Announcement

Collapse
No announcement yet.

segregate network traffic

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • segregate network traffic

    Hi ,

    We are using xen server 6.0 and dvs switch including with this server. Now we plan to import 2 different companies network inside our organizationon network and want them not to see each other network system but can be able to reach to the same internet gateway what we are using for our internal company network.

    So how can i implement this using a virtual distributed switch . Do i need to create a separate vlan for both of this group..if yes then how can i assign the same gateway to each group as we are having a only a single gateway for internet.

    Currently we are using 172.20.4.x /23 172.20.4.1

    I download dvs switch and make ACL list for different VM but somehow its not working smoothly.

    Thanks....

  • #2
    Re: segregate network traffic

    You're confusing the term 'gateway', which means different things in different contexts here. The gateway for all your internet traffic is a connection to a single ISP. But from inside a VLAN, the same term 'gateway' refers to how the internal VLAN traffic leaves the VLAN, regardless of whether it goes to another internal VLAN or thru your internet 'gateway'.

    What you want is a default route in any router where a VLAN gateway sits. The default route will point to your ISP gateway, so all non-internal traffic will leave each VLAN and go out to your ISP.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: segregate network traffic

      Hi ,

      Thanks for your reply ...

      Actually my scenario as below.

      Citrix Server : 172.20.4.2
      Router IP : 172.20.4.1
      DNS : 172.20.4.11 ( DC Server )
      4.2.2.2

      Now i already have about 10 System in internal LAN including Xen Desktop System

      Now i am importing 3 New Servers and about 50 new system from another company to my network , which is going to be accessed from my client time to time using xen desktop and rdp.

      My question is i want to keep those 5 server and 5- systems separate from my lan network , so that any virus issue or any security issue comes , it will not affect my own LAN so how do i make it design so that i can allow those 50 systems to the internet and separate from my lan.

      I do not have a manageable switch and i am not using vmware esxi server so is it possible in citrix xen server 6.0

      Thanks

      Comment


      • #4
        Re: segregate network traffic

        if you wish to have separate VLANs, each vlan needs it's own route-of-last-resort, default-route, or default-gateway.

        and they can't overlap.

        so you can have 172.20.4.x as one subnet
        and 172.20.40.x as the second subnet
        but your internet-gateway of 172.20.4.1 obviously cannot exist in the 172.20.40.x subnet

        So, you would need to add a second interface on the internet router (if you're using a cisco it's something like "int fa0/0.1" and "int fa0/0.2" and give each of them an ip:

        ala:
        int fa0/0.1
        ip address 172.20.4.1 255.255.255.0

        int fa0/0.2
        ip address 172.20.40.1 255.255.255.0

        then 172.20.40.1 has to have it's OWN Default route.

        you can set this up using Packet tracer, and figure out exactly how it works.

        basically - to separate subnets, or vlans, you must have a gateway for each of them so it can route.
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: segregate network traffic

          Hi ,

          Thanks for your reply ...

          So If i purchase the Layer 3 Cisco Switch and configure each port as a trunk port and then may i use 172.20.4.1 as a common gateway for all vlan. I just want to stop inter vlan communication but want to keep the gateway same as i am having only a single ISP connection.

          If i create the sub interface as fa0/0.1 and fa0/0.2 will it work with same gateway...or is it possible if i keep seprate subnet e.g 172.20.4.1/255.255.255.224 and 172.20.4.26/255.255.255.192 ..

          Thanks

          Comment

          Working...
          X