This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

looking for some advice on best practices to ensure both security

looking for some advice on best practices to ensure both security

frank58richard
New Contributor

Friday

Hi everyone,

I’m working on setting up a dedicated IoT VLAN on our EXOS 5320 switch, and I’m looking for some advice on best practices to ensure both security and performance. Here are the key requirements:

IoT VLAN Creation: I need to create a VLAN specifically for IoT devices, such as smart cameras, thermostats, and other networked devices.

IP Addressing: These devices should receive IPs dynamically from our DHCP server.

Segmentation & Security: I want to ensure that the IoT VLAN is fully isolated from our main business network but still allows these devices to access the internet for updates and cloud integration.

Traffic Control: I need to limit the amount of bandwidth consumed by IoT devices to avoid network congestion.

Port Assignment: I need to assign specific switch ports to the IoT VLAN where these devices will connect.

Additionally, I want to ensure that this VLAN setup doesn’t cause any performance bottlenecks or security vulnerabilities, especially given that IoT devices can often be a potential security risk.

If anyone has experience setting up IoT VLANs or knows of any best practices, such as specific VLAN configurations, firewall rules, or security considerations for IoT environments, I would really appreciate your advice or example configurations.

Thanks in advance for your help!

Best Regard,

Frank

CashNetUSA
0 Kudos
1 REPLY 1

Bartek
Contributor

6 hours ago - last edited 6 hours ago

Hi,

I assume you have ExtremeControl on-site (this topis is created under this thread). 

About VLAN: Just keep the reasonable number of devices in the single VLAN (best practice is to plug not more than 200 devices in single VLAN). When you are using ExtremeControl then you can easily segment your network for every IoT device type you need.

IP Addressing: Nothing special, use dedicated DHCP server or server embedded on your network equipment. I would recommend to use longer lease times (more than 24 hours) but I don't know if there are any other recommendations.

Segmentation & Security: Dedicated VLAN and Policy from EXOS switch perspective should be enough. In Policy you can configure default action to "Deny" and provide a restricted list of network services you permit for those devices (like ARP, DHCP Client, DNS, HTTP/HTTPS). In Access Control send VLAN attribute with Policy to your switches (just remember that you need to explicitly enable both Policy AND VLAN attribute support). Check your IoT devices documentation for list for any additional protocols required.

Traffic Control: You can specify IRL queues for your devices and apply those to your Policies

Port Assigment: I'd recommend using ExtremeControl MAC-lock feature for those devices to specify network switches and/or network ports where those devices are allowed to be connected

About firewall rules: If you have application-based firewall then you can specify which apps you allow those IoT devices are allowed to

0 Kudos
GTM-P2G8KFN