Network Design Question

[abshah]

I'm sharing a single cable Internet connection with approximately 125 users. I connect to the cable modem to SMC's broadband router and then daisy chain several unmanaged switches to connect the 125 users. The user are configured via DHCP from the broadband router.

The problem I'm having is that all the users are on the same LAN and can see each other's shared resources. I would like to limit the users to only the Internet. Is there any a can achieve this?

Thanks.

 

[wybnormal]

there are several ways to do this and I doubt you will like any of them

Get a real router that allows you to configure access lists.. filter out ports 137/138 which will stop the MS Browsing..

Get a NT server, config a domain, config WINS and then use domain authenication and groups to limit who sees what.

At the least password protect the shares.. it's weak but something.

Get a NT server running Win2K and then use the built in filtering with 2 NICs.. better known as multi-homing..One NIC talks to the router.. the other talks to the LAN.

And there are others.. but this is what pops off the top of my head with the limited info you provided.

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[abshah]

This design is for a hotel. I would like the system should work as follows:

1. the guest arrives with a laptop configured with DHCP
2. plugs into the provided ethernet port
3. turns on te laptop
4. the router assigns a IP & Gateway
5. guest launches their browers/email software

I want each guest to be isolated from each other. They should only have see the router.

Thanks

 

[jimbopalmer]

In theory, if each Guest got a subnet mask of 255.255.255.255 via DHCP, then EVERY address would require a trip to the router. Again in theory, You could configure every port to only route to the ISP port, not to each other. (a nortel accelar certainly can and has upto 96 ports, no idea about your SMC)


The idea of renting out the motel rooms for LAN parties does not appeal to you? I tried to remain child-like, all I acheived was childish.

 

[wybnormal]

Big warning flag here.. all you need is for a guest to claim that sensitive data was lifted off their laptop while browsing on the hotel network.

The most secure way I can think of would be to use vlans for each room. It would be pricy but with support to 4000 vlans per switch, it would work well.

But, you are re-inventing the wheel. There are several companies already doing this very thing.

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[abshah]

So let say I have 1 24 port switch that support vlans and 1 cable router. I assign a unqiue vlan on ports 1-23, which will connect guest rooms, on port 24 I'll use a crossover patch cord to connect to the cable router. What vlan do I assign to port 24?

 

[Jsteve]

You would have to Trunk port 24 to the router

wybnormal do you have a email address where I can reach you?

 

[jimbopalmer]

Lets assume you have an Accelar 1200 or similar routing switch:

you can make one Port go to the SMC router , it will be th Default route

You need a DNS server, the accelar links each subnet to the DNS server

this leaves 94 ports, each its own subnet, which uses defalult routing, and is blocked from any other subnet via an IP filter I tried to remain child-like, all I acheived was childish.

 

[wybnormal]

JSteve-

send email to webmaster@packetattack.com

MikeS Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"