Problem solve Get help with specific problems with your technologies, process and projects.

What kind of security is available for VLANs?

What kind of security is available for VLANs?
To begin with Virtual LANs (VLANs) operate at Layer 2 of the OSI model. However, a VLAN is often configured to map directly to an IP network, or subnet, which gives the appearance it is involved in layer 3 (logical VLAN). VLANs provide security in two ways:

  • This first method is authentication, which requires that users authenticate before they are assigned to a VLAN. Employing this method is much more powerful than simply basing VLAN assignment on the port a user is connected to or their MAC address. This method offers the only true type of mobility in VLAN.
  • The second security feature is communication control. Once a user is assigned to a VLAN, communication flow into or out of that VLAN can be controlled by any standard Layer 3 service like ACLs, firewalls, etc.

    To summarize: High-security users can be grouped into a VLAN, possibly on the same physical segment, and no users outside of that VLAN can communicate with them. And secondly, because VLANs are logical groups that behave like physically separate entities, inter-VLAN communication is achieved through a router. Thus, all the security and filtering functionality that routers traditionally provide can be used.

  • This was last published in August 2004

    Dig Deeper on Campus area network

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.