Tom's Hardware > Forum > General Networking > Network General Discussions > VLAN and DMZ and private networks

VLAN and DMZ and private networks

Forum General Networking : Network General Discussions - VLAN and DMZ and private networks

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   05-07-2004 at 11:36:12 AM

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

Is that a bad idea to connect a firewall, a DMZ network
(192.168.2.0/24) and a private network (192.168.1.0/24)
to a switch.
The swith can do VLAN based on any combination
of MAC, IP address, IP subnet and port number.
It can also support Spanning Tree Protocol.

If it is not a bad idea, what combination should I use?
I am prefer to use IP subnet for easy management: no more
remembering the right port numbers or entering MAC or IP
addresses.

TIA,
--
Zoong PHAM UNIX Systems Administrator
Mercy Health and Aged Care Inc. Melbourne - Australia
zpham@mercy_dot_com_dot_au +61 - 3 - 84167747
PGP public key is available on request

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   05-07-2004 at 11:13:30 PM
- 0 +

Archived from groups: comp.dcom.lans.ethernet (More info?)

 

On 7 May 2004 05:36:12 GMT, Zoong Pham <dpham@mercy_dot_com.au> wrote:

>Is that a bad idea to connect a firewall, a DMZ network
>(192.168.2.0/24) and a private network (192.168.1.0/24)
>to a switch.
>The swith can do VLAN based on any combination
>of MAC, IP address, IP subnet and port number.
>It can also support Spanning Tree Protocol.

Relying on VLANs to act as firewalls is generally accepted to be a bad
idea. There have been VLAN hopping vulnerabilities in the past
whereby it has been possible to use various tricks to hop between
VLANs on certain switches. There haven't been any such
vulnerabilities recently (AFAIK), but nonetheless... If separation
between the DMZ and private network is important to you from a
security standpoint, use two switches.

-Terry

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Network General Discussions > VLAN and DMZ and private networks
Go to:

There are 1032 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 1.390 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them