04-17-2004 04:45 AM - edited 03-02-2019 03:04 PM
Hello,
I'm trying to build secure backup network, where each server should only be able to send and recieve packet to and from backup server. The servers are spread over a couple of switches and backup server is connected to a separate switch. Have tryed to use protected ports function, mac address functions in a switch but none of this functions are archiving what I want. Which Cisco switches do wee need.
Best Regards
Yilmaz
04-17-2004 01:08 PM
We'll need more details on the topology and the traffic flow requirements. Surely the servers provide services to clients, so they'll need to be able to send packets to clients as well as the backup server.
04-17-2004 02:32 PM
Ok Sorry. Here is more ditails.
Each server have dual networkcard one handling normal services and the second one are only for backup from server to backup server. My problem is that if I apply for example new vlan and new IP/net mask, servers will be able to see each other on that network. One option maybe should be that assign new vlan for every server/port but have problem with that because wee have over 70 servers.
Best Regards
Yilmaz
04-17-2004 04:55 PM
Ok, that clears things up. Cisco's Protected Port feature would do what you want if the backup network only consisted of one switch, but if the workstations are spread out over several switches, things get a bit more complex.
Which model switches do you have? The 2950 series for example, despite being layer-2 from a packet forwarding standpoint, supports IP ACLs that would solve your problem here.
04-18-2004 01:49 AM
tbaranski, Great!
Have also read about ACL's and found something about filters on IP and access groups and apply access group to a port for incomming traffic.
I have couple of switches, 12 HP Procurve 2524. 1 Catalyst 2950T and one Cisco 3524. 1 Catalyst 6509.
I looking for a 100 percent solution and when wee found that I will replace all HP switches with required Cisco switches.
Thanks a lot for your answer.
Best Regards
Yilmaz
04-18-2004 05:27 AM
I should note that if you go with 2950s, I believe you need the enhanced image (EI) version rather than the standard image (SI) to use IP ACLs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide