Seperate LANS

Unanswered Question
Oct 10th, 2008
User Badges:


i am fairly new to cisco but i think im now in a position where im ready to make a network. I am required to setup the following:

1. Office Network

2. Web Network

Both networks must be on separate IP ranges, i want my office network to be able to talk to my Web network but my Web network should not be able to talk to my Office network.

I will set it up so that people externally can access the web network.

We currently have no Cisco equipment in my work place but and i intend to purchase a Cisco switch and segment that into VLANS and a cisco router so that i can manage what traffic gets through to my WEB network. Does this sound feasible?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
naveen_b81 Fri, 10/10/2008 - 04:27
User Badges:

A firewall will provide better security the way you wanted. Unless you are fine with using the established key work in access-lists and also g oalong with the vulnerabilities it has.



Joseph W. Doherty Fri, 10/10/2008 - 05:40
User Badges:
  • Super Bronze, 10000 points or more

Yes, it sounds feasible. When you look at routers, you might see if a firewall feature set is provided or available for it.

shane.kearney Mon, 11/10/2008 - 10:58
User Badges:

What you need to do here is create an Access Control List on the router. you will need to read up on ACLs because there is a bit to learn,

An access control list can filter traffic (any or all traffic)coming into or leaving your network. this should resolve your issue

Please rate if this helps


hasmurizal Mon, 11/10/2008 - 19:40
User Badges:


well ideas should be no problem, if your number of personals are small. Maybe you could fix a static ip into each individual host, and permit a certain range for internet access. It long term or for future growth you might hit bump or dead end.

There are numbers of ways in resolving the issues.

1) You might one to consider proxy server which control internet access for each individual host. Different users, different login and thus different internet access.

2) you could also dynamic vlan policy, using software like VMPS-SRV (, you can tie mac-address to a specific vlan, and from there you could control user via their mac-address.

either ways, its all depend to your future expension and flexibility. other than that, depends also on your money. cheers


This Discussion