HPE Community
Switches, Hubs, and Modems
1752594 Members
2918 Online
108788 Solutions
New Discussion юеВ

Re: What is the goal of using VLans ?

 
fgilain
Occasional Advisor

тАО04-06-2005 09:28 PM

тАО04-06-2005 09:28 PM

What is the goal of using VLans ?

Hi all,

sorry, i'm really a beginner....
I have 3 HP Procurve 2524.
Now, could someone explain me the goa lof using Vlans please.

For the moment here is what i think about it :
- I have a lan, lets say using 192.168.1.XXX / 255.255.255.0
- Now, i want to make few of my servers public on internet, so i need to add a switch that would be attached to my firewall's DMZ port.

Will Vlan securely allow me to avoid using a new Switch by sayingfor example taht port 1 to 5 would be different (and isolated) network ?

thanks

Sorry for my poor english.

Florent
0 Kudos
4 REPLIES 4
Les Ligetfalvy
Esteemed Contributor

тАО04-07-2005 12:51 AM

тАО04-07-2005 12:51 AM

Re: What is the goal of using VLans ?

VLANs are for the logical separation of broadcast domains, not the physical separation of firewalled subnets.
0 Kudos
Kell van Daal
Respected Contributor

тАО04-10-2005 08:36 PM

тАО04-10-2005 08:36 PM

Re: What is the goal of using VLans ?

What you suggest is possible, and if implemented correctly only a little less secure than buying a new switch.
Your firewall will be connected with 2 ports to the switch. One will be connected to port 1 (for example) for the DMZ VLAN. The other will be connected to the LAN VLAN.
For security reasons, make sure the DMZ VLAN doesn't have a management interface (IP-address).

Why it is less secure than a new switch is because if the switch can be hacked from the outside, it would most probably be on the DMZ VLAN. Because the switch is also connected to the LAN, the hacker gains access to the LAN. The functionality of the 2500 doesn't allow for a lot to be done though. It's not possible to let the 2500 route between the VLAN's and such. A possible attack would be telnetting to the firewall on the inside interface, where there are less restrictions.

With a seperate switch, the hacker would be contained to that switch, and would not gain access to the LAN.
The scenario described above is highly unlikely to happen/succeed, so the security risk is low on that imo.
0 Kudos
fgilain
Occasional Advisor

тАО04-10-2005 08:49 PM

тАО04-10-2005 08:49 PM

Re: What is the goal of using VLans ?

Hummm...ok

So Vlan isn't really what i was thinking it was.

I'm not sure my boss would be ok to take such a risk...let's buy another switch ;-((

Thanks

Florent
0 Kudos
Les Ligetfalvy
Esteemed Contributor

тАО04-11-2005 02:58 AM

тАО04-11-2005 02:58 AM

Re: What is the goal of using VLans ?

I did not mean to imply that VLAN and security is an oxymoron, but in the context of this question and the 25xx series, I would not VLAN a DMZ segment. They are inexpensive switches that lack some of the security of more advanced switches. Sorry for the short answer.

While not really related to your situation, I have included a link to an article that touches upon VLAN security on some of the higher end products. There are a lot of people looking to VLANs to quarantine rogue connections and wireless APs.

http://www.hp.com/rnd/pdf_html/guest_vlan_paper.htm
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.