Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Logical vs. Physical Subnetting

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?

Hall of Fame Super Blue

Re: Logical vs. Physical Subnetting


Short answer is yes, physical separation of devices will generally always be more secure.

Two main issues with vlans are

1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.

2) vlan hopping and other attacks. See attached link for vlan security white paper

To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.


New Member

Re: Logical vs. Physical Subnetting

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.