Security Basics mailing list archives
RE: VLANs confusing
From: "Vijay Kumar" <vijay.subscription () gmail com>
Date: Wed, 15 Nov 2006 12:00:09 +0530
HI Raj, a) Please go through some docs/html for understanding how VLAN works - maybe howstuffworksworks.com will have a good article on the basics. Cisco's site also has fantastic info on VLAn's : http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuratio n_guide_chapter09186a00800ca801.html b) They operate on Layer two also, because segregation of VLANS is more with respect to dividing MAC"S which is at layer two. When we configure a switch with a basic configuration of two VLANs -> we usually do this by creating another VLAN and adding ports in as "untagged" into this newly created VLAN. Essentially what we are trying tell the switch is that it has been divided into two separate switches and both the switches will share the hardware for it operation. Now over here -> when we talk about Inter-Vlan communication its at that time when the concept of Inte-VLAn routing and the "tagging" comes in the picture. c) So, "Layer 2 switches which are VLAn enabled means " they have the capability to create VLANs. Maybe some low cost switches donot have these features but do operate on layers 2. Don't buy these unless there is a budget constraint. You never know when you need VLAN's d) Cisco generally has a lot of proprietary stuff. So if if we need to configure Cisco with other switches we need to make sure that the tagging protocol is they use 802.1Q and not ISL protocol. I am not aware of any specific problem between Cisco and Dax. e) My advice to you is : If you have couple of switches - just go ahead and configure whatever you know and have read about VLANs. You will understand VLANS in a better manner. I had cleared my CCNA but tobe very frank I got a better insight only after working on VLANS. Even today there are issues and configurations which I don't understand completely. Unless you are working on these things continuously - its extremely difficult to get a hold on this vast topic. If you are not working on it on daily basis then , its better you get a stong hol don the basics and learn/read about what parameters and protocols will optimize the performance of a switch and how to reduce/detect the broadcasts just by monitoring the ports of the switch. This will help you in your job function. Hope the info is useful to you. Thanks, Vijay Kumar. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Raj Shaz Sent: Sunday, November 12, 2006 12:49 PM To: security-basics () lists securityfocus com Subject: VLANs confusing Hi group Few basic stuffs bothering me, thus needed clarification. All i understand of VLANs is encryption of packets at source and decryption at destination. Now If at both ends i have cisco devices,which protocols/ algorithms are used by them?. I have notices configuration of DAX switches on cisco network the VLANS doesnot work. Which protocol does these machines should used then? When two cisco devices are configured for VLANs , we basically make these devices to transfer key (for en/decryption) ,does these keys has any relevance with other VLANs?. Is there exists a possibility of key overlapping on gigantic network ( akin internet ). Which layer VLANS works, layer 3 right?. Then what do u mean when u say VLAN enabled layer 2 switches? Sorry, seems rudimentary stuff. But hope my brain is highlighted with some wisdom.Some ref to good notes online? -Raj ___________________ If u want 100% security for ur network communication, use pigeons --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- VLANs confusing Raj Shaz (Nov 14)
- Re: VLANs confusing Aaron Howell (Nov 15)
- RE: VLANs confusing David Gillett (Nov 15)
- RE: VLANs confusing - Explained Michael Dieroff (Nov 15)
- Re: VLANs confusing Kern (Nov 15)
- RE: VLANs confusing Shain Singh (Nov 16)
- Re: VLANs confusing Jens Hoffmann (Nov 15)
- Filer/Share Time Access Restrictions (Help). Huang, John, GCM (Nov 15)
- Re: Filer/Share Time Access Restrictions (Help). Saqib Ali (Nov 16)
- RE: Filer/Share Time Access Restrictions (Help). Cruse, Kevin (Nov 16)
- RE: VLANs confusing Vijay Kumar (Nov 15)
- Re: VLANs confusing Brian Loe (Nov 15)
- <Possible follow-ups>
- Re: VLANs confusing 3e323 (Nov 15)
- Re: VLANs confusing Kenton Smith (Nov 15)