Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PVLAN - web and database server

Status
Not open for further replies.
d1900233

d1900233

MIS
May 21, 2009
2
US
Lets's say I create a VLAN for a DMZ with 3 servers: a web server , a database server, and an email server. I want to use PVLANs to isolate the three servers so they can not communicate with each other. However, the one exception is that the web server does need to connect to the database server to execute database queries on port 1433.

1)Can PVLANs allow certain ports to be accessible within a PVLAN like in this example?

2)If so does ACLs control this type of filtering on a PVLAN?

3)Where can I find reliable documentation on the subject, preferably on a Cisco website?

Thanks in advance.

 
Sort by date Sort by votes
I'm not all that knowledgeable with pvlans but I would think you would have to put the webserver and the database server in the same pvlan and exclude them from the other servers of the dmz.
 
Upvote 0 Downvote
1)Can PVLANs allow certain ports to be accessible within a PVLAN like in this example?
Click to expand...
No. It is all or nothing
2)If so does ACLs control this type of filtering on a PVLAN?
Click to expand...
You can combine VACLs (VLAN ACL's) to the PVLANs to make this work
3)Where can I find reliable documentation on the subject, preferably on a Cisco website?
Click to expand...
Keep in mind that there aren't many different switches that can implement PVLANs so make sure that yours can. Check out this Cisco doc:


I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
unclerico,

Thanks for your help but I am a little confused. You said to the first question that its "all or nothing". Then your answer to the second question seemed to contradict your first answer. What do you mean by "make this work"? What is "this"?

Thanks
 
Upvote 0 Downvote
PVLANs by themselves allow for all or nothing access to resources on the same PVLAN. When you combine PVLANs with VACLs then you can get the functionality you are looking for. "Make this work" means getting the functionality that you are looking for.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
348
nt8d09
nt8d09
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
283
Lccarter
Lccarter
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
154
NavinNet
NavinNet
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
155
acabezas2014
acabezas2014
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
167
mrdom
mrdom

Part and Inventory Search

Sponsor

Back
Top