Network Architecture & Design

Expand all | Collapse all

I need people from VLAN2 to access only one server on VLAN1, not all resources.

  • 1.  I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-22-2018 06:22
    I need people from VLAN2 to access only one server on VLAN1, not all resources, just one single server IP. Basically, I want to keep both networks isolated except for that server that should common to both.


  • 2.  RE: I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-22-2018 08:19
    is that a layer 2 vlan or layer 3? which device has ip adress on that network segment?
    you should make a rule on that device, allowing/denying your traffic.

    sometimes it is also possible to give that specific server a nic/ip from VLAN 2 - so you don't need to make exception rules.

    it is up to you!


  • 3.  RE: I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-22-2018 11:48
    Hi,
    This is an example :
    BD-Lab.4 # show policy MS-VLAN-BRIDGE.pol
    Policies at Policy Server:
    Policy: MS-VLAN-BRIDGE
    entry BRIDGE-TO-MS {
    if match all {
    source-address 10.32.32.0/23 ;
    destination-address 10.32.0.0/21 ;
    }
    then {
    permit ;
    }
    }
    entry BRIDGE-to-BRIDGE {
    if match all {
    source-address 10.32.32.0/23 ;
    destination-address 10.32.32.0/23 ;
    }
    then {
    permit ;
    }
    }

    You hav to create a policy first, then add to an ACL :

    #
    configure access-list MS-VLAN-BRIDGE vlan "Vlan-100" ingress


  • 4.  RE: I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-22-2018 23:04
    Not perfect answer.

    You could also use the idea of "VLAN Isolation"
    https://documentation.extremenetworks.com/exos_16/EXOS_16_2/VLAN/c_vlan-isolation.shtml

    Regards



  • 5.  RE: I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-23-2018 03:21


    I want to keep both networks (VLAN-1 and VLAN-2) isolated except for that server that should access via clients of VLAN-2 and other devices are not even accessible and pinging. now help to create ACL.


  • 6.  RE: I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-22-2018 08:19
    Layer 3 VLAN. I want particular server can be accessible for VLAN2. What rule is applicable to such condition.


  • 7.  RE: I need people from VLAN2 to access only one server on VLAN1, not all resources.

    Posted 01-22-2018 08:19
    how does your acl look like?

    just add one permit line for that one specific host