Wired Intelligent Edge

last person joined: 6 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Critical vlan

This thread has been viewed 2 times

  • 1.  Critical vlan

    Posted Dec 05, 2019 05:58 AM

    Hello , We have a requirement

     

    In our network , we only have data vlan 

     

    we have configured NAC on all the wired network for few sites .

    We have configured the 2 CPPM servers primary and secondary in the config

     

    The requirement is if both the cppm servers become unreachable , the access port should fall to default data vlan .

     

    We cant create a separate critical vlan on each site due to budget issues for network people .

     

    Can we use the data vlan as the critical vlan 

     

    Our 95% environment is HPE Switch 5130

    and 5 % cisco 9300 



  • 2.  RE: Critical vlan

    EMPLOYEE
    Posted Dec 06, 2019 04:15 AM

    I can't see a reason why not, besides that is may not be desirable from a security standpoint to 'fail open' in the data VLAN. Attackers may trigger a failure, thereby bypassing your security. 'Fail open' / 'fail closed' is always a decision that needs to be made based on most times conflicting security and availability requirements. There is no universal answer to the question if you need to fail open or closed.