Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Isolating a Server on a 3560 Switch

Hello,

I am trying to find a way to isolate a internal web server located on a 3560 switch.

We have multiple computers on the vlan that the server is part of.

I am wondering if it is possible to isolate that server to be only accessable to either certain ip's or mac addresses.

Is there a best practice method?

3 REPLIES

Isolating a Server on a 3560 Switch

Best practice is to use a firewall if you have it and put such servers behind the firewall.  If you don' t have the firewall then put that server on a different VLAN and utilize ACL's.

Isolating a Server on a 3560 Switch

Try the following:

conf t

interface vlan x

  ip access-group web_server_acl in

ip access-list extended web_server_acl

  permit ip any any

  deny ip any host

  permit ip host host

  ...etc...

cheers,

Seb.

Isolating a Server on a 3560 Switch

Oh and you can also use the servers built in firewall too, but you really should create a separate VLAN at least for the server(s)

150
Views
0
Helpful
3
Replies
CreatePlease login to create content