General discussion

  • Creator
    Topic
  • #2335836

    Converting From many subnets to few

    Locked

    by mikeseaton ·

    I work at a college that presently has 30 subnets for a campus of only 1200 machines. The old admin tech belives every building should be a seperate subnet and vlan (which he placed acl’s on each) even though it is all student and faculity that needaccess to all. I was thinking that one large subnet or only two subnets and have open access. Does anyone have experience in this?

All Comments

  • Author
    Replies
    • #3584188

      Need More info

      by road-dog ·

      In reply to Converting From many subnets to few

      relating to client / server architecture, security requirements / existing subnet layout.

      A big, flat network is an option, but the inter-VLAN routing provides an opportunity to put rudimentary security in place. This should not be discarded without due consideration. I have designed and built several campus networks for community colleges and would NEVER leave everything wide open.

      I suggest leaving a faculty VLAN in place and assigning MAC security on switch ports for faculty members.

      As for students, put in whatever permissions in place that suit your IT plans. I would recommend putting IT lab and open use library computers under tighter security profiles, because if a student intends to do damage, they will use those commonuse machines to hide their activities.

      Set up your network equipment management IP ports on a “management” VLAN. (I like to use VLAN 911).

      I hope this helps.

      • #3583283

        Road-dog On Target

        by mike mullins ·

        In reply to Need More info

        I agree with the dog. Perhaps 30 VLANS is overkill and a management nightmare, but there definitely needs to be a segregation of trusted and non-trusted traffic with tighter security.

        Faculty should probably be divided into different VLANS by department. Students lump them into a VLAN and open machines get a separate VLAN. Problems will arise from the student and open machines network and you can shut them down without effecting faculty (you can also rate limit their traffic).

        Good Luck,0bytes

Viewing 0 reply threads