RE: Different terms for the same or more secure?

["Robert D. Holtz - Lists" <robert.d.holtz () gmail com>]

Yes ... secondary's have been around for some time now.  From recollection
you can have up to nine per interface.

We used to have to do this for older DEC equipment.  Way back in time DEC
gear didn't support VLSM and you had to drop a bunch of class c subnets onto
an interface to get around this.  At least this was the method we chose.

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Friday, August 25, 2006 3:46 PM
To: 'Anhtuan Huynh'; eliterhythm () gmail com;
security-basics () securityfocus com
Subject: RE: Different terms for the same or more secure?

> -----Original Message-----
> From: Anhtuan Huynh [mailto:anhtuan.huynh () inttra com] 
> Sent: Thursday, August 24, 2006 2:29 PM
> To: 'eliterhythm () gmail com'; security-basics () securityfocus com
> Subject: RE: Different terms for the same or more secure?
>
> no true. you can only have one subnet per vlan, however, 
> private vlan can be used to further isolate the vlans. also 
> if your using a switch with l3 capability, intervlan routing 
> can be used (SVI). 
>
> 192.168.1.0/24 = VLAN 10
> 192.168.2.0/24 = VLAN 11
>
> you can't have 192.168.1.0 and 192.168.2.0 on VLAN 10. VLAN 
> is a L2 not L3, therefore seperating the broadcast domain 
> independantly.

  You can, actually; Cisco router configuration calls these
"secondary" addresses.

  It's a bit of a weird situation -- you wind up with devices 
that can see each others' broadcasts, but that depend upon their
gateway(s) to relay unicast traffic.
  So as long as you have a router address defined on each
address block, it works.

  It *is* kinda funky.  You NEVER want to build a network this
way from scratch.  But sometimes it's the cleanest way to
accommodate legacy devices -- we have a couple of them on our
network for which this was the simplest of several (worse) 
alternatives.

David Gillett



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------