Author Topic: Isolated VLAN (Read 1340 times)

takera · « **on:** June 17, 2010, 12:41:19 PM »

Hi guys,

This is my first time here. Have been cracking my head to find a solution to this problem, hope someone can provide me with some guidance on how to solve it.

I have a 5530 fibre switch that has port 47 connected to a 470T distribution switch supporting the 1st floor of the building and port 48 connected to a second 470T distribution switch supporting the 2nd floor of the building.
Currently I have 3 VLANs created in:
-Vlan 1 (Management Vlan)
-Vlan 2 (Server Vlan)
-Vlan 3 (Production Vlan)

I allow the Vlans to communicate with each other adding to the trunk ports for routing.
Now I need to make production vlan into a isolated vlan. But by doing that, the workstations in my production vlan would not be able to communicate with one of my servers in the Server Vlan. Is there any way I can allow the isolated production vlan to communicate with the server?

Michael McNamara · « **Reply #1 on:** June 17, 2010, 12:53:03 PM »

This is a story of "can I have my cake and eat it too?" Unfortunately the short answer is no. However in your specific case there are other ways to go about problem.

What are you using to perform the routing between the VLANs? The ERS 5530 switch?

Assuming you are you could leave your tagged trunks alone and use the IP filters in the ERS5530 to allow traffic from VLAN 3 to the server in VLAN 2 and then a second rule to drop/deny all traffic from VLAN 3 to VLAN 2.

Good Luck!

Network Infrastructure Forums

Author Topic: Isolated VLAN (Read 1340 times)

takera

Isolated VLAN

Michael McNamara

Re: Isolated VLAN