Date: Tue, 27 Feb 2001 10:14:16 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Olivier Nicole <on@cs.ait.ac.th> Cc: shupilov@technobank.com.by, security@FreeBSD.ORG Subject: Re: vlan Message-ID: <20010227101416.B27373@Odin.AC.HMC.Edu> In-Reply-To: <200102270858.PAA14543@banyan.cs.ait.ac.th>; from on@cs.ait.ac.th on Tue, Feb 27, 2001 at 03:58:15PM %2B0700 References: <3A9A63D8.D6C8881F@eng.ufl.edu> <9185502756.20010227105425@technobank.com.by> <200102270858.PAA14543@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
--7ZAtKRhVyVSsbBD2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 27, 2001 at 03:58:15PM +0700, Olivier Nicole wrote: > Well, as I once heard a guy sayinf in a seminar about security, if you > plan to deal with security, do NOT use vlan. >=20 > Vlan only goal is to present broadcast packets to leak to every > interface. Vlan should not be trusted beyond that. >=20 > So maybe security list is not the best place to ask :) This is not really accurate. While there are a number of implemenations out there with this problem, modern vlan implementations are intended to be fully secure. For instance, Cisco intends their VLANs in conjunction with 802.1X (or a similar propriotary protocol) to allow things like having a visitor be able to plug their laptop in to get internet access but not end up behind the local firewall while an employee could plug their laptop into the same port and have local access. Cisco implements this switching functionality at the ASIC level. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --7ZAtKRhVyVSsbBD2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6m+53XY6L6fI4GtQRAsKDAJ9pk+ZoL8rf0RJk/5X4DW9+hhTg/QCgw169 YTyTzhtt2Dr6iIbeVP+8+WI= =vIXP -----END PGP SIGNATURE----- --7ZAtKRhVyVSsbBD2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010227101416.B27373>