Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

best practices for segmenting HR and Finance?

Not sure if this is the best forum for this question, but I was wondering if anybody could provide some best practice suggestions for properly securing access to HR and Finance data. I'm considering Private VLAN's but have never implemented them before. Also possibly considering implementing a pix in front of the servers. Just wondering if anybody has any suggestions as to the best course of action.

My network is currently very flat and we only have one location, so no satellite offices to deal with. These users should be able to access all network resources, but I definitely want to limit what sensitive data is accessable by non-HR and non-Finance employees. The other fly in the ointment is that we have all Cisco VoIP phones, so there are voice and data vlan's on every port. Would private vlan's be able to exist in that situation.

Thanks for any and all information.



Re: best practices for segmenting HR and Finance?

Hi Steve,

I don't think there is a need to use private vlans for this purpose.

You can simply isolate the 2 groups into separate vlans and with proper acl filtering (and intervlan routing) you can control the access of each user to the needed resources.

Keep it simple.



CreatePlease to create content