I have a single server to which I need to limit access. Without completely tearing down and rebuilding my network with proper segmentation (which I plan on doing next year) is there a way I can do this with my current equipment and layout? I have:
*1 subnet (192.168.0.1) for LAN which includes servers, printers, and PCs
It is a tedious job to restrict access on layer 2.. you can use private VLANs, but you must be very sure of what traffic should flow between your end devices ! You can also use layer 2 or mac based vlans, but your switch seems to be too old for it ! try your luck.. see if you have "mac access-list" commands.. you can define these ACL's and apply it on the relevant port... This URL might help you:
Here is a document showing how to use a switch and subinterfaces on a router to create and route between 2 vlans. If you have spare interface(s) on your 2811 then you don't need subinterfaces but i'm assuming you don't. (Note if you do let us know as it's a lot simpler).
Scroll down to the table showing 802.1q support in catalyst switches to make sure you have the correct IOS on your 3548XL. Also the router in this example doc is a 2600 but your 2800 will be fine -
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...