This seems like an application for wireless. Wireless might be more convenient for the lawyers. Of course, it would have its own issues.
It would depend on your building, but perhaps you could connect the wireless access point to a VLAN other than the VLAN that your servers are on, or possibly to a DMZ, as a starting point for a bit more isolation than is provided in your current plan of using Ethernet ports. Priscilla The Long and Winding Road wrote: > > I read through the other responses that have hit the list so > far. > > I am assuming that there are network LAN ports under each table > in the > courtroom. I am assuming that you have some means of knowing / > restricting > which ports people plug into? > > Why not put those ports into a single vlan, and then at the top > level, use > policy routing to restrict forwarding only to your firewall / > internet > connection? > > Are you going to be supplying DHCP addresses, default gateway, > and DNS > information to all those who visit? > > In theory, this is an easy service to configure and offer, and > in theory > there are few issues with security. > > -- > > www.chuckslongroad.info > > > > > ""Robert Edmonds"" wrote in > message > news:200210181908.TAA09447@;groupstudy.com... > > I work for a county government. As part of building a new > courthouse, I > am > > tasked with providing attorneys in courtrooms with Internet > access through > > my network. Of course, I would like to provide them access > to what they > > need while blocking access to our internal network. > > My network is setup in the following manner: > > In the new courthouse, the MDF has a 3550-12G acting as the > root switch > for > > the building, and has the layer 3 image. It connects > directly to my core, > > with a 6506 with Sup2 and MSFC2, which in turn connects to my > PIX 515 for > > Internet access. I plan on creating a separate VLAN for the > public > Internet > > access, but beyond that I'm left a bit short. Obviously I > don't want to > > create a 300 line access-list that would deny them access to > each internal > > VLAN, then each of our servers in turn. Can someone give me > some > > suggestions to get this done? Thanks in advance. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55922&t=55898 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
