Security Basics mailing list archives

RE: VLANs confusing

From: "Vijay Kumar" <vijay.subscription () gmail com>
Date: Wed, 15 Nov 2006 12:00:09 +0530

HI Raj, 

a) Please go through some docs/html for understanding how VLAN works - maybe

     howstuffworksworks.com will have a good article on the basics. Cisco's
site also has fantastic info on VLAn's :
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuratio
n_guide_chapter09186a00800ca801.html

b) They operate on Layer two also, because segregation of VLANS is more with
respect to dividing MAC"S which is at layer two.  When we configure a switch
with a basic configuration of two VLANs -> we usually do this by creating
another VLAN and adding ports in  as "untagged" into this newly created
VLAN. Essentially what we are trying tell the switch is that it has been
divided into two separate switches and both the switches will share the
hardware for it operation. 
Now over here -> when we talk about Inter-Vlan communication its at that
time when the concept of Inte-VLAn routing and the "tagging" comes in the
picture.  

c) So, "Layer 2 switches which are VLAn enabled means " they have the
capability to create VLANs. Maybe some low cost switches donot have these
features but do operate on layers 2. Don't buy these unless there is a
budget constraint. You never know when you need VLAN's 

d) Cisco generally  has a lot of proprietary stuff. So if if we need to
configure Cisco with  other switches we need to make sure that the tagging
protocol is they use 802.1Q and not ISL protocol.  I am not aware of any
specific problem between Cisco and Dax. 

e) My advice to you is : If you have couple of switches - just go ahead and
configure whatever you know and have read about VLANs. You will understand
VLANS in a better manner. I had cleared my CCNA but tobe very frank I got a
better insight only after working on VLANS. Even today there are issues and
configurations which I don't understand completely. Unless you are working
on these things continuously - its extremely difficult to get a hold on this
vast topic.  If you are not working on it on daily basis then , its better
you get a stong hol don the basics and learn/read about what parameters and
protocols will optimize the performance of a switch and how to reduce/detect
the broadcasts just  by monitoring the ports of the switch. This will help
you in your job function. 

Hope the info is useful to you. 

Thanks, 
Vijay Kumar. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Raj Shaz
Sent: Sunday, November 12, 2006 12:49 PM
To: security-basics () lists securityfocus com
Subject: VLANs confusing

Hi group

Few basic stuffs bothering me, thus needed clarification.

All i understand of VLANs is encryption of packets at source and
decryption at destination. Now If at both ends i have cisco
devices,which protocols/ algorithms are used by them?. I have notices
configuration of DAX switches on cisco network the VLANS doesnot work.
Which protocol does these machines should used then?

When two cisco devices are configured for VLANs , we basically make
these devices to transfer key (for en/decryption) ,does these keys has
any relevance with other VLANs?. Is there exists a possibility of key
overlapping on gigantic network ( akin internet ).

Which layer VLANS works, layer 3 right?. Then what do u mean when u
say VLAN enabled layer 2 switches?

Sorry, seems rudimentary stuff. But hope my brain is highlighted with
some wisdom.Some ref to good notes online?

-Raj

___________________
If u want 100% security for ur network communication, use pigeons

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

VLANs confusing Raj Shaz (Nov 14)
- Re: VLANs confusing Aaron Howell (Nov 15)
- RE: VLANs confusing David Gillett (Nov 15)
- RE: VLANs confusing - Explained Michael Dieroff (Nov 15)
- Re: VLANs confusing Kern (Nov 15)
  - RE: VLANs confusing Shain Singh (Nov 16)
- Re: VLANs confusing Jens Hoffmann (Nov 15)
- Filer/Share Time Access Restrictions (Help). Huang, John, GCM (Nov 15)
  - Re: Filer/Share Time Access Restrictions (Help). Saqib Ali (Nov 16)
  - RE: Filer/Share Time Access Restrictions (Help). Cruse, Kevin (Nov 16)
- RE: VLANs confusing Vijay Kumar (Nov 15)
- Re: VLANs confusing Brian Loe (Nov 15)
- <Possible follow-ups>
- Re: VLANs confusing 3e323 (Nov 15)
- Re: VLANs confusing Kenton Smith (Nov 15)