We are looking at implementing segmentation on our Network.
Typically, most people define segmentation as devices on different vlans, maybe behind firewalls that separate L3 networks etc.
We would like to use our switches to do the segmentation, using possibly trustsec and sgacl's etc.
My question is, have many people done this on brownfield sites i.e implementing it on an existing network?
We have a mix of Cat 9k switches, as well as older 2960X / S etc.
We want to start with segmenting OT from IT then see where we go from there, we have a NAC solution (Forescout) that has a segmentation module, but apparently due to the number of dynamic acls it would need to deploy, it would have issues, so we are struggling. Would trustsec get around this?
How is everyone else doing it? has anyone done it with third party solutions successfully? I have seen lots of presentations and talk about it, but not seen anyone actually do it successfully.