Vlan Security

thenjduke

Okay ladies and gents I need your expertise. I am looking for a way to block one department on one vlan to another vlan based off Active DIrectory groups and then give access to one vlan for one department to another deparment based off t heir ad groups. I know can used Triple AAA and some ACL to do this but anyone have any suggestions how to do it.
Vlan 1 192.168.1.0 255.255.255.0 HR
Vlan 2 192.168.2.0 255.255.255.0 IT
Vlan 3 192.168.3.0 255.255.255.0 SALES

Just example what we are looking to do.
So we want to block HR from IT but give them access to Sales. I know cisco makes Triple A package but forget what it is called and I al looking for example for ACL to set this up

drkat

Possibly via Sites and Services ?

Bl8ckr0uter

Use a VACL.

https://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml
https://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html

Wait a minute I think I misread your question. Let me look into something here. Do you want it to do this dynamically or something?

thenjduke

I am looking to work with Active Directory groups so do some kinda of authentication from the cisco switch to authenticate to like a RADIUS or AAA server and if that person is in that group then allow them access to that subnet or vlan..... I do not want to use mac address too dam messy.

Bl8ckr0uter

So something like this:

https://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c9bd1.shtml