Logical vs. Physical Subnetting

Unanswered Question
Oct 23rd, 2008
User Badges:

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 10/23/2008 - 12:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kelly


Short answer is yes, physical separation of devices will generally always be more secure.


Two main issues with vlans are


1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.


2) vlan hopping and other attacks. See attached link for vlan security white paper


http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml


To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.


Jon

fjcardenas-1 Tue, 10/28/2008 - 09:05
User Badges:

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.

Actions

This Discussion