Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
4
Replies

Seperate LANS

awdscot83
Level 1
Level 1

‎10-10-2008 02:25 AM - edited ‎03-06-2019 01:51 AM

Hi,

i am fairly new to cisco but i think im now in a position where im ready to make a network. I am required to setup the following:

1. Office Network

2. Web Network

Both networks must be on separate IP ranges, i want my office network to be able to talk to my Web network but my Web network should not be able to talk to my Office network.

I will set it up so that people externally can access the web network.

We currently have no Cisco equipment in my work place but and i intend to purchase a Cisco switch and segment that into VLANS and a cisco router so that i can manage what traffic gets through to my WEB network. Does this sound feasible?

Regards,

AD

Labels:
0 Helpful
4 Replies 4

naveen_b81
Level 1
Level 1

‎10-10-2008 04:27 AM

A firewall will provide better security the way you wanted. Unless you are fine with using the established key work in access-lists and also g oalong with the vulnerabilities it has.

Cheers,

FRK

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-10-2008 05:40 AM

Yes, it sounds feasible. When you look at routers, you might see if a firewall feature set is provided or available for it.

0 Helpful

shane.kearney
Level 1
Level 1

‎11-10-2008 10:58 AM

What you need to do here is create an Access Control List on the router. you will need to read up on ACLs because there is a bit to learn,

An access control list can filter traffic (any or all traffic)coming into or leaving your network. this should resolve your issue

Please rate if this helps

Shane.

0 Helpful

hasmurizal
Level 1
Level 1

‎11-10-2008 07:40 PM

hi,

well ideas should be no problem, if your number of personals are small. Maybe you could fix a static ip into each individual host, and permit a certain range for internet access. It long term or for future growth you might hit bump or dead end.

There are numbers of ways in resolving the issues.

1) You might one to consider proxy server which control internet access for each individual host. Different users, different login and thus different internet access.

2) you could also dynamic vlan policy, using software like VMPS-SRV (http://sourceforge.net/projects/vmps-srv/), you can tie mac-address to a specific vlan, and from there you could control user via their mac-address.

either ways, its all depend to your future expension and flexibility. other than that, depends also on your money. cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card