Los Angeles1
asked on
Networking, subnet and security
On another thread, I proposed the following thread:
One of the reponses I received from this proposal was:
How can I provide security to prevent a node in one subnet fromreaching a node in another subnet ?
Subnet 1
Network: 10.14.101.104/29
Hosts: 10.14.101.105 - 10.14.101.110
Broadcast: 10.14.101.111
I assigned the following nodes to this subnet
10.14.101.105
10.14.101.108
10.14.101.110
Subnet 2
Network: 10.14.101.112/29
Hosts: 10.14.101.113 - 10.14.101.118
Broadcast: 10.14.101.119
I assigned the following nodes to this subnet
10.14.101.113
10.14.101.114
10.14.101.115One of the reponses I received from this proposal was:
It's not a solution that will provide any security in the sense that it will prevent a node in one subnet from reaching a node in another.
You could ask about that..... How can I provide security to prevent a node in one subnet fromreaching a node in another subnet ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create VLANs for each subnet group, then apply an access control list to each VLAN interface to control the traffic. The VLAN interface MUST be the the default gateway for the subnet group for this to work properly.
Remember that if you want internet access the ACL must be configured to DENY the specific traffic to another subnet, then a final statement of ALLOW ALL will ensure internet connectivity still functions.
Remember that if you want internet access the ACL must be configured to DENY the specific traffic to another subnet, then a final statement of ALLOW ALL will ensure internet connectivity still functions.
You either can use VLAN's or create rules on your firewall to deny bidirectional traffic between those two subnets.