Rally_IT
asked on
Isolating subnet
I have a stacked cisco 3750X as our main layer3 distribution switch.
It has about a dozen vlans defined. We'd like to isolate one subnet for use in our public conference rooms & common areas. This vlan will be trunked to multiple access layer switches.
The isolated subnet will be 10.32.41.0/24. This subnet should be able to get out to the internet but not be able to hit anything on the internal network except for DHCP & DNS - 10.32.0.13 & 10.32.0.10 (ideally).
What's the best way to implement this?
I'm concerned if we do private vlans I may need to reconfigure all other vlans to be promiscuous? I still want all vlans to be able to communicate with each other except the 41.
It has about a dozen vlans defined. We'd like to isolate one subnet for use in our public conference rooms & common areas. This vlan will be trunked to multiple access layer switches.
The isolated subnet will be 10.32.41.0/24. This subnet should be able to get out to the internet but not be able to hit anything on the internal network except for DHCP & DNS - 10.32.0.13 & 10.32.0.10 (ideally).
What's the best way to implement this?
I'm concerned if we do private vlans I may need to reconfigure all other vlans to be promiscuous? I still want all vlans to be able to communicate with each other except the 41.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/PrivateVLANs.html