Options
VLAN "security"
lordy
Member Posts: 632 ■■■■□□□□□□
I know this is a little bit of topic but I thought this would be the right place to discuss the security aspect of VLANs.
Many people use VLANs to connect different LANs (with different security levels) over one switch. Others say that there should be dedicated switches for different LANs which is of course way more expensive.
What is your opinion on this ? Do you know cases/bugs where it was possible to jump from one VLAN into another one on the same switch ?
Any pointers and opinions will be appreciated
Best regards,
Lordy
Many people use VLANs to connect different LANs (with different security levels) over one switch. Others say that there should be dedicated switches for different LANs which is of course way more expensive.
What is your opinion on this ? Do you know cases/bugs where it was possible to jump from one VLAN into another one on the same switch ?
Any pointers and opinions will be appreciated
Best regards,
Lordy
Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
Goal for 2014: RHCA
Goal for 2015: CCDP
Goal for 2014: RHCA
Goal for 2015: CCDP
Comments
-
OptionsTen9t6
Member Posts: 691
I have talked to people that thought VLANs were created for security....Which is not the case. Vlan hopping, like you mention is a problem that you can run in to. ....check out the tests in this article:
http://www.sans.org/resources/idfaq/vlan.phpKenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
Optionslordy
Member Posts: 632 ■■■■□□□□□□
Thanks ten9t6, that's why i love this site
I know that VLANs are not meant to provide security but this helps getting this fact through to people who still think so.Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
Goal for 2014: RHCA
Goal for 2015: CCDP -
Options
rossonieri#1
Member Posts: 799 ■■■□□□□□□□
hello lordy,
AFAIK, vlan security only related to MAC connected to an L2 switch - or maybe an access list in L3/L4/L7 switch. What security feature do you mean if any?
cheers..the More I know, that is more and More I dont know.