By mousesandkeyboards

VLAN isolated with "NetGear Insight" the network of the accounting PC

( * This story is fiction. It has nothing to do with real people or organizations other than net gear)

I want to network the accounting PC and server

One day, while Kentaro was organizing the documents at his own seat, Kageyama, the accounting department on the same floor, came.Kageyama is a great veteran who has been enrolled since the founding of Gochiso bento, accounting and human resources alone.It is said that there is a consultation about the network connected to the accounting system.

"There is a desktop computer for accounting and bank transfer, and a dedicated server with accounting software ..."He wants to strengthen these two security.Of course, only Kageyama and the president can log in to those terminals, but both are connected to internal networks.Until now, I didn't care much, but the guest Wi-Fi for visitors was set up and I was a little worried.

Certainly, it is safer to separate other machines and networks for terminals that handle highly densely density such as accounting, salary, and personnel.Kageyama asks, "I don't know well, but should I pull the LAN cable separately?", But of course, it is not necessary, and only two terminals have been created and there is only two terminals there.It should be okay if you connect.

Kentaro has already created a new VLAN when installing a guest Wi-Fi.This time it was the same this time -I thought for a moment, but it is said that the PC and server for accounting operations are wired LAN connection.In that case, if you set the "access port" to the switch, you should be able to respond.I have to try it.

When I explained the plan to Kageyama, I got OK in front of me, "Thank you!Kentaro, who consulted the director on his feet and obtained permission without difficulty, started setting immediately after the end of the day.

"Access port" for connecting to a specific VLAN with a wired LAN

The order from Kageyama wants to make sure that other employees and visitors cannot access network access to accounting PCs and servers.In many cases, general companies have separated (isolated) networks (isolated) by VLAN only in departments such as accounting, finance, and human resources, and are one of the basic security measures.You should create a new accounting VLAN in Gochiso lunch so that only the accounting PC and the server can be connected to it.

In the 9th article of this series, we introduced a method of creating a new VLAN to install a guest Wi-Fi.However, in this case, the PC and server are "wired LAN connection".In the case of wireless LAN, the connection destination SSID and VLAN corresponded, but in the case of wired LAN, the "access port" of the switch that Kentarou came up with will be used.

The access port sets a VLAN ID to the switch port itself, and a VLAN ID tag is given to the traffic from the terminal connected to it.This allows the network to be isolated by blocking access from other devices belonging to other VLANs.

However, since the VLAN ID is assigned to the physical port, if the attacker connects a PC to the access port, it can enter the VLAN.Therefore, in order to make full -fledged security measures, separate terminal authentication (IEEE 802).It is recommended to combine 1X).That said, VLANs and access ports do not need to introduce complicated and expensive systems, and if it is a company that is about Gachiso lunch, there is no loss in introducing it first.

Create accounting VLANs and set access ports

This accounting PC and server will be connected to the Insight -compatible smart switch "GS110TPP" introduced in the previous article.The setting procedure itself is not much different from the previous time.

First, the LAN cable of the accounting PC and the accounting server is inserted into the switch.This time, I connected to the 7th port and the 8th port.

Next, set these two ports as an access port.First, launch the "NetGear Insight" app on the smartphone, and open the network location to be set (in the case of the "GOCHISOO" network).If you tap the "Location" tab at the bottom of the screen and "Network Settings" in the center of the screen, the VLAN currently set in this network location will be displayed.

経理専用PCのネットワークを「NETGEAR Insight」でVLAN隔離する

This time, the accounting VLAN will be added here, so let's tap " +" at the top right of the screen.

First, start the "NetGear Insight" app, select a network location, and tap " +" on the set VLAN list screen.

The screen "Network Settings" is displayed, so set up a new accounting VLAN.Set "Network name", "VLAN name" and "VLAN ID" and tap "Next".Since the network name and VLAN name are managed names, they are easy to understand, and the VLAN ID is a number that does not overlap with existing VLANs.This time, the network name was set to "Keiri", the VLAN name was "Keiri VLAN", and the VLAN ID was "200".

Set network names, VLAN names, and VLAN IDs for accounting for accounting

The next "Wired" screen is the setting screen of the access port, which is an important point.Set the newly created Keiri VLAN as an access port on the 7th and 8th port of the GS110TPP switch connected to the PC and the server earlier.

