Question about vlans

[comptek]

Hi guys this may be a multi-part thread.

I am a pc tech learing networking. We have implement something called vlans I guess to segment our network. From what I understand is that w/o the vlans each and everything on our network saw all traffic. For example our server's saw printer requests etc. After the vlans were put into place our servers are now on there own vlans and other vlans like network admin vlans were created also. My question is if a vlan (server) was on it's own vlan how can it still process requests for services like dns dhcp or file services? Vlans dont isolate things from what it looks like. Sorry but my knowledge of networks is not that great. I have more questions to ask after this. Any information would help. Examples would be great too.

Thanks

Comptek

Comptek
A+, Network+

 

[LloydSev]

A Vlan keeps all broadcasts bundled together. It does not however route traffic, which is why regardless of Vlans you can still communicate to devices on your network still. (Unless you setup the Vlan to block traffic to another Vlan).



Computer/Network Technician
CCNA

 

[ReadRight]

VLANs do segment traffic. To communicate between VLANs you will need a router or a layer three switch.

 

[comptek]

Thanks guys for your post. Here is my response. Say you have different vlans ex server vlan, network mgt vlan and application vlans (for general users). If I built a new pc and was susposed to move it from a network mgt vlan to the application vlan but did not. What's the worst that could happen? This may be dependent on the type of vlan that we have at my job but I was curious (maybe someone has done something like this also). Honestly that was what I did and I was scoleded by a fellow employee (funny how when the supervisor/manager is out on vacation that certain employees feel the need to express authority over others). Anyways it was a simple mistake and the user who received the new pc did not notice a difference. They were still able to do there job. When I confronted my coworker about what I did and asked that he explain why what I did was bad he could not do it. He kept repeating that it was just bad. The only thing I could come up with is that if whom ever were to work on this pc they would have to be pretty computer savvy to realize what vlan they are on and do damage. But what can they do on this vlan (Network mgt)? I mean if a computer whiz got onto any other workstation they should have been able to compromise that workstation too right regardless of what vlan?

Thanks guys

Comptek
A+, Network+

 

[ReadRight]

Your Network Mgmt VLAN may be protected by an access list through a router. Someone who is normally not supposed to have access to resources on your NM vlan would have that access, because he wouldn't be going through the access list. That's one example. Nothing technically "bad" can happen by putting someone on the wrong vlan, it's just a security/access issue. Like accidentally putting a user in administrators group kind of thing.

 

[lgarner]

Correct. Unless there's an ACL blocking access from the App VLAN to the NM Vlan, it makes virtually no difference.

 

[comptek]

Thanks again, for answering it. I knew it was not a big deal. Like I said earlier I think my co worker just wanted to display his authority over others. Thanks again guys my question has been answered. See I knew it was ok.

Thanks

Comptek
A+, Network+