Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Seperate LANS


i am fairly new to cisco but i think im now in a position where im ready to make a network. I am required to setup the following:

1. Office Network

2. Web Network

Both networks must be on separate IP ranges, i want my office network to be able to talk to my Web network but my Web network should not be able to talk to my Office network.

I will set it up so that people externally can access the web network.

We currently have no Cisco equipment in my work place but and i intend to purchase a Cisco switch and segment that into VLANS and a cisco router so that i can manage what traffic gets through to my WEB network. Does this sound feasible?



New Member

Re: Seperate LANS

A firewall will provide better security the way you wanted. Unless you are fine with using the established key work in access-lists and also g oalong with the vulnerabilities it has.



Super Bronze

Re: Seperate LANS

Yes, it sounds feasible. When you look at routers, you might see if a firewall feature set is provided or available for it.

New Member

Re: Seperate LANS

What you need to do here is create an Access Control List on the router. you will need to read up on ACLs because there is a bit to learn,

An access control list can filter traffic (any or all traffic)coming into or leaving your network. this should resolve your issue

Please rate if this helps


New Member

Re: Seperate LANS


well ideas should be no problem, if your number of personals are small. Maybe you could fix a static ip into each individual host, and permit a certain range for internet access. It long term or for future growth you might hit bump or dead end.

There are numbers of ways in resolving the issues.

1) You might one to consider proxy server which control internet access for each individual host. Different users, different login and thus different internet access.

2) you could also dynamic vlan policy, using software like VMPS-SRV (, you can tie mac-address to a specific vlan, and from there you could control user via their mac-address.

either ways, its all depend to your future expension and flexibility. other than that, depends also on your money. cheers

CreatePlease login to create content