Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
3
Replies

OT Microsegmentation

carl_townshend
Spotlight
Spotlight

‎03-25-2026 02:48 AM

Hi Guys

Probably a common topic in todays networking, I am keen to see how people are tackling micro segmentation, particularly in OT networks.

We already secure north south traffic via firewalls, but we want to go one step further and secure east west traffic.

We already use a NAC solution (not Cisco) to identify the assets, so implementing ISE/Trustsec would not be viable.

What options do we have? how are people tackling this?

Cheers

Labels:
0 Helpful
3 Replies 3

pieterh
VIP
VIP

‎03-25-2026 04:30 AM

is your NAC capable of defining policies? and sending DACL information to the network switches ?
ISE is not the only server that can do this!

-> define profiles or groups of devices and/or users that can or cannot initiate communitation to the other group(s) 

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to pieterh

‎03-25-2026 05:25 AM

Hi, it used to be but we have switched that feature off, it would have created too many ACLs and the TCAM tables on the switches would not be sufficient from what I remember.

I can see some other options, VACLS, PVLANs? I did also see a solution called Airgap which looked good

0 Helpful

Elliot Dierksen
VIP
VIP

‎03-25-2026 05:52 AM

Is your goal to keep devices on the same network from talking to each other and only permit north/south traffic? If so, that sounds exactly like what PVLAN is designed to do. It is also likely simpler to implement than the other options you mentioned.

0 Helpful
Customers Also Viewed These Support Documents