Hi,
i want to setup one physical LAN that contains
- a Office LAN
- and a Guests LAN.
I could do this by creating VLANs for both, but i want to have it ideally even more flexible: So that every plug (i mean a ethernet plug where a user can plugin) that connects to this physical LAN gives access to the Office AND the Guest LAN. The Guest LAN would be the default connection. With some kind of key e.g. one could also get access to the office LAN. Is there a technology to implement something like this?
Also all the traffic at the office LAN must be encrypted then, so that nobody from the "Guests" can sniff data. The Guests LAN could be open and basically only provides connection to the internet (and a printer) but not to internal servers e.g.
I think such a scenario could be definitively realized by creating a VPN: Users can only connect to the Office LAN via VPN - the data is encrypted and only accessible when one has the key.
However is this a good idea? I see major problems: I don`t see a way that only the users need to connect to the VPN, but also the whole backbone (all the servers) must be in there, no?
Even more a problem: If i`m not wrong all the communication in the office LAN must then run via a single point: the VPN gateway/server, no? If so, that would be a big overhead in the network communication and would change the whole behaviour of the network (if one client sends data to another client that is connection to the same switch the data wouldn`t take the direct way via the switch but all needs to go via this single point of the VPN?)
Sorry for the long text. I hope the main point that i want to achieve is clear:
- Office and Guests LAN available from every plug
- Office LAN should be secure (Users from Guest LAN should not be able to sniff data)
The things about VLAN and VPN are just my thoughts and ideas, however i don`t have a professional knowledge about that at all - so i could well be that i got something wrong or that there is some other obviously approach (RADIUS?).
Please let me know what you think...
Thx!
i want to setup one physical LAN that contains
- a Office LAN
- and a Guests LAN.
I could do this by creating VLANs for both, but i want to have it ideally even more flexible: So that every plug (i mean a ethernet plug where a user can plugin) that connects to this physical LAN gives access to the Office AND the Guest LAN. The Guest LAN would be the default connection. With some kind of key e.g. one could also get access to the office LAN. Is there a technology to implement something like this?
Also all the traffic at the office LAN must be encrypted then, so that nobody from the "Guests" can sniff data. The Guests LAN could be open and basically only provides connection to the internet (and a printer) but not to internal servers e.g.
I think such a scenario could be definitively realized by creating a VPN: Users can only connect to the Office LAN via VPN - the data is encrypted and only accessible when one has the key.
However is this a good idea? I see major problems: I don`t see a way that only the users need to connect to the VPN, but also the whole backbone (all the servers) must be in there, no?
Even more a problem: If i`m not wrong all the communication in the office LAN must then run via a single point: the VPN gateway/server, no? If so, that would be a big overhead in the network communication and would change the whole behaviour of the network (if one client sends data to another client that is connection to the same switch the data wouldn`t take the direct way via the switch but all needs to go via this single point of the VPN?)
Sorry for the long text. I hope the main point that i want to achieve is clear:
- Office and Guests LAN available from every plug
- Office LAN should be secure (Users from Guest LAN should not be able to sniff data)
The things about VLAN and VPN are just my thoughts and ideas, however i don`t have a professional knowledge about that at all - so i could well be that i got something wrong or that there is some other obviously approach (RADIUS?).
Please let me know what you think...
Thx!