network isolation using switch

Unanswered Question
May 29th, 2008

hello dear,

i want help from cisco xperts

1.my client having 10 different rooms in on floor.each one having different network.in one room main server is there and the main switch that is 3560 ...and one 877 router..

i want the 10 different network to be isolated i.e,should not communicate to each other . and i want only one gateway for all networks to use internet..and the dhcp is enable from switch..and one more thing each room having its own server and switch and all switches connect to our main switch....this scenario help me

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Justin Brenton Sat, 05/31/2008 - 11:11

Hi Zeuscyril

You can use Vlan's to seperate the user's/area's. This would be the most benificial way of doing this as you can always reassign ports to different vlans if your scenario changes.

I would suggest researching vlans and how you would like your network to work.

You would then use IP route's or trunking your vlan's to gain access to the gateway out to the internet.

Hope this helps. Please rate.

Regards,

Justin

zeuscyril Sun, 07/13/2008 - 21:23

hai friends

i want one help ..i want to block only one extension to make outgoing calls and i am having ccme 4.1 and i know "corlist" is the command..but i dont know how to proceed ...and the lines analog trunk lines...help me this issue

Marwan ALshawi Mon, 07/14/2008 - 07:10

the bellow information from cisco press,Cisco IP Communications Express: CallManager Express with Cisco Unity Express, 2005

"dont forget to Rate the helpful post"

Assume you need a configuration to restrict calls between Phone A and Phone B. To achieve this, two configurations are required:

One to restrict calls from Phone A to Phone B

One to restrict calls from Phone B to Phone A

Restrictions always apply in one way only. Hence, COR configurations are needed individually for both incoming and outgoing calls.

COR configuration involves creating a unique COR name and attaching it to various lists. The members of the list determine if the list is a subset or superset of another list. A sample configuration is shown in Example 17-19 with four names and seven COR lists.

Example 17-19. Configuring COR

router#show running-config

dial-peer cor custom

name 911

name 1800

name LocalCall

name LongDistance

!

dial-peer cor list RegularEmployee

member 911

member 1800

member LocalCall

!

dial-peer cor list Manager

member 911

member 1800

member LocalCall

member LongDistance

!

dial-peer cor list Contractor

member 911

member 1800

member LocalCall

!

dial-peer cor list Call911

member 911

!

dial-peer cor list Call1800

member 1800

!

dial-peer cor list CallLocal

member LocalCall

!

dial-peer cor list CallLongDistance

member LongDistance

The unique names are configured under the dial-peer cor custom command. The COR lists are uniquely named lists configured from global configuration mode. The COR list named Manager is a superset of all other lists. The lists named RegularEmployee and Contractor are equal, and both are a subset of the list Manager. Note that the RegularEmployee and Contractor lists are not a subset or superset of the list named CallLongDistance.

The configuration is taken a step further by adding a few more dial peers to the existing set. Three dial peers are added with the destination patterns of 1800..., 1..., and 911, respectively.

Example 17-20 shows a simple configuration to prevent Phone A from making any calls out of dial peer 2.

Example 17-20. COR Configuration to Prevent Phone A from Making Calls Out of Dial Peer 2

router#show running-config

Dial-peer voice 1 voip

Destination-pattern 1800...

Session target:ipv4:10.10.10.2

dtmf-relay h245-alphanumeric

Dial-peer voice 2 voip

Destination-pattern 1...

Session target ipv4:10.10.10.2

dtmf-relay h245-alphanumeric

Cor outgoing LongDistance

Dial-peer voice 3 voip

Destination-pattern 911

Session target ipv4:10.10.10.2

dtmf-relay h245-alphanumeric

Ephone-dn 1

Number 1001

Cor incoming LocalCall

The COR list applied for incoming calls on ephone-dn 1 is not equal to or a superset of the COR list applied to outgoing calls on dial peer 2. Hence, a call originated from ephone-dn 1 cannot be terminated or connected via dial peer 2

zeuscyril Mon, 07/14/2008 - 21:45

i want to block the that extension like to mobile and landline...only local extensions and incoming should come...

Marwan ALshawi Tue, 07/15/2008 - 02:22

hi there

the prevoise configurations were very detailed and i think enough

just make dail-peer for lanline and dont give him the enogh right to use this dial-peer and another one for the mobile for example

make two kind of users restrected and normal

dial-peer cor custom

name lanLine

name mobile

dial-peer list restrected

(leave it empty)

dial-peer list normal

name lanLine

name mobile

then lets say you have two dial-ppers one for mobile start with 33....

and lanLine start with 9.....

dial-peer voice 1 pots

destination-pattren 33....

port (ur port)

cor outgoing mobile

dial-peer voice 2 pots

destination-pattren 9.....

port (urport)

cor outgoing lanLine

now lets say the phone-DN u wanna restrect from make outside calls is ephone-DN 1

ephone-dn 1

cor incomeing restrected

any phon line u want it to make outside calls just put it in cor normal like:

phone-dn 2

cor incomeing normal

good luck

and please Rate the helpful post

zeuscyril Tue, 07/15/2008 - 02:37

if i have 8lines that means 8 ports..so i need to create all

Marwan ALshawi Tue, 07/15/2008 - 18:05

u need to put the cor outgoing on all lines regarding the line type and cor list related to it

and incomting in all phones to restrect

not too hard mate

good luck

and rate once it works

zeuscyril Wed, 07/16/2008 - 08:35

dial-peer cor custom

name allcalls

dial-peer list restrected

(leave it empty)

dial-peer list normal

name allcalls

i am already having dial-peer like this

dial-peer voice 10 pots

destination-pattern 9T

port 0/0/0

if i add one single command like this

"cor outgoing allcalls"

in all ports

and to block 1 particular extension i am giving like this

ephone-dn 1

cor incoming restrected

and all other extension i amgiving like this

ephone-dn 2

cor incoming normal

it ll work.....

Marwan ALshawi Wed, 07/16/2008 - 16:17

is it working or not ?

about the cors the leave it emty i mean dont put any thing

and it should work

good luck

rate if helpful

zeuscyril Sun, 08/03/2008 - 06:22

hai marw

thanks for u help.it is working..

i have one more issue i am creating vpn between two sites and 1 side is fixed ip and 1 more side is dynamic ip.but both are adsl line . so guys using a linksys adsl router ..now my problem is i am using a pix so how can i route traffic from router to fix..the pix having vpn config..and the local network....

Marwan ALshawi Sun, 08/03/2008 - 07:41

first i am glad the COR lists working

and please Rate the helpful post

about the vpn let me give the answer tomorow its 2 AM here :)

only simple hint about the vpn

it should be always initiated from the router side because it dosnt have ip static ip address

and should be normal site-to-site

good luck

zeuscyril Tue, 08/12/2008 - 04:31

hai friend,

i need one help about vpn.i want to create a site to site vpn between two dynamic ip.that is a ADSL line.the site to site vpn is possible.if possible send me one example file

thanks

zeuscyril Tue, 08/12/2008 - 21:39

if i create a dynamic dns hostname using no-ip software then we can create......

Actions

This Discussion