VLAN "security"

I know this is a little bit of topic but I thought this would be the right place to discuss the security aspect of VLANs.

Many people use VLANs to connect different LANs (with different security levels) over one switch. Others say that there should be dedicated switches for different LANs which is of course way more expensive.

What is your opinion on this ? Do you know cases/bugs where it was possible to jump from one VLAN into another one on the same switch ?

Any pointers and opinions will be appreciated

Best regards,
Lordy

Find more posts tagged with

Comments

Ten9t6

I have talked to people that thought VLANs were created for security....Which is not the case. Vlan hopping, like you mention is a problem that you can run in to. ....check out the tests in this article:

http://www.sans.org/resources/idfaq/vlan.php

lordy

Thanks ten9t6, that's why i love this site

I know that VLANs are not meant to provide security but this helps getting this fact through to people who still think so.

rossonieri#1

hello lordy,

AFAIK, vlan security only related to MAC connected to an L2 switch - or maybe an access list in L3/L4/L7 switch. What security feature do you mean if any?

cheers..