configuring-network-segmentation-with-vlans

Featured

Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce access control between segments, and reduce the attack surface by limiting lateral movement paths in enterprise network environments.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Configuring Network Segmentation with VLANs ## When to Use - Segmenting an enterprise network into isolated security zones (corporate, servers, DMZ, guest, IoT) - Meeting compliance requirements (PCI-DSS, HIPAA, SOC 2) that mandate network isolation for sensitive data - Reducing blast radius of security incidents by preventing lateral movement between network segments - Isolating high-risk devices (IoT, BYOD, legacy systems) from critical infrastructure - Implementing defense-in-depth by combining VLANs with firewall rules and access control lists **Do not use** VLANs as the sole security control without Layer 3 filtering, for isolating networks that require air-gapping, or without proper switch hardening against VLAN hopping attacks. ## Prerequisites - Managed switches supporting 802.1Q VLAN trunking (Cisco Catalyst, HP Aruba, Juniper EX, etc.) - Layer 3 switch or firewall for inter-VLAN routing and access control - Network design document specifying VLAN assignments, IP subnets, and traffic flow requirements - Console or SSH access to switches with privileged configuration mode - Understanding of 802.1Q trunking, STP, and inter-VLAN routing concepts ## Workflow ### Step 1: Design the VLAN Architecture ``` # Define VLANs based on security zones and function VLAN Plan: VLAN 10 - CORPORATE (10.10.10.0/24) - Employee workstations VLAN 20 - SERVERS (10.10.20.0/24) - Internal servers VLAN 30 - DMZ (10.10.30.0/24) - Internet-facing servers ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-network-segmentation-with-firewall-zones

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-network-segmentation-for-ot

This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial firewalls, data diodes, and software-defined networking. It addresses the Purdue Model-based segmentation strategy, migration from flat networks to segmented architectures without disrupting operations, configuring OT-aware firewalls with industrial protocol deep packet inspection, and validating segmentation effectiveness through traffic analysis.

12,642 Updated today
mukul975
AI & Automation Featured

performing-vlan-hopping-attack

Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments to test VLAN segmentation effectiveness and validate switch port security configurations against Layer 2 bypass attacks.

12,642 Updated today
mukul975
AI & Automation Featured

configuring-pfsense-firewall-rules

Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation, control traffic flow, and protect internal network zones in enterprise and small-to-medium business environments.

12,642 Updated today
mukul975
AI & Automation Featured

configuring-microsegmentation-for-zero-trust

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like VMware NSX, Illumio, and Calico, preventing lateral movement in zero trust architectures.

12,642 Updated today
mukul975