Is subnet isolation implemented correctly?

A

Andrey Yagodka2019-01-22 06:36:22

Computer networks

Andrey Yagodka, 2019-01-22 06:36:22

Good afternoon, this situation is N the number of VLANs, each has its own dedicated network like 192.168.XX/24. There is a guest network and a management network, there is no question of isolating the guest network, this issue has been repeatedly discussed, however, how to implement, say, such a scheme on Mikrotik:
VLAN2 network 192.168.0.0/24 - Secret PCs)
VLAN3 network 192.168.1.0/24 - VOIP
VLAN4 network 192.168.2.0/24 - Management
network VLAN101 network 192.168.3.0/24 - Enterprise local network VLAN102
network 172.16.1.0/24 - Guest network is completely isolated
secret computers), from the local network I should see only VoIP, from the secret VoIP and the Local network.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

Nikolai, 2019-01-22
@nevzorofff

Create a bunch of vlans according to your list, and write the walking rules described by the families in the firewall? What is the issue/difficulty?

D

d-stream, 2019-01-22
@d-stream

Management network != VIP network (admins who see everything)
And so - it looks like feng shui.
Well, a couple of points:
1. to see other networks from vip networks - this is not only a packet from vip to user networks, but also vice versa ... with all the consequences ...
2. with noticeable traffic between networks - routing on Mikrotik will be heavy and more a beautiful option would be to use L3 (L2 +) switches that route packets between networks at the speed of switching

D

Denis Lee, 2019-01-22
@Mindtricks

Maybe this article will help?
https://www.technotrade.com.ua/Articles/vlan_traff...