i need your help in the form of a example. i'm in my lab for some testing...
i have to 2 Vlans --> vlan (a) 172.16.0.0/22 and the other Vlanb (b) 10.39.0.0/21 both are connected via inter vlan routing. i would like to seperate the two vlans for small security reason.
vlan (a) should only see the dns server (10.39.0.100) in the vlan (b). No other things should be avaiable only the dns server! the other way vlan (b) to Vlan (a) should be closed.
what is the easiest way to resolve this issue? with ip access-list or with policies?
i tryed the policies:
Code: Select all
create policy
policy network group labor 172.16.0.0 mask 255.255.252.0
policy network group production 10.39.0.0 mask 255.255.248.0
qos apply
- policy action
- policy condition
- policy rules
correct?
it would be very useful for me if some take time to explain me the policies...
cheers rafa