Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
2
Replies

Reg private VLAN

shibi.ravindran
Level 1
Level 1

‎12-26-2010 07:42 AM - edited ‎03-06-2019 02:42 PM

We have a special requirement. One of the  server (WEB server ) in DMZ should be restricted from accesssing other servers and also other servers should be restricted from accessing this particular server, I have created Private vlan as below.

vlan 10

private-vlan primary

private-vlan association 20,30


vlan 20

private-vlan isolated

vlan 30

private-vlan community


Then configured the port which the web server connected as ioslated vlan ,


switchport mode private-vlan host
switchport private-vlan host-association 10 20


rest of the ports where the other servers are connected configured as community vlan.


switchport mode private-vlan host

switchport private-vlan host-association 10 30


Now from the Webserver i can not communicate  to any of the servers which is one of the requirement.


But from other servers which is in the community vlan can access the webserver in isolated vlan  which is not acceptable !!!


Any solution to this will be highly appreciated....

Regards

Labels:
0 Helpful
2 Replies 2

Dhavantharim
Level 1
Level 1

‎12-26-2010 10:42 AM

Dear shibi

I have two questions in your scenario

could you clarify whether the webservers should communicate with other servers or not ?

Did you configure promiscus ports to carry the isolated vlan traffic ?

0 Helpful

shibi.ravindran
Level 1
Level 1
In response to Dhavantharim

‎12-26-2010 12:13 PM

Hi,

Yes we have configured promiscous, we dont need webserver to communicate with other servers and that is achieved by configured as isolated port , also other servers which are connected under community port should not talk to webserver. Will this be possible ??

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card