You can prevent each VSwitch from accessing the other two VSwitches within the same VPC by configuring the security groups.
- The three VSwitches must be in the same VPC.
- The three VSwitches must have the CIDR blocks 172.16.1.0/16, 172.16.2.0/16 and 172.16.3.0/16 respectively.
- The three VSwitches must be created under the same VRouter with the default settings to allow mutual access.
Log on to the
Alibaba Cloud ECS console.
Click Security groups in the left-side navigation pane.
Create three security groups respectively. The steps for creating each one are as follows:
Select a region and click Create a security group.
Complete the following information and Click OK.
Security group name: (name the groups with their CIDR blocks to make them easier to identify)
Network type: VPC
VPC: (select a VPC for the security group)
On the Security group list page, click Configuration rules in the Action column corresponding to the target instance.
Click Add security group rules to add a rule to allow the access from the CIDR block 0.0.0.0.
Enter the information and click OK.
Note: Set the priority to 100. The smaller the value is, the higher the priority is.
Click Add security group rules to add a rule to forbid the access from the CIDR block 172.16.2.0/16.
Complete the preceding security group and click OK.
Note: Set the priority to a value smaller than 100, so that the priority of this rule is higher than the one created previously.
Use the same method to add a rule to deny the access from the CIDR block 172.16.3.0/16.
Note: If this VPC has three CIDR blocks only, the above settings make it impossible for the CIDR blocks 172.16.2.0/16 and 172.16.3.0/16 to access 172.16.1.0/16.
If you want to deny bilateral access between the three security groups, you must set the similar rules for the other two VSwitches.