How can I provide access to the Internet only on my network for a small group of users?

Fito January 30, 2015


I already have a network working nicely and I just want to set up a little 8-port switch for 6 users.  They will be using it temporally for about 4 days in a conference room. They must not be able to access the main network.  They just want to able to use the internet through the main network.

How can I get a range of IP addresses to that little switch for these people?

  1. fito
    January 30, 2015 at 3:48 pm

    Thanks for the answer Bruce, it was helpful.


  2. Bruce E
    January 30, 2015 at 3:42 pm

    If you are using DHCP on your network, IP addresses wouldn't be the issue. They would automatically get them once they connect to the switch, but they would have unfettered access to the remainder of your network as well.

    Instead of only using a switch, I would put in a router between that switch and the rest of your network. Allow DHCP on the leg connecting to the switch in the conference room to automatically assign them IP addresses that are on a completely different range from your network and configure a rule on the router to drop all packets from the conference room leg to the rest of your network. All other packets would go through your network to be routed out to the Internet.

    For example, if your network was set up to use the address range 192.168.x.y, set up the router to the conference room to use 10.1.1.x. Then you make your rule to drop packets destined to 192.168.x.y. By doing this, the users in the conference room will not be able to even do any kind of recon on your network. No port scans, nmapping, etc. since the router is just discarding packets destined to your machines, yet it will allow traffic to any other addresses out normally.