VLANs are great traffic management tools. VLANs work by having Ethernet switches insert a “tag” in to the header of each Ethernet message. Other switches on the network can read this tag and make decisions on whether a message should be forwarded. But switches with VLANs are not firewalls. They operate at layer 2 (the Ethernet layer) and don’t understand the “state” of the messages flowing through them. This makes the spoofing of VLAN tags trivial – there is no check to detect if a tag has been adjusted by a hacker.


Blog Posts

White Papers