0

My Network topology looks like this:

PC1-------
PC2-------Switch--------Router-PT
PC3-------2960-24
PC4-------

What I try to accomplish is: No PC is allowed to ping PC3, but PC3 is allowed to ping every PC.

Do you have any suggestions? Can I somehow route all packets to the router first in order to use an ACL list, or do I have to use VLANs here?

Manu922222
  • 7
  • 3
  • what type of switch are using? you can use vlans and/or ACLs depending on the switch model. SOHO, off the shelf switches may not sure those features. – onxx Mar 24 '19 at 14:20

1 Answers1

0

A regular switch will connect all the PCs without even passing the packets to the router.

If you want to be on the safe side, you have to use different VLANs with different IP ranges, and have rules in the router for what to allow and what to deny.

If your requirements are not that high, you can also use different IP ranges without different VLANs. Without VLANs, the switch will not separate the PCs, but the different IP ranges will, unless someone reconfigures their PC. So it depends whether you want to separate against accidental access or against intentional access from someone with admin rights.

RalfFriedl
  • 3,008
  • 4
  • 12
  • 17