We have an industrial Ethernet network that is connected by one leg to a company wide network through a standard switch.
We require to segregate the industrial network from the rest of the network to avoid virus, broadcast, DoS attacks etc affecting the industrial network.
The industrial network doesn't need the rest of the network or the Internet etc.
We may want to VPN onto the industrial network occasionaly from one or two PCs on the rest of the network (We have a VPN server configured already).
Our network people want us to go VLAN, I would prefer a router to totally segregate us, either solution should be easy as we only have one leg connecting both networks.
What are the advantages/disadvantages of each solution.