[ previous ] [ next ] [ threads ]
 
 From:  Guy Boisvert <guy dot boisvert at ingtegration dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Virtual LAN?
 Date:  Fri, 12 Nov 2010 15:47:24 -0500
> [Stuff deleted...]
> We use VLANs to separate broadcast domains (a switch already separate 
> collision domains).  You could see vlans as separate dumb switches 
> (that doesn't support VLANs).  2 VLANs on 1 managed switch would be 
> equivalent to 2 physical dumb switch.  VLANs are defined at layer 2 of 
> the OSI model.
>
> [Stuff deleted...]

Replying to myself, i forgot to point out than in applications where 
security is very important, separate switches are safer than 1 swith 
with VLANs.  That's because switches can be fooled into forwarding 
frames between VLANs by using advanced hack technique (like VLAN hopping).

http://www.itsyourip.com/Security/vlan-hopping-layer-2-security-exploit-bypass-layer-3-security/


-- 
Guy Boisvert, ing.
IngTegration inc.
http://www.ingtegration.com







par erreur, vous ne pouvez pas utiliser ou reproduire ce




CONFIDENTIALITY NOTICE : Proprietary/Confidential Information
belonging to IngTegration Inc. and its affiliates may be
contained in this message. If you are not a recipient
indicated or intended in this message (or responsible for
delivery of this message to such person), or you think for
any reason that this message may have been addressed to you
in error, you may not use or copy or deliver this message to
anyone else. In such case, you should destroy this message
and are asked to notify the sender by reply email.