On Tue, Aug 07, 2007 at 09:07:48AM +0200, tomfi wrote:
> Yes at this point you must "only" strongly remember that it is
> default/native vlan so not so secure (people are not error prune :) )
> I think one of good practices is to use this vlan as "guest vlan".
Good practice is, not to use it.
In addition the native vlan on links between your switches
(infrastructure devices) should be different than that on links between
your switches and connected hosts if these get trunks.
Than double tagging VLAN hopping is prevented.
Ciao
--
Rainer Nagel, freenet AG Rainer.Nagel@freenet.ag
WillstätterStr. 13, D-40549 Düsseldorf Tel.: +49 211 53087 423
Vorstand: Eckhard Spoerr (Vors.), Fax.: +49 211 53087 500
Axel Krieger, Stephan Esch, Eric Berger Amtsgericht Kiel
Vorsitzender des Aufsichtsrates: Prof. Dr. Helmut Thoma HRB 7306 KI
No comments:
Post a Comment