https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15234#M2318 is that a layer 2 vlan or layer 3? which device has ip adress on that network segment?<BR /> you should make a rule on that device, allowing/denying your traffic.<BR /> <BR /> sometimes it is also possible to give that specific server a nic/ip from VLAN 2 - so you don't need to make exception rules.<BR /> <BR /> it is up to you! Mon, 22 Jan 2018 16:19:00 GMT AntonS 2018-01-22T16:19:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15233#M2317 I need people from VLAN2 to access only one server on VLAN1, not all resources, just one single server IP. Basically, I want to keep both networks isolated except for that server that should common to both. Mon, 22 Jan 2018 14:22:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15233#M2317 Alok_Shukla1 2018-01-22T14:22:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15234#M2318 is that a layer 2 vlan or layer 3? which device has ip adress on that network segment?<BR /> you should make a rule on that device, allowing/denying your traffic.<BR /> <BR /> sometimes it is also possible to give that specific server a nic/ip from VLAN 2 - so you don't need to make exception rules.<BR /> <BR /> it is up to you! Mon, 22 Jan 2018 16:19:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15234#M2318 AntonS 2018-01-22T16:19:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15235#M2319 Layer 3 VLAN. I want particular server can be accessible for VLAN2. What rule is applicable to such condition. Mon, 22 Jan 2018 16:19:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15235#M2319 Alok_Shukla1 2018-01-22T16:19:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15236#M2320 how does your acl look like?<BR /> <BR /> just add one permit line for that one specific host Mon, 22 Jan 2018 16:19:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15236#M2320 AntonS 2018-01-22T16:19:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15237#M2321 Hi,<BR /> This is an example :<BR /> BD-Lab.4 # show policy MS-VLAN-BRIDGE.pol<BR /> Policies at Policy Server:<BR /> Policy: MS-VLAN-BRIDGE<BR /> entry BRIDGE-TO-MS { <BR /> if match all { <BR /> source-address 10.32.32.0/23 ;<BR /> destination-address 10.32.0.0/21 ;<BR /> }<BR /> then {<BR /> permit ;<BR /> }<BR /> }<BR /> entry BRIDGE-to-BRIDGE { <BR /> if match all { <BR /> source-address 10.32.32.0/23 ;<BR /> destination-address 10.32.32.0/23 ;<BR /> }<BR /> then {<BR /> permit ;<BR /> }<BR /> }<BR /> <BR /> You hav to create a policy first, then add to an ACL :<BR /> <BR /> #<BR /> configure access-list MS-VLAN-BRIDGE vlan "Vlan-100" ingress<BR /> Mon, 22 Jan 2018 19:48:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15237#M2321 Pascal_Lurquin 2018-01-22T19:48:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15238#M2322 Not perfect answer.<BR /> <BR /> You could also use the idea of "VLAN Isolation"<BR /> <A href="https://documentation.extremenetworks.com/exos_16/EXOS_16_2/VLAN/c_vlan-isolation.shtml" target="_blank" rel="nofollow noreferrer noopener">https://documentation.extremenetworks.com/exos_16/EXOS_16_2/VLAN/c_vlan-isolation.shtml</A><BR /> <BR /> Regards<BR /> <BR /> Tue, 23 Jan 2018 07:04:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15238#M2322 Bin 2018-01-23T07:04:00Z https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15239#M2323 <P class="fancybox-image"><span class="lia-inline-image-display-wrapper" image-alt="74c463e350aa426db6b407a9eea0514e_RackMultipart20180123-80408-kkcygh-TMG_inline.jpg"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/4804i624A2FA1077BB6E3/image-size/large?v=v2&amp;px=999" role="button" title="74c463e350aa426db6b407a9eea0514e_RackMultipart20180123-80408-kkcygh-TMG_inline.jpg" alt="74c463e350aa426db6b407a9eea0514e_RackMultipart20180123-80408-kkcygh-TMG_inline.jpg" /></span></P><BR /> I want to keep both networks (VLAN-1 and VLAN-2) isolated except for that server that should access via clients of VLAN-2 and other devices are not even accessible and pinging. now help to create ACL.<BR /> Tue, 23 Jan 2018 11:21:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/i-need-people-from-vlan2-to-access-only-one-server-on-vlan1-not/m-p/15239#M2323 Alok_Shukla1 2018-01-23T11:21:00Z