My sister-in-law runs a payroll business from a home office with three networked PCs and a Win2000 server. They have a router to a broadband Internet connection. Their son has his own PC in his room and I'm worried about it being on the same network as the business. Would a VLAN provide additional security, and if so, how can I learn more about setting one up?
Requires Free Membership to View
Answer: If the objective is to restrict Son's PC from accessing the Internet, it can be achieved by making some changes in the router configuration. Enable the following:
MAC filters
Use MAC filters to deny computers within the local area network from accessing the Internet. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the unit.
Filtering
Use IP filters to deny particular LAN IP addresses from accessing the Internet. You can deny specific port numbers or all ports for a specific IP address.
Use MAC filters to deny computers within the local area network from accessing the Internet. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the unit.
Additionally, you can create security policies on W2K server for that particular user ID to allow restrictive access to the network.
Setting up a VLAN for such a small home office network would be very expensive in terms of hardware and setup required. If you can let me know the exact requirement, I might be able to guide you better.
This was first published in March 2005