All other Cisco networking related discussions.
Wed Nov 28, 2007 3:01 pm
A+, Network+, CCNA, CCNA Security

Network Design and ACL

Thu Sep 14, 2017 12:02 pm

hey guys,

So I'm task with designing the schema for a new building with multiple floors (6 floors) 400 - 1000 users. I was wondering how is everyone segmenting/designing their vlan/subnet. Do you guys do it by wiring closet/floor or by department from a security and networking aspect?

the topology is access switches with layer 2 uplinks to two core nexus 9k switches.

wiring closet/Floor

IDF/Floor 1 Data =
IDF/Floor 1 Voice = 10.0.65./24

IDF/Floor 2 Data =
IDF/Floor 2 Voice =

IDF/Floor 3 Data =
IDF/Floor 3 Voice =

Wireless =
Guest Wireless =

Example of Department

IT data =
HR data =
Finance data =

Voice =

Wireless =
Guest Wireless =

Also, Do you guys ACL on the vlan/subnet interface? My security guy wants to do it by department and ACL everything they needs access to. This seem to be a very manual way of doing it and has lots of overhead.

IT data has access to everything
HR data has access to HR servers and internet.

All network design I have read did it by wiring closet/floor where multiple departments uses the same vlan/subnet. But, with this way, there isn't a good way to ACL that vlan/subnet.

Thanks in advance

Return to Cisco General

Who is online

Users browsing this forum: Bing [Bot] and 32 guests