Pros and cons of dedicated VLAN for internet

tracy · ‎10-20-2011

What advantages, if any, would a VLAN dedicated to internet traffic have? My client has a small WAN with 6 locations, with a 2821 router at the heart of it and a ASA5510 for the firewall. Currently there is a VLAN dedicated to internet traffic. All locations, desktops and servers have access to this VLAN and the internet. This doesn't appear to be a common practice, but we are weighing the pros and cons of keeping this VLAN. Currently we are doing a redesign of this network, so there is an opportunity to change the VLANs. I believe that it would help with monitoring internet traffic and restricting it if necessary at different locations or at the desktop.

thanks!

Jon Marshall · ‎10-20-2011

It's not clear what you mean.

Do you mean the vlan used for the internet is actually a vlan on the internal network ?

Perhaps a topology diagram would help.

Jon

tracy · ‎10-20-2011

Yes, It is VLAN 99 inside the network.

Jon Marshall · ‎10-20-2011

Need a bit more than that. So is it -

vlan 99 -> inside ASA outside -> internet

and then clients route onto vlan 99 from another vlan via the 2821 router ?

Jon

fb_webuser · ‎10-20-2011

Many security experts frown on this due to default behavior of many switches is to flood all ports. It works though

---

Posted by WebUser Doug Rakocy

fb_webuser · ‎10-20-2011

If all the systems and servers can access that vlan easily then its good to keep a seperate vlan as it is good for security point of view, another good thing is that the broadcasting (due to internet traffic) will remain in that vlan

---

Posted by WebUser Ali Xee