cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
0
Helpful
4
Replies

Guest vlan tagged over lan and wan links

carl_townshend
Spotlight
Spotlight

Hi all

is there any harm in tagging a guest vlan all over my lan and lan extension circuits to our other sites ? is there any security issues around this ?

1 Accepted Solution

Accepted Solutions

shanemoss
Level 1
Level 1

Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.

Sent from Cisco Technical Support iPhone App

View solution in original post

4 Replies 4

shanemoss
Level 1
Level 1

Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.

Sent from Cisco Technical Support iPhone App

what do you mean by isolated ?

it isnt routable on our network, it connects to a firewall, this OK ?

Why not just have a seperate swich for the Guest hosts plugged straight into the firewall to create a 'DMZ'?

Why do you need to pass the guest vlan traffic across your existing LAN?

Are your WAN links Layer 2 ?

shanemoss
Level 1
Level 1

I'm assuming that when you say that you have LAN extension links that you are using layer two across them? If so I would avoid trunking too many VLANS across them as a broadcast storm on any VLAN would saturate your links. The same goes for extending a VLAN across your local network, best practice would dictate layer three should be used to avoid the need for STP for fault recovery etc.

Sent from Cisco Technical Support iPhone App

Review Cisco Networking for a $25 gift card