10-04-2010 02:21 PM - edited 03-06-2019 01:19 PM
Is it possible to limit traffic on a VLAN to ONLY that specific VLAN, with a hole poked in for a couple IP addresses?
Here's the scenario:
Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.
Let's say it's VLAN 100
Let's say that network is 10.10.5.0/24
Let's say the server IP is 10.10.4.12/24
I would like this done on the main router, a 6509.
Solved! Go to Solution.
10-08-2010 03:31 PM
In the simplest form you could use an ACL such as this:
access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255
int vlan 100
ip access-group 100 out
exit
*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.
This will satisfy the requirement provided in the question:
Here's the scenario:
Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.
크리스
10-08-2010 03:31 PM
In the simplest form you could use an ACL such as this:
access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255
int vlan 100
ip access-group 100 out
exit
*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.
This will satisfy the requirement provided in the question:
Here's the scenario:
Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.
크리스
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: