Thursday, February 11, 2021

Network design question around micro segmentation

In short, I need to retain the IP address of devices (both wired and wireless) as they move between floors of a single building. This means the same vlan and IP space needs to exist on each floor, pushing L3 to the core instead of at the edge (like a different IP space for each closet). We are in the process of designing the IP space. For dynamic vlan assignment and segmentation with ClearPass to actually isolate the traffic I can't run a routing protocol since L3 is happening at the core layer. It will inter-vlan route the traffic that is segmented at L2 correct? This is a new installation of all Aruba CX switches and 500 series Instant APs. We have ClearPass already in place for basic .1x wireless. So am I stuck with static routes or is there a way to keep the traffic isolated at L2 and L3 with routing happening on the core layer not the edge.



No comments:

Post a Comment