Solved

Cisco, Catalyst 2950, VLAN security question

Posted on 2008-10-10
5
456 Views
Last Modified: 2008-10-29
Have a client who wants to add a personal computer to his work environment. This new machine is to be used on the Internet as anyone would at home, without restrictions on what can be downloaded or accessed. For purposes of stopping any potential viruses from getting to the rest of the existing network, this new machine needs to be isolated in such a way that it can be freely open to the internet, but stopped from making *any* connections to any other machine in the local environment. However, this new machine still needs to be able to print to the network printer. The equipment available is a Catalyst 2950 switch, a Linksys router, and a proprietary VPN device, in that order from the internal network to the DSL modem. All devices are currently connected to the 2950 switch. I was hoping to isolate this new machine with the use of VLANs, but don't know enough about them to get it to work. I have tried for a few days with various setting via Cisco Network Assistant, but am not finding any success. If VLANs aren't the way to go, I was also thinking of connecting this new machine to the VPN device for internet connectivity (which will allow the connection to a port and act like a router in that case), but don't know if there is a way to allow access to the printer back through the Linksys router without giving total access to the rest of the network, too. Any help would be appreciated.
0
Comment
Question by:NixManes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
TAMSCODAN earned 500 total points
ID: 22688523
I would sugest that you just put the computer on the same network however create an ACL entry allowing it access DNS, and default gateway, but definatley an ACL is the way to go restricting the access.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html 

0
 

Author Comment

by:NixManes
ID: 22689461
Do you know if there is away to set ACL configuration through the Network Assistant?
0
 
LVL 3

Expert Comment

by:TAMSCODAN
ID: 22689511
no i am not certain of that. You can do it via CLI and its not hard at all.
0
 

Author Comment

by:NixManes
ID: 22699432
I will be back out at my customer's site next week and will read the doc you indicated in the meantime. I will post the results here when I try to implement something. Thanks.
0
 

Author Comment

by:NixManes
ID: 22832822
I have not had a chance to actually do the work, but I think the solution will likely work. I don't want to keep the question open any longer, so I will post again if I need assistance when I get to it.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question