Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

2 separate non-talking networks

We have a few 6509's currently running ipservicesk9_wan-mz.122-33.SXH. They are all setup using eigrp and many different large IP networks all traveling happily over them. We are in need to creating a new IP network space that has no way to talk to the other vlans/ip space. What would be the best plan of attack for doing this?

Scott

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 2 separate non-talking networks

Easiest way is to create another vlan for the restricted subnet. Then create an acl that restricts that subnet from getting to all of your others. Apply the acl inbound on the svi that you created.

You can also look into private vlans, but I don't have experience in setting those up.

HTH,

John

HTH, John *** Please rate all useful posts ***
3 REPLIES

Re: 2 separate non-talking networks

Easiest way is to create another vlan for the restricted subnet. Then create an acl that restricts that subnet from getting to all of your others. Apply the acl inbound on the svi that you created.

You can also look into private vlans, but I don't have experience in setting those up.

HTH,

John

HTH, John *** Please rate all useful posts ***
Community Member

Re: 2 separate non-talking networks

Funny enough, that was my thought exactly. But when I was using a ping to ensure I was blocking, I was still getting the echo's back. The trick was not to ping the router interface :)

Pinging a workstation on that network did cease as I thought it should.

I like vrf-lite but it is more than I want to dig into for this project right now. Thanks for the brain jog.

Hall of Fame Super Blue

Re: 2 separate non-talking networks

Scott

In addition to John's post, if you want complete separation on the control plane ie. separate routing tables etc. then you may want to look at vrf-lite -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/vrf.html

I know it's a 4500 example but the 6500 does support it, i can just never seem to find the config guide - but it is the same :-)

Jon

145
Views
0
Helpful
3
Replies
CreatePlease to create content