I think there's a danger of becoming just a little overly paranoid when you talk about risks of using vlans, especially in the environments most people here are working in.
As long as the networks are genuinely seperate, at L3 as well as L2 (with VLANs) and (going by google, the main "risk" being against incorrectly configured ports - that's not a vulnerability!) tagging is disabled on everything you don't want to tag multiple vlans to, you've really not got too much to worry about.
If you're trying to use vlans to shoehorn what really should be 1 network into 2 then yes - that's not the way to do it, but used properly there's no reason to get so paranoid that you'd insist on totally seperate physical infrastructure.
GeeDee - exactly. Yes schools need security but they don't need to be OTT about it. Running too disparate networks just seems a step too far... Afterall, they're only kids - what could they possibly do to damage the network? :P
There are currently 1 users browsing this thread. (0 members and 1 guests)