Does anyone know an ADSL router that allows to disable routing between switch ports? For example:
- part of network connected to port 1 on router can access the Internet but cannot see the part of network connected to port 2 on router
- the same for port 2
The whole network can access the Internet but cannot access each others segments.
The subnet is the same for both ports. I don't want to use different subnets because then someone can change their address and get access to the other segment.
Asked
Active
Viewed 620 times
1
Alakdae
- 1,233
- 8
- 21
2 Answers
1
draytek vigor 2820 and upwards all do which is called Port based vlans.
-
That's exactly what I've been looking for. Thanks! – Alakdae Nov 25 '09 at 14:30
1
Is there a reason that the IP subnet must be the same on both ports?
What you attempting to do is normally done through the use of separate subnets/VLANs, with an ACL/firewall rule restricting access between the two subnets.
Briefly, without using vendor specific config:
VLAN10: 192.168.1.0/24
VLAN20: 192.168.2.0/24
Port 1 -> VLAN 10
Port 2 -> VLAN 20
ACL:
From 192.168.1.0/24 to 192.168.2.0/24 DENY
From 192.168.2.0/24 to 192.168.1.0/24 DENY
From 192.168.2.0/24 to ANY ALLOW
From 192.168.1.0/24 to ANY ALLOW
Some of Cisco's SOHO router/firewall devices (e.g. ASA 5505 or 871 ISR) support VLANs and inter-VLAN ACLs. Other vendors such as Draytek may also provide what you need.
Murali Suriar
- 10,296
- 8
- 41
- 62
-
That's what I've been thinking to do, but on the cheaper routers it is not possible. And I need to minimize the cost. Thanks for the answer though. – Alakdae Nov 25 '09 at 14:29