Network Segregation on a 5500 (access-list)

Discussion in 'Cisco' started by Dave, Jul 23, 2003.

  1. Dave

    Dave Guest


    I have a segregation situation I am trying to resolve.

    I have a large test network, consisting of 60 or so vlans.

    Lets say:
    172.16.31.XX - 172.16.55.XX is for an NT Domain
    172.16.56.XX - 172.16.78.XX is for an active directory Domain - DMZ for segregation from company network

    I want to seperate these Domains from each other, only allowing DNS,

    The Network space for this is 172.16.30.XX is a firewall for internet access and WAN traffic (both
    ip route is the Cisco 5500

    I had tried using standard & extended access-list, to no avail...
    Here is a sampling of one attempt on the NT side (Duped for the A.D.
    access-list 101 permit ip any host
    access-list 101 permit ip any host any !and on &
    access-list 101 deny ip any any
    I tried denying and permitting, but I am still able to get to either

    I would like to segregated these for testing, but still have internet
    and WAN access from the firewall. Also specific access... DNS, WINS,

    I would appreciate any info anyone could give. I think I am on the
    right track... but to no avail, YET!

    Thanks in advance,
    Dave, Jul 23, 2003
  2. Dave

    Greg Guest

    You shouldn't be able to see anything outside of the VLANS if they are setup
    Greg, Jul 23, 2003
  3. Dave

    NNTP Reader Guest

    What are you using for a router ? Is that route you mentioned on the
    actual supervisor or on an RSM module in the switch ?

    = K
    NNTP Reader, Jul 23, 2003
  4. Dave

    Dave Guest

    It is a Cisco5500 RSM.

    Let me know if you have any other questions.

    Dave, Jul 23, 2003
