http://forum.lowyat.net/ Sat, 20 Jun 2026 23:47:47 +0800 FeedCreator 1.7.2 http://forum.lowyat.net/topic/1422968 Hi, need advice from CCNA experts out there&#33;<br /><br />192.168.10.0/24------|<br />192.168.11.0/24-----||<br />192.168.12.0/24----|||<br />192.168.13.0/24---||||<br />192.168.14.0/24--|||||<br />.............................|||||<br />........................x-device<br />..............................|<br />.......................firewall<br />172.16.1.0/24------|<br /><br />I have the following network, where the 192.168.10.0/24 to 192.168.14.0/24 are the client side (pc) and the 172.16.1.0/24 are the server side. <br />I have a firewall in place after x-device, how should I go about connecting the 5 connections to the firewall, since it only have two ports, one for client side and one for server side. Which option is the best since I dont want to load the firewall already. Theses are the options that I am considering in place of x-device :<br /><br />a. Use layer-2 switch, put each connection from client on a VLAN (10-14), and tag all the VLANs (10-14) on one port to the firewall. (switch do switching, firewall do routing and filtering)<br /><br />b. Use layer-2 switch + static route, put each connection from client on a VLAN (10-14), but the port to firewall is tag with another VLAN (15) (switch do switching &amp; routing, firewall do filtering)<br /><br />c. Use layer-2 switch and a 2 port router (sits between switch and firewall) , put each connection from client on a VLAN (10-14), and tag all the VLANs (10-14) on one port to the router 1st iface. Router to firewall on 2nd iface (switch do switching, router do routing, firewall do filtering)<br /><br />Which solution is the most viable or are there any better solution? <!--emo&:sweat:--><img src='http://static.lowyat.net/style_emoticons/default/sweat.gif' border='0' style='vertical-align:middle' alt='sweat.gif' /><!--endemo--> invid Networks and Broadband Fri, 14 May 2010 13:41:45 +0800