Network Architecture & Design

I need people from VLAN2 to access only one server on VLAN1, not all resources, just one single server IP. Basically, I want to keep both networks isolated except for that server that should common to both.

is that a layer 2 vlan or layer 3? which device has ip adress on that network segment?
you should make a rule on that device, allowing/denying your traffic.

sometimes it is also possible to give that specific server a nic/ip from VLAN 2 - so you don't need to make exception rules.

it is up to you!

Hi,
This is an example :
BD-Lab.4 # show policy MS-VLAN-BRIDGE.pol
Policies at Policy Server:
Policy: MS-VLAN-BRIDGE
entry BRIDGE-TO-MS {
if match all {
source-address 10.32.32.0/23 ;
destination-address 10.32.0.0/21 ;
}
then {
permit ;
}
}
entry BRIDGE-to-BRIDGE {
if match all {
source-address 10.32.32.0/23 ;
destination-address 10.32.32.0/23 ;
}
then {
permit ;
}
}

You hav to create a policy first, then add to an ACL :

#
configure access-list MS-VLAN-BRIDGE vlan "Vlan-100" ingress

Not perfect answer.

You could also use the idea of "VLAN Isolation"
https://documentation.extremenetworks.com/exos_16/EXOS_16_2/VLAN/c_vlan-isolation.shtml

Regards

I want to keep both networks (VLAN-1 and VLAN-2) isolated except for that server that should access via clients of VLAN-2 and other devices are not even accessible and pinging. now help to create ACL.

Layer 3 VLAN. I want particular server can be accessible for VLAN2. What rule is applicable to such condition.

how does your acl look like?

just add one permit line for that one specific host