Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
1
Replies

Resticted PC with layer3 ACL or Other option

keithatwood
Level 1
Level 1

‎06-28-2011 12:49 PM - edited ‎03-07-2019 01:00 AM

I've got the following scenario (image attached).

each site has a Vlan for Restricted PC's. These PC's should have access to their own site file server and printers. I don't want them to access anyone else's site, except for DNS lookups and AD login into a virtual DC.

I realize I could let the layer3 switch handle the ACL, but the downside is that if they want to access a file off a server at their own site, they would need to route 1st through the layer 3 to get back to their own server. Not really a problem since the inter-site links are 1000mbps fiber, but if a line was cut, they would loose connectivity to their own files.

The other option was to set static IP's for these restricted PC's in the same VLAN/Subnet as their file server and then create an ACL on the layer3, but then I need to restrict NIC permissions and manually add users. I'd rather let DHCP assign them an IP.

I'm looking for some other optinos based on the equipment in place.

Thanks!

Labels:
Preview file
160 KB
0 Helpful
1 Reply 1

keithatwood
Level 1
Level 1

‎06-29-2011 03:00 PM

Here's my thoughts, since the switches at the edge are layer2 only, the restricted PC's must reside within the same subnet as their server, meaning same VLAN.

The only other option I see is some sort of intersite port restriction, which I'm not sure if the Cisco Small business switch will do... kinda like PVLAN

Thoughts?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card