Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Isolating ports

David B. P.
Advisor

Isolating ports

Hello all,
I work in a services provider with a lot of customers. Usually, every customer has his own dedicated servers, vlans and DMZs. However, this makes difficult the management and the backup as we have to configure a new management/backup vlan for every customer.
What I want is to share a common network for all of my smaller customers (which have a shared infrastructure) but allowing access to this network to only the shared backup server and the technicians. It will not make sense (in security terms) if we separate our customers between different DMZs if the share the same backup/managemente network.
We have several switches expanding our network so isolating ports should not work (I will have to allow the uplink port and this will lead us to allow all the hosts in other switches).

I thought on some kind of MAC filtering on every port, allowing only the backup's MAC and technicians' router MAC. Has someone some experience doing something like this? Any other options?

Thanks.
2 REPLIES
Dmitry G. Spitsyn
Trusted Contributor

Re: Isolating ports

Hi David !

There is a feature on HP Procurve 25xx series called isolated port groups which may be helpful.
Look at the reference library at http://www.procurve.com for a manual for 25xx.

Good luck,
Dmitry
Dmitry G. Spitsyn
Trusted Contributor

Re: Isolating ports

If you have some more Intelligent Switches (say, 54xx, 35xx) you can consider a kind of resource VLANs and customer's users VLANs, and applying access control lists for switched, routed traffic for VLANs and phisycal ports.
You can also consider dynamic vlan and ACL assignment using centralised Radius solution.

Good luck,
Dmitry