All other Cisco networking related discussions.
silentsigma
Member
Posts:
154
Joined:
Wed Nov 28, 2007 3:01 pm
Certs:
A+, Network+, CCNA, CCNA Security

Network Design and ACL

Thu Sep 14, 2017 12:02 pm

hey guys,

So I'm task with designing the schema for a new building with multiple floors (6 floors) 400 - 1000 users. I was wondering how is everyone segmenting/designing their vlan/subnet. Do you guys do it by wiring closet/floor or by department from a security and networking aspect?


the topology is access switches with layer 2 uplinks to two core nexus 9k switches.

example
wiring closet/Floor

IDF/Floor 1 Data = 10.0.1.0/24
IDF/Floor 1 Voice = 10.0.65./24

IDF/Floor 2 Data = 10.0.2.0/24
IDF/Floor 2 Voice = 10.0.66.0/24

IDF/Floor 3 Data = 10.0.3.0/24
IDF/Floor 3 Voice = 10.0.67.0/24
etc.

Wireless = 10.0.128.0/23
Guest Wireless = 10.0.130.0/23

Example of Department

IT data = 10.0.1.0/24
HR data = 10.0.2.0/24
Finance data = 10.0.3.0/24
etc.

Voice = 10.0.64.0/23

Wireless = 10.0.128.0/23
Guest Wireless = 10.0.130.0/23


Also, Do you guys ACL on the vlan/subnet interface? My security guy wants to do it by department and ACL everything they needs access to. This seem to be a very manual way of doing it and has lots of overhead.

example
IT data has access to everything
HR data has access to HR servers and internet.
etc.

All network design I have read did it by wiring closet/floor where multiple departments uses the same vlan/subnet. But, with this way, there isn't a good way to ACL that vlan/subnet.

Thanks in advance

'
Return to Cisco General

Who is online

Users browsing this forum: Exabot [Bot] and 21 guests