Educause Security Discussion mailing list archives
Re: Private Vlans
From: Rich Graves <rgraves () CARLETON EDU>
Date: Fri, 29 Jul 2011 09:14:38 -0500
I have used PVLANs and VACLs for device VLANs -- printers, copiers, PCI terminals, presentation equipment. They both help secure the network and remove the incentive to "borrow" the port for laptop use. I don't see the classic "web hosting service" use case for PVLANs being very applicable to higher ed, though some large university systems might run such a business. If and only if your Windows desktops allow remote management, then I could see PVLANs being useful there, but it would probably be easier to apply firewall/IPSec domain isolation through GPO. I guess there's really two decision points here: Is it better to use PVLANs, or to create new subnets/(virtual) firewall interfaces? Nowadays, the latter is usually easier. But given a flat network, do PVLANs help? Yes, they do. -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin CMC135: 507-222-7079 Cell: 952-292-6529
Current thread:
- Private Vlans Dennis Bohn (Jul 28)
- Re: Private Vlans Everett, Alex D (Jul 28)
- Re: Private Vlans Jeff Kell (Jul 28)
- Re: Private Vlans Flynn, Gary - flynngn (Jul 28)
- Re: Private Vlans Everett, Alex D (Jul 28)
- Re: Private Vlans Rich Graves (Jul 29)
- Re: Private Vlans Everett, Alex D (Jul 28)
- Re: Private Vlans Russ Leathe (Jul 29)
- University e-mail addresses dumped to pastebin Justin C. Klein Keane (Aug 02)
- Re: University e-mail addresses dumped to pastebin Vincent Ohprecio (Aug 02)
- University e-mail addresses dumped to pastebin Justin C. Klein Keane (Aug 02)