04-02-2013 02:06 PM - edited 03-04-2019 07:28 PM
I have an engineering group that wants us to set up a separate R&D network, that will be primarily used for testing of their equipment, which creates a lot of broadcast traffic, but on occasion they will need to access some information on 3 engineering servers located in our network room. I will be setting them up with a Cisco 2960s switch for them to use on their test network, I assume I will need to create a trunk port on the 2960s to my Brocade stack on my corporate network for access to their servers in our network room.
My question is how can I set this up that will allow all their testing on the separate R&D network to remain on their separate network, but allow them to access data on 3 of their servers on our company network? I am basically trying to restrict all their broadcast traffic from their R&D network from entering into my corporate network.
I have attached a jpeg drawing.
Thanks
Steve
04-02-2013 03:53 PM
Hello
You can use VACLS to restricted the flow of traffic within an vlan..
access-list 100 permit ip scr dest
v;lan access-map tst 10
match ip address 100
action forward/drop/log/capture
vlan filter tst vlan-list x-x (applied to these vlans)
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
04-03-2013 08:58 AM
Paul,
Thank you for the reply. I do have a couple of questions:
1. Do I deploy this on the Cisco switch only?
2. Do I need to define the IP addresses of the 3 Engineering Servers I only want access to on the VACLS?
04-03-2013 11:17 AM
Hello Steve,
I may have given you wrong information, after reviewing your question you want to allow only hosts from a specific vlan to access servers residing ANOTHER vlan - than vacls wont do this- RACLS ( router acls) are required.
On the core switch you apply an acl to permit access into your L3 interface for the vlan your servers reside.
On cisco devices something like this would be applicable
test vlan 2 - 192.168.1.0/24
server vlan 5- 192.168.2.0/24
access-list 1 permit ip 192.168.1.0 0.0.0 255 host server1
access-list 1 permit ip 192.168.1.0 0.0.0 255 host server2
access-list 1 permit ip 192.168.1.0 0.0.0 255 host server3
access-list 1 deny ip 192.168.1.0 0.0.0 255 any
access-list 1 pemit ip any any
int vlan 5
ip access-group 1 out
But I am not familiar with Brocade switches so not sure how these acls would work on them
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide