I'm setting up a network for a WeWork kind of scenario, when a bunch of different businesses share a common infrastructure. I have a bunch of 2930F switches and a Check Point 790 Firewall/Router that connects to the Internet. I want to assign every business a dedicated VLAN and subnet to segregate them, so they cannot see each other, but they could get Internet connectivity and DHCP from the router for each subnet.
A good guide would be much appreciated!
As you have a dedicated firewall/router appliance to perform the role of gateway and traffic segregation, the best solution in this case would be to use Layer 2 VLANs on the 2930F (no IP addressing), untagged on the client ports and tagged across the uplink to the Check Point appliance, which would use firewall rules and/or ACLs to prevent inter-VLAN routing while permitting each business to utilize the shared Internet connection.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.