Jason Dixon wrote:
On Thu, 03 May 2007 23:18:38 -0700, Clint Pachl <[EMAIL PROTECTED]> wrote:
Axton wrote:
On 5/2/07, Matiss Miglans <[EMAIL PROTECTED]> wrote:
Hi
Scenario 1 will be right.
Don't mix there "normal" ethernet with vlan's.
Jonathan Whiteman wrote:
Lets say I'm setting up vlan devices so that 4 completely separate
subnets' gateways can share same ethernet port on the router. Is it
more appropriate to give the physical device itself an ip address and
then create 3 vlan devices, or to give the physical device no ip
address
at all and create 4 vlan devices? Or?
I have a hypothetical question regarding security concerning this setup.
Would it be more secure to have 4 physically different interfaces each
connected to a single VLAN?
Mistake, sorry. I meant to say "connected to different VLANs", not
"connected to a single VLAN".
And what exactly is more secure about having 4 different physical interfaces
connected to the same VLAN? That doesn't make any sense, unless you're talking
about trunking the 4 interfaces, then adding a vlan interface on top. All of
which has nothing to do with VLAN security.
Are there security advantages to having 4 physical interfaces of a
router connected to 4 switch ports, with each switch port belonging to a
different VLAN? Or, a single physical interface connected to a single
switch port that belongs to 4 VLANs?
The second option obviously saves you some interfaces and switchports,
albeit a decrease in bandwidth, but does it make you more vulnerable to
VLAN attacks (e.g. VLAN spoofing/hopping)?
Any VLAN security you can really impact will exist on the switch, not at the
host.
I guess I'm asking from a host or switch perspective.
