network isolation using switch

Unanswered Question
May 29th, 2008
User Badges:

hello dear,


i want help from cisco xperts

1.my client having 10 different rooms in on floor.each one having different network.in one room main server is there and the main switch that is 3560 ...and one 877 router..

i want the 10 different network to be isolated i.e,should not communicate to each other . and i want only one gateway for all networks to use internet..and the dhcp is enable from switch..and one more thing each room having its own server and switch and all switches connect to our main switch....this scenario help me

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Justin Brenton Sat, 05/31/2008 - 11:11
User Badges:
  • Silver, 250 points or more

Hi Zeuscyril


You can use Vlan's to seperate the user's/area's. This would be the most benificial way of doing this as you can always reassign ports to different vlans if your scenario changes.


I would suggest researching vlans and how you would like your network to work.


You would then use IP route's or trunking your vlan's to gain access to the gateway out to the internet.


Hope this helps. Please rate.


Regards,

Justin

zeuscyril Sun, 07/13/2008 - 21:23
User Badges:

hai friends

i want one help ..i want to block only one extension to make outgoing calls and i am having ccme 4.1 and i know "corlist" is the command..but i dont know how to proceed ...and the lines analog trunk lines...help me this issue

Marwan ALshawi Mon, 07/14/2008 - 07:10
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the bellow information from cisco press,Cisco IP Communications Express: CallManager Express with Cisco Unity Express, 2005


"dont forget to Rate the helpful post"



Assume you need a configuration to restrict calls between Phone A and Phone B. To achieve this, two configurations are required:


One to restrict calls from Phone A to Phone B


One to restrict calls from Phone B to Phone A


Restrictions always apply in one way only. Hence, COR configurations are needed individually for both incoming and outgoing calls.


COR configuration involves creating a unique COR name and attaching it to various lists. The members of the list determine if the list is a subset or superset of another list. A sample configuration is shown in Example 17-19 with four names and seven COR lists.


Example 17-19. Configuring COR

router#show running-config

dial-peer cor custom

name 911

name 1800

name LocalCall

name LongDistance

!

dial-peer cor list RegularEmployee

member 911

member 1800

member LocalCall

!

dial-peer cor list Manager

member 911

member 1800

member LocalCall

member LongDistance

!

dial-peer cor list Contractor

member 911

member 1800

member LocalCall

!

dial-peer cor list Call911

member 911

!

dial-peer cor list Call1800

member 1800

!

dial-peer cor list CallLocal

member LocalCall

!

dial-peer cor list CallLongDistance

member LongDistance




The unique names are configured under the dial-peer cor custom command. The COR lists are uniquely named lists configured from global configuration mode. The COR list named Manager is a superset of all other lists. The lists named RegularEmployee and Contractor are equal, and both are a subset of the list Manager. Note that the RegularEmployee and Contractor lists are not a subset or superset of the list named CallLongDistance.


The configuration is taken a step further by adding a few more dial peers to the existing set. Three dial peers are added with the destination patterns of 1800..., 1..., and 911, respectively.


Example 17-20 shows a simple configuration to prevent Phone A from making any calls out of dial peer 2.


Example 17-20. COR Configuration to Prevent Phone A from Making Calls Out of Dial Peer 2

router#show running-config

Dial-peer voice 1 voip

Destination-pattern 1800...

Session target:ipv4:10.10.10.2

dtmf-relay h245-alphanumeric


Dial-peer voice 2 voip

Destination-pattern 1...

Session target ipv4:10.10.10.2

dtmf-relay h245-alphanumeric

Cor outgoing LongDistance


Dial-peer voice 3 voip

Destination-pattern 911

Session target ipv4:10.10.10.2

dtmf-relay h245-alphanumeric


Ephone-dn 1

Number 1001

Cor incoming LocalCall




The COR list applied for incoming calls on ephone-dn 1 is not equal to or a superset of the COR list applied to outgoing calls on dial peer 2. Hence, a call originated from ephone-dn 1 cannot be terminated or connected via dial peer 2


zeuscyril Mon, 07/14/2008 - 21:45
User Badges:

i want to block the that extension like to mobile and landline...only local extensions and incoming should come...

Marwan ALshawi Tue, 07/15/2008 - 02:22
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hi there

the prevoise configurations were very detailed and i think enough

just make dail-peer for lanline and dont give him the enogh right to use this dial-peer and another one for the mobile for example


make two kind of users restrected and normal


dial-peer cor custom

name lanLine

name mobile

dial-peer list restrected

(leave it empty)


dial-peer list normal

name lanLine

name mobile


then lets say you have two dial-ppers one for mobile start with 33....

and lanLine start with 9.....


dial-peer voice 1 pots

destination-pattren 33....

port (ur port)

cor outgoing mobile


dial-peer voice 2 pots

destination-pattren 9.....

port (urport)

cor outgoing lanLine


now lets say the phone-DN u wanna restrect from make outside calls is ephone-DN 1


ephone-dn 1

cor incomeing restrected


any phon line u want it to make outside calls just put it in cor normal like:

phone-dn 2

cor incomeing normal


good luck

and please Rate the helpful post



zeuscyril Tue, 07/15/2008 - 02:37
User Badges:

if i have 8lines that means 8 ports..so i need to create all

Marwan ALshawi Tue, 07/15/2008 - 18:05
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u need to put the cor outgoing on all lines regarding the line type and cor list related to it


and incomting in all phones to restrect


not too hard mate


good luck

and rate once it works

zeuscyril Wed, 07/16/2008 - 08:35
User Badges:

dial-peer cor custom

name allcalls


dial-peer list restrected

(leave it empty)


dial-peer list normal

name allcalls


i am already having dial-peer like this


dial-peer voice 10 pots

destination-pattern 9T

port 0/0/0


if i add one single command like this

"cor outgoing allcalls"

in all ports



and to block 1 particular extension i am giving like this



ephone-dn 1

cor incoming restrected


and all other extension i amgiving like this


ephone-dn 2

cor incoming normal


it ll work.....






Marwan ALshawi Wed, 07/16/2008 - 16:17
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

is it working or not ?


about the cors the leave it emty i mean dont put any thing

and it should work


good luck

rate if helpful

zeuscyril Sun, 08/03/2008 - 06:22
User Badges:

hai marw

thanks for u help.it is working..


i have one more issue i am creating vpn between two sites and 1 side is fixed ip and 1 more side is dynamic ip.but both are adsl line . so guys using a linksys adsl router ..now my problem is i am using a pix so how can i route traffic from router to fix..the pix having vpn config..and the local network....

Marwan ALshawi Sun, 08/03/2008 - 07:41
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first i am glad the COR lists working


and please Rate the helpful post


about the vpn let me give the answer tomorow its 2 AM here :)


only simple hint about the vpn

it should be always initiated from the router side because it dosnt have ip static ip address

and should be normal site-to-site


good luck

zeuscyril Tue, 08/12/2008 - 04:31
User Badges:

hai friend,


i need one help about vpn.i want to create a site to site vpn between two dynamic ip.that is a ADSL line.the site to site vpn is possible.if possible send me one example file


thanks

Marwan ALshawi Tue, 08/12/2008 - 04:41
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u need at least one static IP

!!!

zeuscyril Tue, 08/12/2008 - 21:39
User Badges:

if i create a dynamic dns hostname using no-ip software then we can create......




Actions

This Discussion