Example 6, securing traffic to one subnet – Enterasys Networks 2200 User Manual
Page 305
Example 6, Securing Sensitive Information According to Subnet
VLAN Operation and Network Applications
12-43
2. The VLAN Classification Configuration screen is used to configure the switch to detect and
classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN
is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN
Classification Configuration screen is set as follows:
•
VID: 99
•
Classification: Dest UDP Port
•
IP UDP Port: 520
Port 520 is a well known port number used by RIP.
12.17 EXAMPLE 6, SECURING SENSITIVE INFORMATION ACCORDING
TO SUBNET
The ABC Company wants to confine the sensitive information being transmitted by their Finance
Department to its users only.
In this example, illustrated in
, the users in the Finance Department are members of
the Finance VLAN and are also on subnet 28 as shown in bold type.
Figure 12-24
Example 6, Securing Traffic to One Subnet
30691_74
Port 25
S1
Finance
Department
User Subnet
Class B Address:
123.123.28.1
123.123.28.2
123.123.28.3
123.123.28.4
123.123.28.5
Engineering
Department
User Subnet
Class B Address:
123.123.50.1
123.123.50.2
123.123.50.3
123.123.50.4
123.123.50.5
Finance
Server
123.123.28.25
Other Users
123.123.xx.xx