Announcement

Collapse
No announcement yet.

24 port switch and not connect to each other?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 24 port switch and not connect to each other?

    Ok so question...
    Dell powerconnect 2724 switch..
    If you plug a cable modem into port 24... then 23 pcs into other ports.. all computers can get to internet...


    Question is how do you prevent each computer on 23 ports from accessing each other?


    Someone asked me and i wasnt sure. Use case is 23 seperate office rooms to share a single internet provider connection.... but not get to each other.

    Let me know...
    Thx
    HW - i5 4570T @2.9ghz runs @11w | 8gb ram | 128gb ssd OS - Win10 x64

    HS - HS3 Pro Edition 3.0.0.435

    Plugins - BLRF 2.0.94.0 | Concord 4 3.1.13.10 | HSBuddy 3.9.605.5 | HSTouch Server 3.0.0.68 | RFXCOM 30.0.0.36 | X10 3.0.0.36 | Z-Wave 3.0.1.190

    Hardware - EdgePort/4 DB9 Serial | RFXCOM 433MHz USB Transceiver | Superbus 2000 for Concord 4 | TI103 X-10 Interface | WGL Designs W800 RF | Z-Net Z-Wave Interface

  • #2
    Originally posted by TeleFragger View Post
    Ok so question...
    Dell powerconnect 2724 switch..
    If you plug a cable modem into port 24... then 23 pcs into other ports.. all computers can get to internet...


    Question is how do you prevent each computer on 23 ports from accessing each other?


    Someone asked me and i wasnt sure. Use case is 23 seperate office rooms to share a single internet provider connection.... but not get to each other.

    Let me know...
    Thx
    The most simple method would be to disable device and file sharing on all of the computers. All directories have permissions that can be allowed to only specific users or denied to all.
    Last edited by rprade; May 27th, 2016, 11:05 AM.
    Randy Prade
    Aurora, CO
    Prades.net

    PHLocation - Pushover - EasyTrigger - UltraECM3 - Ultra1Wire3 - Arduino

    Comment


    • #3
      You'd need a Layer 3 Switch where you can put each port into its own VLAN and subnet and then only allow the VLANs/subnets to route to the internet and not each other. Static IP addressing would likely be best in that scenario, although DHCP could be setup as well, but someone would need to control that.

      Cheers
      Al
      HS 3.0.0.548: 1990 Devices 1172 Events
      Z-Wave 3.0.1.262: 126 Nodes on one Z-Net

      Comment


      • #4
        Run a DNS server. Set your LAN machines to only request DNS from your server. At the firewall block any DNS requests from any machine other than your DNS server from leaving the LAN. Put a hosts file on the server that NXDOMAINS all of your LAN machines. Block multicast MDNS at each machine's local firewall. Something like that should do it.

        It has to be possible to deliberately break name resolution on purpose because I do it all the time by accident. Keeping track of 24 VLANs would give me a headache.

        Comment


        • #5
          I guess it really depends on how secure it needs to be. With some options, a smart mischievous user would still be able to to find a way to access the other systems if they weren't all locked down properly. How well do you trust all of the 23 users?

          Cheers
          Al
          HS 3.0.0.548: 1990 Devices 1172 Events
          Z-Wave 3.0.1.262: 126 Nodes on one Z-Net

          Comment


          • #6
            Originally posted by TeleFragger View Post
            Ok so question...
            Dell powerconnect 2724 switch..
            If you plug a cable modem into port 24... then 23 pcs into other ports.. all computers can get to internet...


            Question is how do you prevent each computer on 23 ports from accessing each other?


            Someone asked me and i wasnt sure. Use case is 23 seperate office rooms to share a single internet provider connection.... but not get to each other.

            Let me know...
            Thx
            I hope he's not selling some type of internet/connection service to those 23 tenants, with this level of knowledge

            But seriously, what is the actual need? Does he have control over the 23 computers or are those his customers?

            If he's providing connectivity for the 23 ports, yet they're not supposed to know of each other, then

            If they're wireless, this is a common requested features and can be enabled with 'AP Isolation mode', which lets everyone connect to the net, but not each other.

            For wired connection, you'll probably need L3 switch/router and put each client in their own subnet..
            HW: HS3 w/ Win8.1 on ASRock C2550d4i. Digi AnywhereUSB, Hubport, Edgeport, UZB, Z-trollers, PLCBUS, SONOS, GC-100, iTach IP2SL, WF2IR, IP2IR, RFXtrx433, Harmony Hubs, Hue, Ademco Vista 128BP, NetAtmo, NetAtmo Welcome

            Google Search for HomeSeer Forum

            Comment


            • #7
              I'm using the same hardware, the Dell 2724, and it's a layer 3 switch if you turn such features on. Everything I know about VLANs could be fit on the back of a postage stamp but would very much like to keep two ports away from all the rest.

              Simple question:

              Is this beyond me? Would it take more time to wrap my head around this than it's worth?
              Originally posted by rprade
              There is no rhyme or reason to the anarchy a defective Z-Wave device can cause

              Comment


              • #8
                private vlans do exactly what you are describing.

                Comment


                • #9
                  using private vlans you will put the port connected to your gateway in promiscuous mode. Put the pc ports in isolated mode. Promiscuous ports can talk to anyone. Isolated ports can only talk to promiscuous ports.

                  you will need a router for your network. You need a layer three device to do dhcp and nat

                  Comment


                  • #10
                    i believe his use is that he has a large studio - well actually works as a building maintenance guy / keep it all running (photography i believe) and many people come in and when needed a internet connection while there, he does not want ANY of them to be able to access each other. more of a security thing for himself.
                    he didnt mention wifi and to me that would also be needed as customers entering if need internet access would more so use cell phones... hmmm not sure his 100% need as I dont think he knows either..


                    he isnt selling internet service... hah.. although that would be interesting on how much you could get for that!!!!
                    HW - i5 4570T @2.9ghz runs @11w | 8gb ram | 128gb ssd OS - Win10 x64

                    HS - HS3 Pro Edition 3.0.0.435

                    Plugins - BLRF 2.0.94.0 | Concord 4 3.1.13.10 | HSBuddy 3.9.605.5 | HSTouch Server 3.0.0.68 | RFXCOM 30.0.0.36 | X10 3.0.0.36 | Z-Wave 3.0.1.190

                    Hardware - EdgePort/4 DB9 Serial | RFXCOM 433MHz USB Transceiver | Superbus 2000 for Concord 4 | TI103 X-10 Interface | WGL Designs W800 RF | Z-Net Z-Wave Interface

                    Comment


                    • #11
                      want ANY of them to be able to access each other. more of a security thing for himself.

                      Yup there is a possibility that they will still see each other using the same network.

                      You can just create a public wireless network. The default wireless networking configuration for a public wireless network will protect the users.
                      - Pete

                      Auto mator
                      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                      HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                      HS4 Lite -

                      X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                      Comment

                      Working...
                      X