- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Preventing access to test rig
Switches, Hubs, and Modems
1752652
Members
5775
Online
108788
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 02:07 AM
тАО06-13-2007 02:07 AM
Hi,
I am going to try and explain what we are attempting to achieve, I'm getting massively confused myself so apologies in advance if I start talking nonsense!!!
Essentially, here is our setup:
We have a system (phase 1) running on our business network, this is fine. Everyone can access it and everyone can work on it.
We now have another system (phase 2) which is basically a 'developing' version of (phase 1).
The problem has now arisen whereby the hostnames for phase1 and phase2 are the same, and therefore clashing (but IP's are different). We have changed the actual hostnames of the servers, but some of the packages within serviceguard cannot be changed, and therefore its hit or miss whether you get phase1 or phase2. (are you still with me!!)
We have sorted it for the time being using DNS and local hosts files to ensure we are hitting the right rig. However this isnt really a long term solution and the consequences of someone accidentally hitting the wrong rig are costly!!
What are our options?
We thought of putting phase1 on a VLAN, but certain people still need to access it so cutting it off from the main business LAN is not an option.
Now we are thinking we could use some form of port security? Ie. only allow certain IP addresses to access phase1, via a UCL or something? This would be acceptable, as the few people that will need to access it will be instructed to make doubly sure they are hitting the right rig!
Is this possible on a Procurve 2824, and if so how do you go about it?
Think ive provided enough info, thanks for any advice!
I am going to try and explain what we are attempting to achieve, I'm getting massively confused myself so apologies in advance if I start talking nonsense!!!
Essentially, here is our setup:
We have a system (phase 1) running on our business network, this is fine. Everyone can access it and everyone can work on it.
We now have another system (phase 2) which is basically a 'developing' version of (phase 1).
The problem has now arisen whereby the hostnames for phase1 and phase2 are the same, and therefore clashing (but IP's are different). We have changed the actual hostnames of the servers, but some of the packages within serviceguard cannot be changed, and therefore its hit or miss whether you get phase1 or phase2. (are you still with me!!)
We have sorted it for the time being using DNS and local hosts files to ensure we are hitting the right rig. However this isnt really a long term solution and the consequences of someone accidentally hitting the wrong rig are costly!!
What are our options?
We thought of putting phase1 on a VLAN, but certain people still need to access it so cutting it off from the main business LAN is not an option.
Now we are thinking we could use some form of port security? Ie. only allow certain IP addresses to access phase1, via a UCL or something? This would be acceptable, as the few people that will need to access it will be instructed to make doubly sure they are hitting the right rig!
Is this possible on a Procurve 2824, and if so how do you go about it?
Think ive provided enough info, thanks for any advice!
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 05:11 PM
тАО06-13-2007 05:11 PM
Solution
I would put phase2 in a different VLAN, in another IP subnet than business phase1, and use some ACL to allow only selected IP addresses to work with phase2. Problem is that 2824 dos not know ACLs (maybe newest firmware does), so you need an external router to define your subnets, routing and ACLs on. If the cost of disrupting phase1 is higher than the cost of the router, I would buy one. Anyway you'll need it sooner or later.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2007 02:04 AM
тАО06-14-2007 02:04 AM
Re: Preventing access to test rig
Hi Dan,
Thanks for the reply.
Unfortunately we can't put phase1 in a different subnet, in fact we cant change any IP addresses at all.
I have attached a quick image of what I'm trying to achieve. Is this actually possible!
Thanks for the reply.
Unfortunately we can't put phase1 in a different subnet, in fact we cant change any IP addresses at all.
I have attached a quick image of what I'm trying to achieve. Is this actually possible!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2007 12:28 AM
тАО06-18-2007 12:28 AM
Re: Preventing access to test rig
Decided to VLAN off phase 1 so connection is only possible by swapping network cable
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP