General discussion

  • Creator
    Topic
  • #2209893

    student network puzzle

    Locked

    by maradonna ·

    hi folks, i hope one of you network wizards can help a dim student, trying to get thro HNcomputing,with a view to be a master networker(a dot in the horizon), i cant get a hold of my tutor for help

    2 lans split by router(cisco 2600) in the same office. Now i have an office 400 metres
    away to link by wireless adsl router/switch/hub (whatever is best).internet is also needed but new office should have web and ftp blocked, BUT should be able to send and recieve email both internally and from the internet . Easy peasy for one of you giants of IT networking. please can you give me a few ideas. i would greatly appreciate it.
    maradonnaisgod

All Comments

  • Author
    Replies
    • #2892283

      Ports.

      by seanferd ·

      In reply to student network puzzle

      A not-entirely-elegant simple solution would be to block the ports FTP and HTTP(S) use, but not those used by email, regardless of the design of the network. If there is to be some differential between subnets, you’d have to look further into the abilities of the Cisco device.

    • #2894191

      distance

      by maradonna ·

      In reply to student network puzzle

      its an old device so blocking the ports sounds a good enough solution (cheers)but would the wireless router reach 400 metres away?
      the ethernet cable for the web gets plugged into existing (cabled) router which is splitting the main office (192.168.2.1 and 192.168.1.1) then cabled to wireless router/switch which sends signal 400 metres to wap? does this make sense ???
      how would the configuring go. ??
      cheers sean ferd for your input . much appreciated.anybody else give me a hint?

    • #2845928

      Doable

      by icebergtitanic ·

      In reply to student network puzzle

      It’s very much possible to run a wireless connection that far, but there’s lots of variables. Your antenna hardware and broadcasting power, interference from physical structures such as trees and buildings, and interference from other electromagnetic sources such as power lines and other wireless transmitters.

      You can certainly apply an ACL to your router to limit the traffic leaving the branch LAN. Cisco ACL’s run in sequential order, so you would just set a couple “Allow” orders first, for the email and such, and then if you wanted to do so an explicit “deny all” just for clarity.

      example (not certain how if this works on a 2600, I usually work with ASAs):
      access-list branch_outbound permit tcp 192.168.1.0 255.255.255.0 any eq 25
      access-list branch_outbound permit tcp 192.168.1.0 255.255.255.0 any eq 110
      access-list branch_outbound deny ip any any

      Your biggest “gotcha” is going to be making sure that your routing is set up correctly for your dis-contiguous network…

Viewing 2 reply threads