If you had a firewall in place there is nothing you could do with that firewall to keep them from communicating. Sure, they won’t be accessible from the Internet, but they can still communicate with one another. This is the reason IP cameras can communicate with an NVR without even needing a gateway address: You can physically remove the router and they’ll still be able to communicate with each other. In other words, any firewall access rules, traffic-shaping, anti-malware scanning, etc., cannot be used on the internal network UNLESS it hits a router interface. To understand the benefits of putting a firewall in-between segments you must understand something that many people overlook: Most internal traffic never touches the router interface unless it’s going out to the internet. What many people fail to realize is that there are some pretty huge benefits to using a router, or more precisely a firewall, to be the gateway between networks. Router-on-a-Stick or Inter-VLAN configuration – makes sense, right? The Many Benefits of Router-on-aStick This is the reason why many people assume that the “router on a stick” method is inferior, and to the uninitiated it makes sense that it would be. That’s because switches have much faster backplane speeds and are much better at forwarding frames (Layer 2) – in this case packets (Layer 3) – to ports on the same switch that reside on another network segment. Naturally, the easiest way to solve this bottleneck problem on smaller networks is to perform the inter-VLAN routing on a Layer 3 switch instead. In larger enterprise environments this single interface is often bonded with one or more other interfaces in a LAG (Link Aggregation Group) which allows the use of multiple interfaces to avoid a bottleneck. This can be a problem because it can create a bottleneck which can overload the one interface if it’s not fast enough. If a device on one VLAN wants to talk to a device on another VLAN, that traffic must leave the switch and pass through the router which “routes” the traffic back to the switch, over the same interface, to the other VLAN. ROUTER-ON-A-STICK, also known as a “one-armed router” is a method for running multiple VLANs over a single connection in order to provide inter-VLAN routing without the need of a Layer 3 switch.Įssentially the router connects to a core switch with a single interface and acts as the relay point between networks. Here he explains the tradeoffs and virtues of router-on-a-stick. If you need more performance you don't have to do that on a switch.” “There is a balance one must find between performance, security, and price. The complainers might not recognize the security benefits of having a smart device like this “acting as a traffic cop between networks,” he says. “ I've heard grumbles in our industry about how the router-on-a-stick method should NEVER be used because performance is better on the switch,” he tells CE Pro. Networking expert Bjørn Jensen of WhyReboot is tired of hearing integrators rail on the “router-on-a-stick” scheme for home networks.