Comment on Basic networking/subnetting question.
nottelling@lemmy.world 1 day agoA VLAN is (theoretically) equivalent to a physically separated switch. The only way for machines to communicate between vlans is via a gateway interface.
If you don’t trust the operating system, then you don’t trust that it won’t change it’s IP/subnet to just hop onto the other network. Or even send packets with the other network’s header and spoof packets onto the other subnets.
It’s trivially easy to malform broadcast traffic and hop subnets, or to use various arp table attacks to trick the switching device. If you need to segregate traffic, you need a VLAN.
marauding_gibberish142@lemmy.dbzer0.com 1 day ago
Thank you for the great comment.
This line cleared it up for me:
It is indeed as you say. VLANs on a trunk port wouldn’t really work for security either. This is making me reconsider my entire networking infrastructure since when I started I wasn’t very invested in such things. Thanks for giving me material to think about