• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 531
  • Last Modified:

Hardware switch/router/firewall appliance to assign and restrict fixed ip to ethernet port

Hi experts!!

First post on here for a long time so forgive me if this is already answered somewhere.

I am setting up a mini server room and offering my clients a co-location service for small servers mainly used for offsite backup, ftp, calender and non mission critical web hosting.

I have had a leased line installed and currently have 64 fixed public ip addresses given to me by my provider.

I want to offer the ip's out assigned to my customers (up to 2 ip's per customer) so they can co-locate a small server in our server room. I will be giving them full control of their co-lo server we install for them. Each customer will be given a small server and 1 or 2 ports on the switch/appliance.

I need a cost effective hardware appliance that will allow me to assign a block of 1 or 2 ip's to each customer but also need to make sure the that the appliance limits them to the ip's i give them, for instance if they accidentally add the wrong ip to their server which would then conflict with someone elses in my range of 64.

I also need the ability to monitor and/or restrict the bandwidth usage per customer/port

Lastly i would really prefer something that has a web gui to make it easy for me configure as I have little CLI knowledge.

My budget is up to £500 but i would like to spend less and consider second hand equipment, I was wondering if there was a 16 or 24 port switch/router/firewall appliance that would do this task but if there is a better way of doing this i am open to advise.

Thanks in advance
0
stellamartois
Asked:
stellamartois
  • 4
  • 3
1 Solution
 
deibelCommented:
try netgear fvx538 and GS724TS and use VLAN
they are a few hundred € together. dont know the exchange-rate
you can try UTM25 instead of fvx538 to offer IPS, but that will cost a little more
the switch is stackable for further requirements

hope this will help
0
 
deibelCommented:
fvs336 may fit you as well
0
 
deibelCommented:
do you need further help?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
stellamartoisAuthor Commented:
yes sorry for the delay, if i purchase these what is the basic configuration?
I take it the FVX538 is used for the VLAN so that the public range of 64 IP's are bridged over to each port on the GS724TS?

in this example of 2 public ip's out of the range

LEASED LINE (64 public ip's 217.250.250.130 - 217.250.250.193
|
fvx538
|
GS724TS
|_ethernet rj45 port 1 = customer server 1- public ip 217.250.250.130
|_ethernet rj45 port 2 = customer server 2- public ip 217.250.250.131
etc


Basically each server would need a public ip and i just want to map them to a hardware port on the switch

just unsure how to do this as haven't done it before or used VLAN, sorry for ignorance on this.
0
 
deibelCommented:
yes, thats how it works.

you can configure the fvx to classic routing, so it does no NAT on the connection.
with VLAN, you can devide the physical ports on layer2, so that they cant communicate with each other unless you route between them.

if you dont grant network admin rhights on your server you may simply do some subnetting. but if the customer can change his ip to another subnet, he will be able to get access to other machines. so it is better to controll that with a switch.
0
 
stellamartoisAuthor Commented:
thanks, i have a GS724TS on order, i'm not sure if i also  need the FVX because the router supplied by the ISP is preconfigured NONAT with the 64 IP's, i expect it would be good to have the FVX for bandwidth profiling and firewall??

awarding points, will post another question when equipment arrives if i need help.
0
 
stellamartoisAuthor Commented:
solution needed a little more elaboration but a solution non the less.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now