Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
3
Replies

How to separate developpers from productive environment on a network?

zum
Level 1
Level 1

‎01-03-2002 04:49 AM - edited ‎03-08-2019 09:29 PM

I'd like to know what possibilities there are to separate application developpers from the productive environment on the same network.

The developpers are spread among different places as other users too. They should have acces to certain services depending on their actual role (develop, test, support etc.).

The ideal solution could be a - more or less - standard access for each user to the backbone of the network. Then either each service checks for the rights of an access to him or there is a central policy server which grants for adequate access rights.

I'm very interrested to read your ideas and experiences.

Thank you very much and kind regards,

Manfred

Labels:
0 Helpful
3 Replies 3

r.cheung
Level 1
Level 1

‎01-07-2002 06:47 AM

Depending on your environment, Manfred, you may want to create vlans for this segmentation. Vlans enable you to tie similar users together across a campus into one virtual network. You can choose either static vlans, or dynamic vlans. Static would be where connectivity to the vlan would be based on the switchport. Dynamic would be where vlan membership is based on the user's mac address of their nic.

To enable connectivity from the production vlan and the developer's vlan, you would terminate into a layer 3 device. At that point, you can apply your access list to grant/deny services selectively.

0 Helpful

memphis007
Level 1
Level 1
In response to r.cheung

‎01-14-2002 01:50 AM

Dear Rick

Thanks for your answer.

One more question.

The users are changing their roles between development, test and production support.

Is it possible for this users to switch between different VLANs then?

Regards

Manfred

0 Helpful

MATT HILL
Level 1
Level 1
In response to memphis007

‎02-25-2002 04:52 PM

You can also use other information, such as info contained in Microsoft Active Directory or Novell NDS to assign users to dynamic VLANs. The Cisco User Registration Tool is the product you would use to do this.

You need DHCP, a "default" VLAN for users to login to, then a VLAN for the users to move to once the URT has determined which VLAN they move to, which in your case would be the development and production VLANs.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents