Re: To vlan or not to vlan, that's the question

From: Xous - Jose R. Negreira (xous_at_xouslab.com)
Date: 03/31/05 

Date: Thu, 31 Mar 2005 12:28:58 -0300

pizzy, thank you too, man. :). About what u said:
"...for security reasons this may make sense but for performance reasons
you might want to use a vlan setup with Access Control List to secure
unwanted traffic."
So, if I understood u correctly: a router for uniting vlans is not
always needed? (Thought it IS needed).

Other question you said before, that you cannot get higher than Layer 4
on a switch. (Thought a switch could get higher to layer 2*), or in
other words, could implement filtering for MAC Address.

* considering this layers:
L5: Application
L4: TCP/UDP
L3: Network(IP)
L2: Link
L1: Physical

Regards, 

-- 
Jose R. "Xous" Negreira
[ *xous*at*xouslab_dot_com* ]
XousLAB - http://www.xouslab.com
iptableslinux - http://www.iptableslinux.com
pizzy escribió:
> Hmmm VLANs, why bother? I think it depends if you want to segment your
> network logically. Depending on the features of the switch you buy,
> will determine the security options you have to choose from, although
> you're not going to get higher than Layer 4 on the switch for security.
> But if your internal network is trusted then why would you firewall the
> heck out it; these are business-to-business decisions, and are for
> another discussion at another time. Let's carry on, a switch like
> Extreme Networks will give you non-blocking, wire speed switching, but
> if you want all your traffic to go slow path then pick a router. A
> router in the middle will force all traffic to go slow path for routing
> decisions between networks; for security reasons this may make sense
> but for performance reasons you might want to use a vlan setup with
> Access Control List to secure unwanted traffic. Whatever setup you
> choose let the backbone have either a Cisco, Extreme, or Juniper Layer
> 3 switch... 
> 
> Have fun!
>

Relevant Pages

  • RE: Best VLAN supporting Switch
    ... By the nature of a Switch it's a layer ... There needs to exist somewhere in the network a layer 3 ... Subject: Best VLAN supporting Switch ...
    (Security-Basics)
  • Re: Network newb - VLANs subnets (long)
    ... swtches are connected with port numbers MAC address of the switch etc. ... This information is essentail for planning any network changes or duirn ... DNS is necessary for all windows computers to talk ... wicked chatty and not routable over layer 3 links. ...
    (comp.dcom.sys.cisco)
  • RE: Caching a sniffer
    ... most network connected devices they need to have functionality on other ... this is the core functionality of a switch. ... information which resides at the Network layer of the OSI ...
    (Security-Basics)
  • Re: How to configure communication between 2 switches ?
    ... Two layer two devices on different networks ... can't ping each other over the switch to switch link. ... In the software Network Assistant, I can see the 2 switches and the ...
    (comp.dcom.sys.cisco)
  • Re: Configuring router with multiple subnetworks on same physical port
    ... The network includes Layer 2 networks, ... There are two types of data source, each generates a different type of ... For security reasons, I would like to differentiate the traffics on ...
    (comp.os.linux.networking)