- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Isolating ports
Switches, Hubs, and Modems
1753600
Members
6215
Online
108796
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2007 10:49 AM
тАО10-30-2007 10:49 AM
Isolating ports
Hello all,
I work in a services provider with a lot of customers. Usually, every customer has his own dedicated servers, vlans and DMZs. However, this makes difficult the management and the backup as we have to configure a new management/backup vlan for every customer.
What I want is to share a common network for all of my smaller customers (which have a shared infrastructure) but allowing access to this network to only the shared backup server and the technicians. It will not make sense (in security terms) if we separate our customers between different DMZs if the share the same backup/managemente network.
We have several switches expanding our network so isolating ports should not work (I will have to allow the uplink port and this will lead us to allow all the hosts in other switches).
I thought on some kind of MAC filtering on every port, allowing only the backup's MAC and technicians' router MAC. Has someone some experience doing something like this? Any other options?
Thanks.
I work in a services provider with a lot of customers. Usually, every customer has his own dedicated servers, vlans and DMZs. However, this makes difficult the management and the backup as we have to configure a new management/backup vlan for every customer.
What I want is to share a common network for all of my smaller customers (which have a shared infrastructure) but allowing access to this network to only the shared backup server and the technicians. It will not make sense (in security terms) if we separate our customers between different DMZs if the share the same backup/managemente network.
We have several switches expanding our network so isolating ports should not work (I will have to allow the uplink port and this will lead us to allow all the hosts in other switches).
I thought on some kind of MAC filtering on every port, allowing only the backup's MAC and technicians' router MAC. Has someone some experience doing something like this? Any other options?
Thanks.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-31-2007 10:12 PM
тАО10-31-2007 10:12 PM
Re: Isolating ports
Hi David !
There is a feature on HP Procurve 25xx series called isolated port groups which may be helpful.
Look at the reference library at http://www.procurve.com for a manual for 25xx.
Good luck,
Dmitry
There is a feature on HP Procurve 25xx series called isolated port groups which may be helpful.
Look at the reference library at http://www.procurve.com for a manual for 25xx.
Good luck,
Dmitry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2007 02:29 AM
тАО11-01-2007 02:29 AM
Re: Isolating ports
If you have some more Intelligent Switches (say, 54xx, 35xx) you can consider a kind of resource VLANs and customer's users VLANs, and applying access control lists for switched, routed traffic for VLANs and phisycal ports.
You can also consider dynamic vlan and ACL assignment using centralised Radius solution.
Good luck,
Dmitry
You can also consider dynamic vlan and ACL assignment using centralised Radius solution.
Good luck,
Dmitry
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP