Here is the setup, cisco 3750 intervlan routing enable and functioning with 3 vlans and svi's. Everything can get to everything as of right now.
vlan 10 - 10.0.10.1/24 - Managment/ servers (Domain controller lives here)
vlan 20 - 10.0.20.1/24 - Opertaions pc's
vlan 30 - 10.0.30.1/24 - R&D PC's
I need to isolate vlan 30 from EVERYTHING (internet, vlan 10 and vlan 20 etc ) EXCEPT the domain controller 10.0.10.50 on vlan 10 so i can manage domain joined workstations on vlan 30.
I've been reading that my options are actually very limited in this scenario if not impossible due to lack of reflexive acl capabilities on these siwtche and stateless acl rules that would allow me to permit traffic initiation on one side but then prevent the return. The other option i read about was introducing a router into the mix.
I understand the need and use case scenarios for vlan segmentation but what am i missing here?
How else is this being used in environments where departments are vlan'ed for security reasons (HR, FInance, sales users/pc's ) but still allow critical infrastructure servers/services (file shares, print servers, domain controllers, dns/dhcp etc.) to be accessible across all vlans?
I feel like im missing a key piece to all this to make it click for me.
No comments:
Post a Comment