Re: separating LANs?
- From: perfimage <perfimage@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 18:28:02 -0800
I cannot provide an ACL. I do not know of a way to stop computers connected
to the same switch from seeing one another unless the client comps are
firewalled individually, as the switch is unable to stop any traffic between
computers on the same switch, but it can stop traffic between managed
switches, much the same way a firewall blocks ports, you stop traffic between
switches on ports 137, 138, and 139.
Chances are the OP doesn't have managed switches so this is all moot, but I
believe he can successfully acheive the end result by using a second
inexpensive router and some creative firewalling rules in the 2 routers.
"Neteng" wrote:
> Can you provide an example of a switch ACL that blocks file sharing and
> printing?
>
>
> "perfimage" <perfimage@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:3FBF1DE9-4B72-414A-BEC7-F8D26BC30F71@xxxxxxxxxxxxxxxx
> > What about adding another router to the mix?
> >
> > Keep the router you have connected but designate it for use by only the
> > resort computers. Add the second router, connecting it's WAN port to one
> of
> > the LAN ports of the first router, and designate it for use by only the
> > "neighbors" computers.
> >
> > Each router should be assigned a different subnet, and computers from each
> > subnet(resort and neighbors) will be prevented from seeing each other
> first
> > by the hardware then the subnets. Your first router will then route
> traffic
> > from the second router to the internet. The second router can get it's IP
> > address via DHCP or you can assign it an IP and create firewall rules on
> the
> > first router to make sure it's traffic is kept completely separate from
> the
> > first.
> >
> > AS far as keeping the neighbors (on teh second subnet) computers from
> seeing
> > one another, that is nearly impossible except at switch level, and only if
> > they are managed switches where you can stop certain communication between
> > them, such as windows printer and file sharing.
> >
> > This will require you to reroute some wiring in wiring closets and such to
> > pyhsically saparate the 2 LANs, but should be doable.
> >
> > Good Luck
> >
> > "gglave@xxxxxxxxxxxxxx" wrote:
> >
> > > Hi Everyone,
> > >
> > > I look after a small LAN on for a small rural resort. They've got a
> > > handful of computers plugged into a Linksys BEFSR41
> > > (http://tinyurl.com/a99bl) router for network & internet connectivity.
> > >
> > > I'm looking for some way to set things up so that if this resort
> > > "shares" its internet connection with a few neighbours they can't "see"
> > > the other computers on the LAN, nor can the neighbours see each other's
> > > computers. The computers at the resort should still be able to see
> > > each other.
> > >
> > > Can anyone recommend a (hopefully inexpensive) piece of hardware to
> > > accomplish this? I know I could probably research some kind of a Linux
> > > box to manage the traffic, but I'd prefer to have some kind of small
> > > dedicated piece of equipment that doesn't risk a hard disk failure,
> > > power supply failure etc. as I'm six hours away and the folks at the
> > > resort are computer illiterate.
> > >
> > > Thanks in advance.
> > >
> > > Cheers,
> > > Geoff Glave
> > > Vancouver, Canada
> > >
> > >
>
>
>
.
- Follow-Ups:
- Re: separating LANs?
- From: Neteng
- Re: separating LANs?
- References:
- separating LANs?
- From: gglave
- Re: separating LANs?
- From: Neteng
- separating LANs?
- Prev by Date: Re: AddIPAddress
- Next by Date: Re: AddIPAddress
- Previous by thread: Re: separating LANs?
- Next by thread: Re: separating LANs?
- Index(es):
Relevant Pages
|
