Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
1
Replies

VLAN trunking to server and security

marcweemer
Level 1
Level 1

‎10-06-2005 05:11 AM - edited ‎03-03-2019 12:16 AM

I have a question concerning interserver security.

I have a cat6513 and the port connected to a w2k3 server (single NIC) is in trunking mode carrying 2 VLANS a "customer" VLAN and "backup" VLAN. We serve multiple customers,each on their own specific VLAN, but all customers use the same generic backup service in a generic backup VLAN. Customers VLANS are separated by a FWSM but with this setup all the servers can connect to other servers on the backup VLAN.

What would be the best way to make sure that on the backup VLAN the servers can only connect to the backupserver and not ervers from oher customers.

We tried private VLAN's (which I think won't work because the port is a trunk)ad access-list but can't get it to work.

Any help or directions on how to solve this in well designed manner would be appreciated.

This is the config of a port in which vlan 11 is the backup vlan and vlan 31 the customer VLAN.

interface GigabitEthernet12/17

description

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 11,31

switchport mode trunk

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎10-06-2005 06:54 AM

Hello,

my first thought would be to use protected ports ('switchport protected' interface command), which would prohibit ports configured with that command from talking to each other. The drawback is that this only works for ports on the same switch...

Regards,

GP

0 Helpful
Customers Also Viewed These Support Documents