cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
462
Views
0
Helpful
3
Replies

2 separate non-talking networks

scottbob09
Level 1
Level 1

We have a few 6509's currently running ipservicesk9_wan-mz.122-33.SXH. They are all setup using eigrp and many different large IP networks all traveling happily over them. We are in need to creating a new IP network space that has no way to talk to the other vlans/ip space. What would be the best plan of attack for doing this?

Scott

1 Accepted Solution

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

Easiest way is to create another vlan for the restricted subnet. Then create an acl that restricts that subnet from getting to all of your others. Apply the acl inbound on the svi that you created.

You can also look into private vlans, but I don't have experience in setting those up.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

Easiest way is to create another vlan for the restricted subnet. Then create an acl that restricts that subnet from getting to all of your others. Apply the acl inbound on the svi that you created.

You can also look into private vlans, but I don't have experience in setting those up.

HTH,

John

HTH, John *** Please rate all useful posts ***

Funny enough, that was my thought exactly. But when I was using a ping to ensure I was blocking, I was still getting the echo's back. The trick was not to ping the router interface :)

Pinging a workstation on that network did cease as I thought it should.

I like vrf-lite but it is more than I want to dig into for this project right now. Thanks for the brain jog.

Jon Marshall
Hall of Fame
Hall of Fame

Scott

In addition to John's post, if you want complete separation on the control plane ie. separate routing tables etc. then you may want to look at vrf-lite -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/vrf.html

I know it's a 4500 example but the 6500 does support it, i can just never seem to find the config guide - but it is the same :-)

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: