Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Isolation of Private Manufacturing Subnets

I am looking for a simple way to isolate a private manufacturing network so it can not speak to or be advertised to the business network, This is all connected to a single 4506 switch.

Currently I have 10 VLANs setup. 8 are on the business network and the other 3 are on the manufacturing side. I do not want any of the 3 on the manufacturing side to talk to each other or the business network.

Would simply setting them as 3 layer 2 broadcast domains suffice? All devices on these network only need to talk to each other and nothing else. Also, every address is statically assigned.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Isolation of Private Manufacturing Subnets

Yes, just set it up so that there are no layer 3 interfaces on your switch for the "private" manufacturing subnets. I did it just that way for a customer with a SCADA system for industrial controls. For the few times someone needs access into the industrial systems from the business side, they use a dual-homed server as a jump box and RDP into it.

2 REPLIES
Hall of Fame Super Silver

Isolation of Private Manufacturing Subnets

Yes, just set it up so that there are no layer 3 interfaces on your switch for the "private" manufacturing subnets. I did it just that way for a customer with a SCADA system for industrial controls. For the few times someone needs access into the industrial systems from the business side, they use a dual-homed server as a jump box and RDP into it.

New Member

Isolation of Private Manufacturing Subnets

Great thanks. That's exactly what I ended up doing for our SCADA server as well.

154
Views
0
Helpful
2
Replies
CreatePlease login to create content