I'm looking at re-segmenting our network and looking for some advice. Basically our network consists of 25 locations that(each with their own file server,DVR,PBX box,Cisco router and 48POE switch).
Our main CORP location houses 95% of the servers and applications that each branch communicate with across MPLS. We are considering setting up a VLAN for user facing servers, VLAN for security department, VLAN for financial information etc. Each location would have its own user VLAN that would allow them to communicate back to the user facing server VLAN. Users and servers are segmented, although our security department has concerns if someone was to run a scan on the user network that would return all of the servers. Is there a better way of segmenting here?
We don't want the case of writing and managing 100's of line of ACL's either...has anybody re-designed or had any experience here?
To bring comfort to your security team and better aid security, it may be more appropriate to place a firewall at your corporate site. The VLANs that you intend to create, would sit behind the firewall.
This can assist with some compliance needs, such as PCI etc.
Additionally, depending on the firewall technologies used etc, you could add more granularity by integrating with Active Directory for per user level control (remote site roaming etc).
Thank you for the recommendation...I should have added that we have the necessary firewall setup already.
As an example we wanted to create 2 VLANs...one for the users and one for the majority of the servers at CORP. Security has concerns about putting everything together and are insisting that we use port based ACLs which will take a lot of time to configure(talk to all the vendors). The reason for putting all the servers together is because there are so many different applications running we would end up with 100's of VLANs if we segmented on that principle alone. Again we will have to implement and manage on the ACL's from scratch.
Are we stuck with having to implement multiple VLANs based on applications? Can AD isolate on a per user basis access to certain servers if on same VLAN?
Cisco DNA Center version 2.2.2.x includes the features and improvements that
New intelligence provides an easy, gradual, and complete adoption of SD-Access. Faster Cisco DNA Center set-up saves time and effort.
When using Cisco cellular modules with a SIM card an APN must be provided. The APN cannot be stored in the SIM card and is supplied by your SIM card provider. Cisco cellular software contains a database of well-known APNs based on the country and ...
Cisco 3850: IOS-XE/Firmware Upgrade
This procedure is aimed at Cisco 3850 switch ONLY.
IOS-XE Bundle Mode is not covered.
9300, 9500 (vanilla & high-performance), ISR 1k, ISR 4k and ASR is not covered.
Listen: https://smarturl.it/CCRS8E46Follow us: twitter.com/ciscochampionsIt’s been several years since the release of Cisco DNA Center, and it’s matured into a complete network management system, an automation and orchestration engine, an AI/ML analy...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...