Community discussions

MUM Europe 2020
 
justlovingIT
just joined
Topic Author
Posts: 14
Joined: Mon May 04, 2015 7:21 pm
Location: Southern Europe

Port isolation on CRS + limiting outbound

Mon Jun 01, 2015 1:30 pm

Hi guys,

I've just deployed a CRS125 to a new rack and ran into some issues. Being used to stock switches and doing network-engineering stuff only ocassionally it took me quite some time to get things settled :-D

I've got the following setup
/interface> ethernet print 
Flags: X - disabled, R - running, S - slave 
 #    NAME                          MTU  MAC-ADDRESS       ARP        MASTER-PORT            SWITCH
 0 R  ether01-WAN            1500 4C:5E:XX          enabled        none                          switch1
 1 RS ether02-srv              1500 4C:5E:XX          enabled        ether01-WAN            switch1
 2  S ether03-srv                1500 4C:5E:XX          enabled        ether01-WAN            switch1
 3 RS ether04-srv              1500 4C:5E:XX          enabled         ether01-WAN            switch1
...
10  S ether11-srv               1500 4C:5E:XX          enabled         ether01-WAN            switch1                                         
11 R  ether12-priv-master 1500 4C:5E:XX          enabled         none                          switch1
12  S ether13-priv               1500 4C:5E:XX         enabled      ether12-priv-master    switch1                                         
...
ether1 is the DC Uplink
Ports 2-11 (NET) get public addresses from the range 78.xx.yy.zz/27
Ports 12-24 (LAN) got the private range 10.10.0.1/24 with PPP (openVPN) for remote access

I want to do the following:
a) Is there a way to simply limit internet access to specific ports on the private network (LAN ports: 12-24) without VLAN configuration (not required here). At the moment the ports can reach the net via 10.10.0.1. The point is that at least one port needs internet access (NAS) for software updates and warning mails while I don't want the rest to reach the net.

b) I'd like to enable port isolation on ports 2-11 (NET) so that the hosts there can only reach the gateway. I assume that port isolation will require a VLAN config then. What is the most simple way to set this up for the few hosts on that segment?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1747
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Port isolation on CRS + limiting outbound

Mon Jun 01, 2015 4:54 pm

i allready answered on the another topic you created for the same issue

please do not do multiple topics for the same thing
 
justlovingIT
just joined
Topic Author
Posts: 14
Joined: Mon May 04, 2015 7:21 pm
Location: Southern Europe

Re: Port isolation on CRS + limiting outbound

Mon Jun 01, 2015 5:26 pm

I'm sorry but the othe rtopic you're referring to was about a strange reading I noticed in webfig.

I don't think that: do everything with VLANs does answer the questions a) and b) in this topic.
 
User avatar
pukkita
Trainer
Trainer
Posts: 2986
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Port isolation on CRS + limiting outbound

Mon Jun 01, 2015 6:12 pm

a) With firewall filter rules or...
b) Port isolation, see the wiki
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum

Who is online

Users browsing this forum: MSN [Bot] and 72 guests