On 17/02/2010, at 12:12 PM, Jason Dixon wrote: > On Tue, Feb 16, 2010 at 07:54:47PM -0600, Corey wrote: >> >> Throwing out a topic for discussion...I have seen a couple of posts on >> here regarding use of VLANs to segregate traffic that I would usually >> use separate interfaces for. I am just curious what the thoughts of the >> list are on this practice. I haven't ever set up VLANs on anything >> large or serious, and do not claim to know the security implications, >> other than switch/interface misconfiguration possibly getting one into >> trouble, and awareness of (but no experience with) tools like dsniff. > > They're fine if you know how to use them properly. I use them all the > time in "heavy" production (whatever the fuck that means). ;-)
me too. i put pfsync on its own physical interface, absolutely everything else goes over vlans on a separate nic. dlg
