cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1338
Views
3
Helpful
14
Replies

implementation of Network segmentation help needed and step by step

ddesai
Level 1
Level 1

Network Segmentation of audio-video environment. I am looking Network Segmentation of our one Subnet of AV. Can anyone help me on this? If you have best example or step by step process to do it Cisco switch or will need firewall or any other third-party product like color tokens or Lumio or Cisco ISE

1 Accepted Solution

Accepted Solutions

@ddesai you could use a dedicated VLAN for your AV devices, then assign a ACL on the SVI's on the switch to control the traffic routed between different VLANs. You could also use a VLAN (VACL) which would restrict communication within the VLAN, example.

Or more modern solution would be to use ISE with TrustSec for full centralised segmentation, but that will cost a lot more money.

 

View solution in original post

14 Replies 14

ammahend
VIP
VIP

If you want to do it without any investment then split the 1 subnet into 2 or add a net new subnet, map each subnet to a new vlan and assign endpoint into the respective vlan, vlan gateway would most likely be a router or an SVI on the switch itself, if you don't want the 2 subnets to talk to each other then just add an ACL on the SVI interface. This is simplest way for a small single subnet.

you can watch this or search more similar videos

if you want to get creative you can use ISE and Cisco TrustSec and segment based on SGTs if you want to know more, provide more information about network, preferably with a topology diagram.

-hope this helps-

Thank you for the update, Appreciated your inputs.  what is meaning to split 1 subnet into 2, Currently we are using one subnet, and we have installed few locations AV devices and configured on VLAN 50. What is example of ACL on SVI interface?  Now I am good with single subnet. I have to start with core switch SVI interface correct me if I am wrong. I am doing first time so make sure everything. 

Do we need Multilayer switch, or can we do it on cisco 9300 access layer switch? 

I am watching video which you are sending me that was inter vlan routing not network segmentation. Correct me if I am wrong. 

@ddesai you could use a dedicated VLAN for your AV devices, then assign a ACL on the SVI's on the switch to control the traffic routed between different VLANs. You could also use a VLAN (VACL) which would restrict communication within the VLAN, example.

Or more modern solution would be to use ISE with TrustSec for full centralised segmentation, but that will cost a lot more money.

 

As per my setup looks like I have to applied ACL on SVI because all AV devices installed on one VLAN. Correct me if I am wrong and if you have any video for one subnet with ACL than please share that will be great help to understand.

Any inputs on this ?

if its SVI then no need router correct ?

 

@ddesai if the switch has a SVI then it is doing the routing, you no you don't need a phyiscal router.

Is there any way can I know which subnet we will need to add in/out access list from cisco switch?

any inputs on this ?

Is there any way can I know what subnet we will need to add in/out access list from cisco switch?

ddesai
Level 1
Level 1

Is there any way can I know what subnet we will need to add in/out access list from cisco switch?