10-04-2010 02:21 PM - edited 03-06-2019 01:19 PM
Is it possible to limit traffic on a VLAN to ONLY that specific VLAN, with a hole poked in for a couple IP addresses?
Here's the scenario:
Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.
Let's say it's VLAN 100
Let's say that network is 10.10.5.0/24
Let's say the server IP is 10.10.4.12/24
I would like this done on the main router, a 6509.
Solved! Go to Solution.
10-08-2010 03:31 PM
In the simplest form you could use an ACL such as this:
access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255
int vlan 100
ip access-group 100 out
exit
*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.
This will satisfy the requirement provided in the question:
Here's the scenario:
Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.
크리스
10-08-2010 03:31 PM
In the simplest form you could use an ACL such as this:
access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255
int vlan 100
ip access-group 100 out
exit
*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.
This will satisfy the requirement provided in the question:
Here's the scenario:
Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.
크리스
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide