Security Basics mailing list archives

RE: VLAN Question

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 25 Aug 2003 09:19:34 -0700

Remember the time when switched networking was a new and 
up-and-coming cool thing? Remeber those rows upon rows of 
AUI ports or 10Base2 connections all connnected to hunking 
brown hubs? Remember replacing then with one 48 port
switch and 2 HE's worth of twisted pair jacks? Well at that 
time switches *were* massively more expensive than hubs.


  Some sites didn't make the leap from massive piles of hubs
to switches *instead* until huge switches became available.
That much is true.
  But that point in time marks neither the origin of switches,
nor the origin of VLANs.  It marks a migration of these
technologies into the territory that had up until then been
the exclusive domain of hubs.

And the VLAN *was* intended to let you buy one big hunking 
switch and run several subnets off of it. This had nothing 
to do with big switches v. little switches, but rather with 
big switches v. big hubs.


  Switches -- and VLANs -- had existed for some time, created 
to solve a different set of problems entirely.  The sites that
made the transition you describe either (a) never had the issues 
VLANs were created to solve, or (b) used routers rather than 
switches to segment their networks at layer 3 instead of layer 2,
and so used the available feature *in a simpler way than intended*
when they finally chose to introduce switches to their networks.
  Read carefully.  I am not saying nobody ever (ab)used VLANs
this way.  I am merely pointing out that this limited (wasteful)
use was not (and never could or would have been) the reason the 
feature was originally *created*.

David Gillett


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

VLAN Question Steven Williams (Aug 20)
- RE: VLAN Question David Gillett (Aug 20)
- Re: VLAN Question Bennett Todd (Aug 20)
  - RE: VLAN Question David Gillett (Aug 21)
    - Re: VLAN Question Bennett Todd (Aug 21)
    - RE: VLAN Question David Gillett (Aug 21)
- <Possible follow-ups>
- RE: VLAN Question Meidinger Chris (Aug 22)
  - RE: VLAN Question David Gillett (Aug 25)