Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
4
Replies

2 company share 1 network

farozezan73
Level 1
Level 1

‎09-03-2010 01:56 AM - edited ‎03-04-2019 09:38 AM

Hi,

My company A has a big network with 109 nos (site office) of 3750e and every switches has a 6 vlan. Recently our sister company B submit a proposal & intent to share the network. My question is how to make this happen as we are very concern about the security. I've plan to create a new vlan for company B in every switches but how to restrict the access? Note : both company has own internet access. company A ip is 10.74.x.x and co B 10.1.x.x

tq

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎09-03-2010 02:55 AM 

farozezan73 wrote:
Hi,
My company A has a big network with 109 nos (site office) of 3750e and every switches has a 6 vlan. Recently our sister company B submit a proposal & intent to share the network. My question is how to make this happen as we are very concern about the security. I've plan to create a new vlan for company B in every switches but how to restrict the access? Note : both company has own internet access. company A ip is 10.74.x.x and co B 10.1.x.x
tq

Have a read of this recent thread and them come back if you have further questions -

https://supportforums.cisco.com/thread/2039816?tstart=30

I would not recommend having vlans for each company on all your switches. The other company can simply route to your vlans and vice-versa but you do need to think about firewalls.

Jon

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎09-03-2010 06:10 AM

Hello,

If you do not want Company B to access company A and vice versa, put

access-lists on the core router (router that handles routing between vlans).

The access-list should look like:

access-list 101 deny ip 10.74.0.0 0.0.255.255 10.1.0.0 0.0.255.255

access-list 101 deny ip 10.1.0.0 0.0.255.255 10.74.0.0 0.0.255.255

interface vlan "vlan id"

ip access-group 101 in

exit

This will prevent all communication between Company A vlans and Company B

vlan. If you want specific traffic to flow between them, then you need to

insert those rules before the deny rules.

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq https

access-list 101 permit tcp any eq www any

access-list 101 permit tcp any eq https any

access-list 101 deny ip 10.74.0.0 0.0.255.255 10.1.0.0 0.0.255.255

access-list 101 deny ip 10.1.0.0 0.0.255.255 10.74.0.0 0.0.255.255

Above configuration allows HTTP and HTTPS traffic between two networks.

Hope this helps.

Regards,

NT

0 Helpful

farozezan73
Level 1
Level 1
In response to Nagaraja Thanthry

‎09-26-2010 01:37 AM

Hi,

Tq for your reply. One more thing, the existing network use eigrp protocol. Should I use static route for the new network or eigrp? For info the new network use only 15 routers. tq

0 Helpful

Per Tenggren
Level 1
Level 1

‎09-27-2010 11:42 AM

Separate the companies with different VRFs.

0 Helpful
Customers Also Viewed These Support Documents