insulating a LAN

Unanswered Question

Hi,

I am working for a laboratory which is situated in a university and we are currently part of the university network. I was recently made responsible for insulating the Laboratory LAN from this of the university aiming higher security. I am managing two servers (DNS, Mail, WWW, FTP, etc) but since I'm not a network professional I am looking for advice on a solution based on CISCO products.

Our LAN consists of about 35 units (PCs, servers, network printers, network cameras) all switched into a 20 port switch (additional switches are used along the way) which is then connected via fiber optics to the university network. All the devices have real IPs which have to be preserved. So I probably need a router which has

- a fiber optics port as input (or as a separate module?)

- possibly 20 100mbit ports as output

- built in firewall

- optional VPN support

Any suggestions would be greatly appreciated. Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ahmednaas Sun, 02/11/2007 - 23:24

What type of switch are you using now?

Depending on the security policy you want to implement, it might be sufficient to use a Cisco L3 switch such as the 3560 (with advanced ip services image) instead of your current switch.

You can always add a router/VPN concentrator later for optional VPN support.

Thanks a lot.. for opening my eyes for the managed switches ;)

We currently use a lowcost COREGA 16 port switch (owned by the university). There is a 100Base-TX to 100Base-FX converter before it so it turns out that I don't need the option of having 100-Base-FX on the switch itself (or am I wrong?)

Moreover, I have overestimated the number of ports needed - 16 will suffice.

I examined the 3560 which you offer and I know that I may have confused you with the number of ports but can you please recommend me a managed switch with not more than 16 ports. In terms of security, I want to:

- internally - restrict devices with uknown MACs from being part of the network

- ACL-based security

- optional monitoring and logging

Thanks ;)

ahmednaas Mon, 02/12/2007 - 06:49

I don't recall any Cisco 16 port switches. Anyway, Having a few extra port is not a bad idea. And the C3560-24TS is not too expensive. It can do all what you need and more.

Actions

This Discussion