I've been hearing recently that some people have built their networks as a sort of "visitor network only", where you don't have access to anything else than the internet + VPN gateway. Then they'd install VPN clients to every PC in the network and have them create VPN tunnels to firewall, and do segmentation/rules towards internal services there. If you don't have company PC all you get is internet access. With this you wouldn't have to do for example VRFs at every distribution switch, just configure the "visitor network" everywhere and have company PCs do VPN if they need access to something else than just the internet. Also you wouldn't need 802.1x if you're doing open visitor network anyways.
Have you seen/built this kind of networks? How did you handle printers/surveillance cameras/APs/"IoT"/etc?
No comments:
Post a Comment