RE : VLAN Security

[Bourque Daniel <Daniel.Bourque () loto-quebec com>]

There should be no user traffic on the default/management vlan

This vlan propagate everywhere and is not prune.

-----Message d'origine-----
De : Rich MacVarish [mailto:rmacvarish () killergeek com] 
Envoyé : 7 février, 2003 10:14
À : Naman Latif
Cc : security-basics () securityfocus com
Objet : Re: VLAN Security


Greetings,

I don't know of any advantages (if someone does please share) of moving all
users to a non-default VLAN, but there may be an advantage to putting
different user groups onto different VLANs.

Example, putting Development and HR onto different VLANs essentially puts
them on seperate networks and prevents them from seeing each other. This is
a definate plus for security.

Rich MacVarish
Unemployed
"Insert witty signature file here."


On Thu, 6 Feb 2003, Naman Latif wrote:

> Hi,
> We have different Cisco Catalyst switches configured for VLANS. With 
> the current configuration
>
> 1. All trunks have a  native VLAN, which is not used by any User. 2. 
> Management VLAN is other than VLAN 1.
>
> We have different VLANs in place, however these are only used for 
> different Servers ,And all Users are only members of VLAN-1
>
> Does it make sense to have all the user ports migrated to a Different 
> VLAN (other than VLAN 1) ? Is there a security advantage in this ?
>
> Regards \\ Naman