[Novalug] VLAN confusion ....

Stuart Gathman stuart@gathman.org
Sat Aug 29 22:13:56 EDT 2015


On 08/29/2015 05:52 PM, Peter Larsen via Novalug wrote:
> Gentlemen and ladies ....
> I'm trying to grapple some VLAN stuff that I thought I knew but
> obviously I got something wrong somewhere.  Remember my little thread
> about getting a single "untruested" network for all the little devices
> around the house? Well, if it wasn't for a cheap stupid switch I think
> could just move a few wires and have everything merge correctly.  I
> actually have quite a few very cheap switches around the house, but in
> my "server area" I have managed switches to handle features like
> Jumboframes and VLAN. Everything else is not VLAN aware.
There is nothing a VLAN does that can't be done with multiple dumb 
switches and multiple wires.  All a VLAN does is divvy up the (say) 16 
ports on your switch into (say) 3 switches with 5, 5, and 6 ports.   All 
VLAN tagging does is to let you combine wires.

Simple, intuitive, old school for 3 LANs in 2 locations:

6 dumb 6 port switches, 3 switches in each location,  3 wires between 
each pair of switches


Cool (but complex to configure) VLAN:

2 smart 16 port switches configured into 3 VLANS of 5 ports each, 1 wire 
between the switches.

The dumb switches are actually more secure.  The VLAN requires software 
configuration - and that means security holes for the configuration 
interface.

Airplanes send commands from the cockpit to other parts of the plane via 
LAN.  The LAN *was* physically isolated.  Then airplanes added 
entertainment systems with in-flight internet.  To save wires, they used 
VLANs to combine the flight control and entertainment systems on one 
wire as described above.  Of course, there are security holes in the 
VLAN configuration interface, and a hacker demonstrated gaining access 
to the flight control LAN from the ground via the in-flight internet 
system.  The next 911 won't need any terrorists on the plane  - they can 
fly it into a building from the comfort of their living room.



More information about the Novalug mailing list