Video-Cameras VLAN

mattsthe2 · July 2009

We have an IP Security system that was just implemented, i created a secuirty-video vlan for this, but i want to restrict access to the vlan from all other vlans in the network. Due to the cameras being all over the building, the vlan exists on pretty much every switch.

Is the only way to accomplish this to create ACL's and apply them to each switch?
How would those acl look like:

the security vlan is 20 with an network of 172.17.20.0 /24 with other networks 172.17.10
172.17.30 172.17.10 172.17.40 etc.

dtlokee · July 2009

You would only need to apply the ACL on the switche(s) with a SVI configured for VLAN 20. I would apply them outbound on the SVI. Another option I have used if the security cameras and the monitoring equipment are all on the same vlan is to not create a SVI, no IP address, no routing to other VLANS.

mattsthe2 · July 2009

dtlokee wrote: »

You would only need to apply the ACL on the switche(s) with a SVI configured for VLAN 20. I would apply them outbound on the SVI. Another option I have used if the security cameras and the monitoring equipment are all on the same vlan is to not create a SVI, no IP address, no routing to other VLANS.

Curious - why apply the ACL outbound??

The servers and cameras are all on the same vlan - i like the idea of not creating th SVI the best.

dtlokee · July 2009

It depends on how paranoid you are, you can apply an ACL inbound and outbound on the VLAN 20 SVI if you want, but applying one outbound will prevent any connection attempts into the VLAN from other VLANs.

mattsthe2 · July 2009

dtlokee wrote: »

It depends on how paranoid you are, you can apply an ACL inbound and outbound on the VLAN 20 SVI if you want, but applying one outbound will prevent any connection attempts into the VLAN from other VLANs.

thanks DT

Video-Cameras VLAN

Comments