?
Solved

Cisco, Catalyst 2950, VLAN security question

Posted on 2008-10-10
5
Medium Priority
?
460 Views
Last Modified: 2008-10-29
Have a client who wants to add a personal computer to his work environment. This new machine is to be used on the Internet as anyone would at home, without restrictions on what can be downloaded or accessed. For purposes of stopping any potential viruses from getting to the rest of the existing network, this new machine needs to be isolated in such a way that it can be freely open to the internet, but stopped from making *any* connections to any other machine in the local environment. However, this new machine still needs to be able to print to the network printer. The equipment available is a Catalyst 2950 switch, a Linksys router, and a proprietary VPN device, in that order from the internal network to the DSL modem. All devices are currently connected to the 2950 switch. I was hoping to isolate this new machine with the use of VLANs, but don't know enough about them to get it to work. I have tried for a few days with various setting via Cisco Network Assistant, but am not finding any success. If VLANs aren't the way to go, I was also thinking of connecting this new machine to the VPN device for internet connectivity (which will allow the connection to a port and act like a router in that case), but don't know if there is a way to allow access to the printer back through the Linksys router without giving total access to the rest of the network, too. Any help would be appreciated.
0
Comment
Question by:NixManes
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
TAMSCODAN earned 1500 total points
ID: 22688523
I would sugest that you just put the computer on the same network however create an ACL entry allowing it access DNS, and default gateway, but definatley an ACL is the way to go restricting the access.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html 

0
 

Author Comment

by:NixManes
ID: 22689461
Do you know if there is away to set ACL configuration through the Network Assistant?
0
 
LVL 3

Expert Comment

by:TAMSCODAN
ID: 22689511
no i am not certain of that. You can do it via CLI and its not hard at all.
0
 

Author Comment

by:NixManes
ID: 22699432
I will be back out at my customer's site next week and will read the doc you indicated in the meantime. I will post the results here when I try to implement something. Thanks.
0
 

Author Comment

by:NixManes
ID: 22832822
I have not had a chance to actually do the work, but I think the solution will likely work. I don't want to keep the question open any longer, so I will post again if I need assistance when I get to it.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question