We do not have windows in our network...Some third party server which is acting as a more than a plain router...this network is only use for internet access and all users are in single VLAN.

We have cisco switches in our network with single VLAN.

We want to implement security within single VLAN so that users cannot communicate with each other and cannot access each other resources...

Is this possible???

Please advice.

Thanks,

Khan

Hi

for restriciting access to hosts within a VLAN, a VLAN Map can be used (you need to check your switch supports this feature). See link below for configuration on 3750.

http://www.cisco.com/en/US/customer/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00807743d9.html#wp1600210

Please rate if this helps.

Thanks

Through network its not possible, even you have multiple VLANs unless you restrict one user per VLAN :) The only way its possible in the network is running Network OS and centralized user login like I mentioned earlier.

It is still possible using free and available resources in your user PC, but its tedious and administration nightmare when your network grows. Anyway here it is.

1. Account

- Administrator account should be use only by you. Use a difficult to guess password.

- Create user account for the user without administrative priviledge

***This way, user will not be able to enable services and install unauthorized application

2. Services

- Disable network card bindings for FTP, File and Printer Sharing, RDC, etc...whatever you want to disable.

3. Firewall

- All user PC should use Windows XP SP2

- Enable Win XP Firewall and deny incoming access to well known ports like FTP, etc..

To make this easy, you can issue same model PC for everyone. Perform the above steps to one PC and GHOST the system, then you can make multiple copies of it to all other PC :)

I want to implement the security in switches rather in doing in PCs....

You did not say which models you have but take a look a Private VLANs. You might use them to do what you want:

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a0080774419.html

These are supported on the 3560 and 3750 models.

Here is the switch models for our network...

WS-C2924M-XL-EN

WS-C2950T-24

WS-C3524-PWR-XL-EN

WS-C3524-XL-EN

WS-C4006

Again, I would like to tell you that all users are in VLAN1 and we want users not to share resources and cannot communicate with each other... Is this possible on above models, If yes tell me how?

Well in that case, you have to tell us your switch model and IOS version.

This is for switching and security expert to digest and recommend a solution to secure all hosts from each other in a single broadcast domain using switch

On a switch a VLAN map is the only way you can restrict traffic within a VLAN :)

Thanks

Do you have configuration example?