|
|
Quick Best Practices question on VLANs
This is my setup:
Dirty traffic ---> firewall interface on VLAN100 ---> filtered traffic
to VLAN200 --- server interface on VLAN200.
Both VLANs are on the same physical switch. I seem to recall from my
Cisco training (20 years ago) that there was a potential security risk
putting a "trusted" VLAN on the same switch as a "dirty" VLAN (even if
there is a firewall between the VLANs). Is this still a concern? I
don't want the corporate security guys to beat me up some time down
the road.
Thanks
Ron
|
|
0
|
|
|
|
Reply
|
 unixzip (36)
|
5/21/2010 2:37:18 PM |
|
Of course you must make sure that the switch does not do L3 routing
between de VLANs...
|
|
|
0
|
|
|
|
Reply
|
 Rob
|
5/21/2010 2:42:58 PM
|
|
On 2010-05-21 10:37:18 -0400, unix said:
> This is my setup:
>
> Dirty traffic ---> firewall interface on VLAN100 ---> filtered traffic
> to VLAN200 --- server interface on VLAN200.
>
> Both VLANs are on the same physical switch. I seem to recall from my
> Cisco training (20 years ago) that there was a potential security risk
> putting a "trusted" VLAN on the same switch as a "dirty" VLAN (even if
> there is a firewall between the VLANs). Is this still a concern? I
> don't want the corporate security guys to beat me up some time down
> the road.
>
> Thanks
> Ron
I'm not an expert (yet), but I believe the concern to which you are
referring involved VLAN hopping attacks (jumping from one VLAN to
another VLAN). It's my understanding that most of those concerns have
been mitigated in recent versions of IOS and can be further mitigated
with proper configuration of the VLANs and the switches.
As has also been suggested in this thread, be sure that the switch is
not doing any Layer 3 routing between VLANs.
Hope this helps!
--
Scott Lowe
Author, "Mastering VMware vSphere 4" and "VMware vSphere 4
Administration Instant Reference"
http://blog.scottlowe.org
|
|
|
0
|
|
|
|
Reply
|
Scott
|
5/26/2010 4:51:32 PM
|
|
|
2 Replies
322 Views
(page loaded in 0.11 seconds)
Similiar Articles: FMS 10 on WIndows 7? - comp.databases.filemakerFM Server Hardware Best practices : SCSI + RAID - comp.databases ... FMS 10 on WIndows 7 ... How to get fms on windows 7 - YouTube hello, this is a quick tutorial on how to ... Custom Properties mapped to drawing title block Problem - comp.cad ...... Post Question | Groups ... in the drawing and can't > find it. > > A quick test ... I suspect the system you choose will dictate "best practices ... Two clocks? - comp.protocols.time.ntpI raised the question after actually trying it. ... Quick sync between two computers not connected to the ... NTP - best practice if there is a local stratum 2 server ... All Solutions Manuals & Test Banks Are HERE (Just click)!!!!! #4 ...... Post Question | Groups ... Reality and Challenges, 5th Edition, Nelson, Quick ... Behavior: Key Concepts, Skills & Best Practices, 4th ... how to do running max fast in Matlab? - comp.soft-sys.matlab ...... end; The for-loop (but not like you did) is still best ... How to program a quick sort function? - comp.lang.c how ... Construction in Progress However, DO NOT DO THIS IN PRACTICE!!!! Checkbox calculation - comp.databases.filemakerMy usual practice for a single-value value list for use ... com> mbechard wrote: > Hi. > > I have a quick question. ... Best way to code a true/false checkbox? - comp ... Input on RAID 1 - comp.cad.solidworks... Post Question ... Here's a quick tally of Raid speed ... FM Server Hardware Best practices : SCSI + RAID - comp.databases ... Q&A: Best ... Quick sync between two computers not connected to the internet ...... into layman's terms, on how to establish 'the best ... March 19, 2010 2:56:14 PM > Subject: Re: [ntp:questions] Quick ... as the reference, and, with a bit of practice, can ... How do I create a solidworks title block from a cad title block ...I tried to do a "quick" import of all our blocks and ... from a cad title block ..... weldment cut list question ... best practices for naming configurations? - comp.cad ... Local clock - sync issue - comp.protocols.time.ntp_____ questions mailing list questions@lists.ntp.org http ... NTP - best practice if there is a local stratum 2 server ... Quick sync between two computers not connected to ... Quick Best Practices question on VLANs - Velocity Reviews ...This is my setup: Dirty traffic ---> firewall interface on VLAN100 ---> filtered traffic to VLAN200 --- server interface on VLAN200. Both VLANs are on the same physical vlan best practice - Cisco Support Community - Cisco Systems, Incvlan best practice Hello, Just a quick question on what people feel is the best practice for vlan'ing. Specifically, I've read some documenation 7/23/2012 9:52:21 PM
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
23 followers. 