[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

Isolating a port on my managed switch

Hi
i need to limit network access on one of the ports on my switch
it is a NETGEAR FSM726 managed switch

the computers that are connected to that port are not to have access to the other computers on the network and should only be able to browse the web
since they will be located in a public meeting room

i need to know how to do this if it is at all possible ?
and also any suggestions about the best way to accomplish this if there is another better way

thanks

0
Hoddi1
Asked:
Hoddi1
  • 4
  • 3
  • 2
2 Solutions
 
lkravenCommented:
Isolate it from the rest of the network by assigning this access port to a separate VLAN.

Then at the router, you can create a route for this VLAN and ACLs to permit it only to go out to the internet, and not back towards the rest of your network.

By itself, a layer 2 switch such as you have will not be able to apply any rules other than segregating traffic by VLAN.  You will still need to route and control traffic from a layer 3 device trunked to your switch.
0
 
louislietaerCommented:
Yes it is possible, you have to create a new Vlan on this port. You will have also to configure you internet router.

Give me your lans schemas (lan,dnz,wan) for more explanations
0
 
lkravenCommented:
An alternative solution is to install a Firewall in between the conference room computer and the rest of your network.

You could install pfSense from here: http://www.pfsense.org/

Using an inexpensive machine with two NICs you could use the firewall to create rules about which networks are available and restricted to your conference room machine.

But by itself, your switch can't do this.
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
Hoddi1Author Commented:
Hi
this network is set up the following way

1x zyxel P-660HW-D1 Router
1x NETGEAR FSM726 managed switch

ip adress is
router 192.168.1.1
switch 192.168.1.108
only 5 more devices connected to the network
with random 192.168.x.x ip adresses

it is just a standard ADSL connection
0
 
louislietaerCommented:
Best to do

Configure dmz on your router let say 192.168.2.0

configure as many needed switch port  to vlan 2 (dmz)

wire every port properly

0
 
Hoddi1Author Commented:
thanks
but i dont think this router has DMZ feature, it does however have a firewall and some other features that i am not sure what do,
maybe i could use the firewall on the router somehow, any  ideas ?
http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040812093058&CategoryGroupNo=AC5783AE-9475-41AD-BDA5-0997187F44AA&display=6241
0
 
louislietaerCommented:
To achive your needs you will to setup a multilans router. I have not the knowlege of your router.

the solution of lkraven: or m I prefer ipcop (http://www.ipcop.org/) very easy to setup. as lkaven said, you will need a old pc or a first price one. I will 3 NiCs one for internet (zyxel), one for your lan and one for the conference room. And you still need to configure 2 Vlans on your ethernet switch.

I am still suprise that the zyxel has not dmz features. Check that with your vendor or with an another question on this forum.

Hope I was helpfull



0
 
Hoddi1Author Commented:
thanks, i will try asking another question about the zyxel
i am trying to avoid adding another computer to the network

do you think this can be accomplished by using the zyxel built in firewall, ?
it does have a lan to wan configuration, but how would i tell zyxel to only block computers connected in the conference room, since they would have random IP addresses
0
 
louislietaerCommented:
I have been searching on the net. It seem you are rigth, the zyxel router won't do the job.

So change the router and buy one with dmz functionality, or install the pc even a 486 will do the job.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now