HPE Community
Switches, Hubs, and Modems
1752652 Members
5775 Online
108788 Solutions
New Discussion юеВ

Re: Preventing access to test rig

 
SOLVED
Go to solution
Richard.Brown
Regular Advisor

тАО06-13-2007 02:07 AM

тАО06-13-2007 02:07 AM

Preventing access to test rig

Hi,

I am going to try and explain what we are attempting to achieve, I'm getting massively confused myself so apologies in advance if I start talking nonsense!!!

Essentially, here is our setup:

We have a system (phase 1) running on our business network, this is fine. Everyone can access it and everyone can work on it.
We now have another system (phase 2) which is basically a 'developing' version of (phase 1).

The problem has now arisen whereby the hostnames for phase1 and phase2 are the same, and therefore clashing (but IP's are different). We have changed the actual hostnames of the servers, but some of the packages within serviceguard cannot be changed, and therefore its hit or miss whether you get phase1 or phase2. (are you still with me!!)

We have sorted it for the time being using DNS and local hosts files to ensure we are hitting the right rig. However this isnt really a long term solution and the consequences of someone accidentally hitting the wrong rig are costly!!

What are our options?
We thought of putting phase1 on a VLAN, but certain people still need to access it so cutting it off from the main business LAN is not an option.

Now we are thinking we could use some form of port security? Ie. only allow certain IP addresses to access phase1, via a UCL or something? This would be acceptable, as the few people that will need to access it will be instructed to make doubly sure they are hitting the right rig!

Is this possible on a Procurve 2824, and if so how do you go about it?

Think ive provided enough info, thanks for any advice!
0 Kudos
3 REPLIES 3
OLARU Dan
Trusted Contributor

тАО06-13-2007 05:11 PM

тАО06-13-2007 05:11 PM

Solution

Re: Preventing access to test rig

I would put phase2 in a different VLAN, in another IP subnet than business phase1, and use some ACL to allow only selected IP addresses to work with phase2. Problem is that 2824 dos not know ACLs (maybe newest firmware does), so you need an external router to define your subnets, routing and ACLs on. If the cost of disrupting phase1 is higher than the cost of the router, I would buy one. Anyway you'll need it sooner or later.
0 Kudos
Richard.Brown
Regular Advisor

тАО06-14-2007 02:04 AM

тАО06-14-2007 02:04 AM

Re: Preventing access to test rig

Hi Dan,

Thanks for the reply.

Unfortunately we can't put phase1 in a different subnet, in fact we cant change any IP addresses at all.

I have attached a quick image of what I'm trying to achieve. Is this actually possible!

0 Kudos
Richard.Brown
Regular Advisor

тАО06-18-2007 12:28 AM

тАО06-18-2007 12:28 AM

Re: Preventing access to test rig

Decided to VLAN off phase 1 so connection is only possible by swapping network cable
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.