09-12-2013 05:02 AM - edited 03-07-2019 03:26 PM
Hi all
is there any harm in tagging a guest vlan all over my lan and lan extension circuits to our other sites ? is there any security issues around this ?
Solved! Go to Solution.
09-12-2013 01:45 PM
Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.
Sent from Cisco Technical Support iPhone App
09-12-2013 01:45 PM
Assuming that the VLAN is kept isolated or firewalled from the rest of your network I'd be less concerned about security and more concerned with bridging loops forming due to extending a common VLAN over your entire network.
Sent from Cisco Technical Support iPhone App
09-16-2013 05:47 AM
what do you mean by isolated ?
it isnt routable on our network, it connects to a firewall, this OK ?
09-16-2013 06:33 AM
Why not just have a seperate swich for the Guest hosts plugged straight into the firewall to create a 'DMZ'?
Why do you need to pass the guest vlan traffic across your existing LAN?
Are your WAN links Layer 2 ?
09-16-2013 11:54 AM
I'm assuming that when you say that you have LAN extension links that you are using layer two across them? If so I would avoid trunking too many VLANS across them as a broadcast storm on any VLAN would saturate your links. The same goes for extending a VLAN across your local network, best practice would dictate layer three should be used to avoid the need for STP for fault recovery etc.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide