03-14-2011 03:30 AM - edited 03-06-2019 04:04 PM
As part of our PCI-DSS project I’m trying to segment and secure our web servers that handle card payments as much as possible.
I’m looking to implement one or more Private VLAN’s so that all my websites that handle card payments can be placed in the same VLAN/subnet but can’t talk to each other but are able to talk to the default gateway.
Am I correct in thinking I would need to patch the servers into a 3560 or 3750 EMI switch to accomplish this? Also is there anything else I would need to do to accomplish this?
Thank you for taking the time to read my post.
Kind Regards
Mark.
03-14-2011 03:43 AM
Hi Mark,
What you are thinking is correct for your scenario.
Please see the below link to get clear informaiton about PVLAN's and it benefits and example configurations.
http://blog.ine.com/2008/01/31/understanding-private-vlans/
Please rate the helpfull posts.
Regards,
Nadiu.
03-14-2011 06:54 AM
.
03-14-2011 05:55 AM
Hi Mark,
The most important part in designing would be your VTP Configuration.
The VTP mode shld be transparent if you are using PVLAN on the switch.
Regs,
Rahul
03-14-2011 06:54 AM
I was going to ask about my VTP domain.
We are running VTP and wasn't sure if I needed to configure anything on our core switches which are 4507R-E. We don't put end hosts into these switches which is why I wanted to use something like a 3750 or 3560.
So am I correct in thinking that I just need to add either a 3560 or 3750 into our infrastructure as usually but use Transparent VTP on the switch rather than client and then only add the PVLAN's on the new 3560/3750?
I guess I might need to add the primary VLAN to the VTP Server and do the isolated and community VLANs on the Transpartent switch.
Cheers
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide