01-06-2006 06:18 AM - edited 03-03-2019 01:20 AM
Hi,
Is it possible to leak traffic between ports configured as 'PVLAN isolated' ?
Task is pretty simple - there is an IP segment, terminated on cat3750 SVI, and two test servers connected to this switch in ports, configurated for isolated PVLAN. I'd like to be sure there is no uncontrolled communication between those servers, except permitted traffic.
Both servers can reach SVI IP address, but cant reach each other. So far, so good, PVLAN works. What about allowing some traffic between those hosts? Any ideas if thats possible at all, and how to configure devices?
01-06-2006 07:17 AM
Hi,
you could place the two servers in two different VLANs, let the Cat 3750 route between them and apply access-lists to control the desired traffic.
Have a look at
"Configuring Network Security with ACLs"
for all possibilities.
Hope this helps
Martin
01-11-2006 01:01 AM
All servers are placed in one VLAN (IP subnet) and it's supposed to stay that way. Test is about PVLAN usage.
Anyone else ?
02-23-2006 08:00 AM
Use local proxy arp on SVI interface (ip local-proxy-arp). Then you can apply RACL to limit traffic between servers for specific applications.
Regards,
Bostjan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: