Re: about vlan ?
From: Cedric Blancher (blancher@cartel-securite.fr)
Date: 02/28/03
- Next message: ObiWan: "Re: If you are considering Zone Labs software..."
- Previous message: brian: "Re: about vlan ?"
- In reply to: brian: "Re: about vlan ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Cedric Blancher" <blancher@cartel-securite.fr> Date: Fri, 28 Feb 2003 16:02:06 +0100
Dans sa prose, brian nous ecrivait :
> but one physical interface can be configured to have multiple IP addresses ?
Yes, but then, all IP addresses are sharing the same ethernet broiadcast
domain (aka ethernet network), which is bad.
With VLANs, you have multiple logicial interfaces that are sharing the
same ethernet _devices_, but are not sharing the same ethernet broadcast
domain.
Once you've set an interface up with VLAN support, each logical interface
attached to it is equivalent to a physical interface attached to a VLAN on
the swith.
Talking about security, you have to care the fact that if your firewall is
linked with a dot1q link to a switch, then you _must_ consider that this
switch is part of the firewall, and _must_ be protected as such. If
someone manages to alter your switch configuration (especially VLAN
stuff), your firewall becomes useless.
-- Je sais les forums sont plus longs à charger à cause de ces messages, mais comme à chaque message, vous en ajouter un voir plusieurs ça fait encore plus long, ce qui vous ramène as vos propres responsabilités. -+- OW in http://neuneu.mine.nu : T'avais qu'à pas répondre -+-
- Next message: ObiWan: "Re: If you are considering Zone Labs software..."
- Previous message: brian: "Re: about vlan ?"
- In reply to: brian: "Re: about vlan ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
