02-23-2021 10:03 AM - edited 02-23-2021 10:47 AM
Hi, everyone
I always appreciate for your support.
Now, each independent system will be connected through Catalyst 9300-48S-A, and Windows event log and Syslog will be transmitted to the cyber security operation center.
(In the figure below, the black line means an independent system, and devices in independent system were connected through an L2 switch. Also, there are about 20 independent systems.)
When connecting an independent system, there is a problem of duplicated IP address between several devices.
And there is a requirement to prevent communication between independent systems.
Thus, I think that to use VRF (Virtual Routing and Forwarding) would be solution to prevent communication between independent systems. Also, NAT (Network Address Translation) may be solution to resolve duplicated IP address.
(It's very likely that I'm wrong because i'm not a network expert.)
There are my questions.
Question 1. If I use Catalyst 9300 like the picture below to use VRF and NAT, can the problem I mentioned be solved?
(If the problem is not resolved, please recommend new solution. That would be very helpful.)
Question 2. Since there are 20 independent systems, it seems that 20 VRF should be used. If I use 20 VRF in the Catalyst 9300, is there any problems in performance?
02-23-2021 01:41 PM
Hello,
looking at your topology diagram, and since you have only two switches, end-to-end VRFs for each customer look like the best option, and the simplest one to configure. I don't really see how NAT can help.
20 VRFs...hard to say what the impact is. You should be ok, since the real limit is the TCAM size, and you only have one or two routes per VRF anyway...
02-23-2021 02:12 PM
Georg
If you use end to end VRFs what VRF is the syslog server going to be in ?
Are you assuming it will have a trunk connection and a member of all VRFs ?
Or am I misunderstanding ?
Jon
02-23-2021 02:06 PM
Hello
Can you confirm if the cyberops server requires to iniciate any traffic flow or will it be just be a responce to an establish connection from the client?
02-23-2021 02:17 PM
Thank you for your reply
The Server (installed in cyber security operation center) operates only for receiving logs.
02-24-2021 12:32 AM - edited 02-24-2021 12:32 AM
Hello
I’ve got to ask the question why you wish to have 20 areas running duplicate addressing I assume this is not a production set up presently but if it is how is it being segregated now?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide