Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
2
Helpful
1
Replies

ISFW

bluesea2010
Level 5
Level 5

‎09-13-2023 07:41 PM

Hi

I have Cisco ISE, and our access layer operates at Layer 3. We have VLANs A, B, and C, and our objective is to prevent traffic from VLANs B and C from reaching VLAN A.

All our access layer switches are configured as Layer 3. Is it possible to implement a Dynamic Access Control List (DACL) for this purpose, or should I consider pushing traffic to an Internal Segmentation Firewall (ISFW)? If the latter is feasible, could you please provide guidance on how to set it up?

Additionally, I'm curious about the use of Virtual Routing and Forwarding (VRF) for achieving this segmentation.

I would greatly appreciate any advice or recommendations you can offer on these topics. Thank you in advance for your assistance

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎09-14-2023 12:01 AM

@bluesea2010 a DACL would certainly be the simplest to implement.

You could place VLANs B and C in one VRF and VLAN A on another and setup routing so you must route through the firewall to communicate between VRFs.

Or you could look at TrustSec to segment traffic between VLANs.

Customers Also Viewed These Support Documents