Virtual local area networks (VLANs) are deployed in a secure manner that does not compromise the security of information and systems.

]]> This section covers information relating to the use of VLANs within agency networks.

]]> For the purposes of this section Multiprotocol Label Switching (MPLS) is considered to be equivalent to VLANs and is subject to the same controls.

]]> A single network, managed in accordance with a single SecPlan, for which some functional separation is needed for administrative or similar reasons, can use VLANs to achieve that functional separation.

]]> VLANs can also be used to separate VTC and IPT traffic from data traffic at the same classification (See Section 18.3 – Video and Telephony Conferencing and Internet Protocol Telephony).

]]> Software-defined networking (SDN) is an approach to networking in which control is decoupled from hardware and managed by a separate application described as a controller. SDNs are intended to provide flexibility by enabling network engineers and administrators to respond to rapidly changing business requirements.

]]> Separation and Segregation principles also apply to SDNs. Refer to Section 22.2 – Virtualisation.

]]> Further references can be found at:

Reference	Title	Publisher	Source
IEEE 802.1Q-2011	IEEE Standard for Local and Metropolitan area networks – Media Access Control (MAC) Bridges, and Virtual Bridged Local Area Networks.	Institute of Electrical and Electronics Engineers (IEEE)	IEEE SA - The IEEE Standards Association - Home
	Inter-Switch Link and IEEE 802.1Q Frame Format	CISCO	Inter-Switch Link and IEEE 802.1Q Frame Format - Cisco
	Dynamic Trunking Protocol (DTP)	CISCO	Virtual LANs VLAN Trunking Protocol (VLANs VTP) - Cisco

]]> Limiting the sharing of a common (physical or virtual) switch between VLANs of differing classifications reduces the chance of data leaks that could occur due to VLAN vulnerabilities. Furthermore, disabling trunking on physical switches that carry VLANs of differing security domains will reduce the risk of data leakage across the VLANs. The principles of separation and segregation must be applied to all network designs and architectures.

]]> The principles of separation and segregation MUST be applied to the design and architecture of VLANs.

]]> Agencies MUST NOT use VLANs between classified networks and any other network of a lower classification.

]]> Agencies MUST NOT use VLANs between any classified network and any unclassified network.

]]> VLAN trunking MUST NOT be used on switches managing VLANs of differing security domains.

]]> When administrative access is limited to originating from the highest classified network on a switch, the security risk of a data spill is reduced.

]]> Administrative access MUST be permitted only from the most trusted network.

]]> Disabling unused ports on a switch will reduce the opportunity for direct or indirect attacks on systems.

]]> Unused ports on the switches MUST be disabled.

]]> Unused ports on the switches SHOULD be disabled.

]]>