Solved

Cisco, Catalyst 2950, VLAN security question

Posted on 2008-10-10
5
446 Views
Last Modified: 2008-10-29
Have a client who wants to add a personal computer to his work environment. This new machine is to be used on the Internet as anyone would at home, without restrictions on what can be downloaded or accessed. For purposes of stopping any potential viruses from getting to the rest of the existing network, this new machine needs to be isolated in such a way that it can be freely open to the internet, but stopped from making *any* connections to any other machine in the local environment. However, this new machine still needs to be able to print to the network printer. The equipment available is a Catalyst 2950 switch, a Linksys router, and a proprietary VPN device, in that order from the internal network to the DSL modem. All devices are currently connected to the 2950 switch. I was hoping to isolate this new machine with the use of VLANs, but don't know enough about them to get it to work. I have tried for a few days with various setting via Cisco Network Assistant, but am not finding any success. If VLANs aren't the way to go, I was also thinking of connecting this new machine to the VPN device for internet connectivity (which will allow the connection to a port and act like a router in that case), but don't know if there is a way to allow access to the printer back through the Linksys router without giving total access to the rest of the network, too. Any help would be appreciated.
0
Comment
Question by:NixManes
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
TAMSCODAN earned 500 total points
Comment Utility
I would sugest that you just put the computer on the same network however create an ACL entry allowing it access DNS, and default gateway, but definatley an ACL is the way to go restricting the access.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html

0
 

Author Comment

by:NixManes
Comment Utility
Do you know if there is away to set ACL configuration through the Network Assistant?
0
 
LVL 3

Expert Comment

by:TAMSCODAN
Comment Utility
no i am not certain of that. You can do it via CLI and its not hard at all.
0
 

Author Comment

by:NixManes
Comment Utility
I will be back out at my customer's site next week and will read the doc you indicated in the meantime. I will post the results here when I try to implement something. Thanks.
0
 

Author Comment

by:NixManes
Comment Utility
I have not had a chance to actually do the work, but I think the solution will likely work. I don't want to keep the question open any longer, so I will post again if I need assistance when I get to it.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now