Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Building secure backup network

Hello,

I'm trying to build secure backup network, where each server should only be able to send and recieve packet to and from backup server. The servers are spread over a couple of switches and backup server is connected to a separate switch. Have tryed to use protected ports function, mac address functions in a switch but none of this functions are archiving what I want. Which Cisco switches do wee need.

Best Regards

Yilmaz

5 REPLIES
Bronze

Re: Building secure backup network

We'll need more details on the topology and the traffic flow requirements. Surely the servers provide services to clients, so they'll need to be able to send packets to clients as well as the backup server.

Community Member

Re: Building secure backup network

Ok Sorry. Here is more ditails.

Each server have dual networkcard one handling normal services and the second one are only for backup from server to backup server. My problem is that if I apply for example new vlan and new IP/net mask, servers will be able to see each other on that network. One option maybe should be that assign new vlan for every server/port but have problem with that because wee have over 70 servers.

Best Regards

Yilmaz

Bronze

Re: Building secure backup network

Ok, that clears things up. Cisco's Protected Port feature would do what you want if the backup network only consisted of one switch, but if the workstations are spread out over several switches, things get a bit more complex.

Which model switches do you have? The 2950 series for example, despite being layer-2 from a packet forwarding standpoint, supports IP ACLs that would solve your problem here.

Community Member

Re: Building secure backup network

tbaranski, Great!

Have also read about ACL's and found something about filters on IP and access groups and apply access group to a port for incomming traffic.

I have couple of switches, 12 HP Procurve 2524. 1 Catalyst 2950T and one Cisco 3524. 1 Catalyst 6509.

I looking for a 100 percent solution and when wee found that I will replace all HP switches with required Cisco switches.

Thanks a lot for your answer.

Best Regards

Yilmaz

Bronze

Re: Building secure backup network

I should note that if you go with 2950s, I believe you need the enhanced image (EI) version rather than the standard image (SI) to use IP ACLs.

138
Views
0
Helpful
5
Replies
CreatePlease to create content