[c-nsp] how to secure a vlan?

Aaron R aaronis at people.net.au
Sat Mar 1 06:11:19 EST 2008


Just apply the necessary acl's to the relevant vlan interfaces. i.e. 

access-list 101 permit tcp source-network mask destination-network mask eq
80
access-list 101 permit tcp source-network mask destination-network mask eq
21

int vlan 250
ip access-group 101 in

if you are concerned about applying this in a production environment simply
add a permit ip any any at the end of the ACL and log the other traffic to
see if the ACL is being matched.

Cheers,

Aaron.
 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dan Letkeman
Sent: Saturday, March 01, 2008 8:08 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] how to secure a vlan?

What would be the best way to go about securing networks on 3560 switches?

Currently i'm trunking multiple vlans between 3560's.  Each switch has
multiple connected networks and ospf is the routing protocol.

What I would like to do is secure a vlan so you can't access that
network from another vlan.  For example:  My server farm vlan is vlan
250, but I dont want the workstations from vlan 200 to access those
servers except port 21 & port 80 traffic.

I understand that I would need to do this with acl's, but im unsure
where to start.  Any examples would be helpfull.

Thanks,
Dan
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list