I have the following groups of devices on my LAN: 1) WiFi router, TIVO, Aluratek Internet Radio 2) 1 Linux and 2 Windows XP computers 3) Apple Mac Mini (used solely for photos and online banking) I want Group 1 to be in a DMZ, isolated from Groups 2 & 3, and want to be able to use the Apple as the only device online when doing banking. I am thinking of this setup: Switch #1 to the WAN and connected to: - Router #1 for Group 1 (this is the wireless router) - Router @2 for Groups 2 & 3 (this router wired only) Behind Router #2: - using one port for Switch #2 for all of the Group 2 devices - using one port for the Apple Mac Mini The plan is that Group 1 should not have access to Groups 2 & 3 at any time, AND any time banking is to be done: - Router #1 is unplugged from Switch #1 AND - Switch #2 is unplugged from Router #2 leaving only the Apple online and only requiring unplugging of two ethernet cables. This may seem like equipment overkill, but I have all the switches and routers that are needed, most of which are unused at the moment. I don't understand enough about switches and routers to know whether one port of either device is effectively isolated from the other ports of the same device. So my question is how to improve/simplify the setup without compromising the objectives, or is this perhaps the minimum configuration to meet the objectives?