-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have two Lucent P330 switches (each one is at a seperate location)
connected via OC-12 with ATM modules in each switch. I have two
VLANs (a VLAN for secure hosts, and a VLAN for other hosts) in each
location so that I can control access to the machines on the secure
hosts VLAN by passing all traffic from the other hosts VLAN through a
screening router. I am using two VLANs and distributing the secure
hosts between two sites for redundancy or in case the ATM link
between the switches fails so that I still have a subset of secure
machines that I can acces at each location.
Basically, my topology would look something like the following:
Location 1 Location 2
+-Router-+ +-Router-+
| | | |
+---------------+ ATM +---------------+
| VLAN1 | VLAN2 |---------------| VLAN1 | VLAN2 |
+---------------+ +---------------+
| | | |
Secure Other Secure Other
Hosts Hosts Hosts Hosts
I have the above setup working right now and everything works like a
charm. The two VLANs work nicely and are able to communicate
properly even over the ATM (i.e. a secure host in location 1 can
easily ping a secure host in location 2 without having to pass
through a router, and that traffic is only seen on VLAN1 and not by
any machines on VLAN2, likewise an other host in VLAN2 can ping a
secure host in VLAN1 only if the traffic first passes through one of
the routers).
Ok, now for the question. How secure is a setup like this in terms
of the VLAN? I know that VLANs were originally designed to enhance
performance (i.e. use more the switch's potential) than for security
and I have heard about possible vulnerabilities regarding VLAN
hopping, but how common are they and what do they require to be
successfully launched?
Thanks in advance.
- ---
Jonathan Strine CCNA, MCP
[EMAIL PROTECTED]
PGP Key ID: 0x0A02201C
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPSOQ//xLhPoKAiAcEQL4qACePqmGf1ExQldP5L1GPdr/Jbxd8gYAn2YM
BTT4P8wNDuQRX+SxxOEt15gT
=vCQg
-----END PGP SIGNATURE-----
