beautypg.com

1 solving the problem, Solving the problem -44 – Enterasys Networks 2200 User Manual

Page 306

background image

Example 7, Using Dynamic Egress to Control Traffic

12-44

VLAN Operation and Network Applications

12.17.1 Solving the Problem

In this example, Switch 1 (S1) has already been configured and is operating.

To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering
Department subnet 50 and other users on the company’s network (123.123.xx.xx).

The following covers only those steps needed to configure the switch to solve the problem.

Switch 1

To isolate the network traffic of the Finance Department to the users on the Finance VLAN (20),
which are on subnet 28, S1 will be configured as follows using the VLAN Classification
Configuration screen:

VID: 20

Classification: Bil IP Address

IP Address: 123.123.28.0

Data Mask: 255.255.255.0

As a result of this setting, any frame with a source or destination IP address of 123.123.28.0-255
will be classified to the Finance VLAN (20) and will remain within subnet 28. Any frame from
another network or subnet will not be allowed access to subnet 28 because of the datamask
255.255.255.0.

12.18 EXAMPLE 7, USING DYNAMIC EGRESS TO CONTROL TRAFFIC

In this simple example (

Figure 12-25

), assume that there are four ports on the SmartSwitch device

attached to PCs supporting both protocols AppleTalk (809B and 80F3) and IP. Two PCs support IP
only. The AppleTalk frame traffic is to be contained so only the users running the AppleTalk
protocol can communicate with each other and not flood the network with AppleTalk frames.
However, all users are to have access to a web server connected to port 7.