Why do people tell me not to use VLANs for security?
- by jtnire
Hi Everyone,
As per title, why do people tell me not to use VLANs for security purposes?
I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They are not "VLAN Aware"). I've also made sure that the native VLAN (PVID) of the trunk links are not the same as either of the 2 host VLANs. I've also enabled "Ingress Filtering". Furthermore, I've made sure that host ports are only members of a single VLAN, which is the same as the PVID of the respective port. The only ports which are members of multiple VLANs are the trunk ports.
Can someone please explain to me why the above isn't secure? I believe I've addressed the double tagging issue..
Thanks