RE: Different terms for the same or more secure?
- From: "Robert D. Holtz - Lists" <robert.d.holtz@xxxxxxxxx>
- Date: Mon, 28 Aug 2006 15:38:15 -0500
Yes ... secondary's have been around for some time now. From recollection
you can have up to nine per interface.
We used to have to do this for older DEC equipment. Way back in time DEC
gear didn't support VLSM and you had to drop a bunch of class c subnets onto
an interface to get around this. At least this was the method we chose.
-----Original Message-----
From: David Gillett [mailto:gillettdavid@xxxxxxxx]
Sent: Friday, August 25, 2006 3:46 PM
To: 'Anhtuan Huynh'; eliterhythm@xxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Different terms for the same or more secure?
-----Original Message-----
From: Anhtuan Huynh [mailto:anhtuan.huynh@xxxxxxxxxx]
Sent: Thursday, August 24, 2006 2:29 PM
To: 'eliterhythm@xxxxxxxxx'; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Different terms for the same or more secure?
no true. you can only have one subnet per vlan, however,
private vlan can be used to further isolate the vlans. also
if your using a switch with l3 capability, intervlan routing
can be used (SVI).
192.168.1.0/24 = VLAN 10
192.168.2.0/24 = VLAN 11
you can't have 192.168.1.0 and 192.168.2.0 on VLAN 10. VLAN
is a L2 not L3, therefore seperating the broadcast domain
independantly.
You can, actually; Cisco router configuration calls these
"secondary" addresses.
It's a bit of a weird situation -- you wind up with devices
that can see each others' broadcasts, but that depend upon their
gateway(s) to relay unicast traffic.
So as long as you have a router address defined on each
address block, it works.
It *is* kinda funky. You NEVER want to build a network this
way from scratch. But sometimes it's the cleanest way to
accommodate legacy devices -- we have a couple of them on our
network for which this was the simplest of several (worse)
alternatives.
David Gillett
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- RE: Different terms for the same or more secure?
- From: David Gillett
- RE: Different terms for the same or more secure?
- Prev by Date: Re: Different terms for the same or more secure?
- Next by Date: another nc quesiton : tcp tunnels on win32
- Previous by thread: RE: Different terms for the same or more secure?
- Next by thread: Re: Different terms for the same or more secure?
- Index(es):
Relevant Pages
|
