This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VLAN philosophy - are VLANs necessary?

VLAN philosophy - are VLANs necessary?

Michael_Savage
New Contributor

‎03-25-2016 04:03 PM

Hi everyone. I am just wondering what people think about the use of VLANs in a 100% Extreme network (B5 for wired and 5210 wireless)? I've heard things like VLANs are "old school" and there are better ways of doing things now with policy, NetSight, and NAC. I do believe policies are powerful tools for configuring and securing the network, but there is still that old idea of isolating traffic into separate broadcast domains for performance reasons. And dividing your network into subnets (VLANs) makes it easy to create policy and shape traffic on the firewall.

Are there any opinions out there? Should we be looking at a mix of both VLANs and policies? Are VLANS passé? I am new to Extreme Networks and policy-driven equipment so would very much welcome the feedback.
0 Kudos
7 REPLIES 7

André_Herkenrat
Extreme Employee

‎03-26-2016 06:04 AM

Basically VLANs are used to bring structure in a network.
The structure is a basic need for redundancy and traffic control.

VLANs also allow the scaling of a network. Without VLANs Networks are limited to a certain amount of participants.

I wouldn't see a VLAN as a security measure. Just implementing an ACL is not a security measure.

Policies give you the opportunity to have a security measure at the edge port.

So:
VLANs give you the structure and are the foundation for a proper build network. Policies are an addon to make it more secure.

0 Kudos

Michael_Savage
New Contributor

‎03-26-2016 12:53 AM

Thanks for the response. Makes good sense.

Any other opinions?
0 Kudos

Zdeněk_Pala
Extreme Employee

‎03-25-2016 04:45 PM

In the past the VLAN was handled as security tool. Different VLAN goes to ip subnets and ACLs on the router. The above approach is old, the security tool can be policy = apply filtering and QoS on the ingress of the network. Policy approach is better. The VLAN can be part of policy also. The VLAN should be a broadcast container => absolutely valid approach... Hope it makes sense Regards
Regards Zdeněk Pala
0 Kudos
GTM-P2G8KFN