10-23-2008 10:10 AM - edited 03-06-2019 02:06 AM
Hi All,
Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?
10-23-2008 12:41 PM
Kelly
Short answer is yes, physical separation of devices will generally always be more secure.
Two main issues with vlans are
1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.
2) vlan hopping and other attacks. See attached link for vlan security white paper
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.
Jon
10-28-2008 09:05 AM
Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide