beautypg.com

Example 6, securing traffic to one subnet – Enterasys Networks 2200 User Manual

Page 305

background image

Example 6, Securing Sensitive Information According to Subnet

VLAN Operation and Network Applications

12-43

2. The VLAN Classification Configuration screen is used to configure the switch to detect and

classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN
is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN
Classification Configuration screen is set as follows:

VID: 99

Classification: Dest UDP Port

IP UDP Port: 520

Port 520 is a well known port number used by RIP.

12.17 EXAMPLE 6, SECURING SENSITIVE INFORMATION ACCORDING

TO SUBNET

The ABC Company wants to confine the sensitive information being transmitted by their Finance
Department to its users only.

In this example, illustrated in

Figure 12-24

, the users in the Finance Department are members of

the Finance VLAN and are also on subnet 28 as shown in bold type.

Figure 12-24

Example 6, Securing Traffic to One Subnet

30691_74

Port 25

S1

Finance

Department

User Subnet

Class B Address:

123.123.28.1

123.123.28.2

123.123.28.3

123.123.28.4

123.123.28.5

Engineering

Department

User Subnet

Class B Address:

123.123.50.1

123.123.50.2

123.123.50.3

123.123.50.4

123.123.50.5

Finance

Server

123.123.28.25

Other Users

123.123.xx.xx