OLD VLAN and New VLAN - Want no communication

Solved
SCC
Building a reputation

OLD VLAN and New VLAN - Want no communication

Hi All,

I have a bunch of servers and users in OLD VLAN currently. The requirement is that i need to move the data from OLD servers to new VLAN but i can't have the OLD VLAN talk to the New VLAN. But once everything is copied to the new servers on the new VLAN. I can then remove the OLD VLAN and OLD Servers completely.

 

During this process , I am going to have the NAS drive also which needs to be talk to the OLD VLAN as well as to the New VLAN. I think that can be acheived as NAS is going to have the two NIC's. So i will configure each NIC in the OLD and NEW VLAN. So that i can access the NAS from OLD and New VLAN both.

 

Please advise if this is something possible.

1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal

You'll need to allow 3389 as per @Wickus comment for both then underneath deny all for both, so 4 rules in total.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

9 Replies 9
Wickus
Here to help

Hi SCC

 

How will you get the data from the old vlan to the new vlan. From my understanding is you want to copy the data from the old servers to the new servers so you need access between the 2 vlans unless you copy the data to he NAS then from the NAS to he new vlan.

 

If that's the case then I'm sure you can create an access-list denying any ip traffic between the 2 vlans.

 

Is it a MX or Switch

 

Thanks

SCC
Building a reputation

The thing is that there is some issues with the domain controller. Therefore, I dont want the old VLAN talk to the new VLAN. This has to be done under Firewall rules, to block the communication between the OLD VLAN and New VLAN, except RDP is allowed between OLD and New VLAN.

Wickus
Here to help

What meraki device are you using

SCC
Building a reputation

MX84 and MS120 switches.

Wickus
Here to help

Is the layer3 / gateway ip address configured on the MX84 or is the switch enabled for L3

SCC
Building a reputation

MX84

Wickus
Here to help

On the MX84 goto Security & SD-WAN. under Configure click Firewall

 

under Layer 3 you can add the following

 

Screenshot 2020-01-28 at 06.48.49.png

SCC
Building a reputation

Is this what i am supposed to do on the MX84

 

OLD VLAN 10
NEW VLAN 20

 

Firewall Rule

 

Source 10.10.10.0/24 Deny All except 3389 to Destination 10.10.20.0/24

Source 10.10.20.0/24 Deny All except 3389 to Destination 10.10.10.0/24

cmr
Kind of a big deal
Kind of a big deal

You'll need to allow 3389 as per @Wickus comment for both then underneath deny all for both, so 4 rules in total.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels