Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
8
Helpful
3
Replies

Internet Connectivity Without LAN Connectivity

rossua994
Level 1
Level 1

‎08-07-2007 04:16 AM - edited ‎03-03-2019 06:12 PM

Can anyone advise what the best approach to the following hypothetical scenario would be :-

An organisation has 20 workstations each of which requires internet access, but none of which requires connectivity to any of the other workstations.

The obvious solution of a router and a switch would mean that the workstations were connected at Layer 2 and all on the same subnet. To use VLANs would seem a cumbersome solution as 20 separate VLANs would be needed.

Are there routers or router modules that would supply the 20 necessary Ethernet ports required to keep all the workstations on separate networks ? (Though this seems a cumbersome solution too).

Or, is there no practical way around this problem and the 20 workstations should just be connected to a single switch, and a router used to provide internet connectivity to the LAN ?

Thanks in advance for any advice.

Labels:
0 Helpful
3 Replies 3

rais
Level 7
Level 7

‎08-07-2007 04:46 AM

Private VLAN seems a good option for your need.

Under Primary VLAN you can create 'isolated VLAN' which prevents hosts on a vlan from talking to each other.

http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00805b57c2.html

Thanks.

wochanda
Level 4
Level 4

‎08-07-2007 04:46 AM

This functionality is present on most switches we have out at this time. The two features that will give this functionality are:

-Protected ports

-Private VLANS

Higher-end switches support private VLANs, where lower-end switches support protected ports. When setting up private VLANs, you'll look to put your hosts in an 'isolated' PVLAN, where they'll be able to talk to the 'promiscuous port'(router), but not each other. On protected ports, you'll just configure 'switchport protected' on the ports you dont want to have L2 connectivity.

If you're looking to put a 3560/3750 on-site, you'll want to look at this:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12235se/scg/swpvlan.htm

For a 2960, look here:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/12237se/scg/swtrafc.htm#wp1029319

If you're using a HWIC-4ESW or a HWIC-9ESW in an ISR router, you can look here:

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008086f312.html

rossua994
Level 1
Level 1

‎08-07-2007 06:29 AM

Many thanks for both replies, these have been very helpful. Incidentally, I was wondering if there is any Cisco documentation available on the web-site that describes how to choose the best Cisco equipment for particular networking scenarios. I am studying for my CCNA and things like access, distribution, and core switching layers are more at the CCNP level.

Are there certification exams or any Cisco Press books which cover this ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card