seems to be working fine.  The two seem to contradict each other 
or maybe we're just being lucky and not noticing problems.

	So, anyone have any suggestions?  Is what we're doing 
good/bad/suicidal?  Or does anyone have any suggestions how it could be 
done better?  This new box I'm giving VLAN functionality and possibly some 
routing too, still figuring out exactly how to put everything together and 
what is needed.

           Ryan McConigley - Systems Administrator                  _.-,
      Computer Science   University of Western Australia        .--'  '-._
        Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089       _/`-  _      '.
Ryan[@]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ryan  '----'._`.----. \
                                                                      `     \;
  "You're just jealous because the voices are talking to me"                ;_\

More information about the Bridge mailing list