I'm trying to replicate a client’s parent/child domain in a test environment – I’m assuming (I don’t know for sure their exact setup) that they will have enterprise level networking setup, so potentially layer 2 workgroup switches with routers doing layer 3 as well as firewall device(s) doing access control
In our test environment we have two DC’s set up and client PC’s – one DC for the parent domain and one for the child domain and it’s the default two way transitive trust between the parent/child - I'm using a Cisco SG300-28 port switch to connect the DC's and clients
I have each DC on a trunk port on the SG300-28 – which is running in layer 3 mode – and two VLAN’s – 10 and 20 – with their respective subnets in DHCP scope, one per DC – the DC’s both have access to VLAN 10 and 20 via their trunk ports - the clients in each domain are on access ports within their specific VLAN – parent on VLAN 10 10.10.10.0/24 and child on VLAN 20 10.10.11.0/24
I’ve tried creating an ACL which would permit clients on the child domain to connect to a license server on the parent domain which I thought was working as the application can connect and obtain a license, however as test I removed the ACL from the interface it was applied to and the client was still able to get a license – as a further test we created rules for the specific ports on the windows firewall on the two DC’s as well as the license server, then disabled these – however the application can still get a license
Any ideas why this would work regardless of the ACL and firewall rules being applied? I wonder if it is due to the trunking, however I don’t see another way of having the VLAN’s routing?