RE : VLAN Security

From: Bourque Daniel (Daniel.Bourque@loto-quebec.com)
Date: 02/08/03

  • Next message: David Gillett: "RE: permission"
    From: Bourque Daniel <Daniel.Bourque@loto-quebec.com>
    To: 'Rich MacVarish' <rmacvarish@killergeek.com>, 'Naman Latif' <naman.latif@inamed.com>
    Date: Fri, 7 Feb 2003 19:28:23 -0500 
    
    

    There should be no user traffic on the default/management vlan

    This vlan propagate everywhere and is not prune.

    -----Message d'origine-----
    De : Rich MacVarish [mailto:rmacvarish@killergeek.com]
    Envoyé : 7 février, 2003 10:14
    À : Naman Latif
    Cc : security-basics@securityfocus.com
    Objet : Re: VLAN Security

    Greetings,

    I don't know of any advantages (if someone does please share) of moving all
    users to a non-default VLAN, but there may be an advantage to putting
    different user groups onto different VLANs.

    Example, putting Development and HR onto different VLANs essentially puts
    them on seperate networks and prevents them from seeing each other. This is
    a definate plus for security.

    Rich MacVarish
    Unemployed
    "Insert witty signature file here."

    On Thu, 6 Feb 2003, Naman Latif wrote:

    > Hi,
    > We have different Cisco Catalyst switches configured for VLANS. With
    > the current configuration
    >
    > 1. All trunks have a native VLAN, which is not used by any User. 2.
    > Management VLAN is other than VLAN 1.
    >
    > We have different VLANs in place, however these are only used for
    > different Servers ,And all Users are only members of VLAN-1
    >
    > Does it make sense to have all the user ports migrated to a Different
    > VLAN (other than VLAN 1) ? Is there a security advantage in this ?
    >
    > Regards \\ Naman
    >



    Relevant Pages

    • Re: VLAN security
      ... I looked into vlan security a little while back and found few problems ... that crafted frames could hop from the management VLAN to another VLAN, ... but I assume they mean that in the manual switch ...
      (Security-Basics)
    • RE: VLAN Security
      ... Layer 2 sec issues. ... One of their topics was "VLAN hopping"... ... Subject: VLAN Security ... We have different Cisco Catalyst switches configured for VLANS. ...
      (Security-Basics)