IT Employment

General discussion


Converting From many subnets to few

By mikeseaton ·
I work at a college that presently has 30 subnets for a campus of only 1200 machines. The old admin tech belives every building should be a seperate subnet and vlan (which he placed acl's on each) even though it is all student and faculity that needaccess to all. I was thinking that one large subnet or only two subnets and have open access. Does anyone have experience in this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Need More info

by road-dog In reply to Converting From many subn ...

relating to client / server architecture, security requirements / existing subnet layout.

A big, flat network is an option, but the inter-VLAN routing provides an opportunity to put rudimentary security in place. This should not be discarded without due consideration. I have designed and built several campus networks for community colleges and would NEVER leave everything wide open.

I suggest leaving a faculty VLAN in place and assigning MAC security on switch ports for faculty members.

As for students, put in whatever permissions in place that suit your IT plans. I would recommend putting IT lab and open use library computers under tighter security profiles, because if a student intends to do damage, they will use those commonuse machines to hide their activities.

Set up your network equipment management IP ports on a "management" VLAN. (I like to use VLAN **1).

I hope this helps.

Collapse -

Road-dog On Target

by Mike Mullins In reply to Need More info

I agree with the dog. Perhaps 30 VLANS is overkill and a management nightmare, but there definitely needs to be a segregation of trusted and non-trusted traffic with tighter security.

Faculty should probably be divided into different VLANS by department. Students lump them into a VLAN and open machines get a separate VLAN. Problems will arise from the student and open machines network and you can shut them down without effecting faculty (you can also rate limit their traffic).

Good Luck,0bytes

Related Discussions

Related Forums