Seperating Networks

[Mr N8]

I'm drawing a blank when it comes to this one.

The situation is that I have my main network on a series of switches that have access to our ISP router and our WAN router. This lets them see our 8 branches, all of our server, and have internet access. Marketing is on their own switch for file sharing, and they have dial-up connections for internet access.

What I want to do is give marketing access to our ISP router, since we have a t1, but not let them see the rest of the network.

What software or hardware would I need to do this. Attached is a rough sketch of what it currently looks like. Thanks.

[mbossman2]

Create a VLAN with just the marketing folks on it and another VLAN with everybody else. then trunk the uplink port from the marketing switch to the main network stack switch(es) and then trunk from that switch to the router. I see you are using Cisco, you can use the Cisco Cluster Management software to accomplish most of this, use the security wizard, this is a common task.

Couple of keys here:

1) make sure all switches support 802.1q trunking (most do)
2) make sure that the router itself supports 802.1q trunking (low end routers don't, but higher end ones may)
3) reconfigure the router to make sure that it is aware that there are 2 networks behind it (Marketing VLAN and the one with everybody else on it).
4) Make sure that you build in the ACL a (non) permission that does not allow the marketing folks to use the router as a layer 3 switch and jump back over to the part of the network you don't want them to access

HTH.

[Mr N8]

Thanks. I'll try it out, and see if I still have a job when I'm finished!