I imagine many of you have faced this problem before, so I come to you for advice. I need suggestions on how to develop VLAN ACLs for a network that has no VLAN ACLs.
Unfortunately, the testing network also happens to be the production network.
At the current moment, the network has dual N5K cores with 50ish vlans segmenting traffic. Gateways are provided on the N5Ks via HSRP.
Public wireless is segmented off and lands on the firewall instead of the core, so no traffic is allowed from public wifi to internal resources.
Unfortunately, the previous admin never developed VLAN ACLs nor applied them to any interfaces.
How does one, in such an environment, develop VLAN ACLs without breaking everything under the sun?
No comments:
Post a Comment