Solved

HP procurve routing question

Posted on 2010-08-25
11
368 Views
Last Modified: 2012-05-10
I have configured my 2800 series switches on multiple occasions for vlans, and routing between vlans.
My new question is if I want to connect our LAN with a related company that is in the same building, however we only want 1 host to be available how would I do that?
what security concerns should I have?  

End result is everyone on my network can hit a web server on their network. They do not need to access our network, just that one host needs to be able to communicate.

0
Comment
Question by:Eric
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 6

Expert Comment

by:fluk3d
ID: 33521410
You would either untag that host in your respective VLAN or if the 2800 series supports ACL you can create an ACL to allow traffic from VLAN 1 to VLAN 2
0
 
LVL 11

Author Comment

by:Eric
ID: 33522407
We are dealing with virtual machines. so a direct plug into the server is not possible. I'm not told there is actually 2 servers (hosts) one is physical, one is virtual.

Looks like the 2800 is a layer 2, no ACL features.

0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33522437
if your L3 device is doing the routing create a firewall rule (DENY) that entire subnet and then create an allow to allow that IP address but you would have to ensure that IP does not change either setup a static ip or static dhcp reservation.

that would be the simplest solution
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Author Comment

by:Eric
ID: 33522572
huh?
I said i have L2.  with no firewall/ACL's


0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33522591
What device is doing your routing between each VLAN, if I understood the question you have one host from VLAN2 that needs to access VLAN1 (resources)
0
 
LVL 11

Author Comment

by:Eric
ID: 33522901
WE dont have anything configured yet.
our network say vlan1 needs to access 2 hosts on a new vlan say vlan3

we are routing the vlans with the 2848 hp procurve which is a layer 2 switch.
It does not support ACL.

i thought maybe I could somehow restrict it using static routes.
maybe send the subnet route to nowhere, while static routing the 2 hosts?

Ie (syntax may be off.. purpose of general idea)
ip route 192.168.0.0 255.255.255.0 VLAN3
ip route 192.168.0.1 255.255.255.0 vlan3
ip route 192.168.0.0 255.255.255.0 127.0.0.1
0
 
LVL 5

Accepted Solution

by:
BooSTid earned 500 total points
ID: 33632506
Assuming you meant the 2848 is a layer 3 switch (not 2).

If you want vlan's 2 (yours) and 3 (theirs) to access a single host, but not have anything else that is shared between them, then put the host in it's own vlan. A host can be untagged on multiple vlans, so this shouldn't be a problem.

The major security risk is that if the host in new vlan4 is compromised, it will have access to all of 2 and 3. Without any additional layer 3 equipment, you're going to have a hell of a time locking this down any further.
0
 
LVL 5

Assisted Solution

by:BooSTid
BooSTid earned 500 total points
ID: 33632524
To correct what i just said above, put the resources that need to be shared between the vlans on their own vlan. You'll have to deal with routing between vlans, but that's about as far as you can limit traffic without anything additional.
0
 
LVL 11

Author Closing Comment

by:Eric
ID: 33746655
Thanks for the info
0
 
LVL 11

Author Comment

by:Eric
ID: 33746662
i actually meant to split that and bricked it. sorry fluk3d
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 33746909
That's okay - as long as the information has helped you out =)
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question