I have been asked to isolate the traffic between a Client and Server so that only the traffic from the designated client gets back to the server. The vlan has many other hosts besides the client and server.
The server runs a packager program that has a client piece on the client virtual machine. When an installation is performed on the client then all the changes are reported back to the server to be recorded.
The goal is to capture only the changes made to the client while performing an installation so that an msi installation exe can be created. Currently the server is capturing unrelated traffic on the server port and adding this information to the msi. This unrelated information then has to be manually removed.
The server is connected to an access port on a 6500 access layer switch running CATOS and the client is a virtual machine running on a vsphere server. The vshpere server connects via a trunk port to a 6500 access layer switch running IOS. There is a 6500 layer 3 distribution switch between the two access switches. The server recording the installation and the client running the installation are both on different vlans and subnets so need to be routed through the distribution switch.
They are requesting an additional vlan be created but they do not want to change the ip addresses of the server and client. This will not work because we map a complete subnet to each vlan.
Can I create an acl on the CATOS switch that only allows the packets from the client ip or mac to get to the server port? Of course normal traffic to all the other ports on the vlan would still have to continue.
Maybe a seperate dedicated physical network?