10-23-2013 08:20 AM - edited 03-07-2019 04:11 PM
I am looking for a simple way to isolate a private manufacturing network so it can not speak to or be advertised to the business network, This is all connected to a single 4506 switch.
Currently I have 10 VLANs setup. 8 are on the business network and the other 3 are on the manufacturing side. I do not want any of the 3 on the manufacturing side to talk to each other or the business network.
Would simply setting them as 3 layer 2 broadcast domains suffice? All devices on these network only need to talk to each other and nothing else. Also, every address is statically assigned.
Solved! Go to Solution.
10-23-2013 10:36 AM
Yes, just set it up so that there are no layer 3 interfaces on your switch for the "private" manufacturing subnets. I did it just that way for a customer with a SCADA system for industrial controls. For the few times someone needs access into the industrial systems from the business side, they use a dual-homed server as a jump box and RDP into it.
10-23-2013 10:36 AM
Yes, just set it up so that there are no layer 3 interfaces on your switch for the "private" manufacturing subnets. I did it just that way for a customer with a SCADA system for industrial controls. For the few times someone needs access into the industrial systems from the business side, they use a dual-homed server as a jump box and RDP into it.
10-24-2013 04:57 AM
Great thanks. That's exactly what I ended up doing for our SCADA server as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide