Page 463 - StudyBook.pdf
P. 463
Topologies and IDS • Chapter 7 447
capable of supporting VLANs in order to use them.The following are typical char-
acteristics of VLANs when implemented on a network:
■ Each VLAN is the equivalent of a physically separate switch as far as net-
work traffic is concerned.
■ A VLAN can span multiple switches, limited only by imagination and the
capabilities of the switches being used.
■ Trunks carry the traffic between each switch that is part of a VLAN.A
trunk is defined as a point-to-point link from one switch to another
switch.The purpose of a trunk is to carry the traffic of multiple VLANs
over a single link.
■ Cisco switches, for example, use the Cisco proprietary Inter-Switch Link
(ISL) and IEEE 802.1Q protocol as their trunking protocols.
EXAM WARNING
Know that VLANs implement security at the switch level. If you are not
on the same VLAN as another user on your network and access is not
allowed, you can secure communications from such hosts.
A complete description of VLANs beyond the scope of the Security+ exam, can be
found at www.ciscopress.com/articles/article.asp?p=29803&rl=1.The IEEE
802.1Qstandard can be downloaded at www.ieee802.org/1/pages/802.1Q.html.
Network Address Translation
NAT was developed because of the explosive growth of the Internet and the
increase in home and business networks—the number of available IP addresses was
simply not enough.A computer must have an IP address in order to communicate
with other computers on the Internet. NAT allows a single device, such as a router,
to act as an agent between the Internet and the local network.This device or
router provides a pool of addresses to be used by your local network. Only a single,
unique IP address is required to represent this entire group of computers.The out-
side world is unaware of this division and thinks that only one computer is con-
nected. Common types of NAT include:
■ Static NAT Used by businesses to connect Web servers to the Internet
www.syngress.com
