Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shared Server/Shared Internet Access Application Shared Servers (Mail Server, data server, Internet Access servers) can be access by all user groups, but.

Published byMabel Wright Modified over 8 years ago

Similar presentations

Presentation on theme: "Shared Server/Shared Internet Access Application Shared Servers (Mail Server, data server, Internet Access servers) can be access by all user groups, but."— Presentation transcript:

1 Shared Server/Shared Internet Access Application Shared Servers (Mail Server, data server, Internet Access servers) can be access by all user groups, but the access between groups are not allowed (for the performance or security consideration) L2 solution: Asymmetric VLAN or Traffic Segmentation L3 solution: L3 switch + ACL to limit the access between group. Servers V2V3V4

2 V2 192.168.1.x Gw192.168.1.1 V3 192.168.1.x Gw192.168.1.1 V1, Servers 192.168.1.x V1, Internet Gateway 192.168.1.1 ISP V1: port 1-8 Shared Server(s) or Internet Gateway V2: port 9-16 VLAN2 users (PC or hub/switch) V3: port 17-24 VLAN3 users (PC or hub/switch) Requirement: 1.V2 and V3 can access V1 for shared Server (with IPX, same network IP, AppleTalk, NetBEUI etc) 2.V2 and V3 can access Internet Gateway for Internet Access using same network IP. 3.No access between V2 and V3. Traffic Segmentation Standalone configuration Config traffic_segmentation 1-24 forwarding_list 1-24 Config traffic_segmentation 9-16 forwarding_list 1-16 Config traffic_segmentation 17-24 forwarding_list 1-8,17-24

3 Net4 192.168.4.x/24 Gw192.168.4.1 Net1 (192.168.1.x) can be accessed by Net2, Net3, Net4. Net2, Net3, Net4 cannot access each other Des-3326S Net3 192.168.3.x/24 Gw192.168.3.1 Servers Net1 192.168.1.x/24 Gw192.168.1.1 Net2 192.168.2.x/24 Gw192.168.2.1 L3 Switch Shared Server application Scenario: Only shared IP network can be accessed

4 # create access_profile rule # permit only 192.168.1.x to be accessed by other subnet create access_profile ip destination_ip_mask 255.255.255.0 permit profile_id 10 config access_profile profile_id 10 add access_id 11 ip destination_ip 192.168.1.2 create access_profile ip source_ip_mask 255.255.255.0 permit profile_id 20 config access_profile profile_id 20 add access_id 21 ip source_ip 192.168.1.2 # permit 192.168.2.x and 192.168.3.x can access themselves. create access_profile ip source_ip_mask 255.255.255.0 destination_ip_mask 255.255.255.0 permit profile_id 30 config access_profile profile_id 30 add access_id 31 ip source_ip 192.168.2.2 destination_ip 192.168.2.2 config access_profile profile_id 30 add access_id 32 ip source_ip 192.168.3.2 destination_ip 192.168.3.2 config access_profile profile_id 30 add access_id 33 ip source_ip 192.168.4.2 destination_ip 192.168.4.2 #### other nets added here # deny others. create access_profile ip source_ip_mask 0.0.0.0 deny profile_id 40 config access_profile profile_id 40 add access_id 41 ip source_ip 0.0.0.0 Rules: 1.If Dest. IP=192.168.1.x, permit 2.If Src. IP=192.168.1.x, permit 3.If DestIP=192.168.2.x and destIP=192.168.2.x, permit 4.If DestIP=192.168.3.x and SrcIP=192.168.3.x, permit 5.If DestIP=192.168.4.x and SrcIP=192.168.4.x, permit 6.Deny Others Test: 1.Net2 (192.168.2.x), Net3, Net4 PCs can Ping Net1 PC (192.168.1.x). 2.Net2, Net3, Net4 PCs cannot ping each other. L3 Switch Shared Server application

Download ppt "Shared Server/Shared Internet Access Application Shared Servers (Mail Server, data server, Internet Access servers) can be access by all user groups, but."

Similar presentations

SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.

SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.
CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 6 – Switch Configuration Switch Configuration Starting the.

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 6 – Switch Configuration Switch Configuration Starting the.
V1: port 1-8, untagged Shared Server(s) or Internet Gateway V2: port 9-16, untagged VLAN2 users (PC or hub/switch) V3: port 17-24, untagged VLAN3 users.

V1: port 1-8, untagged Shared Server(s) or Internet Gateway V2: port 9-16, untagged VLAN2 users (PC or hub/switch) V3: port 17-24, untagged VLAN3 users.
Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.

Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.
192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Static Routing Exercise. What will the exercise involve?  Unix network interface configuration  Cisco network interface configuration  Static routes.

Static Routing Exercise. What will the exercise involve?  Unix network interface configuration  Cisco network interface configuration  Static routes.
© Tejas Networks India Ltd., 2007, Proprietary Information Rev1.1 Last update 24 Oct 07 DEMO.

© Tejas Networks India Ltd., 2007, Proprietary Information Rev1.1 Last update 24 Oct 07 DEMO.
VoIP Network Diagram Internet PSTN Network DVX

VoIP Network Diagram Internet PSTN Network DVX
Instructor & Todd Lammle

Instructor & Todd Lammle
Threaded Case Study - RE Miller (Nick Effler, Brian Ford, Cindy Coultas & Teresa Duchardt) April-May, 2000 b Project Goals Implement WAN Access to connect.

Threaded Case Study - RE Miller (Nick Effler, Brian Ford, Cindy Coultas & Teresa Duchardt) April-May, 2000 b Project Goals Implement WAN Access to connect.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Implementation and Evaluation of a Performance Enhancing Proxy for Wireless TCP Scenarios and Architecture.

Implementation and Evaluation of a Performance Enhancing Proxy for Wireless TCP Scenarios and Architecture.
Small Office Service Serial Router Connects Internal Stations to Shared Broadband Access Service Small Office Serial Router Shared Broadband Line ISP.

Small Office Service Serial Router Connects Internal Stations to Shared Broadband Access Service Small Office Serial Router Shared Broadband Line ISP.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.

ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward

VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
H.323/ SIP Internet Telephony Gateway

H.323/ SIP Internet Telephony Gateway

Similar presentations

Ads by Google