Cisco Switches with ACL's between VLAN's and windows servers

Discussion in 'Cisco' started by chart, Oct 26, 2005.

  1. chart

    chart Guest

    Question #1
    I have a domain forest in my current WAN. I have been asked to tighen
    up security but implementing ACL's between VLAN's. My problem is this.
    I have say office A on VlanA with the main controller and office B on
    VlanB with a child controller. What ports am i going to have to open
    up between those vlans so the two servers can talk to each other and
    keep active directory happy.

    Question #2
    Would I need to open the same ports say if a workstation was on a
    different Vlan then the server it authenticates with. Not sure this
    would happen but just wanted to know in the event I run into that.

    I have all offices connected via Point to Point T1, switches are all
    Cisco 3550's and all servers are compaq DL series of one flavor or
    another.

    the goal is to open only the ports needed to have the server talk to
    each other and keep Active Directory working, allow clients to
    authenticate and all that other sever functions and block everything
    else
     
    chart, Oct 26, 2005
    #1
    1. Advertisements

  2. :Question #1
    :I have a domain forest in my current WAN. I have been asked to tighen
    :up security but implementing ACL's between VLAN's. My problem is this.
    : I have say office A on VlanA with the main controller and office B on
    :VlanB with a child controller. What ports am i going to have to open
    :up between those vlans so the two servers can talk to each other and
    :keep active directory happy.

    In my experience.... "All of them".

    Or at least a fine selection of privileged ports (<1024) and all
    ports above that.

    It is, though, difficult for me to tell which inname flows we
    see that are caused -solely- by Exchange and which are -only- AD
    and which are -only- pre-AD NT authentication. Though if an
    Exchange transaction requires a bizzare AD interaction that wouldn't
    happen without Exchange, which is at fault?
     
    Walter Roberson, Oct 26, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.