would you set access rules on routers If....(PLEASE READ) 1

[pctechnician]

If you have Vlans already established segregating different subnets, would you still have to set access lists on the routers

Ex:

2 vlans: students and admins

students are not to talk to admins and vice versa.

now since they are already segregated would you still set access lists saying that students cant talk to admins ?

A+,Net+

 

[InDenial]

pctechnician,

yes... cause the router will route the data from one vlan to another.

It is like having a router with two interfaces. If data for an ip-address on another interface is send to the router it will route (ergo the name router) the date to the other interface.

vlan's are for making the broadcastdomain smaller not for security.

InD.



CCNA

 

[rcasta]

all,

Have a similar issue. Would by just setting ACLs will create security enough? Let's not put a Firewall in the middle up to this point. What other options do I have ?

cheers,

 

[cluey]

VLANs provide security & increase the number of broadcast domains. Unless you have configured inter-vlan communication through the router than security is not a real issue. (Remember that students will sit in a different broadcast domain to admins).

 

[tschouten]

Cluey is right, Vlans are a form of security as well. The two cannot talk to one another unless you make this happen (ie. design it that way).