Now don't get me started on VLANs. Just this much: don't use VLANs to 'separate' networks of (more or less substantially) different trust. Instead, implement physical separation.
Obviously physical separation would clearly be better but do you have any links to any information about the circumstances in which VLAN failure/overriding/etc. might occur and if there are weaknesses in any particular switch OSes? You've got me worried now :-)
I'm sorry, I don't have any specifics anymore after a recent crash annihilated all of my browser bookmarks. I had read an article on the SANS website in which they reported the results of one test of VLAN strength. The flaws they found could be avoided by proper configuration. However, http://www.google.com/search?q=sans+vlan+switch+security&sourceid=opera&num= 0&ie=utf-8&oe=utf-8 turns up quite a number of links and at least one document that I don't know, so more may have happened. Regardless, the security community pretty much agrees that VLANs aren't meant to enforce security, the connection between VLANs and security that, for one, Cisco mentions, is drawn when comparing a VLANed switch with a non-VLANed one, not by comparison of VLANs versus physically distinct switches. As such, the argument is highly misleading, IMHO. It may well be that you won't find a lot of information on actual vulnerabilities of existing VLAN implementations. Even if you would, they should hopefully be fixed by now. However, it is probable that these vulnerabilities were found more or less by chance, not by thorough means such as a code audit. And as such, you have to assume that there'll be more problems. As is always the case, if you can't find anything in the Bugtraq archives on a certain product, that doesn't in any way mean the product is free of vulnerabilities. It just means noone has bothered to look yet. Tobias