VLAN Security vs. Inter-VLAN Routing|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by JohnD on December 18, 2007, 4:26 pm
Please log in for more thread options
"VLANs address scalability, security, and network management" However, once you introduce inter-vlan routing, doesn't the security aspect of VLANs pretty much go out the window? In other words, using simple vlans if I have a computer in port 2/vlan 2, it's not supposed to be able to talk to a computer in port 3/vlan 3. But if I implement inter-vlan routing, then the computer on port 2 now knows how to get to the computer on port 3, thus the inherent security (such as it is) in VLANs is no longer applicable? Is this correct? If so, I presume the answer is to start using ACLs if security is still a concern. Thanks. | ||||||||||
|
Posted by stephen on December 18, 2007, 6:07 pm
Please log in for more thread options > of VLANs pretty much go out the window? In other words, using simple
vlans
> if I have a computer in port 2/vlan 2, it's not supposed to be able to
talk
> to a computer in port 3/vlan 3. But if I implement inter-vlan routing,
then
> the computer on port 2 now knows how to get to the computer on port 3,
thus
> the inherent security (such as it is) in VLANs is no longer applicable?
Is
> this correct?
you are making at least 2 assumptions - that you route between all vlans and that you use a router to link the vlans. so - you can leave a vlan isolated. you can use VRF lite on a router or a firewall to restrict what goes where. Or you might use a proxy server? >
thats one way.
> If so, I presume the answer is to start using ACLs if security is still a > concern. > vlans can provide L2 separation / segregation (although there are some ways to "jump" between them on some kit), but if you have a higher level bit of connectivity then controlling what goes where has to happen at that higher level. > Thanks.
--
Regards stephen_hope@xyzworld.com - replace xyz with ntl | ||||||||||
| Similar Threads | Posted |
| VLAN Security vs. Inter-VLAN Routing | December 18, 2007, 4:26 pm |
| intervlan routing and policy routing C3750 or C 4948 | October 19, 2005, 6:38 pm |
| which router for InterVLAN routing ? | August 16, 2005, 2:15 pm |
| InterVLAN routing issues | December 3, 2007, 2:49 pm |
| Intervlan routing and traffic statistics | November 6, 2005, 7:07 am |
| InterVLAN Routing 1841 or on the 3750 | October 9, 2007, 4:22 pm |
| Re: IT Security news and information site for Security Professionals | August 7, 2008, 8:57 am |
| Configure InterVLAN | March 27, 2008, 12:49 am |
| InterVLAN and Static NAT | December 2, 2008, 5:21 am |
| VTP/VLAN and Possible Routing issue? | December 15, 2005, 11:21 am |
| ASA5510 - Vlan Routing | June 24, 2006, 6:26 am |
| routing protocol and vlan | August 21, 2006, 12:38 am |
| Still Having Vlan Routing Problems | November 16, 2006, 10:16 pm |
| rookie: VLAN routing | April 10, 2007, 3:48 pm |
| Inter VLAN routing | June 18, 2007, 12:51 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>
> "VLANs address scalability, security, and network management"
>
> However, once you introduce inter-vlan routing, doesn't the security