Logical vs. Physical Subnetting

Unanswered Question
Oct 23rd, 2008
User Badges:

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 10/23/2008 - 12:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Short answer is yes, physical separation of devices will generally always be more secure.

Two main issues with vlans are

1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.

2) vlan hopping and other attacks. See attached link for vlan security white paper


To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.


fjcardenas-1 Tue, 10/28/2008 - 09:05
User Badges:

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.


This Discussion