Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco, Catalyst 2950, VLAN security question

Posted on 2008-10-10
5
Medium Priority
?
459 Views
Last Modified: 2008-10-29
Have a client who wants to add a personal computer to his work environment. This new machine is to be used on the Internet as anyone would at home, without restrictions on what can be downloaded or accessed. For purposes of stopping any potential viruses from getting to the rest of the existing network, this new machine needs to be isolated in such a way that it can be freely open to the internet, but stopped from making *any* connections to any other machine in the local environment. However, this new machine still needs to be able to print to the network printer. The equipment available is a Catalyst 2950 switch, a Linksys router, and a proprietary VPN device, in that order from the internal network to the DSL modem. All devices are currently connected to the 2950 switch. I was hoping to isolate this new machine with the use of VLANs, but don't know enough about them to get it to work. I have tried for a few days with various setting via Cisco Network Assistant, but am not finding any success. If VLANs aren't the way to go, I was also thinking of connecting this new machine to the VPN device for internet connectivity (which will allow the connection to a port and act like a router in that case), but don't know if there is a way to allow access to the printer back through the Linksys router without giving total access to the rest of the network, too. Any help would be appreciated.
0
Comment
Question by:NixManes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
TAMSCODAN earned 1500 total points
ID: 22688523
I would sugest that you just put the computer on the same network however create an ACL entry allowing it access DNS, and default gateway, but definatley an ACL is the way to go restricting the access.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html 

0
 

Author Comment

by:NixManes
ID: 22689461
Do you know if there is away to set ACL configuration through the Network Assistant?
0
 
LVL 3

Expert Comment

by:TAMSCODAN
ID: 22689511
no i am not certain of that. You can do it via CLI and its not hard at all.
0
 

Author Comment

by:NixManes
ID: 22699432
I will be back out at my customer's site next week and will read the doc you indicated in the meantime. I will post the results here when I try to implement something. Thanks.
0
 

Author Comment

by:NixManes
ID: 22832822
I have not had a chance to actually do the work, but I think the solution will likely work. I don't want to keep the question open any longer, so I will post again if I need assistance when I get to it.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question