Vlan isolation in ERS 8600

[Erick]

Hello,

I have a DHCP server in an isolated vlan, I shall wish to delete this server to create an address range DHCP in my primary DHCP server who is in my Lan, so that users get back an ip in this address range but I shall wish this users cannot access to my Lan

How can i do this?
Have to i use Acls? 
How can i wrote Acls?

For information :  my nortel is ERS8600 version 4.1.6.0, the isolated vlan is 8 (IP 192.168.111.0/24), my DHCP 172.16.10.8/16.

Thank you in advance for your help

Erick

[TankII]

Just build DHCP helper for the interface.

ip dhcp-relay fwd-path 192.168.111.1 172.16.10.8

TankII

[Erick]

Hi Tankll,

I have already created a relay DHCP on my ERS8600 but in change the gateway IP, it is possible to reach my network

How may I isolate completely it vlan?

Thank you in advance for your help

Erick

[TankII]

You can set your mask and gateway up in your DHCP scope to whatever you want, even if it's a non-routable network.  At least, I can do it with NetID and Infoblox.  I haven't tried with Microsoft.
Then, on your 8600's, configure the network without OSPF, disable local redistribution, and disable ASBR.

Or, you could leave the router at one IP address (say .15) and deliver a Gateway address of .1 via DHCP.
Unless the users/devices knew about the .15, they would be unable to route.

That should do it.

TankII

[Michael McNamara]

What hardware do you have doing the actual routing?

You could use ACLs but depending on the hardware it may not be that straight forward. In the old ERS 8600 days you could create a straight forward ACL just like a Cisco router, but then you loose that wire speed switching-routing because you're doing the ACL in software and not in hardware.

You could setup DHCP relay as suggested by Tank and then setup an ACL list. If the subnet doesn't need to communicate with anyone then you could just not return a default gateway in the DHCP reply.

Good Luck!