What kind of security is available for VLANs?
To begin with Virtual LANs (VLANs) operate at Layer 2 of the OSI model. However, a VLAN is often configured to map directly to an IP network, or subnet, which gives the appearance it is involved in layer 3 (logical VLAN). VLANs provide security in two ways:
This first method is authentication, which requires that users authenticate before they are assigned to a VLAN. Employing this method is much more powerful than simply basing VLAN assignment on the port a user is connected to or their MAC address. This method offers the only true type of mobility in VLAN.
The second security feature is communication control. Once a user is assigned to a VLAN, communication flow into or out of that VLAN can be controlled by any standard Layer 3 service like ACLs, firewalls, etc. To summarize: High-security users can be grouped into a VLAN, possibly on the same physical segment, and no users outside of that VLAN can communicate with them. And secondly, because VLANs are logical groups that behave like physically separate entities, inter-VLAN communication is achieved through a router. Thus, all the security and filtering functionality that routers traditionally provide can be used.
Dig Deeper on Campus area network
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://...
Continue Reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...
Continue Reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...
Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Start the conversation
0 comments