There are definitely textbook reasons (secondary compromize issues, etc), but does anyone know of a specific technical reason why using a VLAN for a DMZ segment is a bad idea (cisco 5500 switch)?
The VLAN would have no telnet interface living on it, and no level 3 switching/routing going to/from it. It'd be just an isolated segment. The only thing I could think of would be that someone could spoof the frame-tagging or something. Any input is appreciated. -Mike
