Let me start off by saying I am a novice to much of the equipment I am about to describe. I am basically writing to find out if it is feasible to segment or partition out one port on the Catalyst 4006 so that the port can only see and have access to the internet but not to the rest of the network and machines connected to the 4006. Our setup is as follows...
Cisco Pix 506E Firewall - internet service connects to the Pix and the Pix connects to one of the ports on the 4006. Pix is set to hand out IP addresses.
Cisco Catalyst 4006 has the following installed..
WS-X4013 Supervisor II Engine module and 2 WS-X4124-FX-MT 100BaseFX Switching Modules.
All of our machines connect to the 4006. We would like to have one port that is set so it can not see the rest of the ports and computers connected but can see the Pix to obtain an address and see the internet. This port would be used for something like a wireless access point that people could use with laptops but we wouldn't have to worry about people connected to this port having access to the rest of the network.
Is this feasible with the above mentioned equipment? Again, I am a novice and currently this is just to find out if such a thing can be done.
Thanks to any who can shed some light on this question.
I think it is not a problem. Define VLANs on 4006, one VLAN for a wireless comunication and assign to that port you mentioned and the other for rest of the computers, servers, etc. DHCP should assign two subnets IP space, one for wireless e.g. 192.168.1.0/24 and the other for rest of the network 192.168.2.0/24. Create a trunk between 4006 and PIX and create interVLAN routing. To restrict people with wireless to access prod network use access-lists on PIX.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...