1

Need to host company website in internal network using existing hardware. Still learning how to do things...

All VLAN's can talk to each other. How can I isolate VLAN250 from the rest of the network so that VLAN250 that the company website will be on is separated from the LAN and internal servers?

Omar
  • 111
  • 2
  • "All VLAN's can talk to each other." That would be if you have a router that routes between VLAN (or Layer3 switch). VLAN by definition don't "talk to each other". https://en.wikipedia.org/wiki/Virtual_LAN – ETL Aug 01 '19 at 17:49
  • Should have clarified, sorry. The ProCurve Switch 5406zl is a Layer 3 switch. I can ping the gateway and devices in each VLAN from within any other VLAN. I wanted to disable the routing between VLAN250 and all the other VLAN's. I don't see any sort of ACL or know which routing configuration to change. – Omar Aug 01 '19 at 17:53

2 Answers2

2

Your VLAN can talk to each other because the switch does routing between them. To prevent certain VLAN to talk to certain VLAN, put ACLs in place and allow only what you want.

However, I recommend using a firewall between Internet, DMZ and inside VLANs.

ETL
  • 6,513
  • 1
  • 28
  • 48
0

I'd configure a DMZ in the Firewall, and pipe that on it's own VLAN through the switches, all the way to the VM-host, and add it to the vSwitch there. That way it's completely isolated from the rest of your network.

Stuggi
  • 3,506
  • 4
  • 19
  • 36