Not sure I understand how you are running your network, but if you deny the lawyers VLAN from accessing the other VLAN's in your network, you should be all set. That way you only have one deny statement to add to each VLAN. I think what's throwing me is the 300 line access-list statement. There's a ton of solutions out there for you, but you need to be more clear in terms of describing your internal network.
""Robert Edmonds"" wrote in message news:200210181908.TAA09447@;groupstudy.com... > I work for a county government. As part of building a new courthouse, I am > tasked with providing attorneys in courtrooms with Internet access through > my network. Of course, I would like to provide them access to what they > need while blocking access to our internal network. > My network is setup in the following manner: > In the new courthouse, the MDF has a 3550-12G acting as the root switch for > the building, and has the layer 3 image. It connects directly to my core, > with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515 for > Internet access. I plan on creating a separate VLAN for the public Internet > access, but beyond that I'm left a bit short. Obviously I don't want to > create a 300 line access-list that would deny them access to each internal > VLAN, then each of our servers in turn. Can someone give me some > suggestions to get this done? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55899&t=55898 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
