We are shortly moving into a new business premises. We will have a new network.
The Cat5 data ports are supplied by a 24 port Gigabit switch which has a BT Business Hub providing Fibre Broadband to the network.
Most of the data ports will be used for office PC's and printers but two of the Ports are located in the Workshop. The Workshop has an office computer but the workshop is often used to connect customers computers to the internet for repairs via a wired/wireless switch or router.
Many of these computers do not have AntiVirus software and are often 'infected'.
I have limited networking knowledge
and I am appealing to the knowledge of the community for the best (simple) way 'isolate' the office computers from the customers computers.
Should I connect the Workshops Office computer to one workshop port that is connected to the main 24port Gigabit switch (for file and printer sharing) and connect customers computers to a wired/wireless switch/router that is connected to the other workshop data port which is connected directly to the BT Business Hub(router) bypassing the 24 port switch and therefore the office network completely. However, if port 2 of the BT Business Hub is connected to the office networks 24 port Switch and Port 4 is connectd to the Workshop switch for customers computers, are the customers computers still 'connected' to the office Pc's or am I overly cautious?
Excuse the poor network sketch ( recommendations for cheap Network Diagram Software gratefuly accepted)
Proposed Network Sketch (some Office Pc's and printers not shown)
BT Business Hub 3 Info -
BT Business Hub 3 Manuals -