ISFW

bluesea2010 — Thu, 14 Sep 2023 02:41:42 GMT

I have Cisco ISE, and our access layer operates at Layer 3. We have VLANs A, B, and C, and our objective is to prevent traffic from VLANs B and C from reaching VLAN A.

All our access layer switches are configured as Layer 3. Is it possible to implement a Dynamic Access Control List (DACL) for this purpose, or should I consider pushing traffic to an Internal Segmentation Firewall (ISFW)? If the latter is feasible, could you please provide guidance on how to set it up?

Additionally, I'm curious about the use of Virtual Routing and Forwarding (VRF) for achieving this segmentation.

I would greatly appreciate any advice or recommendations you can offer on these topics. Thank you in advance for your assistance

Re: ISFW

Rob Ingram — Thu, 14 Sep 2023 07:01:21 GMT

@bluesea2010 a DACL would certainly be the simplest to implement.

You could place VLANs B and C in one VRF and VLAN A on another and setup routing so you must route through the firewall to communicate between VRFs.

Or you could look at TrustSec to segment traffic between VLANs.

topic Re: ISFW in Network Access Control

ISFW

Re: ISFW