Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is series 300 switch correct for me?

Hi

I have been looking into the 300 series switches. I'm a software developer but haven't much experience withh switches and network security, so I need some advice if this is the correct switch for me or if I should look into other swithces.

I'm looking for a switch for an advanced home network.

Requirements:

- Minimum 24 gigabit ports

- Can be placed in a standard rack

- Good quality!

- Not to pricy :-) 300 series is ok.

- I would like to set up one or two web servers. I'm not an expert in security (yet ;-)) but I guess the sensible thing here would to have these in a seperate VLAN/Zone so if somone gain acess to these they do not get access to my home network. The web servers will only have low to medium load. If I get high load I will probably move them to a cloud service.

Additional wishes:

- Preferble with PoE, but since I do not need this right away I could later add a smaller PoE when needed. But I see some of the 300 series switches have PoE so that would be great.

How I consider setting up my network:

- A router with static IP from my network hosting company. This router have a wlan, that I will setup for guest wlan access.

- Cisco router with minimum 24 ports divided into two networks. One for my web servers and one for my home nettwork. I guess this should be configured as dmz in the router from my hosting company to not create any comflicts with the firewall in the hosting router?

- On the home network I will place another seperate wlan router that will grant access to the home network.

I guess when communicating between the home network and the web servers I can use the internal ip's to not go on the internet and use the external ip of the web servers if I want the communcation to go through internet?

Should I place an additional hardware firewall for the web server or do the cisco router provide enough security in addition to software firewalls? Of course I would like to have the web servers as secure as possible but having the home network secure is even more important.

Many questions here but any help would be apreciated. Especially around what swith to select!

Thanks

2 REPLIES

Re: Is series 300 switch correct for me?

Lets so through your requirements one at a time. My responses are in red

lotorvik1 wrote:

Hi

I have been looking into the 300 series switches. I'm a software developer but haven't much experience withh switches and network security, so I need some advice if this is the correct switch for me or if I should look into other swithces.

I'm looking for a switch for an advanced home network.

Requirements:

- Minimum 24 gigabit ports -  no problem

- Can be placed in a standard rack -  no problem
- Good quality!  -  no problem  we back our product with a tremendous warranty

- Not to pricy :-) 300 series is ok. yes correct

- I would like to set up one or two web servers. I'm not an expert in security (yet ;-)) but I guess the sensible thing here would to have these in a seperate VLAN/Zone so if somone gain acess to these they do not get access to my home network. The web servers will only have low to medium load. If I get high load I will probably move them to a cloud service. -  sr far no problem

Additional wishes:

- Preferble with PoE, but since I do not need this right away I could later add a smaller PoE when needed. But I see some of the 300 series switches have PoE so that would be great.  Ok so far you need to order  p/n SRW2024P-K9  (SG300-28P)

How I consider setting up my network:

- A router with static IP from my network hosting company. This router have a wlan, that I will setup for guest wlan access.

- Cisco router with minimum 24 ports divided into two networks. What do you mean by router,  did you mean switch? My switch can be enabled at layer 2 or 3 switch but it does not have the same software  capabilities as a VLAN aware WAN router.

  One for my web servers and one for my home nettwork. I guess this should be configured as dmz in the router from my hosting company to not create any comflicts with the firewall in the hosting router? So the webservers will be in this DMZ ?

- On the home network I will place another seperate wlan router that will grant access to the home network. so far so good

I guess when communicating between the home network and the web servers I can use the internal ip's to not go on the internet and use the external ip of the web servers if I want the communcation to go through internet? Can't see why no,  but this communications will be via the router supplied by the Hosted company, and I assume that traffic from the private side of the hosted router will go though some sort of NAT process and stateful packet inspection to the DMZ.. You better check with tech support from the hosted company that the routerv they supply allows for  bi-directional IP traffic from protected side of hosted router to DMZ of hosted router.

Should I place an additional hardware firewall for the web server or do the cisco router provide enough security in addition to software firewalls? Is the router you talk about,  the Hosted SP supplied router or are you confusing the term with my switch ? A traditional cisco router with IOS based  firewall is  good enough for me.


But , SRW2024P-K9 (SG300-28P)  switch based ACL will restrict access to the webserver, but is not a guarantee you are fully protected,  quite the contrary.  ACL in a switch , maybe with zone based firewall and  secutity appliances such as ironport products and ASA55XX, NACs, and trustsec etc.. are tools to help you reduce security vulnerability.

regards Dave

New Member

Re: Is series 300 switch correct for me?

Thanks for the good response!

Yes I meant cisco switch not router all the places where I said Cisco... sorry about that.

Actually I thought about having the Cisco 300 switch in DMZ on my router from the ISP so I do not need to configure both and let the Cisco control things :-) I planned to place the web server in a seperate VLAN on the cisco switch. If someone hack my web server, will they easily get access to the other VLAN's? Thats my biggest concern.

ASA55XX etc is a bit outside my price range. A zone based firewall. Is that somthing I can setup in the switch for the different VLAN's or do I need a seperate product for that? If I do, do cisco have any reasonable priced firewalls you can recomend? Or should I upgrade to a different switch with firewall build in?

I see I need to read up alot on security but I really apreaciate all your help! :-)

507
Views
5
Helpful
2
Replies
CreatePlease login to create content