Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

who can solve this matter,

we have 7200 in my main office, 10 departments in main office

we have 2620 in my branch office, 10 departments in branch office

we have 10 brance offices,

each 2620 connects to 7200 via E1

our purpose is below:

department 1 of each branch 1only communicats department1 of main office

department 2 of each branch 2only communicats department2 of main office

-------

department 10 of each branch only communicats department10 of main office

now maybe we can try below solutions

A : ACL + VLAN

B: VC (channelized e1)

C:GRE

OR other solutions

who can tell me in detailed solution of A,B,C,OR OTHER SOLUTIONS

thank you in advance

2 REPLIES

Re: who can solve this matter,

For A: Supposing you've created 10 VLANs for 10 departments on main office and other branch office switches. (And you end these VLANs at the router ethernet interfaces using ISL or dot1q trunks and subinterfaces). All you need to do is that writing extended access lists (on the branc office routers) allowing only destination subnets corresponding to the departments in the main office. Using standard acc lists (filtering at the end of the route) may have adverse effects on network WAN bandwith. Regards.

New Member

Re: who can solve this matter,

NO need of VLAN or any other solutions.

ip access-lists wiil ok.

At central (7200)

Department 1 ip addr x.x.x.1 to x.x.x.14

Department 2 ip addr x.x.x.15 to x.x.x.28

....

....

....

At branch(2600)

department 1 ip addr y.y.y.1 to y.y.y.14

department 2 ip addr y.y.y.15 to y.y.y.28

....

....

....

At central (7200) 's write this:

ip acce-lsits 101 permit x.x.x.1 0.0.0.15 y.y.y.y.1 0.0.0.15 (for department 1 at branch to communicate with department 1 in central)

permit x.x.x.14 0.0.0.15 y.y.y.14 0.0.0.15

....

....

....

At central (7200) 's etherner interface write this: ip access-group 101 in

I think this will work .

122
Views
0
Helpful
2
Replies