Did you design the VLAN correctly?

B

boligolov2018-08-15 15:24:22

Mikrotik

boligolov, 2018-08-15 15:24:22

Good afternoon.
Whether the division into VLANs in the local network was designed correctly.
There is a Mikrotik RB2011 router to which a managed switch is connected and the Internet is distributed to users.
And the second network with an SFP switch to which OSNOVO SW-60811 switches are connected, to the video camera switches, a video recorder is also connected to the switch. Physical Mikrotik and switch are not interconnected.
I plan to :
1. Connect the switch to Mikrotik
2. Divide it into 2 VLANs (VLAN 11 & VLAN12).
3. VLAN 12 Internet and is isolated from VLAN except privileged users.
4. VLAN 11 prohibit the Internet, except for the registrar and forward it to the Internet
5. On some ports of OSNOVO switches, make VLAN12
The scheme of the planned network is below.

The question is will it work?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2018-08-15
@boligolov

Will work

C

Chronic 86, 2018-08-15
@chronic86

And the purpose of the breakdown into vlans is the final one?
Camcorders, etc. I would put it in a separate vlan, because all sorts of IoT are now an additional attack vector.