Port access

Unanswered Question
Mar 22nd, 2010

We have a Corp network (VLAN) and guest network (VLAN) setup on the switch 6509E. We are looking for any solutions (restriction) to make the computers in guest network to prevent accessing to any computers in the Corp network and any computers in the Corp network are not able to access to any computers in the guest network, from Layer 3 & Layer 2 perspective. Please advise.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 03/22/2010 - 11:29

kzhen wrote:

We have a Corp network (VLAN) and guest network (VLAN) setup on the switch 6509E. We are looking for any solutions (restriction) to make the computers in guest network to prevent accessing to any computers in the Corp network and any computers in the Corp network are not able to access to any computers in the guest network, from Layer 3 & Layer 2 perspective. Please advise.

Thank you.

Corp network = vlan 10  192.168.5.0/24

Guest vlan = vlan 11 192.168.6.0/24

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

int vlan 10

ip access-group 101 in

access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 permit ip 192.168.6.0 0.0.0.255 any

int vlan 11

ip access-group 102 in

Jon

Ganesh Hariharan Mon, 03/22/2010 - 22:49

We have a Corp network (VLAN) and guest network (VLAN) setup on the switch 6509E. We are looking for any solutions (restriction) to make the computers in guest network to prevent accessing to any computers in the Corp network and any computers in the Corp network are not able to access to any computers in the guest network, from Layer 3 & Layer 2 perspective. Please advise.

Thank you.

Hi,

You can achive the above task as suggested by Jon or you can try even VACL for the same,just check out the below links for clear understandings of ACLS to deploy to restrict or permit.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html

http://www.systemengineers.de/cisco/config/access-lists

http://articles.techrepublic.com.com/5100-10878_11-5731134.html

Hope to Help !!

Ganesh.H

Actions

This Discussion