• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

HP procurve routing question

I have configured my 2800 series switches on multiple occasions for vlans, and routing between vlans.
My new question is if I want to connect our LAN with a related company that is in the same building, however we only want 1 host to be available how would I do that?
what security concerns should I have?  

End result is everyone on my network can hit a web server on their network. They do not need to access our network, just that one host needs to be able to communicate.

0
Eric
Asked:
Eric
  • 5
  • 4
  • 2
2 Solutions
 
fluk3dCommented:
You would either untag that host in your respective VLAN or if the 2800 series supports ACL you can create an ACL to allow traffic from VLAN 1 to VLAN 2
0
 
EricIT ManagerAuthor Commented:
We are dealing with virtual machines. so a direct plug into the server is not possible. I'm not told there is actually 2 servers (hosts) one is physical, one is virtual.

Looks like the 2800 is a layer 2, no ACL features.

0
 
fluk3dCommented:
if your L3 device is doing the routing create a firewall rule (DENY) that entire subnet and then create an allow to allow that IP address but you would have to ensure that IP does not change either setup a static ip or static dhcp reservation.

that would be the simplest solution
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
EricIT ManagerAuthor Commented:
huh?
I said i have L2.  with no firewall/ACL's


0
 
fluk3dCommented:
What device is doing your routing between each VLAN, if I understood the question you have one host from VLAN2 that needs to access VLAN1 (resources)
0
 
EricIT ManagerAuthor Commented:
WE dont have anything configured yet.
our network say vlan1 needs to access 2 hosts on a new vlan say vlan3

we are routing the vlans with the 2848 hp procurve which is a layer 2 switch.
It does not support ACL.

i thought maybe I could somehow restrict it using static routes.
maybe send the subnet route to nowhere, while static routing the 2 hosts?

Ie (syntax may be off.. purpose of general idea)
ip route 192.168.0.0 255.255.255.0 VLAN3
ip route 192.168.0.1 255.255.255.0 vlan3
ip route 192.168.0.0 255.255.255.0 127.0.0.1
0
 
BooSTidCommented:
Assuming you meant the 2848 is a layer 3 switch (not 2).

If you want vlan's 2 (yours) and 3 (theirs) to access a single host, but not have anything else that is shared between them, then put the host in it's own vlan. A host can be untagged on multiple vlans, so this shouldn't be a problem.

The major security risk is that if the host in new vlan4 is compromised, it will have access to all of 2 and 3. Without any additional layer 3 equipment, you're going to have a hell of a time locking this down any further.
0
 
BooSTidCommented:
To correct what i just said above, put the resources that need to be shared between the vlans on their own vlan. You'll have to deal with routing between vlans, but that's about as far as you can limit traffic without anything additional.
0
 
EricIT ManagerAuthor Commented:
Thanks for the info
0
 
EricIT ManagerAuthor Commented:
i actually meant to split that and bricked it. sorry fluk3d
0
 
fluk3dCommented:
That's okay - as long as the information has helped you out =)
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now