Eric
asked on
HP procurve routing question
I have configured my 2800 series switches on multiple occasions for vlans, and routing between vlans.
My new question is if I want to connect our LAN with a related company that is in the same building, however we only want 1 host to be available how would I do that?
what security concerns should I have?
End result is everyone on my network can hit a web server on their network. They do not need to access our network, just that one host needs to be able to communicate.
My new question is if I want to connect our LAN with a related company that is in the same building, however we only want 1 host to be available how would I do that?
what security concerns should I have?
End result is everyone on my network can hit a web server on their network. They do not need to access our network, just that one host needs to be able to communicate.
You would either untag that host in your respective VLAN or if the 2800 series supports ACL you can create an ACL to allow traffic from VLAN 1 to VLAN 2
ASKER
We are dealing with virtual machines. so a direct plug into the server is not possible. I'm not told there is actually 2 servers (hosts) one is physical, one is virtual.
Looks like the 2800 is a layer 2, no ACL features.
Looks like the 2800 is a layer 2, no ACL features.
if your L3 device is doing the routing create a firewall rule (DENY) that entire subnet and then create an allow to allow that IP address but you would have to ensure that IP does not change either setup a static ip or static dhcp reservation.
that would be the simplest solution
that would be the simplest solution
ASKER
huh?
I said i have L2. with no firewall/ACL's
I said i have L2. with no firewall/ACL's
What device is doing your routing between each VLAN, if I understood the question you have one host from VLAN2 that needs to access VLAN1 (resources)
ASKER
WE dont have anything configured yet.
our network say vlan1 needs to access 2 hosts on a new vlan say vlan3
we are routing the vlans with the 2848 hp procurve which is a layer 2 switch.
It does not support ACL.
i thought maybe I could somehow restrict it using static routes.
maybe send the subnet route to nowhere, while static routing the 2 hosts?
Ie (syntax may be off.. purpose of general idea)
ip route 192.168.0.0 255.255.255.0 VLAN3
ip route 192.168.0.1 255.255.255.0 vlan3
ip route 192.168.0.0 255.255.255.0 127.0.0.1
our network say vlan1 needs to access 2 hosts on a new vlan say vlan3
we are routing the vlans with the 2848 hp procurve which is a layer 2 switch.
It does not support ACL.
i thought maybe I could somehow restrict it using static routes.
maybe send the subnet route to nowhere, while static routing the 2 hosts?
Ie (syntax may be off.. purpose of general idea)
ip route 192.168.0.0 255.255.255.0 VLAN3
ip route 192.168.0.1 255.255.255.0 vlan3
ip route 192.168.0.0 255.255.255.0 127.0.0.1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info
ASKER
i actually meant to split that and bricked it. sorry fluk3d
That's okay - as long as the information has helped you out =)