What kind of security is available for VLANs?

SDG

To begin with Virtual LANs (VLANs) operate at Layer 2 of the OSI model. However, a VLAN is often configured to map directly to an IP network, or subnet, which gives the appearance it is involved in layer 3 (logical VLAN). VLANs provide security in two ways:

This first method is authentication, which requires that users authenticate before they are assigned to a VLAN. Employing this method is much more powerful than simply basing VLAN assignment on the port a user is connected to or their MAC address. This method offers the only true type of mobility in VLAN.

The second security feature is communication control. Once a user is assigned to a VLAN, communication flow into or out of that VLAN can be controlled by any standard Layer 3 service like ACLs, firewalls, etc.

To summarize: High-security users can be grouped into a VLAN, possibly on the same physical segment, and no users outside of that VLAN can communicate with them. And secondly, because VLANs are logical groups that behave like physically separate entities, inter-VLAN communication is achieved through a router. Thus, all the security and filtering functionality that routers traditionally provide can be used.

This was last published in August 2004

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchSDN

Interop 2014: New Broadcom processer boosts NFV deployments

The new multi-core Broadcom processor will enable better processing and agility when simplifying NFV and SDN deployments.

Meet five software-defined networking research rock stars

From programming languages to partial SDN deployments, current SDN research allows for true innovation in the field as proven by ...

SDN market: Opportunity or disruption for channel partners?

Analysts say the SDN market will be very disruptive for networking VARs focused on hardware sales, with a shift in focus from ...

SearchEnterpriseWAN

How to calculate network bandwidth requirements

Figuring out how to calculate bandwidth requirements is vital to ensuring your network runs smoothly, and it's best to get the ...

8 steps to a successful MPLS migration

Successful MPLS migration takes careful consideration. Robert Sturt offers some advice about the steps you should consider before...

VeloCloud's cloud WAN service delivers zero-touch, hybrid WAN

With zero-touch appliances and cloud-based gateways, VeloCloud offers a cloud WAN service that hybridizes MPLS and broadband ...

SearchUnifiedCommunications

Why enterprise adoption of cloud UC should accelerate in 2019

Enterprises like Pacific Dental and PTC are adopting cloud UC to get a consistent, reliable experience across various offices and...

Microsoft Teams vs. Slack: 4 features to consider

Does your IT department need help convincing users to move to Microsoft Teams? Four capabilities in particular in the Microsoft ...

How to deploy team collaboration platforms successfully

How an organization deploys team collaboration tools depends on its overall UC strategy and end-user needs. Discover the ...

SearchMobileComputing

Improve a mobile security strategy with the right policies

IT must factor mobile users into its security plan. Intrusive applications and stolen devices are major security issues, but IT ...

Know when to allow mobile device backup

Mobile devices enrolled in MDM platforms should only be backed up in certain situations. Here's a rundown of what IT should allow...

Why UEM could overshadow the EMM market

As IT has been overwhelmed with too many tools to manage devices, UEM attempts to simplify the situation. Here's what to expect ...

SearchDataCenter

A data center planning and design guide for IT pros

Data center design and management now goes beyond servers and networking cables. Defining budget and IT goals helps set an ...

Data center budget process should review business goals first

Discover four factors data center managers should evaluate when allocating financial resources and areas to address to ensure ...

How to prepare your data center for an HCI appliance

Vendors tout hyper-converged infrastructure as a plug-and-play offering, but before you install anything in your data center, be ...

SearchITChannel

How to succeed at managed services marketing

The marketing formula at service provider DynTek includes executive briefings, messaging around innovation and transformation, ...

AWS partners react to changes, delay in APN program

AWS partners said they support the new requirements established for the AWS APN program, noting the higher bar helps them rise ...

Kaseya MSP clients hit with GandCrab ransomware

GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a...

Related Resources

Dig Deeper on Campus area network

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.