ā12-26-2010 07:42 AM - edited ā03-06-2019 02:42 PM
We have a special requirement. One of the server (WEB server ) in DMZ should be restricted from accesssing other servers and also other servers should be restricted from accessing this particular server, I have created Private vlan as below.
vlan 10
private-vlan primary
private-vlan association 20,30
vlan 20
private-vlan isolated
vlan 30
private-vlan community
Then configured the port which the web server connected as ioslated vlan ,
switchport mode private-vlan host
switchport private-vlan host-association 10 20
rest of the ports where the other servers are connected configured as community vlan.
switchport mode private-vlan host
switchport private-vlan host-association 10 30
Now from the Webserver i can not communicate to any of the servers which is one of the requirement.
But from other servers which is in the community vlan can access the webserver in isolated vlan which is not acceptable !!!
Any solution to this will be highly appreciated....
Regards
ā12-26-2010 10:42 AM
Dear shibi
I have two questions in your scenario
could you clarify whether the webservers should communicate with other servers or not ?
Did you configure promiscus ports to carry the isolated vlan traffic ?
ā12-26-2010 12:13 PM
Hi,
Yes we have configured promiscous, we dont need webserver to communicate with other servers and that is achieved by configured as isolated port , also other servers which are connected under community port should not talk to webserver. Will this be possible ??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide