disturbedone
Vendor
I have a feeling this can be done but I'm not exactly sure how it can be achieved. Not sure if it would be done in Catalyst router or ASA (or parts in both).
Scenario:
[ul]
[li]ASA5520 as firewall. Interface GiEth0/0 security-level 100 as 'inside network', interface GiEth0/1 security-level 0 as 'outside network', interface GiEth0/2 security-level 100 as 'dmz network'. IP 10.15.0.1/16[/li]
[li]Catalyst 4507 as core router. IP 10.10.32.88/16 (VLAN10). Multiple VLANs 11 (10.11.x.x/16), 20 (10.20.x.x/16) etc[/li]
[li]DHCP server on VLAN11 (10.11.0.7/16. All VLANs have ip-helper address of this.[/li]
[li]I want to create VLAN80 (10.80.x.x/16) and allow then DHCP but stop traffic to all other VLANs (including servers on same as DHCP) but still allow Internet.[/li]
[/ul]
I've read a bit about the security-level feature. Giving one VLAN a higher value than another to restrict access but VLANs aren't defined in ASA only Catalyst. This feature isn't available in the Catalyst for some reason.
Any ideas on how this could be achieved?
Scenario:
[ul]
[li]ASA5520 as firewall. Interface GiEth0/0 security-level 100 as 'inside network', interface GiEth0/1 security-level 0 as 'outside network', interface GiEth0/2 security-level 100 as 'dmz network'. IP 10.15.0.1/16[/li]
[li]Catalyst 4507 as core router. IP 10.10.32.88/16 (VLAN10). Multiple VLANs 11 (10.11.x.x/16), 20 (10.20.x.x/16) etc[/li]
[li]DHCP server on VLAN11 (10.11.0.7/16. All VLANs have ip-helper address of this.[/li]
[li]I want to create VLAN80 (10.80.x.x/16) and allow then DHCP but stop traffic to all other VLANs (including servers on same as DHCP) but still allow Internet.[/li]
[/ul]
I've read a bit about the security-level feature. Giving one VLAN a higher value than another to restrict access but VLANs aren't defined in ASA only Catalyst. This feature isn't available in the Catalyst for some reason.
Any ideas on how this could be achieved?