Ok Sorry. Here is more ditails.

Each server have dual networkcard one handling normal services and the second one are only for backup from server to backup server. My problem is that if I apply for example new vlan and new IP/net mask, servers will be able to see each other on that network. One option maybe should be that assign new vlan for every server/port but have problem with that because wee have over 70 servers.

Best Regards

Yilmaz

Ok, that clears things up. Cisco's Protected Port feature would do what you want if the backup network only consisted of one switch, but if the workstations are spread out over several switches, things get a bit more complex.

Which model switches do you have? The 2950 series for example, despite being layer-2 from a packet forwarding standpoint, supports IP ACLs that would solve your problem here.

tbaranski, Great!

Have also read about ACL's and found something about filters on IP and access groups and apply access group to a port for incomming traffic.

I have couple of switches, 12 HP Procurve 2524. 1 Catalyst 2950T and one Cisco 3524. 1 Catalyst 6509.

I looking for a 100 percent solution and when wee found that I will replace all HP switches with required Cisco switches.

Thanks a lot for your answer.

Best Regards

Yilmaz

I should note that if you go with 2950s, I believe you need the enhanced image (EI) version rather than the standard image (SI) to use IP ACLs.