assume that I have 4 buildings which all connected to main building and in each building I have privileged subnet ( red circles ). privileged subnet must be able to connect each other, and rest of the subnet connect together. Can someone explain how can I do this using OSPF ? Thanks
http://s22.postimg.org/5ctmeb9ip/Screen_Shot_2013_04_17_at_1_06_05_AM.png
I think you might be going about this the wrong way. If you're wanting to prevent certain subnets from communicating with other subnets, you need a firewall, not separate OSPF instances. The 'OSPF ID' in Cisco devices is not like an AS number in EIGRP. The ID is locally-significant and 'router ospf 1' and 'router ospf 999' will happily form neighborships and work fine.
You can use a dedicated firewall device (probably near your edge routers) or just plain ACLs to restrict access between subnets. For instance, on R4 you might do this...
! from the 192.168.6.0/24 into the router interface and towards other private subnets
ip access-list extended acl-private-subnet-in
permit ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
! from other private subnets and out of the router interface and towards 192.168.6.0/24
ip access-list extended acl-private-subnet-out
permit ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255
interface <interface towards switch6>
ip access-group acl-private-subnet-in in
ip access-group acl-private-subnet-out out
If you really wanted to go to crazy town, you could also create a separate vrf for your "private" subnets, run MPLS in your core, enable MP-BGP to exchange labels, and treat the whole network as a L3VPN. But I'm betting that's a little more than what you're needing here. =)
Hope this helps,
-Keller
