I do recall the /30 discussion =)
This is probably the reason I never investigated shared-network, as I'd rather have a bit more control over my users (my wife would kill me for saying that heh). I have a vlan capable switch and a port-limited firewall, so vlans just made more sense for me, but deploying a separate segment (as you've mentioned) is another great option.
And while certainly humorous, I don't think the user would agree with your interpretation of /30 as meaning "pounds of sledgehammer" required =P
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
|