Use vlan to isolate a computer
Posted on 2011-10-04
First off, let me apologize for my inexperience in the networking world. I am part of a small company and I AM are IT guy and I am learning as I go.
Here is my situation:
I have 5 static IP address asssigned to me by my internet provider. Lets say they are 126.96.36.199 - 205.
I currently have one ethernet cable entering into the building that supplies my internet connection. That cable is connected into port 1 of my router which is set up as its very own vlan (vlan 2). The rest of the ports on my router are set up on a seperate vlan (vlan 1). I use NAT to direct traffic from the incoming (vlan 2) feed to the rest of the network connected on vlan2.
I have a need to allow someone to access a computer on my network using one of the static IPs (188.8.131.52) that have been assigned to me by my internet provider. It seems to me that setting up a new vlan for that computer to connect to and then forward the incoming traffic from the 184.108.40.206 IP address to the new vlan would be a reasonable answer to this issue.
Does this seem like a good way to do this? And if so, how exactly do I go about it.
My initial thought is to assign the incoming IP (220.127.116.11) to the vlan, assign a port on the router to that vlan and than connect the computer to that port. My only question is; what do I set the computers IP, gateway, etc to? Does this sound right?
If there is a cleaner, better way to do this, please let me know.
Thanks for any help.