Comware

 View Only

  • 1.  Isolating VLANs

    Posted Apr 02, 2012 07:10 PM

    Hiya

     

    I want to assign three ports to a VLAN so I can connect two firewalls to our ISPs router. So I want the VLAN to be isolated. So far I'm planning on doing the following:

     

    No VLAN interface.

    Disable LLDP on the ports.

    Disable IGMP on the VLAN.

    Disable MSTP on the ports.

    All ports untagged on the VLAN.

     

    Is there anything else I should be doing to make this public-facing VLAN more secure?

     


    #VLAN


  • 2.  RE: Isolating VLANs

    Posted Apr 04, 2012 04:52 AM

    hi amtiskaw

     

    if you have no vlan-interface at the internet you are save enough, because noone can reach your switch. all other features are L2 and can not reached from the Internet as well (L3).

     

     

    br

    Manuel



  • 3.  RE: Isolating VLANs

    Posted Apr 13, 2012 11:16 PM

    DHCP and ARP snooping might be worth turning on as well, for added security.



  • 4.  RE: Isolating VLANs

    Posted Apr 15, 2012 01:30 PM

    If you don't want VLAN to VLAN communication.   Make everything in that VLAN's gateway the firewall instead of the VLAN address. 



  • 5.  RE: Isolating VLANs

    Posted Jun 25, 2012 06:49 PM

    Thanks, guys :-)



Related Content