Assumptions:
group 1 owns C2950 in lab and require mgmt access to switch
group 2 owns C2950 in lab and require mgmt access to switch
each dept creates their own vlan's on their respective switches
production C3750 switches are corp managed only w/ defined VLANs for entire network
task:
- group 1 req's access to their test lab equipment from 2nd floor dept lan
- group 1 req's access to general network from w/in lab environment (http, file access, etc)
-group 2 has same req's as group 1
- general users in lab (not in group 1/2) req regular network access but MUST NOT be able to see any private traffic from group 1/2.
--** dept managed switches must NOT propogate VLAN info to production network in the event of switch misconfig **--
key is to keep production switch configs as simple as possible but still maintain security policy.