mailing list archives
RE: VLAN Security
From: "Clinton McGuire" <cmcguire () candlewest com>
Date: Fri, 7 Feb 2003 11:39:32 -0800
Cisco recently held a Sec Boot camp seminar in my area, and they covered
Layer 2 sec issues. One of their topics was "VLAN hopping"... They
were nice enough to put all their slides on the Web in PDF. The first 4
presentations listed are good reads, the 5th if I remember correctly was
pretty well a sales pitch... Presentation 1 is the most relevant, and
includes details of and mitigation for several Layer 2 hacks.
Clint McGuire MCSE, CCNA, Network+, A+
Candlewest Systems Ltd.
email: cmcguire () candlewest com
From: Ethan [mailto:ethan () shame mine nu]
Sent: Friday, February 07, 2003 10:59 AM
Subject: RE: VLAN Security
Since you have a seperate management vlan, and it sounds like there is
nothing else in the vlan besides user ports, I haven't heard of any
advantages to not using the default Vlan. However for organizational
easier administration it would make sense to use a different vlan for
ports, especially if you add other user vlans in the future.
From: Naman Latif [mailto:naman.latif () inamed com]
Sent: Thursday, February 06, 2003 11:00 AM
To: security-basics () securityfocus com
Subject: VLAN Security
We have different Cisco Catalyst switches configured for VLANS. With the
1. All trunks have a native VLAN, which is not used by any User.
2. Management VLAN is other than VLAN 1.
We have different VLANs in place, however these are only used for
different Servers ,And all Users are only members of VLAN-1
Does it make sense to have all the user ports migrated to a Different
VLAN (other than VLAN 1) ?
Is there a security advantage in this ?
Regards \\ Naman