Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do you implement VLAN segmentation in your buildings?

From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Wed, 9 May 2007 11:04:49 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 09:56 -0600 05/09/2007, Tristan RHODES wrote:

1) Segment based on security level?  (guest/kiosks, students/labs,
faculty/staff, facility management, network management)

2) Segment based on department/college? (accounting, finance, human
resources)


We promote a combination of the above.  In general each administrative unit
(department level) should have a VLAN separate from other administrative
units in the same area.  In addition, there are some units that have multiple
security levels/requirements within themselves, so they get multiple VLANs.
For example, Department A and Department B will be on different VLANs.  If
Department B also has a set of servers that they want to segment off from
their general users, they get a second VLAN as well.

We still have some legacy building-wide subnets that persist from the days
before CIDR and VLSM, but those are getting taken care of by attrition and as
people move around from building to building.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

wj8DBQFGQfEgDlQHnMkeAWMRApZQAKCYYUrACx4VIfjSgwERFDR+Tj9qngCg4S41
LjcCZk+lfdepafIiCPqfGDA=
=OsN/
-----END PGP SIGNATURE-----

--
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Network Engineer                                   <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Previous By Date Next
Previous By Thread Next

Current thread: