«

All,

I have a core 6500 with a MSFC with multiple access/ distrubition
switch. I will be installing a new switch for a new group of users, I
want to restrict this group of users only to certain servers and VLANS.

Basically I will be installing a new 3750 and creating a vlan for this
group of users and trunking it to the 6500. In addition I was thinking
about adding some IP permit/Denys have had a chance to get in to.

Any ideas how I should proceed

I

Hi

After configuring the SVI( Layer 3 interface) for the new VLAN just
check whether u able to reach the servers in another VLANS, once u
through with that connectivity , configure ACL according to ur
requirement and apply it to the SVI of the new VLAN in " in" direction
which u had created.

ex: Vlan 10 is ur new VLAN, and new subnet is 192.168.5.0/24,and server
subnet is 192.168.1.0.
As u r configuring in " in " direction , access-list will look like
this

access-list 125 deny ip any host 192.168.1.15
access-list 125 deny ip any 192.168.2.0 0.0.0.255
access-list 125 permit ip any any

int vlan 10
access-group 125 in

thats it

rgds
Suman

As another solution to the suggestion below look into private vlans

Trouble wrote:
> All,
>
> I have a core 6500 with a MSFC with multiple access/ distrubition
> switch. I will be installing a new switch for a new group of users, I
> want to restrict this group of users only to certain servers and VLANS.
>
> Basically I will be installing a new 3750 and creating a vlan for this
> group of users and trunking it to the 6500. In addition I was thinking
> about adding some IP permit/Denys have had a chance to get in to.
>
> Any ideas how I should proceed
>
> I
>