Chapter 8: Setting Advanced Properties
122
A properly configured network that
has multiple VLANs should
maintain separate IP segments for
each VLAN. This is necessary
since outbound traffic relies on the
routing table to identify which
adapter (virtual or physical) to
pass traffic through and does not
determine which adapter based on
VLAN membership.
Since support for VLAN tagging on
Broadcom's NDIS 6.0 driver is
limited to transmit (Tx) traffic only,
there is a risk of inbound traffic
(Rx) from a different VLAN being
passed up to the operating
system. However, based on the
premise of a properly configured
network above, the IP
segmentation and/or the switch
VLAN configuration may provide
additional filtration to limit the risk.
In a back-to-back connection
scenario, two computers on the
same IP segment may be able to
communicate regardless of their
VLAN configuration since no
filtration of VLAN membership is
occurring. However, this scenario
assumes that the security may
already be breached since this
connection type is not typical in a
VLAN environment.
If the risk above is not desirable
and filtering of VLAN ID
membership is required, then
support through an intermediate
driver would be necessary.
Table 13. Advanced Features in Microsoft Windows
Feature Description Configuration Steps