cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

177
Views
0
Helpful
0
Replies
Highlighted

PVLAN security

Hi community,

we want to use the private VLAN-technology, but we have some doubts on the layer 3 security.

There  are 3 hosts (1 promicious [P1]- later this should be a firewall, which  limits traffic between two VLANs &  2 in a isolated secondary VLANs  [I1 & I2]).

I1 & I2 can't communicate directly with each other.

The problem is, that if I1 takes the IP of I2, I1 will be able to use the firewall-rules of I2.

Incoming traffic can be limited/secured by using static ARP-tables on P1 and rejecting mac-adress-changes on the virutal distributed switch (VMware).

Outgoing traffic can be limited/secured by using the mac-addresses in the iptables.

But i don't believe, that this procedure is the best and i want to know, how you solved the security issues on layer 3.

Thank you for your help and best regards

Everyone's tags (5)
CreatePlease to create content
Content for Community-Ad