Solved

Cisco Vlan Advice

Posted on 2011-09-27
2
253 Views
Last Modified: 2012-05-12
Hi there,
I am after some advice to see if this can be done and how possibly?

I have 4 different VLANS:
5 = Servers
10 = Teachers
15 = Guest
20 = Admin Staff

I have used ACL's and can deny access for example the Guests from accessing the Teachers & Admin Vlan. I tried to do the same with the Server vlan but my DHCP Server is in this Vlan and when I deny the ip in the ACL the Guests can no longer get DHCP addresses. DNS is also on the same Server.
So does this mean that I need to put the DHCP Server in a seperate Vlan or is there someway of doing it so it denys access to the Vlan but still gets ip addresses? I have the IP helper address configured under the virtual port on the router.

Next question. I would like the Teachers just to access the Curric Server, but the Admin Server is also in the same Vlan as the Curric Server so I can't use an ACL to deny it access as of course this will deny them access to the Curric Server. So is there a way to do this as well?

Thanks
0
Comment
Question by:dan4132
2 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 500 total points
ID: 36710261
You should be able to restrict the ACL to only allow DHCP requests (UDP 67 and possibly 68) and deny everything else.  But I think your idea of putting a shared resource like that in a separate VLAN is preferable.  Your ACL can be host-specific, which should address the last question as well.
0
 
LVL 3

Author Closing Comment

by:dan4132
ID: 36710327
Cool thanks for the reply. Ok I will keep DHCP and DNS in a seperate VLAN so as not to get them denied by the ACL's. Of course I over looked that. I can add in permit to specific IP's.. I have been denying the whole lot!!! Jeeze.. I have just over looked all of this...Thanks for your advice man
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question