473,387 Members | 3,810 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > networking - hardware / configuration > questions > vlan question

Join Bytes to post your question to a community of 473,387 software developers and data experts.

VLAN Question

I have a question about security of VLANs that I'm setting up for a friend of mine's business.

General Network Setup. There is a hard wired internal network, that has a firewall protecting it from a perimeter network, which in turn has a firewall protecting it from the open internet. The perimeter network is a mix of wired and wireless connections.

The issue is they are expanding and would need more ports in a different part of a building and there would be a mix of ports belonging to either the internal and perimeter network. There will be two physically separate links ran to the new switching area, one for the internal and one for the perimeter.

He is on a budget so I was trying to cut cost but still provide for scalability and security. Initially I wanted to make sure he had roughly 24 ports available for each of the two networks. I saw that 1 48 port switch is cheaper than two 24 port switches and in the future, if need be, I could buy a second switch if necessary, plus more than likely the internal network will be heavier on ports than the perimeter so I would be able to mix the ports as necessary if its all on one switch.

So my question is, how secure (how hard would it be to jump between VLANs) if the only spot they physical touch is on just the one switch?
Jul 9 '16 #1
4 6099
It is not hard to reach your end goal, If you use a Manageable switch that you can configure to allow your IP ranges to the new switches. But this, of course, depends on your core switch. you will have to setup the core switch to listen for the vlans on the attached ports
Jul 20 '16 #2
I know its easy to do, The core switches will have no clue that there are VLANs since the one switch that I have split up will have dedicated links to the two core switches. What my question was how hard (secure) is it to jump between the two VLANs that reside on the same switch. The rest of the networks will all have physically isolated hardware and links.
Jul 22 '16 #3
RonB
589 Expert Mod 512MB
Any network can be hacked, but if you configure the vlans correctly and do MAC address filtering (i.e., assign each devices MAC address to a specific port), then you would be fine.

If you want to add additional protection and ease of maintenance, you could use PacketFence which is an open source Network Access Control (NAC) package. It uses SNMP traps to monitor and control the switch ports.

We have 35 locations and each location has 30+ switches (managed by PacketFence) with multiple VLANS and have not had any security issues.

Regarding the choice between using one 48 port switch vs two 24 port switches, I'd go with two 24 port switches. The cost difference isn't that much assuming you're comparing the same brand and class of switches and the 2 switches add more flexibility.
Jul 23 '16 #4
ScottishKing
7 Nibble
You can't "hop" between vlans on a switch.

They segregate the network, each vlan is completely separate little networks from each other.

What may be confusing you is that with a router, or a "layer 3" switch ( a combo-switch-router) you can send data between vlans. You can secure this flow of traffic using access lists or firewalls etc. But you have to program this data flow in, it won't happen normally.

Your initial idea is right, buy 1x 48 port switch and configure 2 separate vlans. one for phone, one for data lets say and then just don't program in any inter-vlan routing. It will be like having 2 separate switches. You will need Trunk links between this switch and your other switches with both vlans on it.
Jan 4 '21 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

2
ASP looping question
by: JP SIngh | last post by:
I have the following code using which I am writing to a text file. The select statement returns 3 records and I can see that from the response.write statement but when it writes to the file it...
ASP / Active Server Pages
2
security question
by: Rob Wahmann | last post by:
If I have a hardware firewall in place and I do not open any ports for SQL Server, is there still any possibility someone can hack the machine through a SQL Server vulnerability? Also, if so, how...
Microsoft SQL Server
3
Simple Java/XML question
by: Stevey | last post by:
I have the following XML file... <?xml version="1.0"?> <animals> <animal> <name>Tiger</name> <questions> <question index="0">true</question> <question index="1">true</question> </questions>
.NET Framework
3
Filling question ID automatically by using query or VBA
by: Ekqvist Marko | last post by:
Hi, I have one Access database table including questions and answers. Now I need to give answer id automatically to questionID column. But I don't know how it is best (fastest) to do? table...
Microsoft Access / VBA
7
Multicast UDP deamon and VLAN interfaces
by: pietro.cerutti | last post by:
Hi guys, I have a daemon running on Debian and listening for multicast packets sent to 224.0.0.251:5353 (ZeroConf Multicast DNS queries). The server is plugged into a VLAN trunk with eth0 and...
C / C++
2
my understanding about VLAN
by: Sophie000 | last post by:
Based on my understanding, VLAN is similar to multicast. But one happens at L2, the other happens at L3: VLAN restricts Broadcast to a part of LAN, multicast restricts Broadcast to a part of network....
Networking - Hardware / Configuration
5
Setting Up A VLAN
by: mcfly1204 | last post by:
I setup a vlan, vlan 5, and will have our ip phones as well as the phone server on this vlan. All the ports for this vlan are on the same physical switch, so I do not think I will have the need to...
Networking - Hardware / Configuration
0
IP-VLAN database
by: jsskippy | last post by:
Who wants to help me create a database to store static IP adresses, VLAN info and a lot of other network stuff???
Microsoft Access / VBA
6
semanticnotion
Cannot add or update a child row: a foreign key constraint fails (`kims`.`question`,
by: semanticnotion | last post by:
Hi sir i want to transform the data of one table into another through foreign key but the following error come to my browser Here is my code and data base structure. CREATE TABLE IF NOT...
PHP
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!