Re: vlan tags and ISA2004, what´s the story?

Many thx for the deep answer Philip, I will investigate all your
suggestions.

thx/Tony


>
>"fahlis" <fahlis@xxxxxxxxxxxxx> wrote in message
>news:tgj0j1lo8foj5pfv3c012sg1d4j3ou8j9o@xxxxxxxxxx
>> Ok, so only way to do this is with an internal Router to segment all
>> the vlans??
>
>Yes.
>
>> I´m pussled cause as I said all the switches are vlan capable and
>> right now enabled with one vlan on only 1 specific port to use
>> internet.
>
>Well the switches are Layer2 Devices and VLANs are Layer3, so the switches
>can work with VLANs and can acknowledge the VLANs, but they cannot actually
>make the VLANs work, that is they cannot route between the VLANs.
>
>Now there are Layer3 Switches which are Switches and Routers built into the
>same device but you haven't indicated that this is what they are.
>
>Anyway, the Switch port that the ISA plugs into with the Internal Interface
>needs to be statically set in the switches configuration to be part of the
>one particular VLAN the the ISA is part of. The other ports on the switch
>can be dynamically set (frame tagging) as long as the hardware (typically
>the NICs) plugged into them supports frame tagging. So it *will* matter
>which port on the switch the ISA is plugged into.
>
>> The other 4 vlans I will setup later, but if I understand you correct
>> I need separate routers for all of those???
>
>Yes it takes a Layer3 router (a LAN Router) to route between segments,..this
>is true wether you are dealing with physically created segments or logically
>created segments (VLANs),...its the same way,..it still works by the same
>principles ineither case. The Router can be a hardware Router device,...it
>can be a Layer3 Switch where both Routing and Switching are built into the
>same device,..or it can be created with a computer using multiple
>NICs,...but I would not recommend trying it with ISA unless you used
>independent physical NICs for each VLAN that plug into separate Switch ports
>that are Statically set to the proper VLAN.
>
>ISA can double as a LAN Router but that is not its primary purpose and
>things can get complex.
>
>Now as to the original question about the Tagging,...I have not really heard
>one way or the other how ISA deals with the Tagging. I would think that is
>done by the OS and not ISA. I thought it would be done in the Driver
>Settings of the NIC if the NIC had the proper features. But I would much
>rather error on the side of caution with ISA and not over complicate things.


.