Assist req. for lan implementation
Hello
I am having a LAN & WAN Setup. Basically the connectivity of my LAN connection is given through my Central Router. I want to segregate my Local LAN. The reason of segregating LAN is if any system from my LAN setup get infected (due to any reason if it starts broadcasting) due to that the backhall of my central routers gets fully utilized which cause the slow response in wan network.
In current Scenario i am having plain network which I want to distribute in to vlans as per our I want to create a more than 15 nos of Vlan. I am using a backbone link as a copper (10/100) also I want to restrict some of users. I want to know the details of following queries
1. Suggest me which Layer 3 core switch I have to use (specify me the Product & Model) So that I can utilize maximum no (20 Nos.) of TX Port (10/100/1000mb).
2. Assume Host A member of vlan 1 and Host C and Host D Member of Vlan 2. My requirement is that Host ?A? Can be able to do communication with Host ?C? which is member if Vlan 2 but host ?A? should not be able to communicate with the Host ?D? which is also the member of Vlan2. To accomplishing this purpose what should I have to do?
3. I also want to keep all servers in separate Vlan. But don?t want to change the IP address, which are in used by my servers. So please suggest me for the IP scheme which I can assign to my propose Vlan ?A?, ?C? and ?D? So that they can communicate with each other and with all my servers.
IP Range for Servers is 144.1.150.X / 16
Waiting for ur urgent reply
Thanks & Regards
Prafulla R
Software/Hardware used:
Software/Hardware used:
ASKED:
January 31, 2005 3:26 AM
UPDATED:
February 1, 2005 10:46 AM
Answer Wiki:
Your theory is a little bit off. By creating vlans, you don't really segment the traffic. All clients will still have to reach the servers and wan access. This means that by creating vlans, your router will be doing more work. This will cause more bottle necks getting to the wan. Every packet will have to be routed, instead of switched.
I do agree with you on putting the clients into a separate vlan from the servers. You can use non-routable numbers. By doing so, you can setup an internet proxy and limit who get access to the outside world. With the proxy, and a firewall that only allows the proxy server access to the internet, you can gain control over the network.
Your real need is to setup ACL's (access control lists). In that way, you can block some ports that virus use. You do have to use caution here, though. The reason the ports are open is that some program, probably a Microsoft network application, is using them. Some network applications will stop functioning when certain ports are blocked.
It appears to me that your main problem is a weaker core router. While I can't suggest anything by name, you can email me offline and I can give you my limited knowledge about setting up this network. The main thing to remember is KISS, keep it simple .........
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
