Hi Dave,
Even though you can do it with a switch but its not secure enough to satisfy highly profiled customers because packets can be sniffed across vlan ports using mirroring port and there is no packet inspection and if you need vpn in the future you have to look from all over again.
So here is my solution for this even though I am not trying to push for it but product at netscreen (www.netscreen.com) called NS1000 is directly targeted for this kind of multi-tenant networking sites. It has integrated firewall, VPN and traffic shaping in gigabit throughput range. You can use virtual systems and vlans inside one NS1000 and if in the future remote sites want to come into their appropriate local site just turn on the vpn features for appropriate virtual system. Each tenant will have total security through the firewall. If one tenant want to talk to other tenant they have to go through NS1000 by following their appropriate policy. It support, vlan tagging, NAT and other firewall options for sure.
Here is physical topology
Internet<---->NS1000<-->Switch<---->Tenant-1, Tenant-2,.......Tenant-100.
Product has been released 6 months ago and is under deployment in major ASPs and ISPs such as cable&wireless, loudcloud, yipes are few.
More info at http://www2.netscreen.com/pub/
-Singh
-----Original Message-----
From: Dave Kemper [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 11:31 AM
To: [EMAIL PROTECTED]
Subject: Is a switch secure? (managed/unmanaged)
Hello Group Study,
A quick question for you.
Scenario:
I have a client with about 8 leased offices in his complex, total 16 drops
plus room for future expansion. He would like to provide shared high speed
Internet access to each office but for security reasons must maintain
confidentiality between each office. Additionally some offices would like to
share files between the office renter and their individual secretary.
Internet --> Firewall -> switch--> (Office #1 Secretary PC) & (Office #1
Business owner).
The network may have to be reconfigured as tenants moving in and out have
different network requirements.
My solution:
My first thought would be to get a managed 24 port switch that where each
port can be configured for separate VLANs. Configure all ports to have
access to the port for Internet access and set ports between each secretary
and there office manager to have access to each other.
1) Can this be done this way?
2) Is this the best way to do this?
3) What other solutions would resolve the problem?
4) Can you recommend brands and models of hardware for this solution?
If anyone has any good resources on the Net or from Vendors that explains
this well, I would appreciate knowing about them. Please post replies to the
group for all to learn from and if it is convenient copy to my email address
also.
Thank you in advance and have fun!
Dave Kemper, MCSE, CCNA
[EMAIL PROTECTED]
AMK Computers
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
