1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to isolate office LAN from customer LAN??

Discussion in 'Networking Issues' started by markinsf, Oct 12, 2008.

  1. markinsf

    markinsf LI Guru Member

    Hey there,

    I am not the best at networking. Can anyone help me with this requirement please :

    Small doctors office wants to create a separate LAN for their patients to surf the internet. This LAN should be isolated from the main office LAN for security reasons.

    They are moving the office so I can choose what equipment to buy. The configuration will be as follows:
    Windows Server 2003 serving as DC and DHCP
    Linksys managed 48-port switch
    Linksys RV082 router
    Internet provided by business DSL

    How would I set up an isolated LAN or VLAN using the above appliances/server? Any advice is greatly appreciated!
     
  2. wthess

    wthess Addicted to LI Member

    Well, that's a loaded question. I'm not familiar with the Linksys router you are using, so I don't know if it you can configure VLAN with it or not. Here are your options as I see it.

    - If the RV router is capable of VLANs, setup a separate VLAN for those devices

    - Since you are using Server 2003, there are several things you can do. It's been a while since I've fooled with Server 2003, but I think it comes with a utility you can configure to route the traffic. It will have to be set up as a domain controller, and the workstations will all have to be members of that domain.

    - You could try putting the isolated machines on a different subnet

    - You could "daisy chain" 2 routers/firewalls which will create two separate networks. Machines needing just internet access plug into a switch connected to one router/firewall and the rest of the machines into the other.

    - You could always set up an entirely different network with it's own separate internet gateway for only those computers. This will obviously require another internet connection.


    A lot of what will determine the best way is how the machines are communicating with the main office. What kind of connection is it? Is it using VPN? Is the connection between the two sites a bridged connection? What's handling these connections, the server or the routers? How many devices on each side? Where is the 2003 server going...at the main or at the remote? Or, are there two servers, one on each side?

    See what I mean? It is possible, but the best way depends entirely upon the network configuration. That's why network engineers get the big bucks. This stuff can get complicated quickly and there is no one solution for every setup.
     

Share This Page