802.1Q and ISA Server

Many folks have asked the question: "Does ISA Server support VLANs?".  The quick and dirty answer to this question is "nope - don't gotta."  The longer, more useful answer is "ISA isn't aware of 802.1Q."

The core of the answer to this question lies in the fact that ISA Server is a layer-3 (IP) firewall, and that for IPv4 only (we'll discuss that in another blog).  802.1Q VLANs are a layer-2 network management mechanism.  Thus, ISA is blissfully unaware of this protocol. 

The good news is that if your NIC manufacturer has designed the NIC and provided drivers to support 802.1Q, Windows can use 802.1Q to build more logical interfaces, and thus ISA can actually see and use many more interfaces than you have PCI slots in the machine.  I personally have produced 11 separate interfaces in my lab ISA to separate the various test scenarios.  This machine only had two physical NICs, though.  802.1Q is kewl fer shur!

Various restrictions prevent me from recommending specific NIC manufacturers, but there is one thing that remains true; you won't get this capability from the $5 adapter you find at your local CompAmWe stores.  You'll have to buy a server class NIC and you'll have to make sure the NIC manufacturer provides drivers capable of *properly* supporting 802.1Q.

You'll greatly improve your chances of succeeding here if you start with devices listed in the Windows Catalog (formerly the Hardware Compatability Lab): http://www.windowsservercatalog.com/.  Make sure you have the latest drivers; check the manufacturer's website as soon as you get the adapter.

Jim Harrison (ISA SE)