Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports

[David Gress <dgress91 () gmail com>]

A switch would be best but a router would be better than a hub.  
Because a switch will create multiple collision domains(one per port)  
a router will create multiple collision and broadcast  domains one per  
port. Hubs do neither they actually create

Sent from my mobile device

On Aug 18, 2009, at 7:07 PM, "David Gillett" <gillettdavid () fhda edu>  
wrote:

> > Ok...  let's change the situation around a bit.  If your
> > router only has four ethernet ports on it and you want to
> > connect seven computers to the LAN, do you buy a router or a
> > hub?  If you buy a router, you'll be creating a LAN within a
> > LAN - if you buy a hub, you'll just be extending the existing LAN.
>
> For such a small network, it is extremely unlikely that your router
> has four interfaces; odds are that it has two interfaces and that
> one of them connects to a switch inside the same box.  To extend
> it, I would ideally cascade a second (external) switch off of one
> of those switched ports.
>
> > Let's say the network my ISP connects me to is, itself, a LAN.
> > Technically, the fact that they provide my internet service
> > qualifies them as an ISP, does it not?  That this, shall we
> > say, pseudo ISP wants to ban me, however, does not mean their
> > ISP wants to ban me.
> > Indeed, thanks to network address translation, they wouldn't
> > be able to distinguish me from anyone else.
>
> IF, indeed, they are doing network address translation.  They
> probably are not, which means that providers upstream from them
> can single out your LAN's traffic from anyone else's.
>
> I don't know what you mean by "pseudo ISP", and I suspect you're
> not sure either.
>
> > Or lets say you're the US Department of Defense and have
> > multiple /8 IP address blocks.  If you have a hub plugged
> > directly into their
> > OC-192 modem do you still need 20 modems / routers for 20
> > users?  I actually don't know the answer to that one,
> > although I suspect you don't, either.
>
> At the top I said that it was unlikely that your small router had
> more than two interfaces.  A router that would be used in this
> situation probably has more than two *physical* interfaces -- a
> fiber interface for the hypothetical OC-192, and multiple Ethernet
> interfaces pointing into the internal network.  Some of those may
> trunked, providing multiple virtual interfaces; some of the subnets
> that connect directly to this border router may be WAN links to
> additional routers in other locations which similarly connect to
> multiple subnets.
>
> Nothing dictates that any of these routers needs to be doing NAT.
> The DOD undoubtedly owns plenty of globally routable addresses,
> and the tables on the various routers will make sure that packets
> are delivered to where they need to be.
>
> The "modem" is part of the outside interface of the gateway router.
> This has nothing to do with whether addresses behind that router
> are distinguishable outside of it.  Routers throughout the rest
> of the Internet either know that those clients lie somewhere behind
> that gateway router -- or by default will pass traffic for those
> addresses to some router that does know.
>
> I think you're conflating the layer 2 "routing" that switches do
> with the layer 3 routing that routers do (to which NAT may be
> added as an option, but rarely is outside of SOHO deployments).
> That can lead to all sorts of confusion.
>
> David Gillett
> CCNP CISSP
>
>
> --- 
> ---------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> --- 
> ---------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------