I don't have a problem with that use case IF there is a real firewall between VLANs. I was mostly referring to residential networks however. As far as guest access, a lot of today's CPE does that with its internal firewall creating an ACL for anyone on the guest network. The VLAN barrier is not really needed there and there are lots of techniques for dodging a VLAN barrier anyway. Steven Naslund Chicago IL
I've seen VLAN/subnet security used frequently in the financial world, even to the point of having full firewalls between vlans/subnets. Mostly for regulator purposes (Chinese firewall and all that). It's also common to allow >outbound requests or redirect to different proxies based on source addresses within a corporate network.
In residential networks, it's mostly used for guest networks that can route out to the internet, but not to other local devices.
---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669