02-23-2007 03:40 AM - edited 03-05-2019 02:32 PM
Hi All,
We have only one single VLAN across our switch network and would like to implement security, so that users cannot communicate with each other and cannot access each other resources they should only go to default gateway to access internet?
Is this Possible? Please let us know.
Regards,
Khan
02-23-2007 03:44 AM
One way is to setup a windows domain and create user policy so that they cannot login to their local PC as administrator but only a normal user which has only access to resources that enable them to do their job.
02-23-2007 03:49 AM
We do not have windows in our network...Some third party server which is acting as a more than a plain router...this network is only use for internet access and all users are in single VLAN.
We have cisco switches in our network with single VLAN.
We want to implement security within single VLAN so that users cannot communicate with each other and cannot access each other resources...
Is this possible???
Please advice.
Thanks,
Khan
02-23-2007 04:02 AM
Hi
for restriciting access to hosts within a VLAN, a VLAN Map can be used (you need to check your switch supports this feature). See link below for configuration on 3750.
Please rate if this helps.
Thanks
02-23-2007 05:25 AM
Through network its not possible, even you have multiple VLANs unless you restrict one user per VLAN :) The only way its possible in the network is running Network OS and centralized user login like I mentioned earlier.
It is still possible using free and available resources in your user PC, but its tedious and administration nightmare when your network grows. Anyway here it is.
1. Account
- Administrator account should be use only by you. Use a difficult to guess password.
- Create user account for the user without administrative priviledge
***This way, user will not be able to enable services and install unauthorized application
2. Services
- Disable network card bindings for FTP, File and Printer Sharing, RDC, etc...whatever you want to disable.
3. Firewall
- All user PC should use Windows XP SP2
- Enable Win XP Firewall and deny incoming access to well known ports like FTP, etc..
To make this easy, you can issue same model PC for everyone. Perform the above steps to one PC and GHOST the system, then you can make multiple copies of it to all other PC :)
02-23-2007 05:29 AM
I want to implement the security in switches rather in doing in PCs....
02-23-2007 05:33 AM
You did not say which models you have but take a look a Private VLANs. You might use them to do what you want:
These are supported on the 3560 and 3750 models.
02-23-2007 05:39 AM
Here is the switch models for our network...
WS-C2924M-XL-EN
WS-C2950T-24
WS-C3524-PWR-XL-EN
WS-C3524-XL-EN
WS-C4006
Again, I would like to tell you that all users are in VLAN1 and we want users not to share resources and cannot communicate with each other... Is this possible on above models, If yes tell me how?
02-23-2007 05:56 AM
Well in that case, you have to tell us your switch model and IOS version.
This is for switching and security expert to digest and recommend a solution to secure all hosts from each other in a single broadcast domain using switch
02-23-2007 05:38 AM
On a switch a VLAN map is the only way you can restrict traffic within a VLAN :)
Thanks
02-23-2007 05:44 AM
Do you have configuration example?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: