2 company share 1 network

Unanswered Question
Sep 3rd, 2010

Hi,

My company A has a big network with 109 nos (site office) of 3750e and every switches has a 6 vlan. Recently our sister company B submit a proposal & intent to share the network. My question is how to make this happen as we are very concern about the security. I've plan to create a new vlan for company B in every switches but how to restrict the access? Note : both company has own internet access. company A ip is 10.74.x.x and co B 10.1.x.x

tq

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 09/03/2010 - 02:55

farozezan73 wrote:

Hi,

My company A has a big network with 109 nos (site office) of 3750e and every switches has a 6 vlan. Recently our sister company B submit a proposal & intent to share the network. My question is how to make this happen as we are very concern about the security. I've plan to create a new vlan for company B in every switches but how to restrict the access? Note : both company has own internet access. company A ip is 10.74.x.x and co B 10.1.x.x

tq

Have a read of this recent thread and them come back if you have further questions -

https://supportforums.cisco.com/thread/2039816?tstart=30

I would not recommend having vlans for each company on all your switches. The other company can simply route to your vlans and vice-versa but you do need to think about firewalls.

Jon

Nagaraja Thanthry Fri, 09/03/2010 - 06:10

Hello,

If you do not want Company B to access company A and vice versa, put

access-lists on the core router (router that handles routing between vlans).

The access-list should look like:

access-list 101 deny ip 10.74.0.0 0.0.255.255 10.1.0.0 0.0.255.255

access-list 101 deny ip 10.1.0.0 0.0.255.255 10.74.0.0 0.0.255.255

interface vlan "vlan id"

ip access-group 101 in

exit

This will prevent all communication between Company A vlans and Company B

vlan. If you want specific traffic to flow between them, then you need to

insert those rules before the deny rules.

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq https

access-list 101 permit tcp any eq www any

access-list 101 permit tcp any eq https any

access-list 101 deny ip 10.74.0.0 0.0.255.255 10.1.0.0 0.0.255.255

access-list 101 deny ip 10.1.0.0 0.0.255.255 10.74.0.0 0.0.255.255

Above configuration allows HTTP and HTTPS traffic between two networks.

Hope this helps.

Regards,

NT

farozezan73 Sun, 09/26/2010 - 01:37

Hi,

Tq for your reply. One more thing, the existing network use eigrp protocol. Should I use static route for the new network or eigrp? For info the new network use only 15 routers. tq

Actions

This Discussion