Educause Security Discussion mailing list archives

Untrusted VLANs on Core Gear

From: jkaftan <jkaftan () UTICA EDU>
Date: Wed, 7 Feb 2007 13:52:36 -0500

We are looking to create a fully redundant internet connection.  I was
thinking about using my core switch to provide layer 2 for this setup.
Specifically I was going to create an Untrust VLAN that my edge routers and
Firewalls would connect to.

Fundamentally I do not see an issue as VLANs are supposed to be the same
thing as having separate switches (broadcast domains).  However another way
to look at it is that I have potential bad guys actually "touching" my core
gear.

Does this make anyone want to run screaming into the night?

Current thread:

Untrusted VLANs on Core Gear jkaftan (Feb 07)
- <Possible follow-ups>
- Re: Untrusted VLANs on Core Gear Glenn Forbes Fleming Larratt (Feb 07)
- Re: Untrusted VLANs on Core Gear HALL, NATHANIEL D. (Feb 07)
- Re: Untrusted VLANs on Core Gear John Ladwig (Feb 07)
- Re: Untrusted VLANs on Core Gear Raw, Randy (Feb 08)
- Re: Untrusted VLANs on Core Gear Michael Sinatra (Feb 08)
- Re: Untrusted VLANs on Core Gear David C. Smith (Feb 08)
- Re: Untrusted VLANs on Core Gear David LaPorte (Feb 08)
- Re: Untrusted VLANs on Core Gear jkaftan (Feb 08)
- Re: Untrusted VLANs on Core Gear David Gillett (Feb 12)