-----Original Message-----
From: Anhtuan Huynh [mailto:anhtuan.huynh@inttra.com]
Sent: Thursday, August 24, 2006 2:29 PM
To: 'eliterhythm@gmail.com'; security-basics@securityfocus.com
Subject: RE: Different terms for the same or more secure?
no true. you can only have one subnet per vlan, however,
private vlan can be used to further isolate the vlans. also
if your using a switch with l3 capability, intervlan routing
can be used (SVI).
192.168.1.0/24 = VLAN 10
192.168.2.0/24 = VLAN 11
you can't have 192.168.1.0 and 192.168.2.0 on VLAN 10. VLAN
is a L2 not L3, therefore seperating the broadcast domain
independantly.
You can, actually; Cisco router configuration calls these
"secondary" addresses.
It's a bit of a weird situation -- you wind up with devices
that can see each others' broadcasts, but that depend upon their
gateway(s) to relay unicast traffic.
So as long as you have a router address defined on each
address block, it works.
It *is* kinda funky. You NEVER want to build a network this
way from scratch. But sometimes it's the cleanest way to
accommodate legacy devices -- we have a couple of them on our
network for which this was the simplest of several (worse)
alternatives.
David Gillett
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
