Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
1
Replies

Isolating groups of servers on a network

orbitrod11
Level 1
Level 1

‎07-14-2011 09:10 AM

We have 10 servers  sitting in a colo, connected to a Cisco SG300-28 Small Business 300  Series 28-port Gigabit Managed Switch.  All of which is sitting behind a  Sonicwall TZ 210 firewall.

3 of the servers are used for  development and the rest are our production servers.  We want to be able  to isolate the production servers and the development servers so that  they can't talk to each other.  But all need access to the internet.

What is the best way to do this?  Would creating 2 VLANS on the Cisco switch accomplish our goal?

Labels:
0 Helpful
1 Reply 1

David Hornstein
Level 7
Level 7

‎07-14-2011 09:29 PM

Hi Roderick,

Yes you are correct, create two or three vlans on the switch  maybe ,

Vlan  for your management purposes

Vlan  for development

Vlan  for production.

Trunk those VLANs  to the VLAN aware firewall appliance.

That firewall device specs  says it supports vlan interfaces.

Then,  why not utilize the access list functionality  (ACL)  within the switch  to restrict traffic between VLANs.

ACL work at wire speed which will not degredate switch forwarding performance and filters packets on packet ingress into the switch.

Check out the following  posting for a better understanding of Access list  functionality and a configuration example;

Check out Ivors last  response on  May 31, 2011 12:34 PM  and my response and pictures a wee way above Ivors response.

https://supportforums.cisco.com/message/3368125#3368125

But be sure you take advantage of the newest firmware for the switch  that was just released, it's even free.

If your switch has firmware  version 1.0.xx , please take the 6 minutes to upgrade your switches operating system.  The current version of firmware supports a command line interface and some neat other features...

Note: the ACLs uses reverse masking, it's easy and works.   have fun and remember to save your configuration  after you complete the configuration.

remember that the ACL can be attached to a single port , so you can test the ACL before you apply it onto all the appropriate switch ports.

regards Dave

0 Helpful
Customers Also Viewed These Support Documents