--- On Tue, 2/16/10, Corey <[email protected]> wrote: > From: Corey <[email protected]> > Subject: VLANs and security (was:network performance problems) > To: [email protected] > Received: Tuesday, February 16, 2010, 8:54 PM > >>I did put all interfaces > (in,out,pfsync,management) through VLANs in msk0 > > Throwing out a topic for discussion...I have seen a couple > of posts on here regarding use of VLANs to segregate traffic > that I would usually use separate interfaces for. I am > just curious what the thoughts of the list are on this > practice. I haven't ever set up VLANs on anything > large or serious, and do not claim to know the security > implications, other than switch/interface misconfiguration > possibly getting one into trouble, and awareness of (but no > experience with) tools like dsniff. > > There is quite a bit of stuff out there on Google, of > course, but I trust this list more :^) > > Thanks in advance.
We use VLANs quite extensively and are now looking at deploying VRF-ish solutions for the campus. We still use multiple interfaces in order to spread the interrupt load for really busy VLANs. Security is not really a factor in VLANs, as they don't provide any inherent increase in security. Misconfigurations would equate to the same compromises really. --- James A. Peltier [email protected] __________________________________________________________________ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
