[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Secure VLANs

To: Javier Guerra Giraldez <javier@xxxxxxxxxxx>
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Wed, 05 Jan 2011 21:49:39 +0000
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 05 Jan 2011 13:51:11 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>


On 05/01/11 21:40, Javier Guerra Giraldez wrote:

On Tue, Jan 4, 2011 at 5:58 AM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx>  wrote:

Can someone please give me some tips on how to set up a Xen system with
VLANs in such a way that VLAN hopping by DomUs isn't possible?

I have tagged frames coming from my switch into my Dom0.

set a soft bridge for each VLAN on Dom0 and add each DomU interface to
only the respective bridge.

Don't present the physical interface to the DomUs

I had this method in my head however I wasn't sure if it is "secure".Using the above simple method, is there *no way* that a customer could"VLAN Hop" by double tagging or anything else?


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Secure VLANs
  - From: Fajar A. Nugraha

References:
- [Xen-users] Secure VLANs
  - From: Jonathan Tripathy
- Re: [Xen-users] Secure VLANs
  - From: Javier Guerra Giraldez

Prev by Date: Re: [Xen-users] Secure VLANs
Next by Date: Re: [Xen-users] Secure VLANs
Previous by thread: Re: [Xen-users] Secure VLANs
Next by thread: Re: [Xen-users] Secure VLANs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.