I have a cisco 3750 switch. It currently has 2 vlans on it. I would like to be able to provide internet only access from this switch to a meeting room. What is the easiest and most ssecure way to do this? Thank you.
You would create an additional VLAN and then apply an access list on the VLAN interface that precludes traffic except to the internet. Let's assume you have created VLAN 20 and want to use that as your Internet only VLAN. The example below allows for the client to obtain a dhcp address and to use dns services internally. You then block access to all RFC 1918 (private) addresses, assuming that's what you are using internally. The helper-address is for DHCP.
Another simple approach would be to create an Internet-Only 3rd VLAN. Keep this VLAN Layer2, no Layer3 switching. Connect this VLAN to a DMZ port on your firewall. Configure the firewall such that the DMZ is only allowed internet access, no access from or to the Internal network.
You will need to provide a DHCP server for this VLAN.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...