Security Basics mailing list archives
RE: VLAN Security
From: "Ryan Smith" <Ryan.Smith () fairbankscapital com>
Date: Thu, 27 Feb 2003 09:31:03 -0700
VLANS don't really increase security as much as they increase manageability. The truly secure the switches you should implement port level security and limit the number of mac addresses allowed per port. This prevents someone from plugging in a cheap wireless access point and opening your network to the world. It also prevents someone from being able to flood the switch with mac addresses and filling up the mac cache, thus turning your switch into a hub and enabling them to run a man a in the middle attack. On the catalyst OS the command is: set port security 2/1-48 enable age 10 maximum 2 shutdown 10 violation shutdown This sets the mac address age to 10 minutes, the maximum addresses per port to 2, a violation will shut the port down for 10 minutes. Precaution: do not do this on your trunk ports and if you have other switches or WAPs hanging off of ports, increase the max variable accordingly. Smith -----Original Message----- From: Naman Latif [mailto:naman.latif () inamed com] Sent: Thursday, February 06, 2003 12:00 PM To: security-basics () securityfocus com Subject: VLAN Security Hi, We have different Cisco Catalyst switches configured for VLANS. With the current configuration 1. All trunks have a native VLAN, which is not used by any User. 2. Management VLAN is other than VLAN 1. We have different VLANs in place, however these are only used for different Servers ,And all Users are only members of VLAN-1 Does it make sense to have all the user ports migrated to a Different VLAN (other than VLAN 1) ? Is there a security advantage in this ? Regards \\ Naman
Current thread:
- VLAN Security Naman Latif (Feb 07)
- RE: VLAN Security Ken Terry (Feb 07)
- RE: VLAN Security marco misitano (Feb 07)
- Re: VLAN Security Rich MacVarish (Feb 07)
- <Possible follow-ups>
- RE: VLAN Security Ethan (Feb 07)
- RE: VLAN Security Clinton McGuire (Feb 07)
- RE: VLAN Security Ryan Smith (Feb 27)