Enterasys 2200 Betriebsanweisung
Example 6, Securing Sensitive Information According to Subnet
Configuration Examples
3-7
Figure 3-3
Example 6, Securing Traffic to One Subnet
3.3.1
Solving the Problem
In this example, Switch 1 (S1) has already been configured and is operating.
To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering
Department Subnet 50 and other users on the company’s network (123.123.xx.xx).
Department Subnet 50 and other users on the company’s network (123.123.xx.xx).
The following covers only those steps needed to configure the switch to solve the problem.
Switch 1
To isolate the network traffic of the Finance Department users on the Finance VLAN (20), which
are on Subnet 28, S1 will be configured as follows using the VLAN Classification Configuration
screen:
are on Subnet 28, S1 will be configured as follows using the VLAN Classification Configuration
screen:
•
VID: 20
•
Classification: Bil IP Address
•
IP Address: 123.123.28.0
•
Data Mask: 255.255.255.0
As a result of this setting, any frame with a source or destination IP address of 123.123.28.0-255
will be classified to the Finance VLAN (20) and will remain within Subnet 28. Any frame from
another network or subnet will not be allowed access to Subnet 28 because of the datamask
255.255.255.0.
will be classified to the Finance VLAN (20) and will remain within Subnet 28. Any frame from
another network or subnet will not be allowed access to Subnet 28 because of the datamask
255.255.255.0.
2599_26
Port 25
S1
Finance
Department
User Subnet
Class B Address:
123.123.28.1
123.123.28.2
123.123.28.3
123.123.28.4
123.123.28.5
Engineering
Department
User Subnet
Class B Address:
123.123.50.1
123.123.50.2
123.123.50.3
123.123.50.4
123.123.50.5
Finance
Server
123.123.28.25
Other Users
123.123.xx.xx