Network Segregation on a 5500 (access-list)

Discussion in 'Cisco' started by Dave, Jul 23, 2003.

  1. Dave

    Dave Guest

    Hello,

    I have a segregation situation I am trying to resolve.

    I have a large test network, consisting of 60 or so vlans.

    Lets say:
    172.16.31.XX - 172.16.55.XX is for an NT Domain
    172.16.56.XX - 172.16.78.XX is for an active directory Domain
    192.168.0.0 - DMZ for segregation from company network

    I want to seperate these Domains from each other, only allowing DNS,
    WINS, ICMP, SMTP & POP3.

    The Network space for this is 172.16.30.XX
    172.16.30.1 is a firewall for internet access and WAN traffic (both
    Domains)
    ip route 0.0.0.0 0.0.0.0 172.16.30.1
    172.16.30.5 is the Cisco 5500

    I had tried using standard & extended access-list, to no avail...
    Here is a sampling of one attempt on the NT side (Duped for the A.D.
    side):
    access-list 101 permit ip any host 192.168.0.0
    access-list 101 permit ip any host 172.16.31.0 0.0.0.255 any !and on &
    on
    access-list 101 deny ip any any
    I tried denying and permitting, but I am still able to get to either
    side.

    I would like to segregated these for testing, but still have internet
    and WAN access from the firewall. Also specific access... DNS, WINS,
    SMTP, ICMP, POP3.

    I would appreciate any info anyone could give. I think I am on the
    right track... but to no avail, YET!

    Thanks in advance,
    Dave
     
    Dave, Jul 23, 2003
    #1
    1. Advertisements

  2. Dave

    Greg Guest

    You shouldn't be able to see anything outside of the VLANS if they are setup
    right??
     
    Greg, Jul 23, 2003
    #2
    1. Advertisements

  3. Dave

    NNTP Reader Guest

    What are you using for a router ? Is that 0.0.0.0 route you mentioned on the
    actual supervisor or on an RSM module in the switch ?

    = K
     
    NNTP Reader, Jul 23, 2003
    #3
  4. Dave

    Dave Guest

    It is a Cisco5500 RSM.

    Let me know if you have any other questions.

    Dave
     
    Dave, Jul 23, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.