cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
588
Views
0
Helpful
3
Replies

How to setup and limit traffic to & from test network for engineers?

steve.harlan
Level 1
Level 1

I have an engineering group that wants us to set up a separate R&D network, that will be primarily used for testing of their equipment, which creates a lot of broadcast traffic, but on occasion they will need to access some information on 3 engineering servers located in our network room.  I will be setting them up with a Cisco 2960s switch for them to use on their test network, I assume I will need to create a trunk port on the 2960s to my Brocade stack on my corporate network for access to their servers in our network room.

My question is how can I set this up that will allow all their testing on the separate R&D network to remain on their separate network, but allow them to access data on 3 of their servers on our company network? I am basically trying to restrict all their broadcast traffic from their R&D network from entering into my corporate network.

I have attached a jpeg drawing.

Thanks

Steve

3 Replies 3

Hello

You can use VACLS to restricted the flow of traffic within an vlan..

access-list 100 permit ip scr dest

v;lan access-map tst 10

match ip address 100

action forward/drop/log/capture

vlan filter tst vlan-list x-x (applied to these vlans)

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Paul,

Thank you for the reply. I do have a couple of questions:

1. Do I deploy this on the Cisco switch only?

2. Do I need to define the IP addresses of the 3 Engineering Servers I only want access to on the VACLS?

Hello Steve,

I may have given you wrong information, after reviewing your question you want to allow only hosts from a specific vlan to access servers residing ANOTHER vlan - than vacls wont do this- RACLS ( router acls) are required.

On the core switch you apply an acl to permit access into your L3 interface for the vlan your servers reside.

On cisco devices something like this would be applicable

test vlan 2 - 192.168.1.0/24

server vlan 5- 192.168.2.0/24

access-list 1 permit ip 192.168.1.0 0.0.0 255 host server1

access-list 1 permit ip 192.168.1.0 0.0.0 255 host server2
access-list 1 permit  ip 192.168.1.0 0.0.0 255 host server3

access-list 1 deny  ip 192.168.1.0 0.0.0 255 any

access-list 1 pemit ip any any

int vlan 5   

ip access-group 1 out

But I am not familiar with Brocade switches so not sure how these acls  would work on them

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul