Using VLANs that are routed together?

Posted by dannymcc on Server Fault See other posts from Server Fault or by dannymcc
Published on 2011-11-25T22:14:45Z Indexed on 2011/11/26 1:55 UTC
Read the original article Hit count: 553

Filed under:

networking

|

vlan

|

network-design

I have a quick question that's bugging me the more I read about VLANs.

So far I understand that they are useful for dividing the network into sub-sections, but if you route them together does that not remove any security benefit?

As an example, if I created a VLAN on my home network which was simply one computer, one server and one router.if I wanted to divide the network between computers and servers I could put the computer on VLAN 10 and the server on VLAN 20. Then the computer would no longer be able to communicate with the server - unless I added a static route to the router that connected the two together, basically telling VLAN 10 that VLAN 20 exists and how to communicate with it.

The VLANs would then be connected in a similar way to a 'flat' network that has no VLANs. Therefore, surely, all security benefits are lost.

Am I missing something?

© Server Fault or respective owner

Related posts about networking

Networking stopped working on Ubuntu

as seen on Super User - Search for 'Super User'
I installed Ubuntu 10.04 through the Wubi installer (Funny, I installed it today and thought I would have gotten 10.10). I had a network connection and everything was working fine. I rebooted my coumputer a couple of times and then suddenly, I could not connect to the network and when I click the… >>> More
Troubles with start up defenition of networking service in Ubuntu

as seen on Super User - Search for 'Super User'
I use Ubuntu 12.04.1. I put attention that networking script starting in runlevel 0: user@comp:/etc/rc0.d$ chkconfig -l networking networking 0:on 1:off 2:off 3:off 4:off 5:off 6:off When I try to move it working to appropriate run levels I get error: user@comp:/etc/rc0… >>> More
Installing the Elgg Social Networking CMS

as seen on Internet.com - Search for 'Internet.com'
One Open Source CMS that stands out above the rest for small businesses and personal networks is the Elgg open source "social engine," which can be used to create social applications. Scott Clark shows you how to install and get started with this social networking CMS. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More

Related posts about vlan

Cisco vlan entry missing in vlan.dat, but appears in running-config

as seen on Server Fault - Search for 'Server Fault'
One of our vlan's (ID: 104) stopped working suddenly and computers on that vlan failed when trying to obtain a dhcp ip address. On the Cisco switch if we do show vlan, this command is supposed to shows the vlans in the vlan.dat file. We notice it has every other vlan except the one that is now missing… >>> More
Unable to access VLAN host from VLAN interface in CentOS

as seen on Server Fault - Search for 'Server Fault'
I am playing with VLAN (Virtual LAN) configuration on CentOS 6.4. I have 2 interfaces, eth0 and eth1. I have configured 2 VLAN interfaces eth0.20 and eth0.30 as #file: ifcfg-eth0.20 #------------- VLAN=yes DEVICE=eth0.20 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=192.168… >>> More
Multiple vlans access to shared pbx system

as seen on Server Fault - Search for 'Server Fault'
I'm new to networking and was looking for some assistance. First off I'm using packet tracer to diagram my scenario as I will be receiving my equipment next week to deploy. Hardware to be used: 2 catalyst 3560 switches all connect to a sonic wall router I have two companies that work in the… >>> More
VLAN ID 4095 for guest VLAN tagging

as seen on Server Fault - Search for 'Server Fault'
Just want to know if it's true that if you use the VLAN ID 4095 for guest VLAN tagging, then vMotion will not work correctly as there is nowhere to pass back the reverse arp to? So, the problem we have noticed is when we have vmotioned VM's that are tagged on our trunk network, you cannot ping them… >>> More
vlan change via scvmm not working

as seen on Server Fault - Search for 'Server Fault'
Hi i have a windows 2008 R2 hyper-v server which is managed via scvmm 2008 R2. the guest os running on the hyper-v server is winxp with sp3. if i change the vlan id via scvmm the guest doesn't get an ip via dhcp i looked in the properties of the vm with the hyper-v mmc an see the vlan changed correctly… >>> More