Restricting VLAN to certain servers/apps


I have a core 6500 with a MSFC with multiple access/ distrubition switch. I will be installing a new switch for a new group of users, I want to restrict this group of users only to certain servers and VLANS.

Basically I will be installing a new 3750 and creating a vlan for this group of users and trunking it to the 6500. In addition I was thinking about adding some IP permit/Denys have had a chance to get in to.

Any ideas how I should proceed

Reply to
Loading thread data ...


After configuring the SVI( Layer 3 interface) for the new VLAN just check whether u able to reach the servers in another VLANS, once u through with that connectivity , configure ACL according to ur requirement and apply it to the SVI of the new VLAN in " in" direction which u had created.

ex: Vlan 10 is ur new VLAN, and new subnet is,and server subnet is As u r configuring in " in " direction , access-list will look like this

access-list 125 deny ip any host access-list 125 deny ip any access-list 125 permit ip any any

int vlan 10 access-group 125 in

thats it

rgds Suman

Reply to
summi Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.