I tried PVLAN but pc1 is pinging pc2 and pc3.....

With a routed link on the serial connection running OSPF I am not sure that there is a way to achieve the restriction on which PC communicates with which PC that does not use access lists. So I will repeat Mark's question: why are you excluding access lists from the options?

HTH

Rick

Thanks Richard for the reply.

Actually i am using customize router and switches.... :(

So we dont have any option for using ACL....(my bad).

if your devices doesn't have ACL option, they hardly have other option like VRF, but if they support VRF you can use it, and separate your network with VRF, or you can use several OSPF for each connection own OSPF

As nurbol555 has noted, w/o ACLs, this might be accomplished by having the devices in different routing domains, either using multiple OSPF processes or VRFs.  You can then control what device can reach another by what routing information is shared between your routing domains.

Joseph suggests techniques that would typically be considered including multiple OSPF processes to separate the traffic. But with a serial link connecting the routers how do you use multiple OSPF processes. For that serial link it can operate in only one OSPF process. And how could we use VRFs on that single routed link?

HTH

Rick

Rick, excellent question!

How about using technology that allows multiple IPs across a serial link?  GRE tunnels first come to mind.  You might also be able to run L2TPv3, MPLS, frame-relay encapsulation, etc.

Oh, forgot to mention, another approach would be to place the serial link in its own routing domain.  As such, you would redistribute into it all the other routing domains routes, but the other routing domains would only contain "their" routes.

Thanks a lot for all your replies...

what if i change serial interface to Ethernet interface.....will in that case there r few options...???

Is it possible to do with VLAN..... i have to segregate the Data traffic with management traffic.

Changing the connection between routers to Ethernet may have some interesting possibilities. I am still concerned about what kind of devices these are and what capabilities do they have? If they do not have the ability to do access lists can we be sure that they have capabilities to do vlan subinterfaces and to run multiple instances of a routing protocol?

If these were normal routers then you might be able to configure two vlan subinterfaces on the connection between the routers. Then you would run an instance of OSPF on the vlans where PC2 and PC1 are and on one of the subinterface vlans on the router (perhaps ospf 21) and you would run another instance of OSPF on the vlans where PC3 and PC0 are and the other vlan subinterface (perhaps ospf30). That would allow the communication that you want.

HTH

Rick

Richard.... yes we dont have option of acl's....at-least not now....

but what you have mention i can try that and see if it work for me..... please if possible can you provide me some more information or example to use above information practically.....

It will be really great help....!!!!

Thank you so much..... for all the replies....

Switches have the ability to do pvlans but not acls ? What exactly are these devices ?

you don't have many options left as you can't route filter in same lsdb in ospf at layer3  , can you change the igp and use something else or use statics with bgp you could filter then at router level?

It seems to me that private vlans might be a solution for controlling what device talks to what device for traffic on a switch. But I see the major issue being what do you do to control traffic that is sent over the routed link on the serial connecting the two. How would private vlan interact with the routed link without using access lists.

I agree that this seems a very strange situation and we need the original poster to clarify what these switches and routers really are.

HTH

Rick