network segmentation without using vlans

Jeff Liu jeffliutor-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Feb 19 18:53:54 UTC 2008 

This is an unusual request, a work around I can think about is setup
firewall on all 20 servers and only allows traffic from the gateway
and IPs you want to allow, all other traffic will be dropped.

Jeff

On Feb 19, 2008 1:09 PM, Paul van Fraassen <paul-s7S4Dk53uTw at public.gmane.org> wrote:
> OK seems simple enough.
> So, the simple answer is "No" if you don't  want the servers to see each
> others traffic at all then they have to be on separate
> Layer-2 segments and that means either separate switches (hubs, coax or
> whatever :-)  or vlans.
>  Why do you want to stay away from vlans ? Port based vlans can be a simple
> way to get isolation, provided your switch supports it.
>
>
>
> -PvF
>
> On 2/19/08, Teddy Mills <teddymills-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> >
> > Standard 24 port switch.
> > Some 20 servers on it.
> >
> > I want all 20 servers not to 'see' each others traffic at all.
> > All 20 servers are on the same subnet. (ack)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Paul van Fraassen wrote:
> > > I know it's a typical response but, can you give more info?
> > > Normally, you choices are dividing up the space with separate router
> > > interfaces or vlans (which is just another form of router interface
> which
> > > saves some hardware in switches etc)
> > > but, it sounds like you want to do something without adding H/W
> > > (I know I'm making wild assumptions here :-) do you mean strict Layer 2
> > > segmentation ?
> > > You might be tempted to separate groups of PCs by putting them in their
> own
> > > IP subnets so that the netmasks make them seem to be on their own
> > > but this is really just slight of hand and not much use for either
> security
> > > or network performance.
> > > Does that make any sense? How up to speed are you with the Layer-2,
> Layer-3
> > > stuff ?
> > >
> > >
> > > -PvF
> > >
> > >
> > >
> > > On 2/19/08, Teddy Mills <teddymills-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> > >
> > >> I was wondering if it was possible to have network segmentation without
> > >> using vlans.
> > >> If I have 20 boxes on a switch, I do not want any of the boxes to know
> > >> about each other.
> > >>
> > >> /teddy
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> > >> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > >> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> > >>
> > >>
> > >
> > >
> >
> > --
> > The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> >
>
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list