Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vanya Zyuzgin2014-04-11 12:59:39
Cisco
Vanya Zyuzgin, 2014-04-11 12:59:39

How to organize the correct routing of a large network on Cisco?

Good afternoon!
At the moment there is already:
Cisco 3750X central switch, to which Cisco 2960 switches are connected as a star. Users are connected to the latter.
For each department of the enterprise, individual vlans are set up on the Cisco 3750X and routing is configured between them. On the same switch, a DHCP server was raised with the same number of pools as the number of vlans.
As a result, it turns out that those computers that are connected, say, to vlan012, receive IP addresses from the range 10.0.12.1-10.0.12.100. And those computers that are connected to vlan015. will receive IP addresses from the range 10.0.15.1-10.0.15.100.
At the moment, packets between networks pass.
Question:
How to make it so that packets pass only between a specific computer from vlan012 and a specific computer from vlan015, and other computers are available to each other only each in their own vlan? If computers had static IP addresses, then the solution would be to register static routes, but what about when IP is distributed automatically and only the computer name is known, which is permanent.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
Valentine, 2014-04-11
@site2life

Lots of options.
It’s easier to segment the network more logically) Throw those who need access somewhere into a separate VLAN. Suggestive hints: one pool can be for several VLANs, and ip unnumbered can be switched on VLAN interfaces.
As an option, for those computers that need access (if there are fewer of them), put the IP-shnik by hand (well, or if you really want to make static IP-MAC bindings)
Another option, though difficult, is to use DHCP option 82 and dhcp-snooping on switches.
Another thing is to mark traffic on subscriber ports with some kind of QoS (DSCP for example) and make this marking a DSCP criterion. This is not a very correct way, but it is possible)

Report
D
divetoh, 2014-04-11
@divetoh

For the necessary workstations, IP address reservation is configured in dhcp, acl is configured on the router on vlan interfaces that allow packets to pass only from specified ip addresses.

Report
K
Konkase, 2014-04-11
@Konkase

It seems to me that this cannot be done by means of one tsiska. You may have to raise a separate squid server, and configure acl there.
If it is not possible to install a server, then you can configure dhcp to the mac + ip eternal pool, you will get an alternative to static addresses and you can configure acl

Similar questions
D
Doston Elmurodov2017-03-10 12:24:15
Where can I take free information security courses for a novice system administrator? 2Reply
G
GSnick2015-03-05 22:03:23
How to configure 2 NICs in active/backup mode if they are connected to 2 different switches? 1Reply
S
sergrok2015-03-19 14:59:55
Monitoring BGP peers? 3Reply
T
Translocated2015-03-26 13:32:53
How to restore CISCO 7942 after "hard reset"? 5Reply
K
Konkase2019-08-28 13:14:22
What is the easiest professional exam to take to renew CCNP? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question