Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
2
Replies

private Vlan config

rhussaini
Level 1
Level 1

‎07-26-2006 08:09 AM - edited ‎03-03-2019 04:14 AM

I have a question regarding private Vlan config. I have a DMZ switch where I need to be able for a particuilar server to communicate to the reset of the servers on port 8686 and deny the rest of the communications between them. I have this server on a poremiscuios mode and the other servers on isolated ports.For security reason how can apply this access list? on which vlan? I am running IOS on the switch connecting these servers. Thanks for your help

Labels:
0 Helpful
2 Replies 2

gpulos
Level 8
Level 8

‎07-26-2006 09:11 AM

an access-list config could look as follows:

access-list 101 permit tcp host x.x.x.x 255.255.255.255 eq 8686 y.y.y.y ys.ys.ys.ys

access-list 101 permit tcp y.y.y.y ys.ys.ys.ys host x.x.x.x 255.255.255.255 eq 8686

apply the access-list to the proper vlan/interface and test.

without knowing your vlans or ip addressing, we will not be able to elaborate on the exact syntax of the access-list or what vlan(s) to apply it too.

let us know if you can and we can help further.

0 Helpful

rhussaini
Level 1
Level 1
In response to gpulos

‎07-27-2006 04:48 AM

the port is that the server(10.3.1.50. 255.255.0.0) that need to talk to all server is attached to:

interface GigabitEthernet1/0/18

description DZ1WEBSD001

switchport private-vlan host-association 50 51

switchport mode private-vlan promiscuous

speed 100

duplex full

no mdix auto

The subnet is 10.3.1.0 255.255.0.0

Basically the 10.3.1.50 need to talk to all servers on this subnet on port 8686 and deny evrything else

Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card