Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

how to restrict server access in same VLAN?

Dear all,

I am a new comer to networking, my company's situation is similar to the following:

http://www.tak-chung.com/projects/project_student/2006-2007/na06a1/image.jpg

My question is:

1. how to restrict access between servers within the server farm?? e.g. in the community VLAN, I would like to block the access from DC01 to the database server.

2. If I set up a server running tripwire tool, how can I restrict each login to server within the server farm must first pass through the tripwire server, including access from an IP within the same community VLAN??

Thank and appreciate for any comments!!!

Version history
Revision #:
1 of 1
Last update:
‎09-29-2010 09:15 AM
Updated by:
 
Labels (1)
Everyone's tags (1)
Comments

You'll have to use PVLANS

http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html

If you're open to design considerations I would look at creating multiple vlans, separating each by business function or security level. I would use a firewall to restrict access between the different subnets. That way you can filter ports and protocols between systems.

Hope it helps.