This is my first post here and I hope this place turns out to be a good resource. Heres the situation, my ISP provides me with a modem. The modem allows for Ethernet connection and is ran to my Cisco 3700 series router. The second port on the router runs to a Cisco 3524XL switch and then provides a connection to all my computers. One of these computers happens to be a server that I use for file hosting. I forwarded the port on my router to be able to access it from a remote location, no problem.
I have a few issues, but I think the answer to this one question can solve them. My fear is that if my server is compromised, then anyone can jump from there to any of my other computers. To make it even more complicated, I also have a Cisco 1130 Aironet wireless router hanging off this switch which allows for the same problem.
I thought about it and VLANS would be nice, but if my server is in a separate VLAN then the gateway, well then thats a no go. I also thought I could maybe trunk the connection from the router to the switch (w/ router on a stick), now my different VLANs can all talk to a gateway, but also too each other, so no go there. Sadly my switch does not support PVLANs, but it does support a port-protected mode. After reading the description of what it does, I am not sure if it will work. It states that ports are isolated as long as their protected, but a layer-3 device is needed to forward traffic.
I will continue researching, but if anyone knows of a good way to help out comments will be much appreciated. Thanks in advance!
That is another easy option, using port protected isolates Layer 2 unicast, multicast, and broadcast traffic from other protected ports on the same switch.
When enable, communication between protected ports on the same switch is possible only through a Layer 3 device. To prevent communication between protected ports on different switches, you must configure the protected ports for unique VLANs on each switch and configure a trunk link between the switches.
Hope this help.