cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3294
Views
0
Helpful
2
Replies

Logical vs. Physical Subnetting

kellyrudnick
Level 1
Level 1

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Kelly

Short answer is yes, physical separation of devices will generally always be more secure.

Two main issues with vlans are

1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.

2) vlan hopping and other attacks. See attached link for vlan security white paper

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.

Jon

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: