Securing Inter VLAN Traffic

VLANs are used as an alternative solution to routers for broadcast containment. A Layer 2 switch can be configured to group subsets of ports into virtual broadcast domains isolated from each other. These domains are commonly known as virtual LANs (VLANs). Using a VLAN not only offers the benefit of containing traffic within a VLAN, but also provides security by restricting communication between hosts in different VLANs. A typical VLAN implementation will have hosts in each VLAN with a unique IP subnet. Inter VLAN communication, if required, is accomplished by routing the traffic between VLANs. In this tech note, we will discuss how Palo Alto Networks firewalls can be used to secure inter VLAN traffic when each VLAN has its own IP subnet and when a single IP subnet spans multiple VLANs.

owner: jparapurath