Dynamic access control scheme for service-based multi-netted asymmetric virtual LAN

Virtual Local Area Network (VLAN) is a logical grouping of end stations such that end stations in the VLAN appear to be on the same physical LAN segment even though they may be geographically separated. Contrary to its primary expectations, server centralization, enterprise-wide collaborative applications trends raise various network resources need to be made available to users regardless of their VLAN membership. Unfortunately these trends also increase network security threats. It is general that the primary threat to network security is not caused by external users but the come from individuals inside and organization. Although network access is opened for every user in VLAN, it must be restricted to some degree. In this paper, we propose a new asymmetric VLAN management scheme in which users belonging to multiple VLANs to access another VLAN end station while both end stations are VLAN-unaware. In our scheme, an end station can communicate another end station belonging to different VLAN only after authentication. We also propose a novel VLAN access control scheme that allows only authorized users to access the multi-netted asymmetric VLAN.