Question

Locked

Cisco VLAN's for a School environment

By scottsorrells ·
We are currently running a completly flat network and planning on implementing VLAN's this summer. We plan on starting out with 2 (maybe 3) vlans at our main high school (which currently is the network 172.17.0.0/16). One vlan will be for students and one for teachers/administration. We currently have one 2003 server at that site providing dhcp/dns/antivirus/wsus updates. What I would like to accomplish is have the students only be able to access devices in their vlan with the exception of the Internet via our firewall at the district office and a sql server at the district office(sql server access only needs to be http and https: to check their grades)and of course both vlan's need to be able to access the dhcp server/antivirus/wsus/dns server. We do not want want them to access the teachers vlan or any other devices in the wan. The teachers need to be able to access their vlan, student vlan (at least the student file server and printers), but not access any other devices in network except the same as students - the internet and SQL server (database access and http/https). We have all cisco switches and a cisco router at the high school and district office. I am fairly new to the cisco world and networking. I am prettly literate in desktop support and Windows dhcp,dns,A.D.,etc. but detailed explanations would be greatly appreciated.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

I have found from another school their networking details .

http://www.point.ro/vlans.htm
This will give you an example. May be similar to what you need.

Please post back if you have any more problems or questions.

Collapse -

Helpful

by scottsorrells In reply to I have found from another ...

Thanks alot. This example is very helpful.

Collapse -

Wouldn't even do VLANs in a school environment

by CG IT In reply to Cisco VLAN's for a School ...

If students have access to a school network I would make it a seperate link that doesn't even get close to the schools administrative network. [meaning the schools network router behind the perimeter router doesn't get traffic from a student lab. Student labs go directly to the perimeter router and then the internet.]

I would look at your federal regs for schools. If students and faculty use school computer resources, all emails and IMs must have a copy made and kept by the school. So those students IMing each other on schools lab computers, or sending out email, you the administrator are responsible to collecting copies of it and storing them. You ought to post a big sign in the lab class that spells this out and a big sign in the faculty lounge.

Here's an except:

Bellingham, MA - BELLINGHAM ? A U.S. Supreme Court ruling requiring school districts to keep track of electronic messages has the technology director at Bellingham High School facing a daunting task.

"We?re looking at a very broad definition of electronic communication, but basically we?re being required to elevate instant messaging and e-mail to the same legal degree as paper," said Kelly Ahrens, the district?s director of technology.

The school district, like all public schools nationwide, is required by an April U.S. Supreme Court ruling to track all electronic information produced by students and employees, including e-mails and AOL instant messages, that occur on school computers, said Ahrens.

link: http://www.wickedlocal.com/bellingham/homepage/8998915688454160383

Collapse -

VLAN use

by scottsorrells In reply to Wouldn't even do VLANs in ...

Our schools all connect via fiber from their routers over to the district router and what I hope to accomplish with the vlan's is to ensure students only have access to their file servers, printers and internet. I was hoping to use VLAN and maybe some acl's to accomplish this. I have ran across numerous schools district's with completly flat networks like ours. We block access to all IM sites and social sites. Of course the students use proxy sites to get around this, but we try to block these as well, but kind of a losing battle. The student are using these proxy site less frequently since they are starting to get suspended when caught. We do archive the staff's communication. I'm sure there is more we could do, but have seen many schools much worse off with compliance issues.

Collapse -

Thanks to Cisco,,

by popleeswager In reply to Cisco VLAN's for a School ...

Hi, first: choosing Cisco's solutions is the first best step you made. So, you didn't mentioned how many current hosts you need to vlan them, but any way you have to consider the future expantion in your design.
Creating vlans, assigning vlan ports, naming, and configuring trunks between switches are some kind of simple oprations; but the most important step is to determine which servers will have heavy traffic access from which vlans and try to locate these servers in their approciate vlans, doing so you will decrease the propability of consuming your bandwidth across many switches. Otherwise, you could create a new vlan ONLY for servers.

I hope i could give you a hand, so if you found it helpful, its my pleasure.
by the way i'm a Cisco Academy's student at Cairo University, Egypt.
direct contact at: popleeswager@windowslive.com

Collapse -

Thanks

by scottsorrells In reply to Thanks to Cisco,,

We have about 400 hosts at the site with about 350 for students and 50 for staff. The students and staff do have separate files servers so putting those servers into the appropriate vlan's shouldn't be a problem just starting to research how to handle the access issue, etc. The only common server they have is the Win2003 dhcp server which also handles the other tasks mentioned previously.

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums