Logical vs. Physical Subnetting

Unanswered Question
Oct 23rd, 2008

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 10/23/2008 - 12:41


Short answer is yes, physical separation of devices will generally always be more secure.

Two main issues with vlans are

1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.

2) vlan hopping and other attacks. See attached link for vlan security white paper


To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.


fjcardenas-1 Tue, 10/28/2008 - 09:05

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.


This Discussion