cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
466
Views
2
Helpful
4
Replies

Port based VLAN Advice

j.khandia
Level 1
Level 1

I'm looking to set up a test environment in order to test network security and in particular setting up a port based VLAN.

Could anyone recommend Cisco hardware that would support the following:

24-port switch to be setup as 24 segmented port based VLANS (this is to prevent pc's plugged into each port on the switch from accessing other pc's plugged into the switch. The switch needs to be able to provide DHCP addresses to PC's plugged into the switch.

DSL router which will connect to the switch and provide the gateway to the internet for the PC's plugged into the switch, firewall capabilities are required.

I have looked at the Cisco 2950-24 switch and the Cisco 2600 Multiservice platform router but from what I have read I am not sure which models to purchase and whether they support what I am trying to setup.

4 Replies 4

rais
Level 7
Level 7

You need PVLANs or private VLANs. This way you will save a lot of IPs. You can also try Cisco 3550-24 switch.

Hope this helps.

Not applicable

To answer your question, the key is your definition regarding preventing PC's plugged into each port on the switch from accessing other PC's plugged into the switch?

Since the purpose of VLAN is to break up broadcast domain, instead of preventing from accessing each other, with a router such as 2600, different VLANs still have logical connection, such as they are able to pinged each other, and so on.

dbellazetin
Level 4
Level 4

I think a 2950-24 with protected port configuration would be perfect for what you are trying to do.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d84c2.html#xtocid3

As far as the DSL router the Cisco 827 4-V, or 837 will provide the DSL interface and Ethernet interface you need along with full Cisco IOS, NAT, IOS Firewall, and VPN.

http://www.cisco.com/en/US/products/hw/routers/ps380/

Dan

nstathak
Level 1
Level 1

A 3550 will best serve your needs, as it can provide the DHCP server functionality as well as the PVLAN or VLAN requirements. I don't believe the 2950 can offer DHCP server functionality.

My take is you'll need PVLAN's who'll access only the routed ported being the DSL router.

The switch won't provide firewall services, but your DSL modem most likely will.

nick

Review Cisco Networking for a $25 gift card