Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3644
Views
0
Helpful
2
Replies

Logical vs. Physical Subnetting

kellyrudnick
Level 1
Level 1

‎10-23-2008 10:10 AM - edited ‎03-06-2019 02:06 AM

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎10-23-2008 12:41 PM

Kelly

Short answer is yes, physical separation of devices will generally always be more secure.

Two main issues with vlans are

1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.

2) vlan hopping and other attacks. See attached link for vlan security white paper

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.

Jon

0 Helpful

fjcardenas-1
Level 1
Level 1
In response to Jon Marshall

‎10-28-2008 09:05 AM

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.

0 Helpful
Customers Also Viewed These Support Documents