Port access

Unanswered Question
Mar 22nd, 2010
User Badges:

We have a Corp network (VLAN) and guest network (VLAN) setup on the switch 6509E. We are looking for any solutions (restriction) to make the computers in guest network to prevent accessing to any computers in the Corp network and any computers in the Corp network are not able to access to any computers in the guest network, from Layer 3 & Layer 2 perspective. Please advise.


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 03/22/2010 - 11:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

kzhen wrote:


We have a Corp network (VLAN) and guest network (VLAN) setup on the switch 6509E. We are looking for any solutions (restriction) to make the computers in guest network to prevent accessing to any computers in the Corp network and any computers in the Corp network are not able to access to any computers in the guest network, from Layer 3 & Layer 2 perspective. Please advise.


Thank you.


Corp network = vlan 10  192.168.5.0/24

Guest vlan = vlan 11 192.168.6.0/24


access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any


int vlan 10

ip access-group 101 in


access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 permit ip 192.168.6.0 0.0.0.255 any


int vlan 11

ip access-group 102 in


Jon

Ganesh Hariharan Mon, 03/22/2010 - 22:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

We have a Corp network (VLAN) and guest network (VLAN) setup on the switch 6509E. We are looking for any solutions (restriction) to make the computers in guest network to prevent accessing to any computers in the Corp network and any computers in the Corp network are not able to access to any computers in the guest network, from Layer 3 & Layer 2 perspective. Please advise.


Thank you.


Hi,


You can achive the above task as suggested by Jon or you can try even VACL for the same,just check out the below links for clear understandings of ACLS to deploy to restrict or permit.


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html


http://www.systemengineers.de/cisco/config/access-lists


http://articles.techrepublic.com.com/5100-10878_11-5731134.html


Hope to Help !!


Ganesh.H

Actions

This Discussion