By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,359 Members | 1,495 Online
Bytes IT Community

Home Questions Articles Browse Topics Latest Top Members FAQ

home > topics > networking - hardware / configuration > questions > vlan question
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,359 IT Pros & Developers. It's quick & easy.

VLAN Question

P: 3
I have a question about security of VLANs that I'm setting up for a friend of mine's business.

General Network Setup. There is a hard wired internal network, that has a firewall protecting it from a perimeter network, which in turn has a firewall protecting it from the open internet. The perimeter network is a mix of wired and wireless connections.

The issue is they are expanding and would need more ports in a different part of a building and there would be a mix of ports belonging to either the internal and perimeter network. There will be two physically separate links ran to the new switching area, one for the internal and one for the perimeter.

He is on a budget so I was trying to cut cost but still provide for scalability and security. Initially I wanted to make sure he had roughly 24 ports available for each of the two networks. I saw that 1 48 port switch is cheaper than two 24 port switches and in the future, if need be, I could buy a second switch if necessary, plus more than likely the internal network will be heavier on ports than the perimeter so I would be able to mix the ports as necessary if its all on one switch.

So my question is, how secure (how hard would it be to jump between VLANs) if the only spot they physical touch is on just the one switch?
Jul 9 '16 #1
Share this Question
Share on Google+
3 Replies
ryno du preez
P: 91
It is not hard to reach your end goal, If you use a Manageable switch that you can configure to allow your IP ranges to the new switches. But this, of course, depends on your core switch. you will have to setup the core switch to listen for the vlans on the attached ports
Jul 20 '16 #2
P: 3
I know its easy to do, The core switches will have no clue that there are VLANs since the one switch that I have split up will have dedicated links to the two core switches. What my question was how hard (secure) is it to jump between the two VLANs that reside on the same switch. The rest of the networks will all have physically isolated hardware and links.
Jul 22 '16 #3
Expert Mod 100+
P: 589
Any network can be hacked, but if you configure the vlans correctly and do MAC address filtering (i.e., assign each devices MAC address to a specific port), then you would be fine.

If you want to add additional protection and ease of maintenance, you could use PacketFence which is an open source Network Access Control (NAC) package. It uses SNMP traps to monitor and control the switch ports.

We have 35 locations and each location has 30+ switches (managed by PacketFence) with multiple VLANS and have not had any security issues.

Regarding the choice between using one 48 port switch vs two 24 port switches, I'd go with two 24 port switches. The cost difference isn't that much assuming you're comparing the same brand and class of switches and the 2 switches add more flexibility.
Jul 23 '16 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Question stats

  • viewed: 3063
  • replies: 3
  • date asked: Jul 9 '16
BYTES.COM © 2020 About Bytes | Advertise on Bytes | Privacy Policy | Manage Cookies
Sitemap | Networking - Hardware / Configuration Answers Sitemap | Networking - Hardware / Configuration Insights Sitemap

Follow us to get the Latest Bytes Updates