We have a few 6509's currently running ipservicesk9_wan-mz.122-33.SXH. They are all setup using eigrp and many different large IP networks all traveling happily over them. We are in need to creating a new IP network space that has no way to talk to the other vlans/ip space. What would be the best plan of attack for doing this?
Easiest way is to create another vlan for the restricted subnet. Then create an acl that restricts that subnet from getting to all of your others. Apply the acl inbound on the svi that you created.
You can also look into private vlans, but I don't have experience in setting those up.