Solved

HP procurve routing question

Posted on 2010-08-25
11
365 Views
Last Modified: 2012-05-10
I have configured my 2800 series switches on multiple occasions for vlans, and routing between vlans.
My new question is if I want to connect our LAN with a related company that is in the same building, however we only want 1 host to be available how would I do that?
what security concerns should I have?  

End result is everyone on my network can hit a web server on their network. They do not need to access our network, just that one host needs to be able to communicate.

0
Comment
Question by:Eric
  • 5
  • 4
  • 2
11 Comments
 
LVL 6

Expert Comment

by:fluk3d
ID: 33521410
You would either untag that host in your respective VLAN or if the 2800 series supports ACL you can create an ACL to allow traffic from VLAN 1 to VLAN 2
0
 
LVL 11

Author Comment

by:Eric
ID: 33522407
We are dealing with virtual machines. so a direct plug into the server is not possible. I'm not told there is actually 2 servers (hosts) one is physical, one is virtual.

Looks like the 2800 is a layer 2, no ACL features.

0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33522437
if your L3 device is doing the routing create a firewall rule (DENY) that entire subnet and then create an allow to allow that IP address but you would have to ensure that IP does not change either setup a static ip or static dhcp reservation.

that would be the simplest solution
0
 
LVL 11

Author Comment

by:Eric
ID: 33522572
huh?
I said i have L2.  with no firewall/ACL's


0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33522591
What device is doing your routing between each VLAN, if I understood the question you have one host from VLAN2 that needs to access VLAN1 (resources)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 11

Author Comment

by:Eric
ID: 33522901
WE dont have anything configured yet.
our network say vlan1 needs to access 2 hosts on a new vlan say vlan3

we are routing the vlans with the 2848 hp procurve which is a layer 2 switch.
It does not support ACL.

i thought maybe I could somehow restrict it using static routes.
maybe send the subnet route to nowhere, while static routing the 2 hosts?

Ie (syntax may be off.. purpose of general idea)
ip route 192.168.0.0 255.255.255.0 VLAN3
ip route 192.168.0.1 255.255.255.0 vlan3
ip route 192.168.0.0 255.255.255.0 127.0.0.1
0
 
LVL 5

Accepted Solution

by:
BooSTid earned 500 total points
ID: 33632506
Assuming you meant the 2848 is a layer 3 switch (not 2).

If you want vlan's 2 (yours) and 3 (theirs) to access a single host, but not have anything else that is shared between them, then put the host in it's own vlan. A host can be untagged on multiple vlans, so this shouldn't be a problem.

The major security risk is that if the host in new vlan4 is compromised, it will have access to all of 2 and 3. Without any additional layer 3 equipment, you're going to have a hell of a time locking this down any further.
0
 
LVL 5

Assisted Solution

by:BooSTid
BooSTid earned 500 total points
ID: 33632524
To correct what i just said above, put the resources that need to be shared between the vlans on their own vlan. You'll have to deal with routing between vlans, but that's about as far as you can limit traffic without anything additional.
0
 
LVL 11

Author Closing Comment

by:Eric
ID: 33746655
Thanks for the info
0
 
LVL 11

Author Comment

by:Eric
ID: 33746662
i actually meant to split that and bricked it. sorry fluk3d
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33746909
That's okay - as long as the information has helped you out =)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now