Quick Best Practices question on VLANs

This is my setup:

Dirty traffic ---> firewall interface on VLAN100 ---> filtered traffic to VLAN200 --- server interface on VLAN200.

Both VLANs are on the same physical switch. I seem to recall from my Cisco training (20 years ago) that there was a potential security risk putting a "trusted" VLAN on the same switch as a "dirty" VLAN (even if there is a firewall between the VLANs). Is this still a concern? I don't want the corporate security guys to beat me up some time down the road.

Thanks Ron

Reply to
unix
Loading thread data ...

Of course you must make sure that the switch does not do L3 routing between de VLANs...

Reply to
Rob

I'm not an expert (yet), but I believe the concern to which you are referring involved VLAN hopping attacks (jumping from one VLAN to another VLAN). It's my understanding that most of those concerns have been mitigated in recent versions of IOS and can be further mitigated with proper configuration of the VLANs and the switches.

As has also been suggested in this thread, be sure that the switch is not doing any Layer 3 routing between VLANs.

Hope this helps!

Reply to
Scott Lowe

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.