RE: Different terms for the same or more secure?

NO ONE has answered the simple initial question of what is
a VLAN?

A SWITCH is a box with a bunch of interfaces and a MAC address
table. For each incoming packet, it records in the table that it
has seen that packet's source MAC address show up at interface X,
and consults the table to see what interface Y it has seen the
destination MAC address from -- if the destination MAC address
isn't in the table, it forwards the packet to all interfaces
except X. [There's a bit more to it -- spanning tree to detect
and break loops, tools for manually seeding the table, and so on.]

SOME switches offer a feature of allocating interfaces to groups,
each with its own MAC table. Effectively, the one big physical
switch is behaving as if it were several smaller switches. Each one
of those groups is a VLAN.

If you have several switches in your network, and you connect
group 3 on switch A to group 3 on switch B and group 3 on switch C,
these interconnected groups form a single "group 3" VLAN. [Oh yeah,
there are some tools for connecting multiple groups on switch A to
the corresponding groups on switch B over a single physical
link. So we say something like "Which VLANs are on the link from
A to B?"]

So VLANs allow us to have multiple logical ("virtual") networks
over a single set of physical switches and links.

David Gillett (CCNP, etc)



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Hylton
Conacher(ZR1HPC)
Sent: Monday, September 11, 2006 7:56 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Different terms for the same or more secure?

Isaac Van Name wrote:
Okay, you caught me... got my early morning rant of useless
information out of the way. :-) Can't really dispute much of what
was said, but I'll try anyways. B-)...............
<snip>
Thank you Isaac et al for the input on this topic. As luck
would have I needed to change physical internet connections
and have been offline for close on two weeks, sorry.

Isaac, you asked the question of what else is not clear and I
had to chuckle. I can only compare the explanations given by
you and many of the others as excellent definitions of what
can be established and what a VLAN does. NO ONE has answered
the simple initial question of what is a VLAN? I know now how
to dice it, chop it, mix it and what it will taste like but I
still do not know what it is and how it is recognised.
I think the end result is that I need to complete a fairly
difficult networking course(CCNA?) to fully understand the
difference between subnets and VLANs and how they all fit together.

My networking knowledge may not be at the level many of you
think it is and therefore I think a course in in order ie CCNA.
Comments on the course selection as I already have a N+ and I
cannot find any reference to a VLAN in that study material of
the MCSE(NT4) Networking Essentials book I have.

--
==============================================================
==========
Currently using SuSE 9.2 Professional with KDE and Mozilla
1.7.2 Linux user # 229959 at http://counter.li.org
==============================================================
==========


--------------------------------------------------------------
-------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of
Academic Excellence
in Information Security. Our program offers unparalleled
Infosec management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this
esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: CFT: new trunk(4)
    ... who wants to test this and in particular lacp mode if you have a switch ... 100M interfaces. ... it appears that this interface can't trunk vlan ...
    (freebsd-current)
  • Re: commit 7e92b4fc34 - x86, serial: convert legacy COM ports to platform devices - broke my
    ... I was doing that for a while, but now Debian and RedHat and most other modern distros have a udev rules file called something like: ... switch: ... A Debian netinst net-boot VLAN with support for PXE and OpenFirmware ... Most of those interfaces are virtual and created by custom "/etc/ ...
    (Linux-Kernel)
  • Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping
    ... when I ping to the ip onvlan1, about 10% come back with "Request ... Are you pinging the hsrp vlan 1 address, ... ping vlan 140's interface with no problems? ... how does the other switch know how to get ...
    (comp.dcom.sys.cisco)
  • Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping
    ... when I ping to the ip onvlan1, about 10% come back with "Request ... Are you pinging the hsrp vlan 1 address, ... ping vlan 140's interface with no problems? ... how does the other switch know how to get ...
    (comp.dcom.sys.cisco)
  • Re: Need guidance on Cisco 6513 install
    ... having this switch set up on Tuesday by noon, ... The switch itself (and other future network hardware) will be on the ... but you can always choose another vlan number and same ... In a two core environment, ...
    (comp.dcom.sys.cisco)