Multiple NICs verses multipl VLANs...

- T
- Taylor, Grant
  
  Contact options for registered users
posted
17 years ago

Fri, Aug 25, 2006 9:49 PM

The on going thread "Lets talk about firewalls" has brought up the fact that people believe there should be multiple NICs in a firewall. I'm not arguing with that fact.

However I do question whether or not these need to be physical interfaces, or if they can be logical (VLAN) interfaces. What if you are running a network where you are using ATM or Frame Relay. Do these logical interfaces suffice just as well as physical interfaces? This is of course presuming that you can ensure that no one will be on a VLAN that should not be, which is fairly trivial in a properly configured network.

Grant. . . .

Loading thread data ...

- S
- Sebastian Gottschalk
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Fri, Aug 25, 2006 10:46 PM

Most VLAN implementations are not trimmed for security, so frames might unintentionally leak from one VLAN to another by Ethernet broadcasts, MAC spoofing etc.

Those are usually link-to-link, whereas Ethernet is a multilink connection with broadcasts, so it usually already is a dedicated physical interface (f.e. an Ethernet-to-ATM switch on the border gateway).

As stated above, it depends on whether your trivial proper configuration can be trivially circumvented.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.