I need people from VLAN2 to access only one server on VLAN1, not all resources.

  • 0
  • 1
  • Question
  • Updated 7 months ago
  • Answered
I need people from VLAN2 to access only one server on VLAN1, not all resources, just one single server IP. Basically, I want to keep both networks isolated except for that server that should common to both.
Photo of Alok Shukla

Alok Shukla

  • 240 Points 100 badge 2x thumb

Posted 7 months ago

  • 0
  • 1
Photo of Anton Sax

Anton Sax

  • 1,062 Points 1k badge 2x thumb
is that a layer 2 vlan or layer 3? which device has ip adress on that network segment?
you should make a rule on that device, allowing/denying your traffic.

sometimes it is also possible to give that specific server a nic/ip from VLAN 2 - so you don't need to make exception rules.

it is up to you!
Photo of Alok Shukla

Alok Shukla

  • 240 Points 100 badge 2x thumb
Layer 3 VLAN. I want particular server can be accessible for VLAN2. What rule is applicable to such condition.
Photo of Anton Sax

Anton Sax

  • 1,062 Points 1k badge 2x thumb
how does your acl look like?

just add one permit line for that one specific host
Photo of Pascal Lurquin

Pascal Lurquin

  • 970 Points 500 badge 2x thumb
Hi,
This is an example :
BD-Lab.4 # show policy MS-VLAN-BRIDGE.pol
Policies at Policy Server:
Policy: MS-VLAN-BRIDGE
entry BRIDGE-TO-MS { 
if match all { 
    source-address 10.32.32.0/23 ;
    destination-address 10.32.0.0/21 ;
}
then {
    permit  ;
}
}
entry BRIDGE-to-BRIDGE { 
if match all { 
    source-address 10.32.32.0/23 ;
    destination-address 10.32.32.0/23 ;
}
then {
    permit  ;
}
}

You hav to create a policy first,  then add to an ACL :

#
configure access-list MS-VLAN-BRIDGE vlan "Vlan-100" ingress
Photo of Bin

Bin, Employee

  • 5,350 Points 5k badge 2x thumb
Not perfect answer.

You could also use the idea of "VLAN Isolation"
https://documentation.extremenetworks.com/exos_16/EXOS_16_2/VLAN/c_vlan-isolation.shtml

Regards
Photo of Alok Shukla

Alok Shukla

  • 240 Points 100 badge 2x thumb

 I want to keep both networks (VLAN-1 and VLAN-2) isolated except for that server that should access via clients of VLAN-2 and other devices are not even accessible and pinging. now help to create ACL.