All,
I have a core 6500 with a MSFC with multiple access/ distrubition switch. I will be installing a new switch for a new group of users, I want to restrict this group of users only to certain servers and VLANS.
Basically I will be installing a new 3750 and creating a vlan for this group of users and trunking it to the 6500. In addition I was thinking about adding some IP permit/Denys have had a chance to get in to.
Any ideas how I should proceed
IHi
After configuring the SVI( Layer 3 interface) for the new VLAN just check whether u able to reach the servers in another VLANS, once u through with that connectivity , configure ACL according to ur requirement and apply it to the SVI of the new VLAN in " in" direction which u had created.
ex: Vlan 10 is ur new VLAN, and new subnet is 192.168.5.0/24,and server subnet is 192.168.1.0. As u r configuring in " in " direction , access-list will look like this
access-list 125 deny ip any host 192.168.1.15 access-list 125 deny ip any 192.168.2.0 0.0.0.255 access-list 125 permit ip any any
int vlan 10 access-group 125 in
thats it
rgds Suman
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.