On Thu, May 26, 2016 at 11:14 AM, RB <[email protected]> wrote: > On Wed, May 25, 2016 at 6:25 PM, Volker Kuhlmann > > I disagree. While it'll work, its security is nowhere near the same. It > > depends on the VLAN switch's firmware being bugfree (we all know about > > how likely that is), it adds complexity, and it mixes physically > > separate networks together on one cable. Perhaps it might be acceptable > > to merge networks of the same security level, merging LAN and WAN > > networks doesn't sound like a good idea to me. > > Entertain me, it's been literally a decade since I last saw someone > imply that switch VLAN implementations were generally of dubious > nature. Can you perhaps point me to a recent VLAN-crossing > vulnerability, or documented VLAN crosstalk? We all know about the > old CAM table overflows, but that's been long fixed. > _______________________________________________ >
I posted this a while ago: http://seclists.org/fulldisclosure/2016/Jan/77 http://seclists.org/fulldisclosure/2016/Mar/25 I love VLANs, I use the heck out of them but I cannot wait until we get more and more into software switching and it becomes a reality that my switch firmware is open-source. Also, just because a vulnerability has not been reported or discovered, does not mean it does not exist. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
