you need a good switch, stop arp/ip spoofing and stuff like that, especially if you don't know what they will be doing. Even if you trust those people, if their box gets exploited it might end up causing problems for everybody. you could do it with a cheaper switch and a router with static arp tables as well, lots of ways, but just treat those other internal boxes as a threat just as much as the outside, thats my opinion.
A decent Layer 3 switch is all you need for that kind of setup, that will take your uplink and distribute to your vLan's. If you need an external firewall, consider one of the lower end Watchguards, or a PIX 501.
█ Dan Kitchen | Technical Director | Razorblue
█ ddi: (+44) (0)1748 900 680 | e: [email protected]
█ UK Intensive Managed Hosting, Clusters and Colocation.
█ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).
Originally posted by diegosan so would you go with a pix that can do basic routing
pix 506e -->> cisco 3524 switch ->> hosting servers
or with the router way??
cisco 2601 router -->> cisco 3524 switch
Cisco routers == recipe for disaster. First of all, the 2600 series will choke if most of your 10mbits is DoS. Just because they have multiple 100mbit interfaces doesn't mean they'll actually route 100mbits. I've pegged the CPU on 2621's by taking on a meager 2.2 Kpps of DoS traffic over a T1.. it's rather sad.
Your VLANs can be done with any decent Layer 3 switch, so long as it doesn't choke on DoS. Although there are ways to accomplish a similar end result with Layer 2 switches that support MAC filtering, I don't recommend it. It's good to get into the habit of facing every unique customer with a L3 switch port.
By the way, what do you need the PIX to do that a good Layer 3 switch with ACL's can't do?
2600 series are outdated anyways. Have you looked into Juniper?
█ Voxxit - Accessible Web Design & Secure, Affordable Web Hosting
█ Now offering 501(c)3 non-profit discounts!
█ Ruby on Railsincluded with every hosting account! - Save up to 80% bandwidth on all plans with mod_deflate!
█ Visit our services page to see how Voxxit can help you today!