I have a network set up as shown in the diagram below:
Internet --> Router --> Managed Switch 1 --> Switch -> C1 and C2
| |--> Multiple PCs
|
|-> Managed Switch 2 --> Multiple PCs
|-> Managed Switch 3 --> Multiple PCs
|-> Managed Switch 4 --> Multiple PCs
If the crappy diagram doesn't make sense, there is a router connected 4 managed switches. Off the first switch, one port goes to an unmanaged switch with 2 computers behind it. I need to isolate these computers (C1 and C2 in the diagram) from the other computers on the LAN while also allowing internet to both C1, C2 and the rest of the LAN.
My first thought was to create a VLAN on the managed switch which C1 and C2 are behind. The VLAN would create 3 groupings, C1+C2, the rest of the machines on that switch, and the uplink port. I could successfully isolate C1+C2 from the rest of that switch but the uplink port would leave them open to the other 3 managed switches.
So I'm thinking the isolation needs to be done from the router but don't know where to go from there. What is the proper way to accomplish this?
Best Answer
Perhaps you could put switches 2, 3, and 4 in another network. Keep the VLAN setup that you've successfully used to isolate C1 and C2 from the "multiple PCs" that are also on MS1. The router would basically be creating "LAN"s instead of the switch creating Virtual "LAN"s.
Communication between the two networks then would have to be explicit.