08-23-2007 09:48 AM - edited 03-05-2019 06:04 PM
I have VLAN A with Server A1, Server A2, etc. on it.
I have VLAN B with Server B1, Server B2, etc. on it.
I need Server A1 (on VLAN A) to see Server B1 (on VLAN B) only ? no other devices.
While there may be multiple ways to accomplish this, I?m hoping that you can provide me with the best way/s (i.e.; how to configure this on the switch or any other ways). Please note that I am hoping to avoid installing a second NIC in Server A1.
Thanks in advance.
08-23-2007 10:19 AM
Hi
Are the L3 vlan interfaces on the switch or on a router. Assuming they are on a switch
access-list 101 permit ip host "server A1 ip address" host "server B1 ip address"
access-list 101 deny ip host "server A1 ip address" any
access-list permit ip any any
interface vlan A
ip access-group 101 in
Couple of things to note
1) The above access-list allows server A1 to only talk to server B1 and absolutely nothing else.
2) There is a permit ip any any at the end of the access-list to allow other server traffic.
HTH
Jon
08-24-2007 01:18 AM
Is there routing between the VLANs at the moment or does that need setting up as well?
Basically we need to find out where the routing is taking place and apply the access control list there.
08-24-2007 03:34 AM
The best way would be Private VLANs but make sure your switch support this. below is the link gives more information
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a008017acad.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide