Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VLAN trunking to server and security

I have a question concerning interserver security.

I have a cat6513 and the port connected to a w2k3 server (single NIC) is in trunking mode carrying 2 VLANS a "customer" VLAN and "backup" VLAN. We serve multiple customers,each on their own specific VLAN, but all customers use the same generic backup service in a generic backup VLAN. Customers VLANS are separated by a FWSM but with this setup all the servers can connect to other servers on the backup VLAN.

What would be the best way to make sure that on the backup VLAN the servers can only connect to the backupserver and not ervers from oher customers.

We tried private VLAN's (which I think won't work because the port is a trunk)ad access-list but can't get it to work.

Any help or directions on how to solve this in well designed manner would be appreciated.

This is the config of a port in which vlan 11 is the backup vlan and vlan 31 the customer VLAN.

interface GigabitEthernet12/17

description

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 11,31

switchport mode trunk

1 REPLY
VIP Purple

Re: VLAN trunking to server and security

Hello,

my first thought would be to use protected ports ('switchport protected' interface command), which would prohibit ports configured with that command from talking to each other. The drawback is that this only works for ports on the same switch...

Regards,

GP

96
Views
0
Helpful
1
Replies
CreatePlease to create content