Large health care network with strict security guidelines. The network consists of 6 major sites (hospitals) and a Data Center using Cat 65xx in all cores. We have implmented the following security design standards:
- dedicated FW devices at all exposure points to Internet/Extranets
- no filtering of traffic inside our FW borders
- dedicated DMZ switches for devices outside FW borders
- 128-bit encryption and Radius authentication of all clinical WLAN remotes
Mgmt wants to install AP's in select hospitals for vendors/customers use... these WLANs will have access to the Intenet only. One idea is to provide Internet access to patients and patients' families. My question is regarding design... should I (a) build an entirely separate physical LAN to support this new unsecure WLAN or do I (b) simply put this traffic on a seperate VLAN and use ACLs to keep the private networks safe? I hesitate to give in to option (b), the cheap one, because I have heard a little bit about Layer 2 attacks and it seems to apply here. (And I really don't want to start managing ACL's on all our core 65xx routers.)
Is my concern about Layer 2 attacks valid? Should we continue to maintain integrity at Layers 1/2 or is it considered "safe practice" to rely on Layer 3/4 filtering and VLANs to protect the network?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :