10-10-2008 02:25 AM - edited 03-06-2019 01:51 AM
Hi,
i am fairly new to cisco but i think im now in a position where im ready to make a network. I am required to setup the following:
1. Office Network
2. Web Network
Both networks must be on separate IP ranges, i want my office network to be able to talk to my Web network but my Web network should not be able to talk to my Office network.
I will set it up so that people externally can access the web network.
We currently have no Cisco equipment in my work place but and i intend to purchase a Cisco switch and segment that into VLANS and a cisco router so that i can manage what traffic gets through to my WEB network. Does this sound feasible?
Regards,
AD
10-10-2008 04:27 AM
A firewall will provide better security the way you wanted. Unless you are fine with using the established key work in access-lists and also g oalong with the vulnerabilities it has.
Cheers,
FRK
10-10-2008 05:40 AM
Yes, it sounds feasible. When you look at routers, you might see if a firewall feature set is provided or available for it.
11-10-2008 10:58 AM
What you need to do here is create an Access Control List on the router. you will need to read up on ACLs because there is a bit to learn,
An access control list can filter traffic (any or all traffic)coming into or leaving your network. this should resolve your issue
Please rate if this helps
Shane.
11-10-2008 07:40 PM
hi,
well ideas should be no problem, if your number of personals are small. Maybe you could fix a static ip into each individual host, and permit a certain range for internet access. It long term or for future growth you might hit bump or dead end.
There are numbers of ways in resolving the issues.
1) You might one to consider proxy server which control internet access for each individual host. Different users, different login and thus different internet access.
2) you could also dynamic vlan policy, using software like VMPS-SRV (http://sourceforge.net/projects/vmps-srv/), you can tie mac-address to a specific vlan, and from there you could control user via their mac-address.
either ways, its all depend to your future expension and flexibility. other than that, depends also on your money. cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide