Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2 company share 1 network

Hi,

My company A has a big network with 109 nos (site office) of 3750e and every switches has a 6 vlan. Recently our sister company B submit a proposal & intent to share the network. My question is how to make this happen as we are very concern about the security. I've plan to create a new vlan for company B in every switches but how to restrict the access? Note : both company has own internet access. company A ip is 10.74.x.x and co B 10.1.x.x

tq

4 REPLIES
Hall of Fame Super Blue

Re: 2 company share 1 network

farozezan73 wrote:

Hi,

My company A has a big network with 109 nos (site office) of 3750e and every switches has a 6 vlan. Recently our sister company B submit a proposal & intent to share the network. My question is how to make this happen as we are very concern about the security. I've plan to create a new vlan for company B in every switches but how to restrict the access? Note : both company has own internet access. company A ip is 10.74.x.x and co B 10.1.x.x

tq

Have a read of this recent thread and them come back if you have further questions -

https://supportforums.cisco.com/thread/2039816?tstart=30

I would not recommend having vlans for each company on all your switches. The other company can simply route to your vlans and vice-versa but you do need to think about firewalls.

Jon

Cisco Employee

Re: 2 company share 1 network

Hello,

If you do not want Company B to access company A and vice versa, put

access-lists on the core router (router that handles routing between vlans).

The access-list should look like:

access-list 101 deny ip 10.74.0.0 0.0.255.255 10.1.0.0 0.0.255.255

access-list 101 deny ip 10.1.0.0 0.0.255.255 10.74.0.0 0.0.255.255

interface vlan "vlan id"

ip access-group 101 in

exit

This will prevent all communication between Company A vlans and Company B

vlan. If you want specific traffic to flow between them, then you need to

insert those rules before the deny rules.

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq https

access-list 101 permit tcp any eq www any

access-list 101 permit tcp any eq https any

access-list 101 deny ip 10.74.0.0 0.0.255.255 10.1.0.0 0.0.255.255

access-list 101 deny ip 10.1.0.0 0.0.255.255 10.74.0.0 0.0.255.255

Above configuration allows HTTP and HTTPS traffic between two networks.

Hope this helps.

Regards,

NT

New Member

Re: 2 company share 1 network

Hi,

Tq for your reply. One more thing, the existing network use eigrp protocol. Should I use static route for the new network or eigrp? For info the new network use only 15 routers. tq

New Member

Re: 2 company share 1 network

Separate the companies with different VRFs.

457
Views
0
Helpful
4
Replies