I am trying to figure out if there is a way to stop a single machine from possibly acting as a bridge between VLANS. Assuming there are two VLANS (10 being operations and 20 being secure), how can one ensure that a machine cannot be added with two network cards, connecting one to VLAN10 and the other to VLAN20. Of course, being a secure VLAN, we would restrict which MAC addresses can connect to a VLAN20 port.
Any ideas? Is this just a risk that a client must accept when using VLANS for security rather than separate switches?
This is nothing to do with vlans as such because the same would still apply if you used separate physcial switches ie. sw1 for vlan 10 and sw2 for vlan 20 and then you connected a PC with 2 NIC's one to each switch.
If a user could add another NIC and has the capability to connect his 2 NIC's to two different vlans/switches within your network then you have some very serious physical security problems.
I guess what i'm trying to say is that yes you can use port-security etc.. but the sort of problem you are outlining is much better dealt with at the procedures/physical level.