On the screen, there is a list of devices in the network, so search for the GS110TPP switch.In the previous article settings, the number 1 /2 of the connected to the access point and the 10th port connected to the router have been set in the trunk port.

Here, tap the 7th port and the 8th port icon, and with the selected state, tap the "Access port" displayed below.The new 7 /8 port is now set as an access port for Keiri VLAN (VLAN ID: 200).After setting, tap "Next".

"Wired setting" screen.Tap the 7th and 8th ports of the switch to set the "Access port"

The next screen is "Wi-Fi setting", but this time KEIRI VLAN does not allow access from wireless LAN, so no SSID is added.Tap "Next" without doing anything to proceed with the screen.

Next is the IP address assignment setting for Keiri VLAN.Set on two screens: whether to use a DHCP server or an IP address to use.The network address assigned to Keiri VLANs must be used different from existing VLANs (business VLANs, guest Wi-Fi VLANs).Nevertheless, you don't have to think too hard, just set the "gateway dress" to belong to a subnet that does not overlap with other VLANs (192).168.3.1).Furthermore, when the "DHCP server" is enabled, the range of the address assigned to the terminal with DHCP is automatically set.

KEIRI VLAN assigns an IP address with DHCP.Set the gateway dress so that it does not overlap with other VLANs

The next "Network Share" screen is a screen that specifies VLANs that can communicate with KEIRI VLAN.This time, we will not communicate with other VLANs, so we will proceed next with invalid state.

The setting is complete.Finally, a list of network devices that reflect this setting information is displayed. Tap "Confirm" to perform the setting change process.

The setting starts to reflect the settings, and if there is no problem, a screen marked "Successful" is displayed.Just in case, make sure that KEIRI VLAN has been added in the network settings.

Finally, a list of network devices that reflect the setting change is displayed.When you tap "Confirm", the setting change process is performed.After displaying "Success", make sure that the "Keiri" network has been added just in case.

Keep in mind, and it's another push.Make sure that you can't access the terminals (such as servers) in KEIRI VLANs from the employee VLANs and the guest Wi-Fi VLANs, access to each other within KEIRI VLAN, and that KEIRI VLAN can access the Internet.If you can do this, it's perfect.

Once the setting is completed, make sure that the between VLANs is isolated (cannot communicate with each other).

"Well, I can't access the accounting server from my PC ... OK. From Kageyama's PC, I can access the accounting server ... so I can access the Internet from Kageyama's PC.Yeah, this is OK. "

As you check the access, Kentarou strokes your chest.

Kentarou, who was watching Kentaro's work next to him, was impressed with "amazing!"It seems that no one was a successor to Gachiso lunch, who had worked with so much."No, I'm not amazing, it's just a good product," he was humble, but he was a little happy.

(Provided: Internet gear)

VLAN isolated with "NetGear Insight" the network of the accounting PC

I want to network the accounting PC and server

"Access port" for connecting to a specific VLAN with a wired LAN

Create accounting VLANs and set access ports

Navigation Lists

Category

Related Articles

What is IEEE802.11ax (Wi-Fi 6)? Details of the latest wireless LAN standard understood by 5 advantages | Business + IT

Aruba Unveils Industry's First Enterprise-Grade Wi-Fi 6E Solution

[Osaka Marriott Miyako Hotel] Plenty of cheese! Italian buffet held company release | Nikkan Kogyo Shimbun electronic version

The reason why there are many fuel troubles in "Hiace" The possibility of damaging the engine Frequent mistakes in fueling in Toyota "Hiace"? Why do fuel problems occur

Hot Articles

Why is the new business bag of a long -established brand match the way of working?

Panasonic CNS to IT provider - Corporate change worked by former Microsoft CTO, Japan Microsoft CTO

About 100,000 Twitter followers!Popular creative watercolor illustration painter Natsuki, her first book has released a "painting" technique! "How to draw creative watercolor illustrations" released in February.

When choosing a media PC mouse that digs deeper into "I want to know", based on technology and people, I tried to measure the performance from Logitech to 100 yen shop items.