Thursday, August 27, 2020

Controlling access to servers by unprivileged Users/VLANs

Hi Team,

Looking for opinions/pros/cons about the following approaches. I am a SysAdmin of almost 20 years but have not dabbled too much into networking. I have basic VLAN knowledge (can tag/untag/trunk e.t.c). Example network is 2 VLANs for 2 /23 subnets. Let's call them "Servers" (1) and "Users" (2).

What would be the best way to limit access that Users have to hosts on Servers VLAN? The ideas I came up with using my basic experience is;

A) Two virtual interfaces on a virtual server that the Users need access to. One VLAN per nic;

- Means users can access that single host with no access to other hosts on VLAN.

B) One virtual interface on the virtual server with both VLANs assigned, with firewall on server

- Avoids multihome issues, however adds overhead for managing firewall

C) *least knowledge* Implement some kind of access control on the switching network. I assume this is possible and this is probably where I will need some education.

Cheers :)



No comments:

Post a Comment