Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco Vlan Advice

Posted on 2011-09-27
2
Medium Priority
?
260 Views
Last Modified: 2012-05-12
Hi there,
I am after some advice to see if this can be done and how possibly?

I have 4 different VLANS:
5 = Servers
10 = Teachers
15 = Guest
20 = Admin Staff

I have used ACL's and can deny access for example the Guests from accessing the Teachers & Admin Vlan. I tried to do the same with the Server vlan but my DHCP Server is in this Vlan and when I deny the ip in the ACL the Guests can no longer get DHCP addresses. DNS is also on the same Server.
So does this mean that I need to put the DHCP Server in a seperate Vlan or is there someway of doing it so it denys access to the Vlan but still gets ip addresses? I have the IP helper address configured under the virtual port on the router.

Next question. I would like the Teachers just to access the Curric Server, but the Admin Server is also in the same Vlan as the Curric Server so I can't use an ACL to deny it access as of course this will deny them access to the Curric Server. So is there a way to do this as well?

Thanks
0
Comment
Question by:dan4132
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 2000 total points
ID: 36710261
You should be able to restrict the ACL to only allow DHCP requests (UDP 67 and possibly 68) and deny everything else.  But I think your idea of putting a shared resource like that in a separate VLAN is preferable.  Your ACL can be host-specific, which should address the last question as well.
0
 
LVL 3

Author Closing Comment

by:dan4132
ID: 36710327
Cool thanks for the reply. Ok I will keep DHCP and DNS in a seperate VLAN so as not to get them denied by the ACL's. Of course I over looked that. I can add in permit to specific IP's.. I have been denying the whole lot!!! Jeeze.. I have just over looked all of this...Thanks for your advice man
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question