Extreme Networks

Alok_Shukla1 · ‎01-22-2018

I need people from VLAN2 to access only one server on VLAN1, not all resources, just one single server IP. Basically, I want to keep both networks isolated except for that server that should common to both.

Alok_Shukla1 · ‎01-23-2018

74c463e350aa426db6b407a9eea0514e_RackMultipart20180123-80408-kkcygh-TMG_inline.jpg

I want to keep both networks (VLAN-1 and VLAN-2) isolated except for that server that should access via clients of VLAN-2 and other devices are not even accessible and pinging. now help to create ACL.

Bin · ‎01-22-2018

Not perfect answer.

You could also use the idea of "VLAN Isolation"
https://documentation.extremenetworks.com/exos_16/EXOS_16_2/VLAN/c_vlan-isolation.shtml

Regards

Pascal_Lurquin · ‎01-22-2018

Hi,
This is an example :
BD-Lab.4 # show policy MS-VLAN-BRIDGE.pol
Policies at Policy Server:
Policy: MS-VLAN-BRIDGE
entry BRIDGE-TO-MS {
if match all {
source-address 10.32.32.0/23 ;
destination-address 10.32.0.0/21 ;
}
then {
permit ;
}
}
entry BRIDGE-to-BRIDGE {
if match all {
source-address 10.32.32.0/23 ;
destination-address 10.32.32.0/23 ;
}
then {
permit ;
}
}

You hav to create a policy first, then add to an ACL :

#
configure access-list MS-VLAN-BRIDGE vlan "Vlan-100" ingress

AntonS · ‎01-22-2018

is that a layer 2 vlan or layer 3? which device has ip adress on that network segment?
you should make a rule on that device, allowing/denying your traffic.

sometimes it is also possible to give that specific server a nic/ip from VLAN 2 - so you don't need to make exception rules.

it is up to you!

Extreme Networks

I need people from VLAN2 to access only one server on VLAN1, not all resources.

I need people from VLAN2 to access only one server on VLAN1, not all resources.