HP procurve routing question

I have configured my 2800 series switches on multiple occasions for vlans, and routing between vlans.
My new question is if I want to connect our LAN with a related company that is in the same building, however we only want 1 host to be available how would I do that?
what security concerns should I have?  

End result is everyone on my network can hit a web server on their network. They do not need to access our network, just that one host needs to be able to communicate.

LVL 11
EricIT ManagerAsked:
Who is Participating?
 
BooSTidConnect With a Mentor Commented:
Assuming you meant the 2848 is a layer 3 switch (not 2).

If you want vlan's 2 (yours) and 3 (theirs) to access a single host, but not have anything else that is shared between them, then put the host in it's own vlan. A host can be untagged on multiple vlans, so this shouldn't be a problem.

The major security risk is that if the host in new vlan4 is compromised, it will have access to all of 2 and 3. Without any additional layer 3 equipment, you're going to have a hell of a time locking this down any further.
0
 
fluk3dCommented:
You would either untag that host in your respective VLAN or if the 2800 series supports ACL you can create an ACL to allow traffic from VLAN 1 to VLAN 2
0
 
EricIT ManagerAuthor Commented:
We are dealing with virtual machines. so a direct plug into the server is not possible. I'm not told there is actually 2 servers (hosts) one is physical, one is virtual.

Looks like the 2800 is a layer 2, no ACL features.

0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
fluk3dCommented:
if your L3 device is doing the routing create a firewall rule (DENY) that entire subnet and then create an allow to allow that IP address but you would have to ensure that IP does not change either setup a static ip or static dhcp reservation.

that would be the simplest solution
0
 
EricIT ManagerAuthor Commented:
huh?
I said i have L2.  with no firewall/ACL's


0
 
fluk3dCommented:
What device is doing your routing between each VLAN, if I understood the question you have one host from VLAN2 that needs to access VLAN1 (resources)
0
 
EricIT ManagerAuthor Commented:
WE dont have anything configured yet.
our network say vlan1 needs to access 2 hosts on a new vlan say vlan3

we are routing the vlans with the 2848 hp procurve which is a layer 2 switch.
It does not support ACL.

i thought maybe I could somehow restrict it using static routes.
maybe send the subnet route to nowhere, while static routing the 2 hosts?

Ie (syntax may be off.. purpose of general idea)
ip route 192.168.0.0 255.255.255.0 VLAN3
ip route 192.168.0.1 255.255.255.0 vlan3
ip route 192.168.0.0 255.255.255.0 127.0.0.1
0
 
BooSTidConnect With a Mentor Commented:
To correct what i just said above, put the resources that need to be shared between the vlans on their own vlan. You'll have to deal with routing between vlans, but that's about as far as you can limit traffic without anything additional.
0
 
EricIT ManagerAuthor Commented:
Thanks for the info
0
 
EricIT ManagerAuthor Commented:
i actually meant to split that and bricked it. sorry fluk3d
0
 
fluk3dCommented:
That's okay - as long as the information has helped you out =)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.