Solved

Cisco Vlan Advice

Posted on 2011-09-27
2
254 Views
Last Modified: 2012-05-12
Hi there,
I am after some advice to see if this can be done and how possibly?

I have 4 different VLANS:
5 = Servers
10 = Teachers
15 = Guest
20 = Admin Staff

I have used ACL's and can deny access for example the Guests from accessing the Teachers & Admin Vlan. I tried to do the same with the Server vlan but my DHCP Server is in this Vlan and when I deny the ip in the ACL the Guests can no longer get DHCP addresses. DNS is also on the same Server.
So does this mean that I need to put the DHCP Server in a seperate Vlan or is there someway of doing it so it denys access to the Vlan but still gets ip addresses? I have the IP helper address configured under the virtual port on the router.

Next question. I would like the Teachers just to access the Curric Server, but the Admin Server is also in the same Vlan as the Curric Server so I can't use an ACL to deny it access as of course this will deny them access to the Curric Server. So is there a way to do this as well?

Thanks
0
Comment
Question by:dan4132
2 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 36710261
You should be able to restrict the ACL to only allow DHCP requests (UDP 67 and possibly 68) and deny everything else.  But I think your idea of putting a shared resource like that in a separate VLAN is preferable.  Your ACL can be host-specific, which should address the last question as well.
0
 
LVL 3

Author Closing Comment

by:dan4132
ID: 36710327
Cool thanks for the reply. Ok I will keep DHCP and DNS in a seperate VLAN so as not to get them denied by the ACL's. Of course I over looked that. I can add in permit to specific IP's.. I have been denying the whole lot!!! Jeeze.. I have just over looked all of this...Thanks for your advice man
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question