Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Guest vlan tagged over lan and wan links

Hi all

is there any harm in tagging a guest vlan all over my lan and lan extension circuits to our other sites ? is there any security issues around this ?

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Guest vlan tagged over lan and wan links

Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.

Sent from Cisco Technical Support iPhone App

4 REPLIES
Community Member

Re: Guest vlan tagged over lan and wan links

Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.

Sent from Cisco Technical Support iPhone App

Community Member

Guest vlan tagged over lan and wan links

what do you mean by isolated ?

it isnt routable on our network, it connects to a firewall, this OK ?

Guest vlan tagged over lan and wan links

Why not just have a seperate swich for the Guest hosts plugged straight into the firewall to create a 'DMZ'?

Why do you need to pass the guest vlan traffic across your existing LAN?

Are your WAN links Layer 2 ?

Community Member

Re: Guest vlan tagged over lan and wan links

I'm assuming that when you say that you have LAN extension links that you are using layer two across them? If so I would avoid trunking too many VLANS across them as a broadcast storm on any VLAN would saturate your links. The same goes for extending a VLAN across your local network, best practice would dictate layer three should be used to avoid the need for STP for fault recovery etc.

Sent from Cisco Technical Support iPhone App

181
Views
0
Helpful
4
Replies
CreatePlease to create content