Comware Based
1748156 Members
3793 Online
108758 Solutions
New Discussion

Re: Isolating VLANs

 
Amtiskaw
Occasional Advisor

Isolating VLANs

Hiya

 

I want to assign three ports to a VLAN so I can connect two firewalls to our ISPs router. So I want the VLAN to be isolated. So far I'm planning on doing the following:

 

No VLAN interface.

Disable LLDP on the ports.

Disable IGMP on the VLAN.

Disable MSTP on the ports.

All ports untagged on the VLAN.

 

Is there anything else I should be doing to make this public-facing VLAN more secure?

 

4 REPLIES 4
manuel.bitzi
Trusted Contributor

Re: Isolating VLANs

hi amtiskaw

 

if you have no vlan-interface at the internet you are save enough, because noone can reach your switch. all other features are L2 and can not reached from the Internet as well (L3).

 

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland
paulgear
Esteemed Contributor

Re: Isolating VLANs

DHCP and ARP snooping might be worth turning on as well, for added security.

Regards,
Paul
Michael A. McKenney
Respected Contributor

Re: Isolating VLANs

If you don't want VLAN to VLAN communication.   Make everything in that VLAN's gateway the firewall instead of the VLAN address. 

Amtiskaw
Occasional Advisor

Re: Isolating VLANs

Thanks, guys :-)