I am evaluating subneting our network with a Layer 2 switch and VLAN. From what I know, VLAN only works on broadcast domain, and if I know the MAC address of a remote computer on the same switch, I can bypass the VLAN security entirely by mapping the MAC address to my own ARP table. Is that correct?
Thanks
Best Answer
You are not correct. When a switch creates a VLAN, it is effectively the same as if you created two separate networks connected with their own switches. A person can no more bypass the VLAN using a direct MAC address than you could gain access to your neighbor across the street if you knew his MAC address.
Think of it as two physically separated networks.