Guest vlan tagged over lan and wan links

Answered Question
Sep 12th, 2013
User Badges:

Hi all


is there any harm in tagging a guest vlan all over my lan and lan extension circuits to our other sites ? is there any security issues around this ?

Correct Answer by shanemoss about 3 years 11 months ago

Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.

Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
shanemoss Thu, 09/12/2013 - 13:45
User Badges:

Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.

Sent from Cisco Technical Support iPhone App

carl_townshend Mon, 09/16/2013 - 05:47
User Badges:

what do you mean by isolated ?


it isnt routable on our network, it connects to a firewall, this OK ?

devils_advocate Mon, 09/16/2013 - 06:33
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Small Business, November 2015

Why not just have a seperate swich for the Guest hosts plugged straight into the firewall to create a 'DMZ'?


Why do you need to pass the guest vlan traffic across your existing LAN?


Are your WAN links Layer 2 ?

shanemoss Mon, 09/16/2013 - 11:54
User Badges:

I'm assuming that when you say that you have LAN extension links that you are using layer two across them? If so I would avoid trunking too many VLANS across them as a broadcast storm on any VLAN would saturate your links. The same goes for extending a VLAN across your local network, best practice would dictate layer three should be used to avoid the need for STP for fault recovery etc.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion