-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have two Lucent P330 switches (each one is at a seperate location) connected via OC-12 with ATM modules in each switch. I have two VLANs (a VLAN for secure hosts, and a VLAN for other hosts) in each location so that I can control access to the machines on the secure hosts VLAN by passing all traffic from the other hosts VLAN through a screening router. I am using two VLANs and distributing the secure hosts between two sites for redundancy or in case the ATM link between the switches fails so that I still have a subset of secure machines that I can acces at each location.
Basically, my topology would look something like the following: Location 1 Location 2 +-Router-+ +-Router-+ | | | | +---------------+ ATM +---------------+ | VLAN1 | VLAN2 |---------------| VLAN1 | VLAN2 | +---------------+ +---------------+ | | | | Secure Other Secure Other Hosts Hosts Hosts Hosts I have the above setup working right now and everything works like a charm. The two VLANs work nicely and are able to communicate properly even over the ATM (i.e. a secure host in location 1 can easily ping a secure host in location 2 without having to pass through a router, and that traffic is only seen on VLAN1 and not by any machines on VLAN2, likewise an other host in VLAN2 can ping a secure host in VLAN1 only if the traffic first passes through one of the routers). Ok, now for the question. How secure is a setup like this in terms of the VLAN? I know that VLANs were originally designed to enhance performance (i.e. use more the switch's potential) than for security and I have heard about possible vulnerabilities regarding VLAN hopping, but how common are they and what do they require to be successfully launched? Thanks in advance. - --- Jonathan Strine CCNA, MCP [EMAIL PROTECTED] PGP Key ID: 0x0A02201C -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPSOQ//xLhPoKAiAcEQL4qACePqmGf1ExQldP5L1GPdr/Jbxd8gYAn2YM BTT4P8wNDuQRX+SxxOEt15gT =vCQg -----END PGP SIGNATURE-----