Cisco, Catalyst 2950, VLAN security question
Posted on 2008-10-10
Have a client who wants to add a personal computer to his work environment. This new machine is to be used on the Internet as anyone would at home, without restrictions on what can be downloaded or accessed. For purposes of stopping any potential viruses from getting to the rest of the existing network, this new machine needs to be isolated in such a way that it can be freely open to the internet, but stopped from making *any* connections to any other machine in the local environment. However, this new machine still needs to be able to print to the network printer. The equipment available is a Catalyst 2950 switch, a Linksys router, and a proprietary VPN device, in that order from the internal network to the DSL modem. All devices are currently connected to the 2950 switch. I was hoping to isolate this new machine with the use of VLANs, but don't know enough about them to get it to work. I have tried for a few days with various setting via Cisco Network Assistant, but am not finding any success. If VLANs aren't the way to go, I was also thinking of connecting this new machine to the VPN device for internet connectivity (which will allow the connection to a port and act like a router in that case), but don't know if there is a way to allow access to the printer back through the Linksys router without giving total access to the rest of the network, too. Any help would be appreciated.