What kind of security is available for VLANs?

SDG

To begin with Virtual LANs (VLANs) operate at Layer 2 of the OSI model. However, a VLAN is often configured to map directly to an IP network, or subnet, which gives the appearance it is involved in layer 3 (logical VLAN). VLANs provide security in two ways:

This first method is authentication, which requires that users authenticate before they are assigned to a VLAN. Employing this method is much more powerful than simply basing VLAN assignment on the port a user is connected to or their MAC address. This method offers the only true type of mobility in VLAN.

The second security feature is communication control. Once a user is assigned to a VLAN, communication flow into or out of that VLAN can be controlled by any standard Layer 3 service like ACLs, firewalls, etc.

To summarize: High-security users can be grouped into a VLAN, possibly on the same physical segment, and no users outside of that VLAN can communicate with them. And secondly, because VLANs are logical groups that behave like physically separate entities, inter-VLAN communication is achieved through a router. Thus, all the security and filtering functionality that routers traditionally provide can be used.

This was last published in August 2004

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchSDN

Interop 2014: New Broadcom processer boosts NFV deployments

The new multi-core Broadcom processor will enable better processing and agility when simplifying NFV and SDN deployments.

Meet five software-defined networking research rock stars

From programming languages to partial SDN deployments, current SDN research allows for true innovation in the field as proven by ...

SDN market: Opportunity or disruption for channel partners?

Analysts say the SDN market will be very disruptive for networking VARs focused on hardware sales, with a shift in focus from ...

SearchEnterpriseWAN

How to calculate network bandwidth requirements

Figuring out how to calculate bandwidth requirements is vital to ensuring your network runs smoothly, and it's best to get the ...

8 steps to a successful MPLS migration

Successful MPLS migration takes careful consideration. Robert Sturt offers some advice about the steps you should consider before...

VeloCloud's cloud WAN service delivers zero-touch, hybrid WAN

With zero-touch appliances and cloud-based gateways, VeloCloud offers a cloud WAN service that hybridizes MPLS and broadband ...

SearchUnifiedCommunications

How to prepare for and manage VoIP call quality issues

Do you know how to maintain call quality when deploying VoIP? Get the answers to your VoIP quality concerns, from predeployment ...

Oculeus unveils cloud service for toll fraud prevention

Oculeus-Protect, a toll fraud prevention service, automatically ends phone calls determined to be the result of PBX hacking -- a ...

New Microsoft Teams calling features narrow gap with Skype

Microsoft will complete its Microsoft Teams calling roadmap in the coming weeks, with the release of four advanced call controls ...

SearchMobileComputing

How mobile threat defense can complement EMM

MTD adoption isn't widespread yet, but IT admins would do well to stay ahead of the game. Here's how MTD can work in conjunction ...

What's driving the next-generation mobile user experience

Mobile users expect more from their employers these days. Thankfully, new technologies are making it possible for organizations ...

What's driving the next-generation mobile user experience

SearchDataCenter

Security, staffing land atop IT's edge computing challenges

Edge computing is a new way for data center admins to process data closer to the source, but it comes with challenges around ...

Edge computing architecture helps IT support augmented reality

Augmented reality benefits greatly from reduced latency, which makes edge computing a perfect partner in the data center.

Streamline data center power usage tracking with DCIM

If you want a more in-depth picture of your data center's power consumption, explore DCIM options that provide server workload ...

SearchITChannel

SAP Partner Business Forum: Change is upon us

SAP partners need to change their thinking if they're going to enable the 'intelligent enterprise.' That was the big message from...

Arcserve partner strategy puts spotlight on MSP partnerships

Under new Arcserve partner leadership, the data protection provider will enhance its channel program for managed services ...

AWS moves up the stack to appease enterprises

AWS gives users plenty of options, but with that diversity comes complexity. In response, the cloud vendor is poised to move into...

Related Resources

Dig Deeper on Campus area network

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.