We help IT Professionals succeed at work.
Get Started

Protecting the Management VLAN from customers

776 Views
Last Modified: 2014-09-01
We are setting up a shared office that has 10 rooms, each room has a single Cat5e cable going to it. Each room is used by a different tenant and the networks need to stay segregated. We provide the tenants with shared Internet access and VOIP Phones.

We have our main 26-port smart switch (Cisco SG200-26) in the server room, and we have installed an 8-port PoE smart switch (Cisco SG200-08P) in each of the tenant's rooms. The tenant can have up to 3x VOIP phones and up to 4x PCs in the room, plugged into each port on the switch.

We're planning on using tagged VLANs to keep things secure. The idea is that we'll set up:

   VLAN 1 - default VLAN, management traffic only (e.g. access points, routers, switches etc), subnet will be 10.0.0.0/24
   VLAN 2 - voice VLAN for voip traffic only, subnet will be 10.0.25.0/24
   VLAN 10-19 - customer VLANs, one for each room

So for each of the SG200-08P switches in the tenant's rooms we are configuring them like this, (this example is for the switch that will use VLAN 10 for customer traffic):

Port 1 - trunk port, 1U, 2T, 10T
Port 2 - access port, 2U
Port 3 - access port, 2U
Port 4 - access port, 2U
Port 5 - access port, 10U
Port 6 - access port, 10U
Port 7 - access port, 10U
Port 8 - access port, 10U

The "port 1" on the customer SG200-08P switch will go to, say, port 15 on the main SG200-26 switch, set up like this:

Port 15 - trunk port, 1U, 2T, 10T

So that's all great, but I've got a problem - I need to protect the management and voice VLANs from unauthorized traffic.

What stops a customer from unplugging the switch, plugging a PC into the wall jack and gaining access to the 10.0.0.0/24 management subnet? Or plugging a PC into one any of the PoE ports and gaining access to the 10.0.25.0/24 voice subnet?

I'm playing around in the "Port Security" and 802.1X section of the Cisco SG200... but I'm totally confused.

Can anyone help?
Comment
Watch Question
Commented:
This problem has been solved!
Unlock 2 Answers and 4 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE